在Docker容器中运行的Apache Web服务器中的SSL证书不起作用

我创建了一个docker容器，上面运行着一个Apache Web服务器。图片来自httpd：2.4.41。我用以下命令创建了一个私钥和证书

openssl req -newkey rsa:2048 -nodes -keyout /mnt/hgfs/services/apachebinaries/server/conf/ssl/server.key -x509 -out /mnt/hgfs/services/apachebinaries/server/conf/ssl/certificate.crt

然后我用以下路径配置了我的httpd.conf：

<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile /usr/local/apache2/conf/ssl/certificate.crt
   SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
   # Weitere Konfigurationsoptione
</VirtualHost>

(the从主机系统到docker容器的路径正确挂载）
然后我在我的docker compose文件中将端口从docker发布到主机。
但是如果我想访问correkt ip地址的端口，我会从浏览器中获得以下输出：enter image description here

几天前发生在我身上，这与丢失Listen 443有关。
因此，在httpd.conf中，在VirtualHost之前添加Listen 443，如下所示：

Listen 443
<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile /usr/local/apache2/conf/ssl/certificate.crt
   SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
   # Weitere Konfigurationsoptione
</VirtualHost>

您可以在HTTPD文档页面"How This Works With Virtual Hosts"上找到更多信息
这是添加Listen 443之前和之后的情况
之前：

$ curl -v https://localhost:443/ --insecure
*   Trying ::1:443...
* Connected to localhost (::1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443

之后：

$ curl -v https://localhost:443/ --insecure
*   Trying ::1:443...
* Connected to localhost (::1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
*  start date: Jun 28 13:25:20 2023 GMT
*  expire date: Jul 28 13:25:20 2023 GMT
*  issuer: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.1
> Host: localhost:443
> User-Agent: curl/7.74.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 28 Jun 2023 13:29:59 GMT
< Server: Apache/2.4.41 (Unix) OpenSSL/1.1.1d
< Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
< ETag: "2d-432a5e4a73a80"
< Accept-Ranges: bytes
< Content-Length: 45
< Content-Type: text/html
<
<html><body><h1>It works!</h1></body></html>
* Connection #0 to host localhost left intact

--insecure只是因为它是一个自签名证书。

在Docker容器中运行的Apache Web服务器中的SSL证书不起作用

1条答案

相关问题

热门标签

最新问答