1

除了默认 SSL 之外,我拥有的主机是entis.bla.nltest.bla.nl当转到test.bla.nl所服务的页面时,来自entis.bla.nl. 如果我通过 IP 访问服务器,我会得到默认的 SSL 主机,正如您在下面看到的那样。

  wildcard NameVirtualHosts and _default_ servers:
    *:443                  is a NameVirtualHost
             default server bla.colo.bla.net (/etc/apache2/sites-enabled/default-ssl:2)
             port 443 namevhost bla.colo.bla.net (/etc/apache2/sites-enabled/default-ssl:2)
             port 443 namevhost entis.bla.nl (/etc/apache2/sites-enabled/live-entis:19)
             port 443 namevhost test.bla.nl (/etc/apache2/sites-enabled/test-entis:21)

entis.bla.nl 的配置:

<VirtualHost *:80>
        ServerName entis.bla.nl
        DocumentRoot /var/www/live/web

    <Directory /var/www/live/web/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ /app.php [QSA,L]
        </IfModule>
    </Directory>

</VirtualHost>

<VirtualHost *:443>
        SSLEngine On

        SSLCertificateFile /etc/apache2/ssl/certs/apache.crt
        SSLCertificateKeyFile /etc/apache2/apache-ssl/apache.pem

        ServerName entis.bla.nl
        DocumentRoot /var/www/live/web

    <Directory /var/www/live/web/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ /app.php [QSA,L]
        </IfModule>
    </Directory>
</VirtualHost>

测试配置:

<VirtualHost *:80>
        ServerName test.bla.nl
        DocumentRoot /var/www/test/web

    <Directory /var/www/test/web/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ /app.php [QSA,L]
        </IfModule>
    </Directory>

        ErrorLog /var/log/apache2/test-error.log
</VirtualHost>

<VirtualHost *:443>
        SSLEngine On

        SSLCertificateFile /etc/apache2/ssl/certs/apache.crt
        SSLCertificateKeyFile /etc/apache2/apache-ssl/apache.pem

        ServerName test.bla.nl
        DocumentRoot /var/www/test/web

    <Directory /var/www/test/web/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ /app.php [QSA,L]
        </IfModule>
    </Directory>

        ErrorLog /var/log/apache2/test-error.log
</VirtualHost>

更新 在error.log 中找到了这个。不确定它是否直接相关,因为非 ssl 配置与 ssl 配置具有相同的问题。

[Tue Oct 01 13:06:07 2013] [notice] caught SIGTERM, shutting down
[Tue Oct 01 13:06:08 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Oct 01 13:06:08 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Oct 01 13:06:08 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.8 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations
4

1 回答 1

0

我更仔细地阅读了http://wiki.apache.org/httpd/NameBasedSSLVHosts上的文档,重要的是(强调我的):

实际上,Apache 将允许您配置基于名称的 SSL 虚拟主机,但它始终使用第一个列出的虚拟主机(在选定的 IP 地址和端口上)的配置来设置加密层*。在某些特定情况下,可以为多个虚拟主机使用单个 SSL 配置。特别是,如果 SSL 证书适用于所有虚拟主机,这将起作用。例如,这将在以下情况下起作用:

所有的 VirtualHosts 都在同一个域中,例如:one.example.com 和 two.example.com。

您有该域的通配符 SSL 证书(通用名称以星号开头的证书:即 *.example.com)

于 2013-10-01T12:18:35.603 回答