在 Rails Passenger 上设置 https 和 www 重定向,在 Amazon Linux 上的 Apache 上安装 WordPress
Setup https and www redirect on Rails Passenger and a WordPress installation on Apache on Amazon Linux
我要http://www.example.com, http://example.com to redirect to https://example.com.
托管在 https://example.com 的应用程序是 Rails Passenger 应用程序。
我在 /var/www/html/blog 中安装了 WordPress,并且我已将 /blog 别名为 /var/www/html/blog,这样 https://example.com/blog 将 运行 WordPress 博客。
然而,并非一切都如我所愿:
现在:
- http://www.example.com要去https://example.com,这个不错
- http://example.com 不会去 https://example.com.
- https://www.example.com 不会 https://example.com
- https://example.com/blog 在控制台中抛出异常,如下所示:
Mixed Content: The page at 'https://example.com/blog/' was loaded over HTTPS, but requested an insecure script 'http://xx.xx.xxx.xxx/blog/wp-includes/js/wp-emoji-release.min.js?ver=4.6.1'. This request has been blocked; the content must be served over HTTPS.
e @ (index):23
- http://example.com/blog 运行很好,但我需要它重定向到 https://example.com/blog **
- http://www.example.com/blog redirects to http://example.com/blog**
** 第 5 点和第 6 点,这可能是因为我将 WordPress url 设置为 http://example.com。如果我将它设置为 https://example.com,我将进入无限循环。
我可以获得有关如何修改我的 Apache 配置的建议吗?
/etc/httpd/conf/httpd.conf
LoadModule passenger_module /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0
PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
</IfModule>
<VirtualHost *:80>
ProxyPreserveHost On
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/example/public
# Redirect / https://example.com
PassengerRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
PassengerFriendlyErrorpages on
# JkMount /tc* node1
# JkMount /intro* node1
# Relax Apache security settings
<Directory /var/www/example/public>
RailsEnv production
Allow from all
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
# Require all granted
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] OR
RewriteRule ^(.*)$ https://%1/ [R=301,L]
</Directory>
<Directory /var/www/html/blog>
PassengerEnabled off
# Makes Wordpress's .htaccess file work
AllowOverride all
</Directory>
</VirtualHost>
Alias /blog /var/www/html/blog
Alias /.well-known/acme-challenge/ /var/www/example/.well-known/acme-challenge/
`
/etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLProxyProtocol all -SSLv3
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# to run in dev mode
RailsEnv production
# Be sure to point to 'public'!
DocumentRoot /var/www/example/public
# define server details
ServerName example.com
#ServerAlias www.example.com
# rails needs the header for its own processing
RequestHeader set X_FORWARDED_PROTO 'https'
# this is just passing a proxy to a localhost server
# ProxyRequests Off
# ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
# ProxyPass / http://localhost/
# ProxyPassReverse / http://localhost/
#<Directory /var/www/html/blog>
# Options Indexes FollowSymLinks MultiViews
# AllowOverride All
# allow from all
# Require all granted
#</Directory>
</VirtualHost>
我使用以下方法将所有内容重定向到 https://example.com,但我无法让 https 为 /blog 工作:
httpd.conf
LoadModule passenger_module /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0
PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
</IfModule>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ProxyPreserveHost On
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/example/public
PassengerRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
PassengerFriendlyErrorpages on
# Relax Apache security settings
<Directory /var/www/example/public>
RailsEnv production
Allow from all
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
# Require all granted
RewriteEngine On
RewriteCond %{SERVER_NAME} =www.adintern.com
RewriteRule ^(.*)$ https://adintern.com/ [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://adintern.com/
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/ [R=301,L]
</Directory>
<Directory /var/www/html/blog>
PassengerEnabled off
# Makes Wordpress's .htaccess file work
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Alias /blog /var/www/html/blog
Alias /.well-known/acme-challenge/ /var/www/example/.well-known/acme-challenge/
ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLProxyProtocol all -SSLv3
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# to run in dev mode
RailsEnv production
# Be sure to point to 'public'!
DocumentRoot /var/www/example/public
# define server details
ServerName example.com
# rails needs the header for its own processing
RequestHeader set X_FORWARDED_PROTO 'https'
# this is just passing a proxy to a localhost server
# ProxyRequests Off
# ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
# ProxyPass / http://localhost/
# ProxyPassReverse / http://localhost/
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem
</VirtualHost>
对于 WordPress,将 HOME 和 SITEURL 设置为:
define('WP_HOME','https://example.com/blog');
define('WP_SITEURL','https://example.com/blog');
我要http://www.example.com, http://example.com to redirect to https://example.com.
