如何在 Apache 中配置 SSL

问题描述 投票:0回答:2

如何在 yii2 项目的前端和后端具有相同 IP 但不同端口号和 DocumentRoot 的 apache Web 服务器中配置 SSL?

以下是我尝试过的方法,但它只适用于我开始的

virtualHost block

我正在使用

centOS 7

ssl.conf
文件中

<VirtualHost 192.168.12.125:443>
    ServerName test.mydomain.co.tz
    DocumentRoot /var/www/html/tan_web/frontend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

<VirtualHost 192.168.12.125:443>
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

并在 

httpd.conf

<VirtualHost 192.168.12.125:80>
    ServerAdmin [email protected]
    ServerName test.mydomain.co.tz:80
    DocumentRoot /var/www/html/tan_web/frontend/web
    Redirect permanent / https://test.mydomain.co.tz/
</VirtualHost>

<VirtualHost 192.168.12.125:8080>
    ServerAdmin [email protected]
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    Redirect permanent / https://test.mydomain.co.tz:8080/
</VirtualHost>

谁来帮忙,我已经在这里堆了好几天了。谢谢你。

apache ssl https openssl virtualhost
2个回答
2
投票

在虚拟主机中,您应该拥有唯一的 IP 地址和端口组合。例如,在第二个块中,将其从 443 更改为 8443

<VirtualHost 192.168.12.125:443>
    ServerName test.mydomain.co.tz
    DocumentRoot /var/www/html/tan_web/frontend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

<VirtualHost 192.168.12.125:8443> <!-- Change the port here -->
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

在httpd.conf中,http流量必须定向到相关端口:

<VirtualHost 192.168.12.125:80>
    ServerAdmin [email protected]
    ServerName test.mydomain.co.tz:80
    DocumentRoot /var/www/html/tan_web/frontend/web
    Redirect permanent / https://test.mydomain.co.tz/
</VirtualHost>

<VirtualHost 192.168.12.125:8080>
    ServerAdmin [email protected]
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    Redirect permanent / https://test.mydomain.co.tz:8443/ <!-- Redirect to the new port -->
</VirtualHost>
1
投票

在 CentOS 中,添加到 

/etc/httpd/conf.d/ssl.conf
,在 Debian/Ubuntu 中,添加到 
/etc/apache2/ports.conf
,行:

Listen 8080 https

Apache/mod_ssl,默认情况下,443/TCP 已知,但必须将任何其他 TLS 感知的 TCP 端口添加到配置中。

否则,任何非 443/TCP 端口将仅作为支持 HTTP 的端口进行处理。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.