Sni несколько ssl на разных виртуальных хостах Apache 2.4.10 (Debian)
Is it possible to set up multiple domains ssl on that apache version?
I have site A -> ssl certificate A site B -> certificate B
then each file has a virtualhost like this, but it's not working: only site A has certificate applied correctly, browser says siteB has siteA certificate..
<Virtualhost *:8888>
ServerName www.siteA.com
DocumentRoot /var/www/siteA/
RewriteEngine On
<Directory /var/www/siteA/>
Options -Indexes +FollowSymLinks
AllowOverride all
Order allow,deny
allow from all
</Directory>
Loglevel warn
ErrorLog /var/log/apache2/siteA-error.log
CustomLog /var/log/apache2/siteaA combined
</VirtualHost>
NameVirtualHost *:443
# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off
<IfModule mod_ssl.c>
<Virtualhost *:443>
ServerName siteA.com
DocumentRoot /var/www/siteA/
RewriteEngine On
<Directory /var/www/siteA/>
Options -Indexes +FollowSymLinks
AllowOverride all
Order allow,deny
allow from all
</Directory>
CustomLog /var/log/apache2/siteA combined
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =s
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/siteA/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/siteA/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
apachectl -S
*:443 is a NameVirtualHost
default server siteA (/etc/apache2/sites-enabled/siteA:24)
port 443 namevhost siteA (/etc/apache2/sites-enabled/siteA:24)
port 443 namevhost siteB (/etc/apache2/sites-enabled/siteB:8)
0
задан Sam Provides
6 July 2017 в 16:05
Ссылка
1 ответ
Для использования SSL на нескольких веб-сайтах под сервером Apache2 выполните шаги
Файл: 000-default.conf
<VirtualHost *:80>
ServerName siteA.com
ServerAlias www.siteA.com
ServerAdmin admin@siteA.com
DocumentRoot /var/www/html/siteA
DirectoryIndex index.php
<Directory /var/www/siteA/>
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
ErrorLog ${APACHE_LOG_DIR}/siteA-error.log
CustomLog ${APACHE_LOG_DIR}/siteA-access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName siteB.com
ServerAlias www.siteB.com
ServerAdmin admin@siteB.com
DocumentRoot /var/www/html/siteB
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
ErrorLog ${APACHE_LOG_DIR}/siteB-error.log
CustomLog ${APACHE_LOG_DIR}/siteB-access.log combined
</VirtualHost>
Файл: default-ssl.conf
<VirtualHost *:443>
ServerAdmin admin@siteA.com
ServerName www.siteA.com
DocumentRoot /var/www/html/siteA
SSLEngine On
SSLCertificateFile /etc/ssl/siteA_cf.crt
SSLCertificateKeyFile /etc/ssl/private/siteA_cf.key
SSLCACertificateFile /etc/ssl/siteA_cf.ca-bundle.crt
</VirtualHost>
<VirtualHost *:443>
ServerName siteB.com
ServerAlias www.siteB.com
DocumentRoot /var/www/html/siteB
SSLEngine On
SSLCertificateFile /etc/ssl/siteB_cf.crt
SSLCertificateKeyFile /etc/ssl/private/siteB_cf.key
SSLCACertificateFile /etc/ssl/siteB_cf.ca-bundle.crt
</VirtualHost>
Примечание: SSLCertificateChainFile устарел , используйте вместо него SSLCACertificateFile .
После создания этих файлов убедитесь, что ваши сайты включены.
a2ensite 000-default.conf
a2ensite default-ssl.conf
Затем следует перезагрузка ( или постепенный перезапуск)
service apache2 reload
0