托管在 https://example.com 的应用程序是 Rails Passenger 应用程序。
我在 /var/www/html/blog 中安装了 WordPress,并且我已将 /blog 别名为 /var/www/html/blog,这样 https://example.com/blog 将 运行 WordPress 博客。
然而,并非一切都如我所愿:
现在:
- http://www.example.com要去https://example.com,这个不错
- http://example.com 不会去 https://example.com.
- https://www.example.com 不会 https://example.com
- https://example.com/blog 在控制台中抛出异常,如下所示:
Mixed Content: The page at 'https://example.com/blog/' was loaded over HTTPS, but requested an insecure script 'http://xx.xx.xxx.xxx/blog/wp-includes/js/wp-emoji-release.min.js?ver=4.6.1'. This request has been blocked; the content must be served over HTTPS. e @ (index):23 - http://example.com/blog 运行很好,但我需要它重定向到 https://example.com/blog **
- http://www.example.com/blog redirects to http://example.com/blog**
** 第 5 点和第 6 点,这可能是因为我将 WordPress url 设置为 http://example.com。如果我将它设置为 https://example.com,我将进入无限循环。
我可以获得有关如何修改我的 Apache 配置的建议吗?
/etc/httpd/conf/httpd.conf
LoadModule passenger_module /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0
PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
</IfModule>
<VirtualHost *:80>
ProxyPreserveHost On
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/example/public
# Redirect / https://example.com
PassengerRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
PassengerFriendlyErrorpages on
# JkMount /tc* node1
# JkMount /intro* node1
# Relax Apache security settings
<Directory /var/www/example/public>
RailsEnv production
Allow from all
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
# Require all granted
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] OR
RewriteRule ^(.*)$ https://%1/ [R=301,L]
</Directory>
<Directory /var/www/html/blog>
PassengerEnabled off
# Makes Wordpress's .htaccess file work
AllowOverride all
</Directory>
</VirtualHost>
Alias /blog /var/www/html/blog
Alias /.well-known/acme-challenge/ /var/www/example/.well-known/acme-challenge/
`
/etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLProxyProtocol all -SSLv3
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# to run in dev mode
RailsEnv production
# Be sure to point to 'public'!
DocumentRoot /var/www/example/public
# define server details
ServerName example.com
#ServerAlias www.example.com
# rails needs the header for its own processing
RequestHeader set X_FORWARDED_PROTO 'https'
# this is just passing a proxy to a localhost server
# ProxyRequests Off
# ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
# ProxyPass / http://localhost/
# ProxyPassReverse / http://localhost/
#<Directory /var/www/html/blog>
# Options Indexes FollowSymLinks MultiViews
# AllowOverride All
# allow from all
# Require all granted
#</Directory>
</VirtualHost>
我使用以下方法将所有内容重定向到 https://example.com,但我无法让 https 为 /blog 工作:
httpd.conf
LoadModule passenger_module /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0
PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
</IfModule>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ProxyPreserveHost On
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/example/public
PassengerRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
PassengerFriendlyErrorpages on
# Relax Apache security settings
<Directory /var/www/example/public>
RailsEnv production
Allow from all
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
# Require all granted
RewriteEngine On
RewriteCond %{SERVER_NAME} =www.adintern.com
RewriteRule ^(.*)$ https://adintern.com/ [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://adintern.com/
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/ [R=301,L]
</Directory>
<Directory /var/www/html/blog>
PassengerEnabled off
# Makes Wordpress's .htaccess file work
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Alias /blog /var/www/html/blog
Alias /.well-known/acme-challenge/ /var/www/example/.well-known/acme-challenge/
ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLProxyProtocol all -SSLv3
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# to run in dev mode
RailsEnv production
# Be sure to point to 'public'!
DocumentRoot /var/www/example/public
# define server details
ServerName example.com
# rails needs the header for its own processing
RequestHeader set X_FORWARDED_PROTO 'https'
# this is just passing a proxy to a localhost server
# ProxyRequests Off
# ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
# ProxyPass / http://localhost/
# ProxyPassReverse / http://localhost/
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem
</VirtualHost>
对于 WordPress,将 HOME 和 SITEURL 设置为:
define('WP_HOME','https://example.com/blog');
define('WP_SITEURL','https://example.com/blog');