已安装的SSL证书,但是当我转到我的域时,我必须在URL之前包含https://

时间:2016-11-11 08:52:29

标签: apache ssl https

所以我一直在搞乱Apache,我买了一张SSL证书。我终于安装了它,但现在当我使用URL(leethecoder.com)转到我的域时,我认为它正在尝试使用HTTP?当然,我的服务器使用SSL证书不会侦听端口80.但是,如果我在URL(https://leethecoder.com)之前包含https://,它就可以工作。有没有办法让服务器强制使用基本URL(leethecoder.com)转到端口443?

这是我当前的/sites-enabled/配置文件。

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
    ServerName www.leethecoder.com
    ServerAlias www.leethecoder.com leethecoder.com
    Options -Indexes
    DocumentRoot /var/www/leethecoder.com/public_html/
    SSLEngine on
    SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
    SSLCertificateKeyFile /etc/ssl/private/sslkey.key
    SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
    ErrorLog /var/www/leethecoder.com/logs/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

2 个答案:

答案 0 :(得分:1)

IMO,这个是&#34;正确&#34; (you're currently an A-,以下内容可能有助于获得A +):

<VirtualHost *:80>
  ServerName leethecoder.com
  ServerAlias *.leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName www.leethecoder.com
  UseCanonicalName Off
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  DocumentRoot /var/www/leethecoder.com/public_html
  <Directory /var/www/leethecoder.com/public_html/>
    Allow From All
  </Directory>
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
</VirtualHost>

当然,假设您的变量有效,您更喜欢没有www的https,并且您可以使用该密码套件。此外,您已启用该网站,并禁用任何其他有冲突的网站。

答案 1 :(得分:0)

正确的方法 - 安全方式 - 是使用apache虚拟主机重定向:

<virtualhost *:80="">
ServerName www.example.com
Redirect / https://www.example.com/
</virtualhost>

<virtualhost *:443="">
ServerName www.example.com
# ... SSL configuration goes here
</virtualhost>

或者您需要使用mod_rewrite返回HTTP_RESPONSE 301以重定向到您的HTTPS站点。

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

你还需要监听80端口。

http://httpd.apache.org/docs/current/mod/mod_rewrite.html

相关问题
最新问题