使用Apache和Raspberry Pi

时间:2018-04-19 14:52:15

标签: apache ssl proxy raspberry-pi

我正在尝试设置我自己的安全代理,以供我编写的Django Python脚本使用,该脚本依赖于安全代理来正确返回https请求。这是因为脚本是从美国主机服务器运行的,我希望响应来自英国。

要实现这一目标并学习新东西,我正在尝试配置在Raspberry Pi上运行的Apache服务器。 (我不期待大量的流量!)

我已成功创建SSL证书并拥有正确的文件.pem,.csr(和.csr)

我相信我已将它们复制到正确的位置:/ etc / ssl / private和/ etc / ssl / certs。我认为我现在唯一的问题是使用apache配置。

目前我正在尝试按如下方式配置sites-enabled / default-ssl.conf文件:

    <IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost

            DocumentRoot /var/www/html

            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            # For most configuration files from conf-available/, which are
            # enabled or disabled at a global level, it is possible to
            # include a line for only one particular virtual host. For example the
            # following line enables the CGI configuration for this host only
            # after it has been globally disabled with "a2disconf".
            #Include conf-available/serve-cgi-bin.conf

            #   SSL Engine Switch:
            #   Enable/Disable SSL for this virtual host.
            SSLEngine on

            #   A self-signed (snakeoil) certificate can be created by installing
            #   the ssl-cert package. See
            #   /usr/share/doc/apache2/README.Debian.gz for more info.
            #   If both key and certificate are stored in the same file, only the
            #   SSLCertificateFile directive is needed.
            #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
            #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
            SSLCertificateFile /etc/ssl/certs/aa5758835031e4a3.crt
            SSLCertificateKeyFile /etc/ssl/private/<domainname>.key

我对服务器设置非常陌生,并且花费了大量时间进行网络搜索并尝试了许多不同的建议方法。我确信这是一件非常简单的事情,我忽略了,但却没有足够的经验;我无法直观地解决这个问题。

帮助和指示赞赏......

更新

嘿,谢谢你的回复。

对http:的响应是

   * Rebuilt URL to: http://*.*.*/
    *   Trying 184.168.221.1...
    * TCP_NODELAY set
    * Connected to *.*.* port 80 (#0)
    > GET / HTTP/1.1
    > Host : *.*.*
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 302 Found
    < Connection: close
    < Pragma: no-cache
    < cache-control: no-cache
    < Location: /VZaKp/
    <
    * Curl_http_done: called premature == 0
    * Closing connection 0

和https是:

    * Rebuilt URL to: https://*.*.*/
    *   Trying 50.63.202.18...
    * TCP_NODELAY set
    * connect to 50.63.202.18 port 443 failed: Connection timed out
    * Failed to connect to *.*.* port 443: Connection timed out
    * Closing connection 0
    curl: (7) Failed to connect to *.*.* port 443: Connection timed out

更新23.04.2018:

谢谢。我相信我已经对听力问题进行了排序,但现在我遇到了一个新问题!

尝试重启apache2服务时出现以下错误:

     Apr 23 12:31:30 matthew-raspberry systemd[1]: Starting The Apache HTTP Server...
     Apr 23 12:31:31 matthew-raspberry apachectl[8341]: Action 'start' failed.
     Apr 23 12:31:31 matthew-raspberry apachectl[8341]: The Apache error log may have more information.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Control process exited, code=exited status=1
    Apr 23 12:31:31 matthew-raspberry systemd[1]: Failed to start The Apache HTTP Server.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Unit entered failed state.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Failed with result 'exit-code'.

我怀疑这可能与我的fqdn设置和/或证书有关。自从将ServerName localhost添加为全局名称后,我收到此错误。 我添加了这个,因为之前的错误消息是关于确定我的fqdn名称,这建议将ServerName添加为全局变量?

1 个答案:

答案 0 :(得分:0)

即使在基本TCP级别也无法访问端口443。 确保在Apache config中包含某个地方:

Listen 443 https

配置更改后重新加载httpd。检查您的firewall-cmd --list-all-zonesiptables -S,看看您是否允许连接到您的端口443。

相关问题
最新问题