(已解決)apache多網域設定動作異常

apache conf 多網域 virtualhost ssl憑證

舜~ 2020-10-03 12:51:37 ‧ 7599 瀏覽

分享至

各位前輩們問一下，

我在centos上設定apache

在設定apache多網域的時候
第一個VirtualHost會優先選擇，
導致其他都沒效，
<VirtualHost domain:80>、ServerName我都設了，
請問我哪邊設錯了??

2020-10-04 目前發現所有的443都是去吃<VirtualHost _default_:443>，
也就是我所設定的 <VirtualHost *:443> 沒效，
請問要如何啟用??

我的httpd.conf
2020-10-04 依照fillano大大的建議修改，並參考網路上的修改如下

VirtualHost XXX:80 改成萬用字元 VirtualHost *:80
相同port的放在一起
沒有ServerName的放最前面，這樣IP才連的到
domain http連線的可以了，但https一樣沒效

NameVirtualHost *:80


# default 80 port for use ip
<VirtualHost *:80>
    ServerAdmin wewe987001@gmail.com
    DocumentRoot /var/www/html
    #ServerName example.tw
    #ErrorLog logs/error_log
    #CustomLog logs/access_log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName poe.example.tw
	ServerAlias poe.example.tw
    ServerAdmin wewe987001@gmail.com
    DocumentRoot /var/www/html/poe
#	RewriteEngine on
#	RewriteCond %{SERVER_NAME} =poe.example.tw
#	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=permanent]
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example.tw
	ServerAlias example.tw
    ServerAdmin wewe987001@gmail.com
    DocumentRoot /var/www/html/vesc
</VirtualHost>

<VirtualHost *:80>
    ServerName svesc.example.tw
    DocumentRoot /var/www/html/svesc
    ServerAdmin wewe987001@gmail.com
</VirtualHost>



# === 443 port ===


<VirtualHost *:443>
    ServerName www.example.tw
	ServerAlias example.tw
    ServerAdmin wewe987001@gmail.com
    DocumentRoot /var/www/html/vesc
	
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/www.example.tw/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.example.tw/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/www.example.tw/chain.pem
</VirtualHost>

<VirtualHost *:443>
    ServerName poe.example.tw
    ServerAdmin wewe987001@gmail.com
    DocumentRoot /var/www/html/poe
	
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/www.example.tw/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.example.tw/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/www.example.tw/chain.pem
</VirtualHost>

<VirtualHost *:443>
    ServerName svesc.example.tw
    DocumentRoot /var/www/html/svesc
    ServerAdmin wewe987001@gmail.com
	
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/www.example.tw/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.example.tw/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/www.example.tw/chain.pem
</VirtualHost>

options-ssl-apache.conf (應該跟這個無關)

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder     off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

我希望的動作是這些網域對應各自的資料夾
www.example.tw -> vesc
poe.example.tw -> poe
svesc.example.tw -> svesc
ip -> 跟目錄 (因為原本都是用IP去連線的，多個網站有很多寫死的連結未來要改成相對或是用domain，但在尚未改完之前，IP還是必須要連的到)

但現況是因為 poe.example.tw 是第一個設定的，結果全部都跑去吃poe的設定了
想請問該如何是好??

==================

經過fillano大大的建議與一些調整
目前只剩下https 443的部分完全失效
後來發現他都是去吃ssl.conf的VirtualHost default:443設定，
這我要怎麼調整?整段刪掉?

下面是ssl.conf (刪掉註解)

<IfModule !mod_ssl.c>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443

SSLPassPhraseDialog builtin

SSLSessionCache  shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout         300

SSLMutex  default

SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:!3DES:!RC4
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

#SSLVerifyClient require
#SSLVerifyDepth  10

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

我要如何調整才能讓我的VirtualHost *:443 生效??

=======
2020-10-04
找到443設定沒效的原因了... 忘了加上 NameVirtualHost *:443

看更多先前的討論...收起先前的討論...

咖咖拉 iT邦好手 1 級 ‧ 2020-10-03 15:06:41 檢舉

有重新啟動apache嗎?
我自己設定都是直接

<VirtualHost *:80>
DocumentRoot /var/www/html/poe
ServerName poe.example.tw
</VirtualHost>

舜~ iT邦高手 1 級 ‧ 2020-10-03 15:17:56 檢舉

有重啟過了，因為有三個domain所以用7個VirtualHost （3*2(http/https) +1(ip)）

fillano iT邦超人 1 級 ‧ 2020-10-03 20:54:46 檢舉

NameVirtualHost *:80
<VirtualHost name:80>
...
</VirutalHost>
...more for :80

NameVirtualHost *:443
<VirtualHost name:443>
...
</VirtualHost>
...more for :443

要分開來指定，你中間插了個443，之後就都是錯的，所以只有第一個有效。