Apache2重定向所有请求
Apache2重定向所有请求
提问于 2019-08-14 17:29:56
我在一个私有VPC中有一个AWS中的Apache安装程序。它被配置为在3个端口上服务: 80、443和1025。
端口80仅用于重定向,我在/var/www/中的.htaccess如下所示:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://my.domain.com/$1 [R=301,L]它工作得很好,端口80上的所有内容都被重定向到端口443。
端口443正在使用它的证书查找。
我试图解决的问题是分离或隔离网站。它将按以下结构为定期网页提供服务:
/var/www/[site-code-here]
但是那里有一个名为/var/www/api的目录,它不能向世界公开,但需要公开到AWS网关。因此,我所做的是创建2个virtualHosts,一个在端口443上为web页面服务(显式阻止对api文件夹的访问),另一个在端口1025上创建/var/www/api/上的文档根目录(都使用相同的证书),如下所示:
<IfModule mod_ssl.c>
<VirtualHost _default_:1025>
ServerAdmin connect@my.domain.com
ServerName https://my.domain.com
DocumentRoot /var/www/api
<Directory />
Options +FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/api>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error_apigw.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel trace8
CustomLog ${APACHE_LOG_DIR}/access_apigw.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/ssl/certs/my.domain.com.key
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCompression off
# Add six earth month HSTS header for all users...
# Header add Strict-Transport-Security "max-age=15768000"
# If you want to protect all subdomains, use the following header
# ALL subdomains HAVE TO support HTTPS if you use this!
# Strict-Transport-Security: max-age=15768000 ; includeSubDomains
SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin connect@my.domain.com
ServerName my.domain.com
DocumentRoot /var/www
<Directory />
Options +FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
### Block access via 443 to the API
# <Directory /var/www/api/datastreams/>
# order deny,allow
# Deny From All
# </Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/ssl/certs/my.domain.com.key
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCompression off
# Add six earth month HSTS header for all users...
# Header add Strict-Transport-Security "max-age=15768000"
# If you want to protect all subdomains, use the following header
# ALL subdomains HAVE TO support HTTPS if you use this!
# Strict-Transport-Security: max-age=15768000 ; includeSubDomains
SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
</VirtualHost>
</IfModule>我的问题是,当请求通过1025端口发出时,Apache总是使用301进行响应。但是如果我禁用端口1025上的SSL并在清除http上服务,一切都正常工作.我很困惑!
我非常感谢你的帮助!
谢谢
回答 1
Stack Overflow用户
发布于 2019-08-15 17:46:56
我的.htaccess把一切都搞砸了,我不得不把
RewriteEngine打开
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://my.domain.com/$1 R=301,L
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/57499443
复制相关文章
相似问题
腾讯云开发者
