我目前正在尝试为 HTTPS 创建默认虚拟主机,以阻止来自未经授权域的流量。但是,当我定义默认 443 虚拟主机时,所有其他 HTTPS 虚拟主机也会继承此虚拟主机并阻止正常访问。我为此已经绞尽脑汁好几个小时了……
Apache 信息:
操作系统:Ubuntu Server 20.04
服务器版本:Apache/2.4.41(Ubuntu)
服务器建立时间:2022-06-14T13:30:55
这是我的默认 vhosts 文件:
<VirtualHost _default_:80>
ServerName default
Alias /error/ /var/www/redirects/
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 402 /error/402.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 408 /error/408.html
ErrorDocument 503 /error/maintenance.html
<Location />
Require all denied
</Location>
</VirtualHost>
<VirtualHost _default_:443>
ServerName default
Alias /error/ /var/www/redirects/
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 402 /error/402.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 408 /error/408.html
ErrorDocument 503 /error/maintenance.html
<Location />
Require all denied
</Location>
</VirtualHost>
其余的都在单独的配置文件中,并使用sudo a2ensite mydomain.com.conf
以下是其中一个配置:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
ServerAlias mydomain.com
Alias /error/ /var/www/redirects/
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 402 /error/402.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 408 /error/408.html
ErrorDocument 503 /error/maintenance.html
DocumentRoot /var/www/html/mydomain.com/public
<Directory /var/www/html/mydomain.com/public>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/www/html/mydomain.com/logs/error.log
CustomLog /var/www/html/mydomain.com/logs/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>
更多帮助信息:
sudo apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server default (/etc/apache2/sites-enabled/000-default.conf:22)
port 443 namevhost default (/etc/apache2/sites-enabled/000-default.conf:22)
port 443 namevhost example.com1 (/etc/apache2/sites-enabled/example.com1-le-ssl.conf:2)
port 443 namevhost example.com2 (/etc/apache2/sites-enabled/example.com2.conf:18)
port 443 namevhost example.com3 (/etc/apache2/sites-enabled/example.com3-le-ssl.conf:2)
alias example.com3
port 443 namevhost example.com4 (/etc/apache2/sites-enabled/example.com4-le-ssl.conf:2)
port 443 namevhost example.com5 (/etc/apache2/sites-enabled/example.com5-le-ssl.conf:2)
port 443 namevhost example.com6 (/etc/apache2/sites-enabled/example.com6-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server default (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost default (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost example.com1 (/etc/apache2/sites-enabled/example.com1.conf:1)
port 80 namevhost example.com2 (/etc/apache2/sites-enabled/example.com2.conf:1)
port 80 namevhost example.com3 (/etc/apache2/sites-enabled/example.com3.conf:1)
alias example.com3
port 80 namevhost example.com4 (/etc/apache2/sites-enabled/example.com4.conf:1)
port 80 namevhost example.com5 (/etc/apache2/sites-enabled/example.com5.conf:1)
port 80 namevhost example.com6 (/etc/apache2/sites-enabled/example.com6.conf:1)
任何帮助将非常感激 ...
答案1
乍一看,我会首先在默认 https 主机 VirtualHost 中包含一个(自签名)SSL 证书 – diya
这就是答案。我安装了 SnakeOil 证书,一切运行正常!
<VirtualHost _default_:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
ServerName default
Alias /error/ /var/www/redirects/
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 402 /error/402.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 408 /error/408.html
ErrorDocument 503 /error/maintenance.html
<Location />
Require all denied
</Location>
</VirtualHost>