我正在尝试在我的 ubuntu 服务器 20.04 上安装 SSL 证书
我已经下载了 ssl 文件并把它们放在 /home/ubuntu 中(一旦它起作用就会改变):
- api_limitlesssoft_com_key.txt
- api.limitlesssoft.com.p7b
- api.limitlesssoft.com.crt
- api.limitlesssoft.com.ca-bundle
现在我所做的是编辑虚拟主机文件,使其看起来像这样:
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ServerName api.limitlesssoft.com
ServerAdmin [email protected]
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName api.limitlesssoft.com
ServerAdmin [email protected]
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /home/ubuntu/api.limitlesssoft.com.crt
SSLCertificateKeyFile /home/ubuntu/api_limitlesssoft_com_key.txt
SSLCertificateChainFile /home/ubuntu/api.limitlesssoft.com.ca-bundle
</VirtualHost>
并且由于某种原因,只有http一个起作用。
a2enmod ssl返回它已在运行 我已经运行sudo ufw 443并且已启用
ubuntu@ubuntu:/var/log/apache2$ telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':80'
tcp6 0 0 :::80 :::* LISTEN 0 46821 3493/apache2
ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':443'
tcp6 0 0 :::443 :::* LISTEN 0 46825 3493/apache2
tcp6 0 0 127.0.0.1:443 127.0.0.1:45968 TIME_WAIT 0 0 -
ubuntu@ubuntu:/var/log/apache2$ netstat -a -n
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 1 0 127.0.0.1:41170 127.0.0.1:5000 CLOSE_WAIT
tcp 0 192 192.168.1.109:22 192.168.1.2:61495 ESTABLISHED
tcp6 0 0 ::1:5000 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 192.168.1.109:68 0.0.0.0:*
raw6 0 0 :::58 :::* 7
ubuntu@ubuntu:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
33380 ALLOW Anywhere
443 ALLOW Anywhere
22 ALLOW Anywhere
80 ALLOW Anywhere
33380 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
这是我的应用程序启动情况(调试时它在 https 上运行)
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace api.limitlesssoft.com
{
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseForwardedHeaders();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
答案1
找到解决方案Apache 上的 HTTPS 连接被拒绝并且它被标记为-1点...问题出在路由上...端口转发没有转发端口 443,只有 80。这就是它不起作用的原因。