为什么 https:// 和 http//:443 有效,但 SSLEngine 开启时 http 无效?
Why https:// and http//:443 works, but http does not with SSLEngine on?
我正在尝试在 Ubuntu/Debian 内的 VirtualHost 上允许 HTTP 和 HTTPS。我使用的是默认的 snakeoil 证书,当 SSLEngine 打开时出现以下错误。我的服务器名称是 linuxturnkeylamp
,我不知道如何添加 .Belkin
,但我正在使用 Belkin 路由器访问互联网。
[Tue Jul 07 20:13:21 2015] [warn] RSA server certificate CommonName (CN) `linuxturkeylamp.Belkin' does NOT match server name!?
[Tue Jul 07 20:13:21 2015] [error] python_init: Python version mismatch, expected '2.7.2+', found '2.7.3'.
[Tue Jul 07 20:13:21 2015] [error] python_init: Python executable found '/usr/bin/python'.
[Tue Jul 07 20:13:21 2015] [error] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-linux2:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
[Tue Jul 07 20:13:21 2015] [notice] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Tue Jul 07 20:13:21 2015] [notice] mod_python: using mutex_directory /tmp
[Tue Jul 07 20:13:21 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
apache2.conf 有 ServerName linuxturnkeylamp
,除了一个默认的虚拟主机和一个用于 phpmyadmin 的虚拟主机,我唯一的另一个是...
<VirtualHost localdrupal.mydomain.com:*>
DocumentRoot //home/myuser/mydomain/mydomain
ServerName localdrupal.mydomain.com
ServerAlias localdrupal.mydomain.com
ServerAdmin myemail@gmail.com
Alias /mobile "//home/myuser/mydomain/projectpath/www"
Alias /mobile-app/plugins "//home/myuser/mydomain/cordova/cordova-mydomain/plugins"
Alias /mobile-app "//home/myuser/mydomain/projectpath/www"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory //home/myuser/mydomain/mydomain>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
我的 /etc/hosts 包括..
127.0.0.1 linuxturnkeylamp
192.168.56.100 localdrupal.tripchi.com
按原样,https://... 显示静态图像以及使用 http://localdrupal.mydomain.com:443/image.png. However, when requesting http://localdrupal.mydomain.com/image.png 请求时我得到...
请求错误
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
如果我更改为 SSLEngine off
,HTTPS 显示 SSL connection error
并且 HTTP 显示图像。
我做错了什么?我的默认虚拟主机是否必须包含有关 SSL 的任何信息?目前没有。
看来问题是 AllowOverride None
需要在 443 虚拟主机的项目目录规范中 AllowOverride All
。
我正在尝试在 Ubuntu/Debian 内的 VirtualHost 上允许 HTTP 和 HTTPS。我使用的是默认的 snakeoil 证书,当 SSLEngine 打开时出现以下错误。我的服务器名称是 linuxturnkeylamp
,我不知道如何添加 .Belkin
,但我正在使用 Belkin 路由器访问互联网。
[Tue Jul 07 20:13:21 2015] [warn] RSA server certificate CommonName (CN) `linuxturkeylamp.Belkin' does NOT match server name!?
[Tue Jul 07 20:13:21 2015] [error] python_init: Python version mismatch, expected '2.7.2+', found '2.7.3'.
[Tue Jul 07 20:13:21 2015] [error] python_init: Python executable found '/usr/bin/python'.
[Tue Jul 07 20:13:21 2015] [error] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-linux2:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
[Tue Jul 07 20:13:21 2015] [notice] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Tue Jul 07 20:13:21 2015] [notice] mod_python: using mutex_directory /tmp
[Tue Jul 07 20:13:21 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
apache2.conf 有 ServerName linuxturnkeylamp
,除了一个默认的虚拟主机和一个用于 phpmyadmin 的虚拟主机,我唯一的另一个是...
<VirtualHost localdrupal.mydomain.com:*>
DocumentRoot //home/myuser/mydomain/mydomain
ServerName localdrupal.mydomain.com
ServerAlias localdrupal.mydomain.com
ServerAdmin myemail@gmail.com
Alias /mobile "//home/myuser/mydomain/projectpath/www"
Alias /mobile-app/plugins "//home/myuser/mydomain/cordova/cordova-mydomain/plugins"
Alias /mobile-app "//home/myuser/mydomain/projectpath/www"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory //home/myuser/mydomain/mydomain>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
我的 /etc/hosts 包括..
127.0.0.1 linuxturnkeylamp
192.168.56.100 localdrupal.tripchi.com
按原样,https://... 显示静态图像以及使用 http://localdrupal.mydomain.com:443/image.png. However, when requesting http://localdrupal.mydomain.com/image.png 请求时我得到...
请求错误
Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
如果我更改为 SSLEngine off
,HTTPS 显示 SSL connection error
并且 HTTP 显示图像。
我做错了什么?我的默认虚拟主机是否必须包含有关 SSL 的任何信息?目前没有。
看来问题是 AllowOverride None
需要在 443 虚拟主机的项目目录规范中 AllowOverride All
。