【发布时间】:2018-09-30 03:14:17
【问题描述】:
我正在尝试设置我自己的安全代理,以供我编写的 Django Python 脚本使用,该脚本依赖于安全代理来正确返回 https 请求。这是因为脚本是从美国主机服务器运行的,我希望响应来自英国。
为了实现这一目标并学习新知识,我正在尝试配置在我的 Raspberry Pi 上运行的 Apache 服务器。 (我没想到会有大量的流量!)
我已成功创建 SSL 证书并拥有正确的文件 .pem、.csr(和 .csr)
我相信我已将它们复制到正确的位置:分别是 /etc/ssl/private 和 /etc/ssl/certs。我认为我现在遇到的唯一问题是 apache 配置。
目前我正在尝试配置sites-enabled/default-ssl.conf文件如下:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/ssl/certs/aa5758835031e4a3.crt
SSLCertificateKeyFile /etc/ssl/private/<domainname>.key
我对服务器设置非常陌生,并且花费了大量时间进行网络搜索并尝试了许多不同的建议方法。我确信这是我忽略的非常简单的事情,但经验不足;我无法直观地解决这个问题。
感谢您的帮助和指点...
更新:
您好,感谢您的回复。
响应http:是
* Rebuilt URL to: http://*.*.*/
* Trying 184.168.221.1...
* TCP_NODELAY set
* Connected to *.*.* port 80 (#0)
> GET / HTTP/1.1
> Host : *.*.*
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Connection: close
< Pragma: no-cache
< cache-control: no-cache
< Location: /VZaKp/
<
* Curl_http_done: called premature == 0
* Closing connection 0
而https是:
* Rebuilt URL to: https://*.*.*/
* Trying 50.63.202.18...
* TCP_NODELAY set
* connect to 50.63.202.18 port 443 failed: Connection timed out
* Failed to connect to *.*.* port 443: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to *.*.* port 443: Connection timed out
2018 年 4 月 23 日更新:
谢谢。我相信我已经对听力问题进行了分类,但现在遇到了一个新问题!
尝试重新启动 apache2 服务时出现以下错误:
Apr 23 12:31:30 matthew-raspberry systemd[1]: Starting The Apache HTTP Server...
Apr 23 12:31:31 matthew-raspberry apachectl[8341]: Action 'start' failed.
Apr 23 12:31:31 matthew-raspberry apachectl[8341]: The Apache error log may have more information.
Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Control process exited, code=exited status=1
Apr 23 12:31:31 matthew-raspberry systemd[1]: Failed to start The Apache HTTP Server.
Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Unit entered failed state.
Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Failed with result 'exit-code'.
我怀疑这可能与我的 fqdn 设置和/或证书有关。自从将 ServerName localhost 添加为全局名称后,出现此错误。 我添加了这个,因为之前的错误消息是关于确定我的 fqdn 名称,这建议将 ServerName 添加为全局变量?
【问题讨论】:
-
嘿,感谢您的回复...如上对 curl 的回复
标签: apache ssl proxy raspberry-pi