Utilisation de plusieurs SSL sur plusieurs domaines avec une seule adresse IP

Question

J'utilise Apache et, pour deux domaines, j'ai créé des hôtes virtuels et installé des certificats SSL. Cependant, seul un domaine fonctionne et l'autre redirige vers ce domaine. Je pense que c'est parce que le site un est le site principal et j'ai besoin d'une adresse IP distincte pour chaque domaine lorsque j'utilise SSL?

J'ai lu pas mal d'articles qui expliquent que vous pouvez utiliser plusieurs certificats SSL avec une adresse IP en procédant comme suit dans votre hôte virtuel.

<VirtualHost *:443>

J'ai essayé ça mais ça ne marche pas pour moi. De plus, de nombreux articles mentionnent SNI mais je ne suis pas sûr à 100% de ce que cela signifie. Quelqu'un pourrait-il m'éclairer et me diriger dans la bonne direction?

Voici à quoi ressemblent mes hôtes virtuels

Site 1

<VirtualHost *:80> # Admin email, Server Name (domain name), and any aliases ServerAdmin email@gmail.com ServerName domain.com ServerAlias www.domain.com # Index file and Document Root (where the public files are located) DirectoryIndex index.html index.php DocumentRoot /var/www/html/domain.com/public_html Redirect permanent / https://www.domain.com <Directory "/var/www/html/domain.com/public_html"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # Log file locations LogLevel warn #ErrorLog /var/www/html/domain.com/log/error.log #CustomLog /var/www/html/domain.com/log/access.log combined </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin email@gmail.com ServerName domain.com ServerAlias www.domain.com DocumentRoot /var/www/html/domain.com/public_html <Directory "/var/www/html/domain.com/public_html"> #Options Indexes FollowSymLinks MultiViews Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${Apache_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${Apache_LOG_DIR}/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> # SSL Engine Switch: # Enable/Disable SSL for this virtual Host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/Apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/Apache2/ssl/www_domain_com/www_domain_com.crt SSLCertificateKeyFile /etc/Apache2/ssl/www_domain_com/server.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. SSLCertificateChainFile /etc/Apache2/ssl/www_domain_com/www_domain_com.ca-bundle #... </VirtualHost> </IfModule>

Site 2

<VirtualHost *:80> # Admin email, Server Name (domain name), and any aliases ServerAdmin email@gmail.com ServerName domain2.com ServerAlias www.domain2.com # Index file and Document Root (where the public files are located) DirectoryIndex index.php index.html DocumentRoot /var/www/html/domain2.com/public_html/public # Redirect permanent / https://www.domain2.com # Log file locations LogLevel warn ErrorLog /var/www/html/domain2.com/log/error.log CustomLog /var/www/html/domain2.com/log/access.log combined SetEnv CI_ENV production SetEnv CI_BASE_URL http://www.domain2.com/ <Directory "/var/www/html/domain2.com/public_html/public"> AuthType Basic AuthName "Restricted Content" AuthUserFile /var/www/html/domain2.com/public_html/public/.htpasswd Require valid-user Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin email@gmail.com ServerName domain2.com ServerAlias www.domain2.com DocumentRoot /var/www/html/domain2.com/public_html/public <Directory "/var/www/html/domain2.com/public_html/public"> #Options Indexes FollowSymLinks MultiViews Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${Apache_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${Apache_LOG_DIR}/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> # SSL Engine Switch: # Enable/Disable SSL for this virtual Host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/Apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/Apache2/ssl/www_domain2_com/www_domain2_com.crt SSLCertificateKeyFile /etc/Apache2/ssl/www_domain2_com/server.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. SSLCertificateChainFile /etc/Apache2/ssl/www_domain2_com/www_domain2_com.ca-bundle #... </VirtualHost> </IfModule>

user508889 · Answer

Vous n'avez pas besoin d'une adresse IP par domaine ssl, mais vous avez besoin de la directive ServerName dans chaque virtualhost. Ce qui suit devrait fonctionner avec Apache2. Ce sera légèrement différent si vous n'utilisez pas Apache2.

<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName example.com DocumentRoot /var/www </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName example.com DocumentRoot /var/www # SSL Engine Switch: # Enable/Disable SSL for this virtual Host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/Apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/Apache2/ssl/example.com/Apache.crt SSLCertificateKeyFile /etc/Apache2/ssl/example.com/Apache.key </VirtualHost> </IfModule>

Yannis · Answer

Résolu!

La configuration s'appliquant uniquement à l'un des sites multiples appartient à la configuration du site.

bouge toi

<Directory /var/www/html/example.com> AllowOverride All </Directory> ServerName example.com

de

/ etc/Apache2/Apache2.conf

dans

/etc/Apache2/sites-available/example.conf