Hosts virtuais SSL do Apache compartilhando o mesmo DocumentRoot

Navegue suas respostas
1

Eu tenho um servidor web com dois domínios apontando para a mesma raiz do documento. Eu tenho certificados SSL separados para os dois domínios. Eu quero (quase) tudo o que vem para o site (s) para executar sob SSL. Tudo funciona, mas a configuração que tenho parece longa e repetitiva, e eu me perguntei se poderia simplificá-la?

Eu verifiquei estas respostas: Configurando hosts virtuais SSL no Apache , Apache: Vários Hosts Virtuais com Certificados SSL? , link mas, embora úteis, eles não parecem abordar bem esse caso.

Gostaria de saber se há uma maneira de dividir a configuração em arquivos que podem ser incluídos?

meu ports.conf: 

NameVirtualHost *:80
NameVirtualHost *:443
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

sites-available-default: 

<VirtualHost *:80>
ServerAdmin [email protected]
ServerName yy.com

DocumentRoot /var/www
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /var/www/>
    # everything to run under ssl
    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    Options -Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyRequests Off

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass /geoserver http://localhost:8080/geoserver
ProxyPreserveHost On
ProxyStatus On

default-ssl: 

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerAdmin [email protected]
    ServerName yy.com:443
    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    SSLCertificateFile    /etc/apache2/ssl/yy.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/yy.com.key

    #   Server Certificate Chain:
    SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt

    #   Certificate Authority (CA):

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    #   SSL Protocol Adjustments:
    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>
</IfModule>

O ssl.conf do segundo site: 

<IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerAdmin [email protected]
    ServerName zz.com
    ServerAlias www.zz.com
    DocumentRoot /var/www

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    SSLCertificateFile /etc/apache2/ssl/zz.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/zz.com.key

    #   Server Certificate Chain:
    SSLCertificateChainFile /etc/apache2/ssl/zz.com/intermediate.crt

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>

</IfModule>

Qualquer ajuda apreciada.

Mini

    
por minisaurus 15.01.2016 / 16:00

1 resposta

0

Assim como postei, achei que deveria haver uma função 'include' :) Então eu pesquisei ( link ) e agora criamos alguns arquivos '.conf' separados que eu posso incluir conforme apropriado. Então, o ssl.conf do segundo site agora está assim: 

<IfModule mod_ssl.c>
<VirtualHost *:443>

  ServerAdmin [email protected]
  ServerName zz.com
  ServerAlias www.zz.com
  DocumentRoot /var/www

  Include conf/cgi.conf
  Include conf/proxy.conf
  Include conf/ssl.conf

  #   SSL Engine Switch:
  #   Enable/Disable SSL for this virtual host.
  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/zz.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/zz.com.key

  #   Server Certificate Chain:
  SSLCertificateChainFile /etc/apache2/ssl/zz.com/intermediate.crt

</VirtualHost>

</IfModule>

Muito melhor e mais fácil agora

Mini

    
por 19.01.2016 / 15:14

Tags

ESXI 5.5 Não vê disco rígido cheio Não é possível conectar o banco de dados RDS usando o Sql Yog