如何在Apache中配置SSL

nsc4cvqm  于 2023-08-06  发布在  Apache
关注(0)|答案(2)|浏览(109)

如何在apache webserver中为IP相同但端口号和DocumentRoot不同的yii 2项目的前端和后端配置SSL?
下面是我如何尝试的,但它只适用于我开始使用的virtualHost block
我用centOS 7
ssl.conf文件中

<VirtualHost 192.168.12.125:443>
    ServerName test.mydomain.co.tz
    DocumentRoot /var/www/html/tan_web/frontend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

<VirtualHost 192.168.12.125:443>
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

字符串
httpd.conf

<VirtualHost 192.168.12.125:80>
    ServerAdmin admin@mydomain.co.tz
    ServerName test.mydomain.co.tz:80
    DocumentRoot /var/www/html/tan_web/frontend/web
    Redirect permanent / https://test.mydomain.co.tz/
</VirtualHost>

<VirtualHost 192.168.12.125:8080>
    ServerAdmin admin@mydomain.co.tz
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    Redirect permanent / https://test.mydomain.co.tz:8080/
</VirtualHost>


有人帮忙吗,我在这里堆了几天了。- 谢谢你-谢谢

jm81lzqq

jm81lzqq1#

在virtualhost中,您应该具有唯一ip地址和端口组合。例如,在第二个块中,将其从443更改为8443

<VirtualHost 192.168.12.125:443>
    ServerName test.mydomain.co.tz
    DocumentRoot /var/www/html/tan_web/frontend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

<VirtualHost 192.168.12.125:8443> <!-- Change the port here -->
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    SSLEngine on
    SSLCertificateFile /var/www/html/tan_web/sslDocs/mail_tanesco_co_tz.crt
    SSLCertificateKeyFile /var/www/html/tan_web/sslDocs/test_tanesco_co_tz.key
    SSLCertificateChainFile /var/www/html/tan_web/sslDocs/DigiCertCA.crt
</VirtualHost>

字符串
在httpd.conf中,http流量必须定向到相关端口:

<VirtualHost 192.168.12.125:80>
    ServerAdmin admin@mydomain.co.tz
    ServerName test.mydomain.co.tz:80
    DocumentRoot /var/www/html/tan_web/frontend/web
    Redirect permanent / https://test.mydomain.co.tz/
</VirtualHost>

<VirtualHost 192.168.12.125:8080>
    ServerAdmin admin@mydomain.co.tz
    ServerName test.mydomain.co.tz:8080
    DocumentRoot /var/www/html/tan_web/backend/web
    Redirect permanent / https://test.mydomain.co.tz:8443/ <!-- Redirect to the new port -->
</VirtualHost>

d5vmydt9

d5vmydt92#

在CentOS中,添加到/etc/httpd/conf.d/ssl.conf,在Debian/Ubuntu中添加到/etc/apache2/ports.conf,行:

Listen 8080 https

字符串
Apache/mod_ssl,默认情况下,443/TCP是已知的,但任何其他TLS感知的TCP端口必须添加到配置中。
否则,任何非443/TCP端口将仅作为支持HTTP的端口处理。

相关问题