如何使用相同的 SSL 证书配置多个 <virtualhost> - Apache

debugcn 发表于 Dev

伊万·博特罗

语境：

我有一个域：example.com，但我想创建一个域，就像api.example.com使用网络服务一样使用它。

昨晚，我使用Let's Encrypt获得了一个免费的 SSL 证书。

我的域example.com应该打开/var/www/website/.

我的域api.example.com应该打开/var/www/api/.

我在 Internet 上查找了一些信息，并在以下位置创建了这些文件 /etc/apache2/sites-available/

/etc/apache2/sites-available/example.com

<VirtualHost *:80>

    ServerName  example.com
    DocumentRoot    /var/www/website/

    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/example.com/error.log

        <Directory "/var/www/website/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

<VirtualHost *:443>

    ServerName  example.com
    DocumentRoot    /var/www/website/

    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/example.com/error_ssl.log

    SSLEngine on
    SSLCertificateKeyFile   /etc/apache2/ssl/example.com/privkey.pem
    SSLCertificateFile      /etc/apache2/ssl/example.com/cert.pem
    SSLCertificateChainFile /etc/apache2/ssl/example.com/chain.pem

        <Directory "/var/www/website/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

/etc/apache2/sites-available/api.example.com

<VirtualHost *:80>

    ServerName  api.example.com
    DocumentRoot    /var/www/api/

    #RewriteEngine On
    #RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

        <Directory "/var/www/api/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

<VirtualHost *:443>

    ServerName  api.example.com
    DocumentRoot    /var/www/api/

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/error.log

    SSLEngine on
    SSLCertificateKeyFile   /etc/apache2/ssl/example.com/privkey.pem
    SSLCertificateFile      /etc/apache2/ssl/example.com/cert.pem
    SSLCertificateChainFile /etc/apache2/ssl/example.com/chain.pem

        <Directory "/var/www/api/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

我创建了两个文件，因为我虽然需要将域分开，但是当我尝试输入时，example.com我将内容放在api.example.com.

使用Let's encrypt，我为两个域创建了相同的 SSL 证书，并且文件位于/etc/apache2/ssl/example.com/.

伊万·博特罗

我找到了解决办法！

我已经编辑了httpd.conf和ports.conf.

/etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

NameVirtualHost *:443

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>