我有一台装有 ubuntu xenial、apache 和多个 vhost 的机器,每个都有自己的 domain.conf 和 domain-ssl.conf。每个 domain.conf 都会使用 ssl 证书重定向到 domain-ssl.conf,但问题是它在 chrome 中引发了 ERR_SSL_PROTOCOL_ERROR 错误,因为它尝试通过端口 443 提供加密网站,也就是说,apache 正在尝试通过 http 提供 ssl 网站。
有趣的是,如果我访问http://example.com:443显示网页正常,但 https 不行。顺便说一句,我在 apache 中启用了 ssl 模块,并且我也尝试了该条件,但仍然相同。
例子.conf
<VirtualHost *:80>
ServerName example.com
ServerAdmin [email protected]
VirtualDocumentRoot /var/www/html/example
SetEnv ENV stage
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html/example">
AllowOverride None
Require all granted
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://example.com/$1 [R,L]
</IfModule>
</Directory>
示例-ssl.conf
<VirtualHost _default_:443>
ServerName example.com
ServerAdmin [email protected]
VirtualDocumentRoot /var/www/html/example
SetEnv ENV stage
LogLevel warn
ErrorLog /var/www/html/example/var/logs/apache-ssl.log
CustomLog /var/www/html/example/var/logs/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Directory "/var/www/html/example">
AllowOverride None
Require all granted
Options -MultiViews
RewriteEngine On
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</Directory>...
退出apachectl -S:
user@myserver:~$ sudo apachectl -S
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server example.com (/etc/apache2/sites-enabled/010-example-ssl.conf:1)
port 443 namevhost example.com (/etc/apache2/sites-enabled/010-example-ssl.conf:1)
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost example.com (/etc/apache2/sites-enabled/015-example.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
选项-ssl-apache.conf
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
答案1
最后,我创建了default-ssl.conf缺失的文件,并用 启用了它sudo a2ensite default-ssl。问题解决了!