发表新帖
发表新帖

Apache Name Virtual Host with SSL

后端 未结
关注
7 627
暖寄归人
暖寄归人 2020-12-24 05:34

I am attempting to setup our servers to allow traffic over SSL. I am aware that SSL does not work with Name Virtual Host, but we have all of our apache servers on virtual m

相关标签:
7条回答
  • 旧时难觅i
    2020-12-24 06:12

    As far as I know, Apache supports SNI since Version 2.2.12 Sadly the documentation does not yet reflect that change.

    Go for http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI until that is finished

    0 讨论(0)
  • 悲&欢浪女
    2020-12-24 06:13

    First you need NameVirtualHost ip:443 in you config file! You probably have one with 80 at the end, but you will also need one with 443.

    Second you need a *.domain certificate (wildcard) (it is possible to make one)

    Third you can make only something.domain webs in one ip (because of the certificate)

    0 讨论(0)
  • 执笔经年
    2020-12-24 06:15

    You MUST add below part to enable NameVirtualHost functionality with given IP.

    NameVirtualHost IP_Address:443
    0 讨论(0)
  • 刺人心
    2020-12-24 06:16

    You may be able to replace the: 

    VirtualHost ipaddress:443

    with 

    VirtualHost *:443

    You probably need todo this on all of your virt hosts.

    It will probably clear up that message. Let the ServerName directive worry about routing the message request.

    Again, you may not be able to do this if you have multiple ip's aliases to the same machine.

    0 讨论(0)
  • 执笔经年
    2020-12-24 06:17

    It sounds like Apache is warning you that you have multiple <VirtualHost> sections with the same IP address and port... as far as getting it to work without warnings, I think you would need to use something like Server Name Indication (SNI), a way of identifying the hostname requested as part of the SSL handshake. Basically it lets you do name-based virtual hosting over SSL, but I'm not sure how well it's supported by browsers. Other than something like SNI, you're basically limited to one SSL-enabled domain name for each IP address you expose to the public internet.

    Of course, if you are able to access the websites properly, you'll probably be fine ignoring the warnings. These particular ones aren't very serious - they're mainly an indication of what to look at if you are experiencing problems

    0 讨论(0)
  • 有刺的猬
    2020-12-24 06:20

    The VirtualHost would look like this:

    NameVirtualHost IP_Address:443

<VirtualHost IP_Address:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt    # Where "ca" is the name of the Certificate
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    ServerAdmin webmaster@domain_name.com
    DocumentRoot /var/www/html
    ServerName www.domain_name.com
    ErrorLog logs/www.domain_name.com-error_log
    CustomLog logs/www.domain_name.com-access_log common
</VirtualHost>
    0 讨论(0)
 看不清?
提交回复
热议问题