安装了SSL证书，但是当我进入我的域名时，我必须在URL之前包括https://

我一直在摆弄Apache，我买了一个SSL证书。我终于得到了它的安装，但现在当我去我的域名与URL (leethecoder.com)我认为它试图使用HTTP?当然，使用SSL证书的服务器没有在端口80上监听。但是，如果我在URL (https://leethecoder.com)之前包含https://，它就可以工作了。是否有一种方法，我可以使服务器强制基本URL (leethecoder.com)转到端口443?

这是我当前的/sites-enabled/配置文件。

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
    ServerName www.leethecoder.com
    ServerAlias www.leethecoder.com leethecoder.com
    Options -Indexes
    DocumentRoot /var/www/leethecoder.com/public_html/
    SSLEngine on
    SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
    SSLCertificateKeyFile /etc/ssl/private/sslkey.key
    SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
    ErrorLog /var/www/leethecoder.com/logs/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

IMO，这个是"正确的"(你目前是A-，下面可能有助于获得A+):

<VirtualHost *:80>
  ServerName leethecoder.com
  ServerAlias *.leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
  ServerName www.leethecoder.com
  UseCanonicalName Off
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
  ServerName leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  DocumentRoot /var/www/leethecoder.com/public_html
  <Directory /var/www/leethecoder.com/public_html/>
    Allow From All
  </Directory>
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
</VirtualHost>

当然，这是假设您的变量是有效的，您更喜欢没有www的https，并且您可以让您的客户端使用该密码套件。此外，您已经启用了该站点，并禁用了任何其他冲突的站点。

正确的方法——安全的方法——是使用apache虚拟主机重定向:

<virtualhost *:80="">
ServerName www.example.com
Redirect / https://www.example.com/
</virtualhost>
<virtualhost *:443="">
ServerName www.example.com
# ... SSL configuration goes here
</virtualhost>

或者你需要使用mod_rewrite返回一个HTTP_RESPONSE 301来重定向到你的HTTPS站点。

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

还需要监听80端口。

http://httpd.apache.org/docs/current/mod/mod_rewrite.html

相关内容

最新更新

热门标签：