我的目的是避免大量重复的代码。
本质上我想做的是对多个 VirtualHost 条目使用相同的 SSL 配置块...
<IfModule mod_ssl.c>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
SSLCertificateFile /usr/share/ssl/certs/example/host.pem
SSLCertificateKeyFile /usr/share/ssl/certs/example/host.key
SSLCertificateChainFile /usr/share/ssl/certs/example/host.cert
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<VirtualHost 999.99.9.999:443>
ServerName subdomain1.example.com
DocumentRoot /var/www/subdomain1
</VirtualHost>
<VirtualHost 999.99.9.999:443>
ServerName subdomain2.bonfirehub.com
DocumentRoot /var/www/subdomain2
</VirtualHost>
</IfModule>
现在这个配置对我来说不起作用,但我认为它说明了我想要实现的目标。理想的下一步是将每个 VirtualHost 的这个通用配置抽象成一个单独的文件,然后通过 Include 指令加载它。
如果没有的话,也许有人可以建议另一种配置方法。
我的目标是拥有一个共享的通用配置,因为我打算添加几个 VirtualHost 条目,给定 IP 仅随 DocumentRoot 和 ServerName 而变化。具体来说,ServerName 子域是唯一会发生变化的东西(请注意,我使用的是通配符证书),这就是我想要设置共享配置的原因。
我已经解决了这个问题,但我会保留它以防其他人发现它有用。
# VirtualHost
<IfModule mod_ssl.c>
<VirtualHost 999.99.9.999:443>
ServerName subdomain1.example.com
DocumentRoot /var/www/subdomain1
Include example.com-ssl.conf
</VirtualHost>
<VirtualHost 999.99.9.999:443>
ServerName subdomain2.example.com
DocumentRoot /var/www/subdomain2
Include example.com-ssl.conf
</VirtualHost>
</IfModule>
# Shared Config File
ServerAdmin webmaster@localhost
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /usr/share/ssl/certs/*.example.com/host.pem
SSLCertificateKeyFile /usr/share/ssl/certs/*.example.com/host.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /usr/share/ssl/certs/*.example.com/host.cert
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
我意识到我顶部的原始配置块缺少一些代码。我唯一的后续问题是,而不是必须编写
Include example.com-ssl.conf
在每个 VirtualHost 中,有没有办法让它们都包含该文件?