除了默认的 SSL 之外,我的主机是 entis.bla.nl 和 test.bla.nl 去 test.bla.nl 提供的页面来自 entis.bla.nl。如果我通过 IP 访问服务器,我会得到默认的 SSL 主机,正如您在下面看到的那样。
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server bla.colo.bla.net (/etc/apache2/sites-enabled/default-ssl:2)
port 443 namevhost bla.colo.bla.net (/etc/apache2/sites-enabled/default-ssl:2)
port 443 namevhost entis.bla.nl (/etc/apache2/sites-enabled/live-entis:19)
port 443 namevhost test.bla.nl (/etc/apache2/sites-enabled/test-entis:21)
entis.bla.nl 的配置:
<VirtualHost *:80>
ServerName entis.bla.nl
DocumentRoot /var/www/live/web
<Directory /var/www/live/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /app.php [QSA,L]
</IfModule>
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/apache2/apache-ssl/apache.pem
ServerName entis.bla.nl
DocumentRoot /var/www/live/web
<Directory /var/www/live/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /app.php [QSA,L]
</IfModule>
</Directory>
</VirtualHost>
测试配置:
<VirtualHost *:80>
ServerName test.bla.nl
DocumentRoot /var/www/test/web
<Directory /var/www/test/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /app.php [QSA,L]
</IfModule>
</Directory>
ErrorLog /var/log/apache2/test-error.log
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/apache2/apache-ssl/apache.pem
ServerName test.bla.nl
DocumentRoot /var/www/test/web
<Directory /var/www/test/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /app.php [QSA,L]
</IfModule>
</Directory>
ErrorLog /var/log/apache2/test-error.log
</VirtualHost>
更新 在 error.log 中找到这个。不确定它是否直接相关,因为非 ssl 配置与 ssl 配置具有相同的问题。
[Tue Oct 01 13:06:07 2013] [notice] caught SIGTERM, shutting down
[Tue Oct 01 13:06:08 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Oct 01 13:06:08 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Oct 01 13:06:08 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.8 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations
最佳答案
我在 http://wiki.apache.org/httpd/NameBasedSSLVHosts 阅读了文档更接近,重要的一点是(强调我的):
In reality, Apache will allow you to configure name-based SSL virtual hosts, but it will always use the configuration from the first-listed virtual host (on the selected IP address and port) to setup the encryption layer*. In certain specific circumstances, it is acceptable to use a single SSL configuration for several virtual hosts. In particular, this will work if the SSL certificate applies to all the virtual hosts. For example, this will work if:
All the VirtualHosts are within the same domain, eg: one.example.com and two.example.com.
You have a wildcard SSL certificate for that domain (one where the Common Name begins with an asterix: i.e *.example.com)
关于Apache 虚拟主机始终托管较早的内联,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19113662/