2017-10-12 200 views
0

我使用亞馬遜Linux與Apache(Apache/2.4.25(亞馬遜))。我有幾個域名和幾個子域名。我使用letsencrypt/cerbot作爲ssl證書。這工作。我可以訪問https而沒有問題。但是,我無法訪問我的任何非默認http虛擬主機。它們都重新路由到默認虛擬主機。我只發現了其他一些沒有解析的帖子,這似乎很難搜索。 Letsencrypt抱怨說我需要虛擬主機的單獨文件,這就是我爲http和https所做的。我已經把所有的http轉移到了httpd.conf中,但這也不起作用。我的域名和子域名也有「A」記錄。我錯過了什麼?Apache虛擬主機https工作,但http只需默認虛擬主機

###Begin httpd.conf### 

ServerRoot "/etc/httpd" 

Listen 80 

Include conf.modules.d/*.conf 

User nona_yo_biz 
Group nona_yo_biz 

ServerAdmin [email protected] 

<Directory /> 
    AllowOverride none 
    Require all denied 
</Directory> 

<Directory "/var/www"> 
    AllowOverride All 
    # Allow open access: 
    Require all granted 
</Directory> 

<Directory "/var/www/html"> 
    Options FollowSymLinks 
    AllowOverride All 
    Require all granted 
</Directory> 

# Load config files in the "/etc/httpd/conf.d" directory, if any. 
# This is where my ssl files are stored 
IncludeOptional conf.d/*.conf 

#Some other module crap etc 

#Some other AWS settings 

<Directory "/var/www/html"> 
    Options FollowSymLinks 
    AllowOverride All 
    DirectoryIndex index.html index.php 
    Require all granted 
</Directory> 

<VirtualHost *:80> 
ServerAdmin [email protected] 
DocumentRoot "/var/www/html/basesite" 
ServerName basesite.com 
</VirtualHost> 

<VirtualHost *:80> 
ServerAdmin [email protected] 
DocumentRoot "/var/www/html/sub1example" 
ServerName sub1.example.com 
</VirtualHost> 

<VirtualHost *:80> 
ServerAdmin [email protected] 
DocumentRoot "/var/www/html/sub2example" 
ServerName sub2.example.com 
</VirtualHost> 

<VirtualHost *:80> 
ServerAdmin [email protected] 
DocumentRoot "/var/www/html/example" 
ServerName example.com 
</VirtualHost> 

###End httpd.conf### 

###BEGIN ssl.conf### 

Listen 443 https 

#Some other stuff 

<VirtualHost *:443> 
DocumentRoot "/var/www/html/basesite" 
ServerName basesite.com:443 
ErrorLog logs/ssl_error_log 
TransferLog logs/ssl_access_log 
LogLevel warn 
SSLEngine on 
SSLProtocol all -SSLv3 
SSLProxyProtocol all -SSLv3 
SSLHonorCipherOrder on 
#Some other stuff 
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 
ServerAdmin s[email protected] 
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem 
</VirtualHost> 

###END ssl.conf 

###Separate conf file for vhost### 

<VirtualHost *:443> 
ServerAdmin [email protected] 
DocumentRoot "/var/www/html/sub1example" 
ServerName sub1.example.com:443 
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem 
</VirtualHost> 

###Separate conf file for vhost### 

<VirtualHost *:443> 
ServerAdmin [email protected] 
DocumentRoot "/var/www/html/sub2example" 
ServerName sub2.example.com:443 
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem 
</VirtualHost> 

###Separate conf file for vhost### 

<VirtualHost *:443> 
ServerAdmin [email protected] 
DocumentRoot "/var/www/html/example" 
ServerName example.com:443 
SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem 
</VirtualHost> 

