i got a raspian + apache2 + ssl and dynDNS
我有一个raspian + apache2 + ssl和dynDNS
The forwarded dyndns works on http, but the site is not avaiable over https and i don't know why... If i try the same on local net everything seems to work correct. i got a prompt over https to accept the cert.
转发的dyndns适用于http,但该网站不能通过https,我不知道为什么......如果我在本地网上尝试相同,一切似乎都正常。我得到了https的提示以接受证书。
I think the proplem should be found in /etc/apache2/sites-available/default resp. /etc/apache2/sites-available/default-ssl
我认为应该在/ etc / apache2 / sites-available / default resp中找到proplem。在/ etc / apache2的/网站可用/默认的SSL
default:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Alias /alias_P1 /var/www/Projekt1
<Location /alias_P1>
</Location>
Alias /alias_P2 /var/www/Projekt2
<Location /alias_P2>
DAV On
AuthType Basic
AuthName "dav"
AuthUserFile /var/www/Projekt2/pwd.dav
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>detault-ssl:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Alias /alias_P1 /var/www/Projekt1
<Location /alias_P1>
</Location>
Alias /alias_P2 /var/www/Projekt2
<Location /alias_P2>
DAV On
AuthType Basic
AuthName "dav"
AuthUserFile /var/www/Projekt2/pwd.dav
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateKeyFile /etc/apache2/cert-ssl/zertifikat.key
SSLCertificateFile /etc/apache2/cert-ssl/zertifikat.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>best regards thanks for your advices
最好的问候感谢您的建议
1 个解决方案
#1
It's hard to know without knowing a little more about your SSL certificate. Your Apache configurations look fine to me, although I am admittedly not an Apache pro (but I have certainly done my fair share).
如果不了解更多关于SSL证书的信息,很难知道。你的Apache配置对我来说很好,虽然我确实不是Apache专业人士(但我确实做了我公平的分享)。
My first suspicion would be the certificate - if your certificate includes your IP address, clearly your browser will be upset that the IP in the certificate is not the IP you're connecting to. That would be my first guess at the problem, but it could be something else.
我的第一个怀疑是证书 - 如果您的证书包含您的IP地址,显然您的浏览器会对证书中的IP不是您要连接的IP感到不安。这将是我对这个问题的第一次猜测,但它可能是另一回事。
Where did you get your cert? What information is included as part of it? Is that SSL vendor supported by your dynamic DNS vendor (dynDNS.com?)? You're not using a self-signed certificate, are you?
你从哪里获得证书?包含哪些信息作为其中的一部分?您的动态DNS供应商(dynDNS.com?)是否支持该SSL供应商?您没有使用自签名证书,是吗?
You might check out dnyDNS.com's FAQ here. Even if you're not using dynDNS.com's service, this might shed some light.
您可以在这里查看dnyDNS.com的常见问题解答。即使您没有使用dynDNS.com的服务,这可能会有所帮助。
Separately, if you have openSSL, you can check your certificate to see what information is included in the cert, and check if any of it might be impacted by a dynamic IP address.
另外,如果您有openSSL,则可以检查证书以查看证书中包含的信息,并检查其中是否有任何信息可能受到动态IP地址的影响。
openssl x509 -in certificate.crt -text -noout
openssl x509 -in certificate.crt -text -noout
You can see a more comprehensive openSSL discussion with many discussion points here
您可以在此处看到更全面的openSSL讨论,其中包含许多讨论点
#1
It's hard to know without knowing a little more about your SSL certificate. Your Apache configurations look fine to me, although I am admittedly not an Apache pro (but I have certainly done my fair share).
如果不了解更多关于SSL证书的信息,很难知道。你的Apache配置对我来说很好,虽然我确实不是Apache专业人士(但我确实做了我公平的分享)。
My first suspicion would be the certificate - if your certificate includes your IP address, clearly your browser will be upset that the IP in the certificate is not the IP you're connecting to. That would be my first guess at the problem, but it could be something else.
我的第一个怀疑是证书 - 如果您的证书包含您的IP地址,显然您的浏览器会对证书中的IP不是您要连接的IP感到不安。这将是我对这个问题的第一次猜测,但它可能是另一回事。
Where did you get your cert? What information is included as part of it? Is that SSL vendor supported by your dynamic DNS vendor (dynDNS.com?)? You're not using a self-signed certificate, are you?
你从哪里获得证书?包含哪些信息作为其中的一部分?您的动态DNS供应商(dynDNS.com?)是否支持该SSL供应商?您没有使用自签名证书,是吗?
You might check out dnyDNS.com's FAQ here. Even if you're not using dynDNS.com's service, this might shed some light.
您可以在这里查看dnyDNS.com的常见问题解答。即使您没有使用dynDNS.com的服务,这可能会有所帮助。
Separately, if you have openSSL, you can check your certificate to see what information is included in the cert, and check if any of it might be impacted by a dynamic IP address.
另外,如果您有openSSL,则可以检查证书以查看证书中包含的信息,并检查其中是否有任何信息可能受到动态IP地址的影响。
openssl x509 -in certificate.crt -text -noout
openssl x509 -in certificate.crt -text -noout
You can see a more comprehensive openSSL discussion with many discussion points here
您可以在此处看到更全面的openSSL讨论,其中包含许多讨论点