找到你要的答案

Q:Site over https DynDNS not avaiable

Q:通过HTTPS dyndns网站不可用

i got a raspian + apache2 + ssl and dynDNS

The forwarded dyndns works on http, but the site is not avaiable over https and i don't know why... If i try the same on local net everything seems to work correct. i got a prompt over https to accept the cert.

I think the proplem should be found in /etc/apache2/sites-available/default resp. /etc/apache2/sites-available/default-ssl

default:

<VirtualHost *:80>

    ServerAdmin webmaster@localhost

    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

        Alias /alias_P1 /var/www/Projekt1
        <Location /alias_P1>
       </Location>

        Alias /alias_P2 /var/www/Projekt2
        <Location /alias_P2>
           DAV On
           AuthType Basic
           AuthName "dav"
           AuthUserFile /var/www/Projekt2/pwd.dav
           Require valid-user
       </Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

detault-ssl:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

        Alias /alias_P1 /var/www/Projekt1
        <Location /alias_P1>
       </Location>

        Alias /alias_P2 /var/www/Projekt2
        <Location /alias_P2>
           DAV On
           AuthType Basic
           AuthName "dav"
           AuthUserFile /var/www/Projekt2/pwd.dav
           Require valid-user
       </Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    SSLEngine on
    SSLCertificateKeyFile /etc/apache2/cert-ssl/zertifikat.key
    SSLCertificateFile /etc/apache2/cert-ssl/zertifikat.crt

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>
</IfModule>

best regards thanks for your advices

我有一个raspian + Apache2 + SSL和dyndns

The forwarded dyndns works on http, but the site is not avaiable over https and i don't know why... If i try the same on local net everything seems to work correct. i got a prompt over https to accept the cert.

我认为这个问题应该在/ etc /要/可用/默认为网站找到的。/etc/ apache2 /网站/默认SSL

default:

<VirtualHost *:80>

    ServerAdmin webmaster@localhost

    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

        Alias /alias_P1 /var/www/Projekt1
        <Location /alias_P1>
       </Location>

        Alias /alias_P2 /var/www/Projekt2
        <Location /alias_P2>
           DAV On
           AuthType Basic
           AuthName "dav"
           AuthUserFile /var/www/Projekt2/pwd.dav
           Require valid-user
       </Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

detault-ssl:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

        Alias /alias_P1 /var/www/Projekt1
        <Location /alias_P1>
       </Location>

        Alias /alias_P2 /var/www/Projekt2
        <Location /alias_P2>
           DAV On
           AuthType Basic
           AuthName "dav"
           AuthUserFile /var/www/Projekt2/pwd.dav
           Require valid-user
       </Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    SSLEngine on
    SSLCertificateKeyFile /etc/apache2/cert-ssl/zertifikat.key
    SSLCertificateFile /etc/apache2/cert-ssl/zertifikat.crt

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>
</IfModule>

感谢您的建议

answer1: 回答1:

It's hard to know without knowing a little more about your SSL certificate. Your Apache configurations look fine to me, although I am admittedly not an Apache pro (but I have certainly done my fair share).

My first suspicion would be the certificate - if your certificate includes your IP address, clearly your browser will be upset that the IP in the certificate is not the IP you're connecting to. That would be my first guess at the problem, but it could be something else.

Where did you get your cert? What information is included as part of it? Is that SSL vendor supported by your dynamic DNS vendor (dynDNS.com?)? You're not using a self-signed certificate, are you?

You might check out dnyDNS.com's FAQ here. Even if you're not using dynDNS.com's service, this might shed some light.

Separately, if you have openSSL, you can check your certificate to see what information is included in the cert, and check if any of it might be impacted by a dynamic IP address.

openssl x509 -in certificate.crt -text -noout

You can see a more comprehensive openSSL discussion with many discussion points here

要知道更多关于你的SSL证书是很难的。你的Apache配置看来很好,虽然我诚然不是一个Apache支持(但我已经做了我的公平份额)。

我的第一个怀疑是证书-如果你的证书包括你的IP地址,显然你的浏览器会感到沮丧,证书中的IP不是你连接到的IP。这是我第一次猜到这个问题,但可能是别的什么。

你从哪里得到你的证书吗?其中包含的信息是什么?是你的SSL供应商动态DNS厂商支持(dyndns。COM?)你没有使用自签名证书,对吗?

你可以看看dnydns网站的常见问题。即使你不使用DynDNS。COM的服务,这可能揭示一些光。

另外,如果你有OpenSSL,你可以检查你的证书,看看哪些信息是包含在证书,并检查是否有任何可能的动态IP地址的影响。

OpenSSL X509 - certificate.crt -文本- noout

你可以看到很多讨论点更全面的OpenSSL的讨论

ssl  apache2  virtualhost  raspbian  dyndns