我刚刚购买了SSL证书,以便在具有多个虚拟主机的服务器上仅保护/启用一个域.我计划如下所示进行配置(非SNI).另外,我仍然希望通过我服务器的IP地址安全地访问PHPMyAdmin.以下配置是否有效?我只有一次拍摄才能让它在制作中投入使用.有冗余设置吗?
---apache ssl.conf file---
Listen 443
SSLCertificateFile /home/web/certs/domain1.public.crt
SSLCertificateKeyFile /home/web/certs/domain1.private.key
SSLCertificateChainFile /home/web/certs/domain1.intermediate.crt
---apache httpd.conf file----
...
DocumentRoot "/var/www/html" #currently exists
...
NameVirtualHost *:443 #new - is this really needed if "Listen 443" is in ssl.conf???
...
#below vhost currently exists,the domain I wish t enable SSL)
<VirtualHost *:80>
ServerAdmin info@domain1.com
ServerName domain1.com
ServerAlias 173.XXX.XXX.XXX
DocumentRoot /home/web/public_html/domain1.com/public
</VirtualHost>
#below vhost currently exists.
<VirtualHost *:80>
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot /home/web/public_html/domain2.com/public
</VirtualHost>
#new -I plan on adding this vhost block to enable ssl for domain1.com!
<VirtualHost *:443>
ServerAdmin info@domain1.com
ServerName www.domain1.com
ServerAlias 173.XXX.XXX.20
SSLEngine on
SSLProtocol all
SSLCertificateFile /home/web/certs/domain1.public.crt
SSLCertificateKeyFile /home/web/certs/domain1.private.key
SSLCACertificateFile /home/web/certs/domain1.intermediate.crt
DocumentRoot /home/web/public_html/domain1.com/public
</VirtualHost>
如前所述,我希望能够通过存储的“https://173.XXX.XXX.XXX/hiddenfolder/phpmyadmin”访问PHPmyadmin
在“var / www / html / hiddenfolder”下
解决方法
你想要做的是SNI.事实上,IP地址在谈判方面是主机名.
您的配置会将domain1.com和https://173.XXX.XXX.20指向同一目录.
你有4个选择:
> SNI
>获取额外的IP
>在您拥有的一个SSL证书下为PHPmyamin创建一个别名
>只需在另一个端口上侦听SSL,并使用IP主机名.例如https://173.XXX.XXX.20:444
