我将amazon-linux与apache(apache/2.4.25(amazon))一起使用。我有几个域和几个子域。我将letsencrypt/cerbot用于ssl证书。这是有效的。我可以毫无问题地访问https。但是,我无法访问任何非默认http虚拟主机。它们都重新路由到默认虚拟主机。我只发现了一些其他类似的没有解决方案的帖子,这似乎很难搜索。Letsencrypt抱怨说,我需要为虚拟主机单独的文件,所以这就是我为http和https所做的。我最终将所有的http都移到了httpd.conf中,但这也不起作用。我的域和子域也有"A"记录。我错过了什么?
###Begin httpd.conf###
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User nona_yo_biz
Group nona_yo_biz
ServerAdmin support@example.com
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "/var/www">
AllowOverride All
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Load config files in the "/etc/httpd/conf.d" directory, if any.
# This is where my ssl files are stored
IncludeOptional conf.d/*.conf
#Some other module crap etc
#Some other AWS settings
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride All
DirectoryIndex index.html index.php
Require all granted
</Directory>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub1example"
ServerName sub1.example.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub2example"
ServerName sub2.example.com
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/example"
ServerName example.com
</VirtualHost>
###End httpd.conf###
###BEGIN ssl.conf###
Listen 443 https
#Some other stuff
<VirtualHost *:443>
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
#Some other stuff
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
ServerAdmin support@example.com
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###END ssl.conf
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub1example"
ServerName sub1.example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/sub2example"
ServerName sub2.example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
###Separate conf file for vhost###
<VirtualHost *:443>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/example"
ServerName example.com:443
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem
</VirtualHost>
编辑apachectl-S输出
sudo apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server basesite.com (/etc/httpd/conf.d/ssl.conf:57)
port 443 namevhost basesite.com (/etc/httpd/conf.d/ssl.conf:57)
port 443 namevhost sub1.example.com (/etc/httpd/conf.d/ssl_sub1_exa.conf:1)
port 443 namevhost example.com (/etc/httpd/conf.d/ssl_exa.conf:1)
port 443 namevhost sub2.example.com (/etc/httpd/conf.d/ssl_sub2_exa.conf:1)
*:80 is a NameVirtualHost
default server basesite.com (/etc/httpd/conf/httpd.conf:392)
port 80 namevhost basesite.com (/etc/httpd/conf/httpd.conf:392)
port 80 namevhost sub1.example.com (/etc/httpd/conf/httpd.conf:400)
alias sub1.example.com:80
port 80 namevhost example.com (/etc/httpd/conf/httpd.conf:407)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html/"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex default: dir="/var/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="nona_yo_biz" id=404
Group: name="nona_yo_biz" id=505
所以我已经解决了这个问题,不幸的是,这是尝试了几种不同方法的组合。所以我没有一个简单的答案,但我可以提供一些帮助我的东西。
- 多亏了Vasya Zhuryk,我使用sudo apachectl-S来确定我的虚拟主机实际加载的位置/方式。在AmazonLinuxapache默认设置中,当ssl文件以".conf"结尾时,它们会从conf.d动态加载。它们是通过IncludeOptionalconf.d/*.conf从主httpd.conf文件加载的。正如我之前所意识到的,不要将备份保留在conf.d中并使用".conf",否则会出现问题。但是,在conf文件夹中不会出现这种情况。因此,这些需要包含在Include/path to file/file.conf中
- 我发现,当在chrome(ctrl+shift+N)中进行私人浏览时,非ssl网站运行良好。因此,自"时间开始"以来清除"自动填充表单数据"(以及可能缓存的图像和文件)清除了chrome中的坏域重定向。这是非常误导性的,因为当我键入地址时,会显示正确的域名,但总是重定向到错误的域名。这可能是因为以前的虚拟主机配置不好
在这一过程中,我们做了很多事情,也尝试了很多,但以上是一些关键点,可能会对其他人有所帮助。
我有两个想法:(请参阅虚拟主机)
1. httpd -S
和
2. SSLCertificateKeyFile must have *.key extension
你没有规则的虚拟主机指令(index.php,启用.htaccess和其他),你可以试试这个:
<VirtualHost *:80>
ServerAdmin support@example.com
DocumentRoot "/var/www/html/basesite"
ServerName basesite.com
<Directory "/var/www/html/basesite/">
Options Indexes FollowSymLinks
AllowOverride All
DirectoryIndex index.php index.html
Require all granted
</Directory>
</VirtualHost>
我没有看到NameVirtualHost*:80的条目,对于基于名称的虚拟主机,这是您在配置文件中需要的条目。试试看。
您需要将"NS"记录添加到域管理面板中。