在更大范围内应用SSL证书

tag-icon tag-icon apache-2.4 ssl-certificate lets-encrypt
在更大范围内应用SSL证书

在我的默认 SSL

 <VirtualHost _default_:443>
  ServerName example.co
  DocumentRoot /var/www/html/example
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerName example2.co
  DocumentRoot /var/www/html/example2
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerAlias subdomain1.*
  DocumentRoot /var/www/html/example/subdomain1
 </VirtualHost>
 <VirtualHost *:443>
  ServerAlias subdomain2.*
  DocumentRoot /var/www/html/example/subdomain2
 </VirtualHost>

我想将 SSL 证书应用于域,但将文档根目录应用于不同的子域。

因为某些原因,

https://subdomain1.example.co/test is SECURE
https://subdomain1.example2.co/test is NOT SECURE

我有两者的通配符 SSL 证书。

两者都应该有效。

为什么我可以毫无问题地为所有 example.co 及其子域指定 SSL?但我无法对 example2.co 执行相同操作?

我试图避免为逻辑性很强的事情编写大量代码。有没有更短的方法来做到这一点(我唯一的解决办法):

 <VirtualHost *:443>
  ServerName example.co
  DocumentRoot /var/www/html/example
  SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerName example2.co
  DocumentRoot /var/www/html/example2
  SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerName subdomain1.example.co
  DocumentRoot /var/www/html/example/subdomain1
  SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerName subdomain1.example2.co
  DocumentRoot /var/www/html/example2/subdomain1
  SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerName subdomain2.example.co
  DocumentRoot /var/www/html/example/subdomain2
  SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerName subdomain2.example2.co
  DocumentRoot /var/www/html/example2/subdomain2
  SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
 </VirtualHost>

答案1

这应该与 VirtualDocumentRoot 一起工作:

 <VirtualHost *:443>
  ServerName example.co
  DocumentRoot /var/www/html/example
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerName example2.co
  DocumentRoot /var/www/html/example2
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerAlias *.example.co
  VirtualDocumentRoot /var/www/html/example/%-3
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
 </VirtualHost>
 <VirtualHost *:443>
  ServerAlias *.example2.co
  VirtualDocumentRoot /var/www/html/example2/%-3
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
 </VirtualHost>

在此配置中,每个子域的文档根目录都是动态设置的。%-3获取请求域的第三部分(从右侧开始计算)并将其添加到路径中。 例如sub1.example.co将导致/var/www/html/example/sub1并且abcd.example2.co将导致/var/www/html/example/abcd。 如果您添加子域,例如,sub123.example.co您甚至不需要触碰此配置,因为此子域的路径是动态设置的 :)

ServerName附加信息:和之间有细微的差别ServerAlias

ServerName也可以接受端口号,但 ServerAlias 不能。

ServerAlias可以接受通配符(例如 *.mywebsite.com),但 ServerName 不能。

这就是为什么您应该对通配符子域名使用 ServerAlias 而不是 ServerName。我不知道 ServerAlias 在没有 ServerName 的情况下是否能正常工作。如果不行,只需在any.example.co两个通配符子域名虚拟主机中添加一行带有随机子域名的 ServerName 即可;)

我获得有关此问题的初步信息的帖子链接:https://stackoverflow.com/questions/13566226/creating-wildcard-sub-domain-using-apache-virtualhost

关于此内容的 apache2 文档链接:https://httpd.apache.org/docs/2.4/mod/mod_vhost_alias.html

相关内容