Apache2 默认 HTTPS 443 Vhost

tag-icon tag-icon ssl configuration https apache2 defaults
Apache2 默认 HTTPS 443 Vhost

我目前正在尝试为 HTTPS 创建默认虚拟主机,以阻止来自未经授权域的流量。但是,当我定义默认 443 虚拟主机时,所有其他 HTTPS 虚拟主机也会继承此虚拟主机并阻止正常访问。我为此已经绞尽脑汁好几个小时了……

Apache 信息:

操作系统:Ubuntu Server 20.04

服务器版本:Apache/2.4.41(Ubuntu)

服务器建立时间:2022-06-14T13:30:55

这是我的默认 vhosts 文件:

<VirtualHost _default_:80>

        ServerName default

        Alias /error/ /var/www/redirects/

        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 402 /error/402.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 408 /error/408.html
        ErrorDocument 503 /error/maintenance.html

        <Location />
                Require all denied
        </Location>

</VirtualHost>

<VirtualHost _default_:443>

        ServerName default

        Alias /error/ /var/www/redirects/

        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 402 /error/402.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 408 /error/408.html
        ErrorDocument 503 /error/maintenance.html

        <Location />
                Require all denied
        </Location>

</VirtualHost>

其余的都在单独的配置文件中,并使用sudo a2ensite mydomain.com.conf

以下是其中一个配置:

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerName mydomain.com
     ServerAlias mydomain.com

        Alias /error/ /var/www/redirects/

        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 402 /error/402.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 408 /error/408.html
        ErrorDocument 503 /error/maintenance.html

     DocumentRoot /var/www/html/mydomain.com/public

     <Directory /var/www/html/mydomain.com/public>
         Options -Indexes +FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>

        ErrorLog /var/www/html/mydomain.com/logs/error.log
        CustomLog /var/www/html/mydomain.com/logs/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>

更多帮助信息: sudo apachectl -S

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server default (/etc/apache2/sites-enabled/000-default.conf:22)
         port 443 namevhost default (/etc/apache2/sites-enabled/000-default.conf:22)
         port 443 namevhost example.com1 (/etc/apache2/sites-enabled/example.com1-le-ssl.conf:2)
         port 443 namevhost example.com2 (/etc/apache2/sites-enabled/example.com2.conf:18)
         port 443 namevhost example.com3 (/etc/apache2/sites-enabled/example.com3-le-ssl.conf:2)
                 alias example.com3
         port 443 namevhost example.com4 (/etc/apache2/sites-enabled/example.com4-le-ssl.conf:2)
         port 443 namevhost example.com5 (/etc/apache2/sites-enabled/example.com5-le-ssl.conf:2)
         port 443 namevhost example.com6 (/etc/apache2/sites-enabled/example.com6-le-ssl.conf:2)
*:80                   is a NameVirtualHost
         default server default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost example.com1 (/etc/apache2/sites-enabled/example.com1.conf:1)
         port 80 namevhost example.com2 (/etc/apache2/sites-enabled/example.com2.conf:1)
         port 80 namevhost example.com3 (/etc/apache2/sites-enabled/example.com3.conf:1)
                 alias example.com3
         port 80 namevhost example.com4 (/etc/apache2/sites-enabled/example.com4.conf:1)
         port 80 namevhost example.com5 (/etc/apache2/sites-enabled/example.com5.conf:1)
         port 80 namevhost example.com6 (/etc/apache2/sites-enabled/example.com6.conf:1)

任何帮助将非常感激 ...

答案1

乍一看,我会首先在默认 https 主机 VirtualHost 中包含一个(自签名)SSL 证书 – diya

这就是答案。我安装了 SnakeOil 证书,一切运行正常!

<VirtualHost _default_:443>

        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

       ServerName default

       Alias /error/ /var/www/redirects/

       ErrorDocument 400 /error/400.html
       ErrorDocument 401 /error/401.html
       ErrorDocument 402 /error/402.html
       ErrorDocument 403 /error/403.html
       ErrorDocument 404 /error/404.html
       ErrorDocument 405 /error/405.html
       ErrorDocument 408 /error/408.html
       ErrorDocument 503 /error/maintenance.html

       <Location />
               Require all denied
       </Location>

</VirtualHost>

相关内容