我在 Debian Bullseye 上运行 Apache 2.4.54,配置了 42 个 VHOST。其中大多数是我们主域(例如 my.domain.com)的子域 xxx.my.domain.com。一个客户端有一个特殊域。还有一个默认 VHOST 来捕获所有请求。所有 VHOST 都位于编号文件中,默认文件排在最后。
- HTTP -> HTTPS
- 子域名之前未捕获 -> ErrorDocument
- 没有子域名 -> errorDocument
在这种情况下,我只是输入https://my.domain.com,此请求被较早的 vhost 之一捕获,而不是被默认 VHOST 捕获。我不明白为什么会发生这种情况。
如果没有 SSL,请求将由 99-default.conf 应答
99-默认.conf
<VirtualHost _default_:80>
ServerName my.domain.com
Redirect permanent / https://my.domain.com
ErrorLog ${APACHE_LOG_DIR}/default_error.log
CustomLog ${APACHE_LOG_DIR}/default_access.log vhost_combined
</VirtualHost>
<VirtualHost *:80>
ServerAlias *.my.domain.com
Redirect 404 /
DocumentRoot /var/www/html/
ErrorDocument 404 "Subdomain does not exist"
ErrorLog ${APACHE_LOG_DIR}/default_error.log
CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>
# match requests without subdomain
<VirtualHost _default_:443>
ServerName my.domain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Redirect 404 /
ErrorDocument 404 "Please choose subdomain"
ErrorLog ${APACHE_LOG_DIR}/default_error.log
CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>
# match any subdomain that does not exist (that's why order is important)
<VirtualHost *:443>
ServerAlias *.my.domain.com
Redirect 404 /
DocumentRoot /var/www/html/
ErrorDocument 404 "Subdomain does not exist"
ErrorLog ${APACHE_LOG_DIR}/default_error.log
CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>
02-应用程序-客户.conf
<VirtualHost *:443>
Protocols h2 http/1.1
ServerAlias customers-domain.com
# ServerAlias customer.my.domain.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/wildcard.crt
SSLCertificateKeyFile /etc/ssl/private/wildcard.key
SSLCertificateChainFile /etc/ssl/certs/wildcard_chain.crt
ErrorLog ${APACHE_LOG_DIR}/app_error.log
CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
Include conf.d/security.conf
Include /usr/local/app/local/customer/httpd.conf
<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-app.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>
# Redirection from port 80 to 443 if ssl enabled
<VirtualHost *:80>
ServerName customers-domain.com
# ServerAlias customer.my.domain.com
Redirect permanent / https://www.customers-domain.com/
ErrorLog ${APACHE_LOG_DIR}/app_error.log
CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
</VirtualHost>
# Redirect of www.customers-domain.com to customers-domain.com
<VirtualHost *:443>
Protocols h2 http/1.1
ServerName www.customers-domain.com
ServerAlias www.customers-domain.biz
SSLEngine on
SSLCertificateFile /etc/ssl/certs/wildcard.crt
SSLCertificateKeyFile /etc/ssl/private/wildcard.key
SSLCertificateChainFile /etc/ssl/certs/wildcard_chain.crt
ErrorLog ${APACHE_LOG_DIR}/app_error.log
CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
Redirect permanent / https://customers-domain.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.customers-domain.com
ServerAlias www.customers-domain.biz
Redirect permanent / https://customers-domain.com/
ErrorLog ${APACHE_LOG_DIR}/app_error.log
CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
</VirtualHost>
我不明白为什么请求https://my.domain.com被 02-app-customer.conf 捕获,而不是 99-default.conf。有什么想法吗?
答案1
您的 customers-domain.com:443 的 VirtualHost 缺少 ServerName 指令。
<VirtualHost *:443>
Protocols h2 http/1.1
ServerName customers-domain.com
# ...
</VirtualHost>