編輯的apachectl -S輸出

sudo apachectl -S 
VirtualHost configuration: 
*:443     is a NameVirtualHost 
     default server basesite.com (/etc/httpd/conf.d/ssl.conf:57) 
     port 443 namevhost basesite.com (/etc/httpd/conf.d/ssl.conf:57) 
     port 443 namevhost sub1.example.com (/etc/httpd/conf.d/ssl_sub1_exa.conf:1) 
     port 443 namevhost example.com (/etc/httpd/conf.d/ssl_exa.conf:1) 
     port 443 namevhost sub2.example.com (/etc/httpd/conf.d/ssl_sub2_exa.conf:1) 
*:80     is a NameVirtualHost 
     default server basesite.com (/etc/httpd/conf/httpd.conf:392) 
     port 80 namevhost basesite.com (/etc/httpd/conf/httpd.conf:392) 
     port 80 namevhost sub1.example.com (/etc/httpd/conf/httpd.conf:400) 
       alias sub1.example.com:80 
     port 80 namevhost example.com (/etc/httpd/conf/httpd.conf:407) 
ServerRoot: "/etc/httpd" 
Main DocumentRoot: "/var/www/html/" 
Main ErrorLog: "/etc/httpd/logs/error_log" 
Mutex default: dir="/var/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults 
Mutex cache-socache: using_defaults 
Mutex authdigest-opaque: using_defaults 
Mutex watchdog-callback: using_defaults 
Mutex proxy-balancer-shm: using_defaults 
Mutex rewrite-map: using_defaults 
Mutex ssl-stapling-refresh: using_defaults 
Mutex authdigest-client: using_defaults 
Mutex ssl-stapling: using_defaults 
Mutex proxy: using_defaults 
Mutex authn-socache: using_defaults 
Mutex ssl-cache: using_defaults 
PidFile: "/var/run/httpd/httpd.pid" 
Define: DUMP_VHOSTS 
Define: DUMP_RUN_CFG 
User: name="nona_yo_biz" id=404 
Group: name="nona_yo_biz" id=505 

回答

0

所以我已經解決了這個問題,不幸的是它是嘗試幾個不同的事情的組合。所以我沒有一個簡單的答案來提供,但我可以提供一些幫助我一路走來的事情。

  1. 感謝Vasya Zhuryk我用須藤的apachectl -S確定在何處/如何實際上被加載我virtualhosts。在亞馬遜Linux apache默認設置中,當您的ssl文件以「.conf」結尾時,會從conf.d動態加載。它們通過從主httpd.conf文件中加載IncludeOptional conf.d/*。conf。正如我以前所認識到的那樣,不要將備份放在conf.d中,而是使用「.conf」,否則最終會出現問題。這不會發生在conf文件夾中。所以那些需要包含在包含/ path/file.conf
  2. 我發現,當私人在鉻瀏覽(ctrl + shift + N),非ssl網站工作正常。因此,自「時間的開始」以來,清除自動填充表單數據(可能緩存的圖像和文件)清除了Chrome中的錯誤域重定向。這是非常誤導的,因爲我會輸入地址,正確的域名會顯示,但總是會重定向到錯誤的地址。這很可能是因爲以前配置不當的虛擬主機。

再次,有很多事情都做了,並嘗試沿途,但以上是一些可以幫助他人的關鍵點。

0

我沒有看到一個條目了NameVirtualHost *:80,基於虛擬主機這個名字是你需要在你的配置中的條目文件。試試吧。

+0

我已經試過了。在apache 2.4中,它已從文檔中刪除,並在檢查語法時拋出警告/錯誤。所以我沒有實際部署它就刪除了它。 – vdidxho

0

我有2個主意: (見虛擬主機)

1. httpd -S 

而且

2. SSLCertificateKeyFile must have *.key extension 

你不有規則的虛擬主機指令(index.php文件,使的.htaccess等),你可以試試這個:

<VirtualHost *:80> 
    ServerAdmin [email protected] 
    DocumentRoot "/var/www/html/basesite" 
    ServerName basesite.com 

    <Directory "/var/www/html/basesite/"> 
     Options Indexes FollowSymLinks 
     AllowOverride All 
     DirectoryIndex index.php index.html 
     Require all granted 
    </Directory> 
</VirtualHost> 
+0

謝謝,我不知道apachectl -S。我會將輸出添加到上面的問題中。我不相信.key的事情是一個問題,因爲https工作正常,我發現在一個關於letsencrypt和amazon linux的地方。 – vdidxho

+0

我應該將目錄添加到每個*:80虛擬主機嗎?我還以爲他們會從我的配置文件 中繼承自全局的選項。選項FollowSymLinks AllowOverride全部 要求全部授予 vdidxho

0

你需要添加「NS」記錄到域管理面板。