我使用 apache2.4 操作一个托管多个虚拟主机的服务器。
新托管的域 ( https://www.yachtenwelt.de
) 正确使用了相应的 TLS 证书。此外,我必须确保用户使用任何给定的组合都能被重定向到此域,因此我必须涵盖:
http://yachtenwelt.de
http://www.yachtenwelt.de
https://yachtenwelt.de
非 https 版本 1 和 2 的重定向有效。但是当我使用 #3 时,我收到证书警告,指出 TLS 证书中的名称不匹配,原因是浏览器显示的是在我的服务器上运行的另一个虚拟主机的 TLS 证书 ( https://www.4-happy-paws.de
)。您可以通过以下方式检查这一点https://www.ssllabs.com/ssltest/analyze.html?d=yachtenwelt.de&hideResults=on
奇怪的是,如果我继续操作,我的浏览器(Chrome)随后会说 TLS 证书是为 yachtenwelt.de 和www.yachtenwelt.de。
yachtenwelt 的 vhost 配置文件:
<VirtualHost *:80>
ServerName yachtenwelt.de
ServerAlias www.yachtenwelt.de
Redirect / https://www.yachtenwelt.de/
</VirtualHost>
<VirtualHost *:443>
ServerName yachtenwelt.de
Redirect / https://www.yachtenwelt.de/
</VirtualHost>
<VirtualHost *:443>
ServerName www.yachtenwelt.de
DocumentRoot /var/www/vhosts/yachtenwelt.de/html
<Directory "/var/www/vhosts/yachtenwelt.de/html">
Options +FollowSymLinks
AllowOverride All
</Directory>
ServerAdmin [email protected]
ErrorLog /var/www/vhosts/yachtenwelt.de/log/apache2/error.log
LogLevel emerg
TransferLog /var/www/vhosts/yachtenwelt.de/log/apache2/access.log
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/yachtenwelt.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yachtenwelt.de/privkey.pem
</VirtualHost>
4-happy-paws 的 vhost 配置文件:
<VirtualHost *:80>
ServerName www.4-happy-paws.de
ServerAlias 4-happy-paws.de
Redirect / https://www.4-happy-paws.de/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/vhosts/4-happy-paws.de/html
ServerName www.4-happy-paws.de
ServerAlias 4-happy-paws.de
Alias /.well-known/acme-challenge/ /var/www/vhosts/4-happy-paws.de/html/.well-known/acme-challenge/
<Directory "/var/www/vhosts/4-happy-paws.de/html">
Options +FollowSymLinks
AllowOverride All
</Directory>
<Directory "/var/www/vhosts/4-happy-paws.de/html/.well-known/acme-challenge/">
Options +FollowSymLinks
AllowOverride All
</Directory>
ServerAdmin [email protected]
ErrorLog /var/www/vhosts/4-happy-paws.de/log/apache2/error.log
LogLevel emerg
TransferLog /var/www/vhosts/4-happy-paws.de/log/apache2/access.log
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.4-happy-paws.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.4-happy-paws.de/privkey.pem
</VirtualHost>
apache2ctl-S: 我裁剪了输出,删除了我托管的其他域名
VirtualHost configuration:
*:443 is a NameVirtualHost
default server www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:7)
port 443 namevhost www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:7)
alias 4-happy-paws.de
port 443 namevhost yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:7)
port 443 namevhost www.yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:12)
*:80 is a NameVirtualHost
default server www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:1)
port 80 namevhost www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:1)
alias 4-happy-paws.de
port 80 namevhost yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:1)
alias www.yachtenwelt.de
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
Apache2ctl-t:
Syntax OK
答案1
不幸的是,如果没有有效的证书,您就无法重定向客户端。因为 TLS 握手发生在重定向之前。
由于您使用的是 Letsencrypt,因此最好的解决方案是获取包含两个名称的证书。如果您使用的是certbot您可以-d
多次添加域标志。
certbot -d yachtenwelt.de -d www.yachtenwelt.de [...]
之后确保将证书包含在两个都VirtualHost 指令。
<VirtualHost *:443>
ServerName yachtenwelt.de
Redirect / https://www.yachtenwelt.de/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/yachtenwelt.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yachtenwelt.de/privkey.pem
</VirtualHost>