我最近将一个网站从我的旧网络服务器123-reg.co.uk移动到一个新的Linode Web服务器,该服务器由Linode托管。
我正在使用Debian 8.9运行Apache。
123-reg为我的网站提供了SSL证书,当然,当我将网站移动到新服务器时,它已被停用。 所以我开始手动重新激活我的新服务器上的证书。
我能够从123-reg获得必要的SSL文件(CA Bundle,密钥和证书),我按照Linode的说明使用以下教程在其服务器上设置SSL证书:
第一篇教程和第二篇教程 。
这是网站的配置文件:
<VirtualHost *:80> # All of the files here exist on the server SSLEngine On SSLCertificateFile /etc/ssl/certs/zetec-it.com.crt SSLCertificateKeyFile /etc/ssl/private/zetec-it.com.key SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt ServerAdmin webmaster@zetec-it.com ServerName zetec-it.com ServerAlias www.zetec-it.com DirectoryIndex index.html index.php DocumentRoot /var/www/html/zetec-it.com/public_html LogLevel warn ErrorLog /var/www/html/zetec-it.com/log/error.log CustomLog /var/www/html/zetec-it.com/log/access.log combined </VirtualHost>设置似乎是合法的,但当我尝试通过https访问网站时,浏览器声明连接不安全。
我是服务器管理员的新手; 有没有人有任何建议或潜在的解决方案?
I have recently moved a website from my old web server with 123-reg.co.uk to a new Linode web server hosted with Linode.
I am running Apache with Debian 8.9.
123-reg provided me with an SSL certificate for my website which, of course, was deactivated when I moved the website to the new server. So I set to work manually reactivating the certificate on my new server.
I was able to get the necessary SSL files (CA Bundle, Key and Certificate) from 123-reg and I followed Linode's instructions to setup the SSL certificate on their servers using the following tutorials:
First tutorial and second tutorial.
Here is the site's config file:
<VirtualHost *:80> # All of the files here exist on the server SSLEngine On SSLCertificateFile /etc/ssl/certs/zetec-it.com.crt SSLCertificateKeyFile /etc/ssl/private/zetec-it.com.key SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt ServerAdmin webmaster@zetec-it.com ServerName zetec-it.com ServerAlias www.zetec-it.com DirectoryIndex index.html index.php DocumentRoot /var/www/html/zetec-it.com/public_html LogLevel warn ErrorLog /var/www/html/zetec-it.com/log/error.log CustomLog /var/www/html/zetec-it.com/log/access.log combined </VirtualHost>The setup seems legit, but when I attempt to access the website via https the browser states that the connection isn't secure.
I'm fairly new to server admin; does anyone have any suggestions or potential solutions?
最满意答案
您需要一个正在侦听端口443的VirtualHost才能使用HTTPS。 您将VirtualHost配置为在SSLEngine On时侦听端口80。
为了使https正常工作,您只需要将<VirtualHost *:80>更改为<VirtualHost *:443> 。 一旦你这样做,你将没有处理http连接的配置(没有任何VirtualHost等待ServerName zetec-it.com连接)。
通常有一些方法可以提供请求相同主机名的http连接:
您使用类似的东西将它们重定向到https(使用mod_rewrite以重定向到相同的路径):
<VirtualHost *:80> ServerName zetec-it.com ServerAlias www.zetec-it.com RewriteEngine on RewriteRule ^ https://zetec-it.com%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>您也通过http提供相同的内容
<VirtualHost *:80> # All of the files here exist on the server ServerAdmin webmaster@zetec-it.com ServerName zetec-it.com ServerAlias www.zetec-it.com DirectoryIndex index.html index.php DocumentRoot /var/www/html/zetec-it.com/public_html LogLevel warn ErrorLog /var/www/html/zetec-it.com/log/error.log CustomLog /var/www/html/zetec-it.com/log/access.log combined </VirtualHost>无论哪种方式,你需要两个配置文件,https一个(这基本上是你的例子,记得用443替换80)和一个用于http,我给你2个例子。 您可以将它们放在单独的文件中,记住在这种情况下激活它们。
You need a VirtualHost which is listening on port 443 in order to have working HTTPS. You configured your VirtualHost to listen on Port 80 while having SSLEngine On.
In order to get https working you would only need to change <VirtualHost *:80> to <VirtualHost *:443>. Once you did that, you would not have a configuration that handles http connections to (there would not be any VirtualHost waiting for connections for ServerName zetec-it.com).
There are generally to ways to go to serve http connections requesting the same hostname:
You redirect them to https using something like this (uses mod_rewrite in order to redirect to the same path):
<VirtualHost *:80> ServerName zetec-it.com ServerAlias www.zetec-it.com RewriteEngine on RewriteRule ^ https://zetec-it.com%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>You deliver the same content through http as well
<VirtualHost *:80> # All of the files here exist on the server ServerAdmin webmaster@zetec-it.com ServerName zetec-it.com ServerAlias www.zetec-it.com DirectoryIndex index.html index.php DocumentRoot /var/www/html/zetec-it.com/public_html LogLevel warn ErrorLog /var/www/html/zetec-it.com/log/error.log CustomLog /var/www/html/zetec-it.com/log/access.log combined </VirtualHost>Either way you need two config files, the https one (which is basically your example from above, remember to replace 80 with 443) and one for http which I gave you 2 examples for. You can put them into separate files, remember to activate them in this case.
更多推荐
发布评论