it-swarm.com.de

Verwenden von mehreren SSL auf mehreren Domänen mit einer IP-Adresse

Ich verwende Apache und habe zwei Domänen, für die ich virtuelle Hosts erstellt und SSL-Zertifikate installiert habe. Es funktioniert jedoch nur eine Domain und die andere leitet nur zu dieser Domain weiter. Ich denke, das liegt daran, dass Standort 1 der primäre Standort ist und ich für jede Domain eine separate IP-Adresse benötige, wenn ich SSL verwende.

Ich habe einige Artikel gelesen, die besagen, dass Sie mehrere SSL-Zertifikate mit einer IP verwenden können, indem Sie auf Ihrem virtuellen Host die folgenden Schritte ausführen

<VirtualHost *:443>

Ich habe es versucht, aber es funktioniert bei mir nicht. Auch viele Artikel erwähnen SNI, aber ich bin nicht 100% sicher, was dies bedeutet. Könnte jemand etwas Licht ins Dunkel bringen und mich in die richtige Richtung lenken?

So sehen meine virtuellen Hosts aus

Site 1

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin [email protected]
  ServerName  domain.com
  ServerAlias www.domain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /var/www/html/domain.com/public_html
  Redirect permanent / https://www.domain.com

  <Directory "/var/www/html/domain.com/public_html">
  Options FollowSymLinks
  AllowOverride All
  Order allow,deny
  Allow from all
  </Directory>

  # Log file locations
  LogLevel warn
  #ErrorLog  /var/www/html/domain.com/log/error.log
  #CustomLog /var/www/html/domain.com/log/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName domain.com
        ServerAlias www.domain.com

        DocumentRoot /var/www/html/domain.com/public_html
        <Directory "/var/www/html/domain.com/public_html">
                #Options Indexes FollowSymLinks MultiViews
                Options FollowSymLinks
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${Apache_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${Apache_LOG_DIR}/ssl_access.log combined

        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual Host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/Apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/Apache2/ssl/www_domain_com/www_domain_com.crt
        SSLCertificateKeyFile /etc/Apache2/ssl/www_domain_com/server.key

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.
        SSLCertificateChainFile /etc/Apache2/ssl/www_domain_com/www_domain_com.ca-bundle

        #...

</VirtualHost>
</IfModule>

Site 2

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin [email protected]
  ServerName  domain2.com
  ServerAlias www.domain2.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.php index.html
  DocumentRoot /var/www/html/domain2.com/public_html/public
  #  Redirect permanent / https://www.domain2.com

  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/html/domain2.com/log/error.log
  CustomLog /var/www/html/domain2.com/log/access.log combined

  SetEnv CI_ENV production
  SetEnv CI_BASE_URL http://www.domain2.com/

  <Directory "/var/www/html/domain2.com/public_html/public">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /var/www/html/domain2.com/public_html/public/.htpasswd
        Require valid-user

        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
  </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName domain2.com
        ServerAlias www.domain2.com
        DocumentRoot /var/www/html/domain2.com/public_html/public

        <Directory "/var/www/html/domain2.com/public_html/public">
                #Options Indexes FollowSymLinks MultiViews
                Options FollowSymLinks
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

       ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${Apache_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${Apache_LOG_DIR}/ssl_access.log combined
        Alias /doc/ "/usr/share/doc/"

        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual Host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/Apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/Apache2/ssl/www_domain2_com/www_domain2_com.crt
        SSLCertificateKeyFile /etc/Apache2/ssl/www_domain2_com/server.key

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.
        SSLCertificateChainFile /etc/Apache2/ssl/www_domain2_com/www_domain2_com.ca-bundle

        #...

</VirtualHost>
</IfModule>
1
Pattle

Sie benötigen keine IP-Adresse pro SSL-Domäne, aber Sie benötigen die ServerName-Direktive in jedem virtuellen Host. Folgendes sollte mit Apache2 funktionieren. Wenn Sie Apache2 nicht verwenden, ist dies etwas anders.


<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName example.com
        DocumentRoot /var/www

</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerAdmin [email protected]
        ServerName example.com
        DocumentRoot /var/www

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual Host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/Apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile /etc/Apache2/ssl/example.com/Apache.crt
        SSLCertificateKeyFile /etc/Apache2/ssl/example.com/Apache.key
</VirtualHost>

</IfModule>
1
user508889

Gelöst!

Die Konfiguration, die nur für einen von mehreren Standorten gilt, gehört zur Standortkonfiguration.

bewegung

<Directory /var/www/html/example.com>
    AllowOverride All
</Directory> 
ServerName example.com

von

/ etc/Apache2/Apache2.conf

in

/etc/Apache2/sites-available/example.conf
0
Yannis