【发布时间】:2020-05-05 15:02:46
【问题描述】:
我需要帮助来检查 SSL 实施。
信息:
- 服务器版本:Apache/2.4.29 (Ubuntu)
- 服务器版本:Apache/2.4.29 (Ubuntu)
- OpenSSL 1.1.1d 2019 年 9 月 10 日
验证检查:
- a2ensite,
- a2enmod,
- apache2ctl 配置测试
配置文件:
- online.myurl.com.conf
<VirtualHost *:80>
DocumentRoot /path/to/my/dir/html/online
ServerName online.myurl.com
<IfModule mod_php.c>
php_value max_execution_time 500
php_value max_input_time 120
php_value memory_limit 512M
php_value post_max_size 40M
php_value upload_max_filesize 40M
php_value default_socket_timeout 120
</IfModule>
RewriteEngine On
RewriteRule ^/(.*)$ https://online.myurl.com [R=301,L]
<Directory /path/to/my/dir/html/online>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
<Directory /path/to/my/dir/html/online/upload/>
AllowOverride All
</Directory>
CustomLog "|/usr/bin/cronolog /path/to/my/dir//logs/%Y-%m/online/online.myurl.com_access-%Y-%m-%d.log" vhost_combined_time_end
ErrorLog "|/usr/bin/cronolog /path/to/my/dir//logs/%Y-%m/online/online.myurl.com_error-%Y-%m-%d.log"
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /path/to/my/dir/html/online
ServerName online.myurl.com
<IfModule mod_php.c>
php_value max_execution_time 500
php_value max_input_time 120
php_value memory_limit 256M
php_value post_max_size 40M
php_value upload_max_filesize 40M
php_value default_socket_timeout 120
php_value suhosin.memory_limit 1024M
</IfModule>
<Directory /path/to/my/dir/html/online>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
<Directory /path/to/my/dir/html/online/upload/>
AllowOverride All
</Directory>
RewriteEngine On
CustomLog "|/usr/bin/cronolog /path/to/my/dir//logs/%Y-%m/online/online.myurl.com_access-%Y-%m-%d.log" vhost_combined_time_end
ErrorLog "|/usr/bin/cronolog /path/to/my/dir//logs/%Y-%m/online/online.myurl.com_error-%Y-%m-%d.log"
SSLEngine On
SSLCertificateFile /path/to/the/certs/certificate-860128.crt
SSLCertificateKeyFile /path/to/the/certs/wilcard.myurl.com.key
SSLCertificateChainFile /path/to/the/certs/GandiStandardSSLCA2.pem
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
- apache2ctl -S
VirtualHost configuration:
127.0.0.1:80 localhost (/etc/apache2/sites-enabled/000-default.conf:1)
*:80 is a NameVirtualHost
default server adminclt2.myurl.com (/etc/apache2/sites-enabled/003_admin.myurl.com.conf:1)
port 80 namevhost adminclt2.myurl.com (/etc/apache2/sites-enabled/003_admin.myurl.com.conf:1)
port 80 namevhost ns61031277.ip-54-38-67.eu (/etc/apache2/sites-enabled/004_vip_api.myurl.com.conf:1)
alias vip_api.myurl.com
port 80 namevhost myurl.com (/etc/apache2/sites-enabled/007_myurl.com.conf:1)
alias www.myurl.com
port 80 namevhost myurl.com (/etc/apache2/sites-enabled/007_myurl.com.conf:20)
port 80 namevhost privatevisit.myurl.com (/etc/apache2/sites-enabled/008_privatevisit.myurl.com.conf:1)
port 80 namevhost ns61031277.ip-54-38-67.eu (/etc/apache2/sites-enabled/009_vip_site.myurl.com.conf:1)
alias vip_site.myurl.com
alias lafayetteanticipation.myurl.com
port 80 namevhost default (/etc/apache2/sites-enabled/011_sites.myurl.com.conf:1)
wild alias *.myurl.com
wild alias *
port 80 namevhost appsomething.myurl.com (/etc/apache2/sites-enabled/appsomething.myurl.com.conf:1)
port 80 namevhost dev.someurl.net (/etc/apache2/sites-enabled/dev.someurl.net.conf:1)
port 80 namevhost online.myurl.com (/etc/apache2/sites-enabled/online.myurl.com.conf:1)
*:443 is a NameVirtualHost
default server adminclt2.myurl.com (/etc/apache2/sites-enabled/003_admin.myurl.com.conf:58)
port 443 namevhost adminclt2.myurl.com (/etc/apache2/sites-enabled/003_admin.myurl.com.conf:58)
port 443 namevhost myurl.com (/etc/apache2/sites-enabled/007_myurl.com.conf:26)
alias www.myurl.com
port 443 namevhost appsomething.myurl.com (/etc/apache2/sites-enabled/appsomething.myurl.com.conf:15)
port 443 namevhost ns61031277.ip-54-38-67.eu (/etc/apache2/sites-enabled/default-ssl.conf:2)
port 443 namevhost dev.someurl.net (/etc/apache2/sites-enabled/dev.someurl.net.conf:15)
port 443 namevhost online.myurl.com (/etc/apache2/sites-enabled/online.myurl.com.conf:42)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
您有任何想法或需要其他信息吗?
谢谢
编辑:我的所有配置都正常,但有必要启动一个简单的 linux 命令:
c_rehash /path/to/the/certs/
【问题讨论】:
-
当尝试使用 HTTPS 访问不是 HTTPS 的内容时,通常会出现此消息。不知道您要访问什么。还要查看服务器的错误文件。
-
我的证书没问题,vhost conf 文件似乎没问题...如何调试 Apache2 SSL 进程?