带有VirtualDocumentRoot的SSL中的虚拟主机 [英] Virtual Hosting in SSL with VirtualDocumentRoot

查看：133 发布时间：2020/7/13 22:53:30 apache ubuntu ssl virtualhost

本文介绍了带有VirtualDocumentRoot的SSL中的虚拟主机的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在ubuntu 16.04 VM上进行开发工作

I do my dev work on an ubuntu 16.04 VM

当我从事多个项目时，为了使生活更轻松，我使用VirtualDocumentRoot，并使用* .dev域从home文件夹将hosts文件传输到服务器站点:

As I work on a number of projects, to make my life easier I use VirtualDocumentRoot and the hosts file to server sites from my home folder using *.dev domains:

在000-default.conf中，我有:

In 000-default.conf I have:

<VirtualHost *:80>
  VirtualDocumentRoot  /home/steve/websites/%-2/%-2/public_html
  ServerAlias *.dev
</VirtualHost>

然后在主机中，我有多个正在处理的站点:

then in hosts I have the various sites I'm working on:

127.0.0.1   somesite.dev
127.0.0.1   another.dev
127.0.0.1   athirdone.dev
127.0.0.1   blog.athirdone.dev

这样，当我添加一个新项目时，我只需要在websites目录中创建正确的文件夹结构并向主机添加一行，例如，如果我想在一个新项目somecoolproject.dev中工作，我只需添加一个文件夹:

That way, when I add a new project I just need to create the correct folder structure in the websites directory and add a line to hosts, eg if I want to work on a new project somecoolproject.dev, I just add a folder:

/home/steve/websites/somecoolproject/somecoolproject/public_html

和主机中的一行:

127.0.0.1    somecoolproject.dev

我很好.

无论如何，我现在工作的几乎所有内容都运行在https上，并且许多项目都有代码来强制执行此操作，无论是在源代码中还是在htaccess中，等等，这使得处理开发副本变得很痛苦.

Anyway, pretty much everything I work on now runs over https, and many of the projects have code to enforce this, either in the source code or htaccess etc, making it a pain to work on dev copies.

我想在我的dev机器上创建一个自签名证书，理想情况下，我不需要为每个项目都生成一个新的证书，因此某种通配符* .dev会很棒.

I would like to create a self-signed cert on my dev machine, and ideally in a way that i dont need to generate a new one for every project, so some kind of wildcard *.dev would be great.

但是，即使我确实需要为每个项目创建一个新项目，我仍然无法弄清楚如何使用我的安装程序进行安装-我发现的所有内容都假定有固定的文档和硬编码的服务器名.

But even if I do need to create a new one for each project, I still can't work out how to install it with my setup - everything I find presumes a fixed document and hardcoded servername.

推荐答案

如果我正确理解了要求，您想知道:

If I understand the requirements correctly, you want to know:

如何为* .dev生成通配符SSL证书
如何使用允许在SSL/TLS上的任何* .dev域通过服务器配置的本地配置Apache，而无需在创建新的* .dev域时更改配置.

如果我正确地理解了这一点，那肯定是可行的.

If I understood this correctly, this is certainly doable.

工作方式:SNI-服务器名称指示，一个TLS协议扩展名，其中，在建立TLS连接时传递主机名，并且在HTTP数据(例如主机头)可用之前.所有流行的Web浏览器，curl，所有流行的Web服务器都支持它.

How will it work: SNI - server name indication, a TLS protocol extension, in which, the hostname is passed when establishing the TLS connection, BEFORE HTTP data (like the host header) is available. All the popular web browsers, curl, all of the popular webservers support it.

步骤:

首先.生成证书:

mindaugas@mindaugas-ubuntu-14:/usr/local/apache2/conf$ sudo openssl req        -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
Generating a 2048 bit RSA private key
.............+++
..................+++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.dev
Email Address []:

关键部分是:

Common Name (e.g. server FQDN or YOUR name) []:*.dev

第二

服务器配置:

Listen 443

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile "/usr/local/apache2/conf/domain.crt"
  SSLCertificateKeyFile "/usr/local/apache2/conf/domain.key"

  VirtualDocumentRoot /home/mindaugas/websites/%-2/pubic/
  ServerAlias *.dev
  <Directory "/">
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
      Allow from All
      Require all granted
  </Directory>
</VirtualHost>

启用ssl并重新启动apache:

Enable ssl and restart apache:

sudo a2enmod ssl
sudo service apache2 restart

您可以通过以下方式对此进行测试:

You can test this by:

创建两个文档文件结构；
使用简单的HTML页面填充它们；
通过在主机文件中提供域-ip映射来发出请求，或者像我一样，通过修改标头"插件，在需要时通过发出不同的主机标头来发出请求:

这篇关于带有VirtualDocumentRoot的SSL中的虚拟主机的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

带有VirtualDocumentRoot的SSL中的虚拟主机 [英] Virtual Hosting in SSL with VirtualDocumentRoot

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录关闭

带有VirtualDocumentRoot的SSL中的虚拟主机 [英] Virtual Hosting in SSL with VirtualDocumentRoot

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录 关闭

登录关闭