我搜索了许多网站和 Bitnami 支持页面,但还是找不到这个问题的答案。我无法在 Bitnami 支持社区上以新主题的形式发帖,因为我刚刚加入 :/
我已经尽可能地总结了,但是还有很多细节,因为我已经添加了所有相关的配置文件。
我正在运行使用 Bitnami 安装系统包启动的 AWS Lightsail Linux 实例上运行的 Wordpress MultiSite 应用程序。我的网站运行良好,并且我还成功添加并配置了 Lets Encrypt SSL 证书。我可以为我的根域和子域发送 HTTP 和 HTTPS 请求,并且在两种 curl 类型中都看到 200 OK。因此,在端口 443 上配置的 SSL 证书按预期工作。
curl -L -svo /dev/nullhttps://trevorwalsh.art
Apache 上当前配置的唯一重定向是重定向请求子域“www.trevorwalsh.art”---->“trevorwalsh.art”。这是在设置此 WordPress 多站点时添加的。
curl -L -svo /dev/nullwww.trevorwalsh.art
我已验证,对于 Wordpress MultiSite,添加 Lets Encrypt SSL 证书的过程目前允许在 Apache 中配置 HTTP 到 HTTPS 重定向,这与使用标准 Wordpress 和 Apache 不同。因此,我进行了研究并遵循了以下 Bitnami 文档中的指导。我的堆栈是“方法 A:使用系统包进行 Bitnami 安装”[1] 使用 Apache 强制 HTTPS 重定向:-
我已添加下面需要编辑的每个相关文件的内容:-
文件 --> /opt/bitnami/apache2/conf/bitnami/bitnami.conf
# Let Apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on
<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache/htdocs"
# BEGIN: Configuration for letsencrypt
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Configuration for letsencrypt
<Directory "/opt/bitnami/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Error Documents
ErrorDocument 503 /503.html
</VirtualHost>
Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"
文件 --> /opt/bitnami/apache2/conf/bitnami/bitnami-ssl.conf
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EX$
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache/conf/trevorwalsh.art.crt"
SSLCertificateKeyFile "/opt/bitnami/apache/conf/trevorwalsh.art.key"
# BEGIN: Configuration for letsencrypt
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Configuration for letsencrypt
<Directory "/opt/bitnami/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Error Documents
ErrorDocument 503 /503.html
</VirtualHost>
文件 --> /opt/bitnami/apache2/conf/vhosts/00_status-vhost.conf
<VirtualHost 127.0.0.1:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
ServerName status.localhost
<Location /server-status>
Require local
SetHandler server-status
</Location>
</VirtualHost>
根据本文档中的指导,我添加了正确的“ServerName”和“ServerAlias”根域和子域值:- [2] 使用不同的 SSL 证书为不同的域配置博客:-
- https://docs.bitnami.com/aws/apps/wordpress-multisite/administration/use-different-ssl-certificates/
文件 --> /opt/bitnami/apache2/conf/vhosts/wordpress-https-vhost.conf
<VirtualHost 127.0.0.1:443 _default_:443>
ServerName trevorwalsh.art
ServerAlias *.trevorwalsh.art
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache/conf/trevorwalsh.art.crt"
SSLCertificateKeyFile "/opt/bitnami/apache/conf/trevorwalsh.art.key"
DocumentRoot /opt/bitnami/wordpress
# BEGIN: Configuration for letsencrypt
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Configuration for letsencrypt
<Directory "/opt/bitnami/wordpress">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Require all granted
# BEGIN WordPress fix for plugins and themes
# Certain WordPress plugins and themes do not properly link to PHP files because of symbolic links
# https://github.com/bitnami/bitnami-docker-wordpress-nginx/issues/43
RewriteEngine On
RewriteRule ^bitnami/wordpress(/.*) $1 [L]
# END WordPress fix for plugins and themes
# BEGIN nip.io redirection
RewriteEngine On
RewriteCond %{HTTP_HOST} ^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(:[0-9]{1,5})?$
RewriteRule ^/?(.*) %{REQUEST_SCHEME}://%1.nip.io%2/$1 [L,R=302,NE]
# END nip.io redirection
# BEGIN WordPress Multisite
# Using subdomain network type: https://wordpress.org/support/article/htaccess/#multisite
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress Multisite
</Directory>
Include "/opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf"
</VirtualHost>
文件 --> /opt/bitnami/apache2/conf/vhosts/wordpress-vhost.conf
<VirtualHost 127.0.0.1:80 _default_:80> ServerAlias * DocumentRoot /opt/bitnami/wordpress
# <VirtualHost _default_:80> # BEGIN: Configuration for letsencrypt
# BEGIN: Configuration for letsencrypt
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Configuration for letsencrypt
<Directory "/opt/bitnami/wordpress">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Require all granted
# BEGIN WordPress fix for plugins and themes
# Certain WordPress plugins and themes do not properly link to PHP files because of symbolic links
# https://github.com/bitnami/bitnami-docker-wordpress-nginx/issues/43
RewriteEngine On
RewriteRule ^bitnami/wordpress(/.*) $1 [L]
# END WordPress fix for plugins and themes
# BEGIN nip.io redirection
RewriteEngine On
RewriteCond %{HTTP_HOST} ^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(:[0-9]{1,5})?$
RewriteRule ^/?(.*) %{REQUEST_SCHEME}://%1.nip.io%2/$1 [L,R=302,NE]
# END nip.io redirection
# BEGIN WordPress Multisite
# Using subdomain network type: https://wordpress.org/support/article/htaccess/#multisite
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress Multisite
</Directory>
Include "/opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf"
</VirtualHost>
最后,在查看了以下文档中的信息后,我验证了下面显示的“wordpress-htaccess.conf”文件中的参数是正确的:- [3] 了解默认的 .Htaccess 文件配置 - 在 .Htaccess 文件中添加新部分
文件 --> /opt/bitnami/apache2/conf/vhosts/htaccess/wordpress-htaccess.conf
<Directory "/opt/bitnami/wordpress/wp-content/plugins/akismet">
# <Directory "/opt/bitnami/wordpress">
# Only allow direct access to specific Web-available files.
# Apache 2.2
<IfModule !mod_authz_core.c>
Order Deny,Allow
Deny from all
</IfModule>
# Apache 2.4
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Akismet CSS and JS
<FilesMatch "^(form\.js|akismet\.js|akismet\.css)$">
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</FilesMatch>
# Akismet images
<FilesMatch "^logo-(a|full)-2x\.png$">
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</FilesMatch>
</Directory>
但是,我无法使强制 HTTP/HTTPS 重定向工作,在尝试自己解决这个问题后,我需要帮助,因为我可能在这里遗漏了一些东西。
在此先感谢您的帮助。
答案1
我遇到了和你一样的问题。目前我发现的唯一方法是使用 AWS 建议的这个插件:Really Simple SSL
一旦激活,它会使用之前使用 bncert 工具和 Let's Encrypt 安装的 ssl 证书自动将 HTTP 强制为 HTTPS。
答案2
你需要
sudo /opt/bitnami/ctlscript.sh 重新启动 apache