JS服务器运行在8200 ,我刚刚得到了一些SSL证书为我的域名。 我希望能够通过HTTPS服务我的页面。
到目前为止,我的Apacheconfiguration文件是这样的
文件:/etc/apache2/sites-enabled/synsis.conf
<VirtualHost *:443> ServerAdmin [email protected] ServerName www.synsis.live ServerAlias synsis.live SSLEngine On SSLProxyEngine On SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt" SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key" SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem" ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> ProxyPass https://localhost:8200/ ProxyPassReverse https://localhost:8200/ </Location> </VirtualHost>
但是,我的网站不使用此configuration加载。 有任何想法吗?
apachectl -t
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Syntax OK
和apachectl -S
VirtualHost configuration: *:80 is a NameVirtualHost default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost ch.mu (/etc/apache2/sites-enabled/c.conf:1) port 80 namevhost www.hai.run (/etc/apache2/sites-enabled/hai.conf:3) alias hai.run port 80 namevhost practicalhuman.org (/etc/apache2/sites-enabled/ph.conf:4) alias www.practicalhuman.org *:443 www.synthesis.live (/etc/apache2/sites-enabled/synthesis.conf:5) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www" Main ErrorLog: "/var/log/apache2/error.log" Mutex ssl-stapling: using_defaults Mutex proxy: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/lock/apache2" mechanism=fcntl Mutex mpm-accept: using_defaults Mutex watchdog-callback: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 not_used Group: name="www-data" id=33 not_used
你的configuration包含我的三个关于configuration示例在野外的主要抱怨
<Proxy *>块。 <Proxy>块几乎专门用于configuration正向代理而不是反向。 在你的情况下,这是不需要的。 ProxyPass内部位置块的使用。 最佳做法是使用ProxyPass的2参数版本,除非没有其他select。 Allow , Order , Satisfy和require指令更改为新的v2.4 Require指令和<RequireAny>和<RequireAll>块。 SSLProxyEngine指令用于在代理服务器和基于SSL的服务时configuration您的服务器,而与您的实际虚拟主机是否为SSL服务无关(是的,我知道我说过3,但这是非常小的一个,我只是添加它,因为你回答说你的后端不启用SSL 🙂 尝试以下作为基础,并希望“清理”,configuration和从那里工作。 *如果它不起作用,请告诉我们究竟发生了什么,而不是仅仅说“不起作用”。
<VirtualHost *:443> ServerAdmin [email protected] ServerName www.synsis.live ServerAlias synsis.live SSLEngine On SSLProxyEngine On SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt" SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key" SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem" # This is the default anyway, but no harm having it explicitly set ProxyRequests Off # You say in a comment your backend is not SSL, but your original configuration # tries to proxy to an SSL enabled service. This is almost certainly # why it originally failed ProxyPass / http://localhost:8200/ ProxyPassReverse / http://localhost:8200/ </VirtualHost>
你的后端是SSL吗?
如果不:
<VirtualHost *:443> ServerAdmin [email protected] ServerName www.synsis.live ServerAlias synsis.live SSLEngine On SSLProxyEngine On SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt" SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key" SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem" ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> ProxyPass http://localhost:8200/ ProxyPassReverse http://localhost:8200/ </Location> </VirtualHost>
如果是:
<VirtualHost *:443> ServerAdmin [email protected] ServerName www.synsis.live ServerAlias synsis.live SSLEngine On SSLProxyEngine On SSLCertificateFile "/home/vas/synsis.live/certs/domain.crt" SSLCertificateKeyFile "/home/vas/synsis.live/certs/domain.key" SSLCertificateChainFile "/home/vas/synsis.live/certs/intermediate.pem" ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> SSLProxyEngine on ProxyPass https://localhost:8200/ ProxyPassReverse https://localhost:8200/ </Location> </VirtualHost>