Ubuntu 20.04 LAMP 和 WP Multisites 的 OpenSSL 配置

Ubuntu 20.04 LAMP 和 WP Multisites 的 OpenSSL 配置

问题: 如何将 1 个 OpenSSL 证书应用于位于 html 目录中的所有网站? 问题:当访问https://localhost.site1.comhttps://localhost.site2.com仅显示index.html位于时,/var/www/html/index.html因为default-ssl.conf文档根目录是 /var/www/html/

我有 2 个 wordpress 多站点 (和其他站点),位于/var/www/html/

/var/www/html/site1.com

/var/www/html/site2.com

在我的default-ssl.conf我有:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerAdmin [email protected]
    ServerName localhost
    ServerAlias localhost

    DocumentRoot /var/www/html/
    
    ErrorLog ${APACHE_LOG_DIR}/localhost.error.log
    CustomLog ${APACHE_LOG_DIR}/localhost.access.log combined

            SSLEngine on
    SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    
    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
            DirectoryIndex index.php
            AllowOverride All
            Order allow,deny
            Allow from all
            Require all granted
    </Directory>

    #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
    #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
    #   "force-response-1.0" for this.
      BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

在我的/etc/hosts档案中我有:

127.0.1.1   excalibur
127.0.0.1   localhost 
127.0.0.1   localhost.site1.com *.localhost.site1.com   # mainsite url
127.0.0.1   subsite-a.localhost.site1.com   
127.0.0.1   subsite-b.localhost.site1.com
127.0.0.1   subsite-c.localhost.site1.com

127.0.0.1   localhost.site2.com *.localhost.site2.com   # mainsite url

site1.com 的虚拟主机包含:

    <VirtualHost *:80>

    ServerName localhost.site1.com 
    ServerAlias www.localhost.site1.com
    
    # If this is the default configuration file we can use: 'ServerName localhost' or also 'ServerAlias localhost'.

    ServerAdmin [email protected]

    ErrorLog ${APACHE_LOG_DIR}/localhost.site1.com.error.log
    CustomLog ${APACHE_LOG_DIR}/localhost.site1.com.access.log combined

    DocumentRoot /var/www/html/site1.com
    
    <Directory /var/www/html/site1.com>
        Options None FollowSymLinks
        # Enable .htaccess Overrides:
        AllowOverride All
        DirectoryIndex index.php
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    <Directory /var/www/html/site1.com/wp-content>
        Options FollowSymLinks
        Order allow,deny
        Allow from all
    </Directory>
    
    
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
   SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

</VirtualHost>

site2.com 的 vhost 包含:

    <VirtualHost *:80>

    ServerName localhost.site2.com
    ServerAlias www.localhost.site2.com
    
    # If this is the default configuration file we can use: 'ServerName localhost' or also 'ServerAlias localhost'.

    ServerAdmin [email protected]

    ErrorLog ${APACHE_LOG_DIR}/localhost.site2.com.error.log
    CustomLog ${APACHE_LOG_DIR}/localhost.site2.com.access.log combined

    DocumentRoot /var/www/html/site2.com
    
    <Directory /var/www/html/site2.com>
        Options None FollowSymLinks
        # Enable .htaccess Overrides:
        AllowOverride All
        DirectoryIndex index.php
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    <Directory /var/www/html/site2.com/wp-content>
        Options FollowSymLinks
        Order allow,deny
        Allow from all
    </Directory>
    
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
   SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
   
</VirtualHost>

有小费吗?

答案1

您的虚拟主机正在监听端口 80,而 HTTPS 连接使用端口 443。为此,您将获得默认 SSL 配置中的内容,因为这是端口 443 的唯一配置。

VirtualHost将您的定义更改为<VirtualHost *:443>可能会解决问题。

相关内容