在我的默认 SSL
<VirtualHost _default_:443>
ServerName example.co
DocumentRoot /var/www/html/example
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName example2.co
DocumentRoot /var/www/html/example2
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerAlias subdomain1.*
DocumentRoot /var/www/html/example/subdomain1
</VirtualHost>
<VirtualHost *:443>
ServerAlias subdomain2.*
DocumentRoot /var/www/html/example/subdomain2
</VirtualHost>
我想将 SSL 证书应用于域,但将文档根目录应用于不同的子域。
因为某些原因,
https://subdomain1.example.co/test is SECURE
https://subdomain1.example2.co/test is NOT SECURE
我有两者的通配符 SSL 证书。
两者都应该有效。
为什么我可以毫无问题地为所有 example.co 及其子域指定 SSL?但我无法对 example2.co 执行相同操作?
我试图避免为逻辑性很强的事情编写大量代码。有没有更短的方法来做到这一点(我唯一的解决办法):
<VirtualHost *:443>
ServerName example.co
DocumentRoot /var/www/html/example
SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName example2.co
DocumentRoot /var/www/html/example2
SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain1.example.co
DocumentRoot /var/www/html/example/subdomain1
SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain1.example2.co
DocumentRoot /var/www/html/example2/subdomain1
SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain2.example.co
DocumentRoot /var/www/html/example/subdomain2
SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain2.example2.co
DocumentRoot /var/www/html/example2/subdomain2
SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
</VirtualHost>
答案1
这应该与 VirtualDocumentRoot 一起工作:
<VirtualHost *:443>
ServerName example.co
DocumentRoot /var/www/html/example
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName example2.co
DocumentRoot /var/www/html/example2
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerAlias *.example.co
VirtualDocumentRoot /var/www/html/example/%-3
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.co/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerAlias *.example2.co
VirtualDocumentRoot /var/www/html/example2/%-3
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example2.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example2.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example2.co/chain.pem
</VirtualHost>
在此配置中,每个子域的文档根目录都是动态设置的。%-3
获取请求域的第三部分(从右侧开始计算)并将其添加到路径中。 例如sub1.example.co
将导致/var/www/html/example/sub1
并且abcd.example2.co
将导致/var/www/html/example/abcd
。 如果您添加子域,例如,sub123.example.co
您甚至不需要触碰此配置,因为此子域的路径是动态设置的 :)
ServerName
附加信息:和之间有细微的差别ServerAlias
:
ServerName
也可以接受端口号,但 ServerAlias 不能。
ServerAlias
可以接受通配符(例如 *.mywebsite.com),但 ServerName 不能。
这就是为什么您应该对通配符子域名使用 ServerAlias 而不是 ServerName。我不知道 ServerAlias 在没有 ServerName 的情况下是否能正常工作。如果不行,只需在any.example.co
两个通配符子域名虚拟主机中添加一行带有随机子域名的 ServerName 即可;)
我获得有关此问题的初步信息的帖子链接:https://stackoverflow.com/questions/13566226/creating-wildcard-sub-domain-using-apache-virtualhost
关于此内容的 apache2 文档链接:https://httpd.apache.org/docs/2.4/mod/mod_vhost_alias.html