我在apache httpd.conf中配置了3个虚拟主机:
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /ec2-user/myproject
RewriteEngine on
RewriteCond %{HTTP_HOST} =www.example.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:80>
ServerName domain2.example.com
DocumentRoot /ec2-user/myproject
RewriteEngine on
RewriteCond %{HTTP_HOST} =domain2.example.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>
<VirtualHost *:80>
ServerName domain3.example.com
DocumentRoot /ec2-user/myproject
RewriteEngine on
RewriteCond %{HTTP_HOST} =domain3.example.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>
如您所见,我正在尝试将每个虚拟主机转发到HTTPS。在ssl.conf中,我的配置如下所示:
<VirtualHost *:443>
# General setup for the virtual host,inherited from global configuration
WSGIDaemonProcess www.example.com processes=1 threads=30 display-name=%{GROUP}
WSGIProcessGroup %{GLOBAL}
ServerName www.example.com
DocumentRoot /ec2-user/myproject
WSGIScriptAlias / /ec2-user/myproject/prod_wsgi.py
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
# SSL Engine Options:
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# Per-Server Logging:
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain/privkey.pem
</VirtualHost>
<VirtualHost *:443>
# General setup for the virtual host,inherited from global configuration
WSGIDaemonProcess domain2.example.com processes=1 threads=30 display-name=%{GROUP}
WSGIProcessGroup %{GLOBAL}
ServerName domain2.example.com
DocumentRoot /ec2-user/myproject
WSGIScriptAlias / /ec2-user/myproject/domain2_wsgi.py
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
# SSL Engine Options:
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# Per-Server Logging:
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain/privkey.pem
</VirtualHost>
<VirtualHost *:443>
# General setup for the virtual host,inherited from global configuration
WSGIDaemonProcess domain3.example.com processes=1 threads=30 display-name=%{GROUP}
WSGIProcessGroup %{GLOBAL}
ServerName domain3.example.com
DocumentRoot /ec2-user/myproject
WSGIScriptAlias / /ec2-user/myproject/domain3_wsgi.py
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
# SSL Engine Options:
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# Per-Server Logging:
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain/privkey.pem
</VirtualHost>
问题是所有流量都转发到https://www.example.com网址。我希望每个http URL转发到其各自的https url。当我转到domain1.mydomain.com时,它将转到www.mydomain.com。我希望所有人都可以像以下一样工作:
> http://www.example.com to https://www.example.com
> http://domain1.example.com to https://domain1.example.com
> http://domain2.example.com to https://domain2.example.com
> http://example.com to https://www.example.com