是否可以为多个 VirtualHosts 编写一个共享配置?

是否可以为多个 VirtualHosts 编写一个共享配置?

我的目的是避免大量重复的代码。

本质上我想做的是对多个 VirtualHost 条目使用相同的 SSL 配置块...

<IfModule mod_ssl.c>

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

SSLCertificateFile    /usr/share/ssl/certs/example/host.pem
SSLCertificateKeyFile /usr/share/ssl/certs/example/host.key
SSLCertificateChainFile /usr/share/ssl/certs/example/host.cert

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>

<Directory /usr/lib/cgi-bin>
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-6]" \
   nokeepalive ssl-unclean-shutdown \
   downgrade-1.0 force-response-1.0

# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

<VirtualHost 999.99.9.999:443>
    ServerName subdomain1.example.com
    DocumentRoot /var/www/subdomain1
</VirtualHost>

<VirtualHost 999.99.9.999:443>
    ServerName subdomain2.bonfirehub.com
    DocumentRoot /var/www/subdomain2
</VirtualHost>

</IfModule>

现在这个配置对我来说不起作用,但我认为它说明了我想要实现的目标。理想的下一步是将每个 VirtualHost 的这个通用配置抽象成一个单独的文件,然后通过 Include 指令加载它。

如果没有的话,也许有人可以建议另一种配置方法。

我的目标是拥有一个共享的通用配置,因为我打算添加几个 VirtualHost 条目,给定 IP 仅随 DocumentRoot 和 ServerName 而变化。具体来说,ServerName 子域是唯一会发生变化的东西(请注意,我使用的是通配符证书),这就是我想要设置共享配置的原因。

我已经解决了这个问题,但我会保留它以防其他人发现它有用。

# VirtualHost
<IfModule mod_ssl.c>

<VirtualHost 999.99.9.999:443>
    ServerName subdomain1.example.com
    DocumentRoot /var/www/subdomain1
    Include example.com-ssl.conf
</VirtualHost>

<VirtualHost 999.99.9.999:443>
    ServerName subdomain2.example.com
    DocumentRoot /var/www/subdomain2
    Include example.com-ssl.conf
</VirtualHost>

</IfModule>

# Shared Config File
ServerAdmin webmaster@localhost

<Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
</Directory>

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   A self-signed (snakeoil) certificate can be created by installing
#   the ssl-cert package. See
#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
#   If both key and certificate are stored in the same file, only the
#   SSLCertificateFile directive is needed.
SSLCertificateFile /usr/share/ssl/certs/*.example.com/host.pem
SSLCertificateKeyFile /usr/share/ssl/certs/*.example.com/host.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
SSLCertificateChainFile /usr/share/ssl/certs/*.example.com/host.cert

<FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
</FilesMatch>

<Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-6]" \
       nokeepalive ssl-unclean-shutdown \
       downgrade-1.0 force-response-1.0

# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

我意识到我顶部的原始配置块缺少一些代码。我唯一的后续问题是,而不是必须编写

Include example.com-ssl.conf

在每个 VirtualHost 中,有没有办法让它们都包含该文件?

相关内容