Powerriegel's questions

我在 Debian Bullseye 上运行 Apache 2.4.54 并配置了 42 个 VHOST。其中大部分是我们主域的子域 xxx.my.domain.com，比如 my.domain.com。一个客户有一个特殊的域。还有一个默认的 VHOST 来捕获所有请求。所有 VHOSTS 都驻留在编号的文件中，默认排在最后。

• HTTP -> HTTPS
• 之前未捕获子域 -> ErrorDocument
• 没有子域 -> errorDocument

在我刚刚输入https://my.domain.com 的情况下，这个请求被早期的虚拟主机之一捕获，而不是被默认的 VHOST 捕获。我不明白为什么会这样。

没有 SSL，请求由 99-default.conf 应答

99-default.conf

<VirtualHost _default_:80>
        ServerName my.domain.com
        Redirect permanent / https://my.domain.com
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log vhost_combined
</VirtualHost>

<VirtualHost *:80>
        ServerAlias *.my.domain.com
        Redirect 404 /
        DocumentRoot /var/www/html/
        ErrorDocument 404 "Subdomain does not exist"
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>



# match requests without subdomain
<VirtualHost _default_:443>
        ServerName my.domain.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        Redirect 404 /
        ErrorDocument 404 "Please choose subdomain"
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>

# match any subdomain that does not exist (that's why order is important)
<VirtualHost *:443>
        ServerAlias *.my.domain.com
        Redirect 404 /
        DocumentRoot /var/www/html/
        ErrorDocument 404 "Subdomain does not exist"
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>

02-app-customer.conf

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerAlias customers-domain.com
#    ServerAlias customer.my.domain.com

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/wildcard.crt
    SSLCertificateKeyFile /etc/ssl/private/wildcard.key
    SSLCertificateChainFile /etc/ssl/certs/wildcard_chain.crt

    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined

    Include conf.d/security.conf
    Include /usr/local/app/local/customer/httpd.conf

    <FilesMatch ".+\.ph(p[3457]?|t|tml)$">
        SetHandler "proxy:unix:/run/php/php7.4-fpm-app.sock|fcgi://localhost"
    </FilesMatch>

</VirtualHost>

# Redirection from port 80 to 443 if ssl enabled
<VirtualHost *:80>
    ServerName customers-domain.com
#    ServerAlias customer.my.domain.com
    Redirect permanent / https://www.customers-domain.com/
    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
</VirtualHost>

# Redirect of www.customers-domain.com to customers-domain.com
<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName www.customers-domain.com
    ServerAlias www.customers-domain.biz
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/wildcard.crt
    SSLCertificateKeyFile /etc/ssl/private/wildcard.key
    SSLCertificateChainFile /etc/ssl/certs/wildcard_chain.crt
    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
    Redirect permanent / https://customers-domain.com        
</VirtualHost>
<VirtualHost *:80>
    ServerName www.customers-domain.com
    ServerAlias www.customers-domain.biz
    Redirect permanent / https://customers-domain.com/
    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
</VirtualHost>

我不明白为什么02-app-customer.conf 而不是 99-default.conf 捕获了对https://my.domain.com的请求。有任何想法吗？

我们使用基于acme.sh的脚本来生成我们的 SSL 证书。acme.sh 也支持椭圆曲线。我想知道如何检查 RSA 和椭圆曲线证书的密钥长度。我需要知道密钥长度（例如 ec 为 256，RSA 为 2048）以确定是否需要更换证书。

openssl rsa -in privatekey.pem -text -noout | grep "Private-Key"

适用于 RSA 但不适用于椭圆曲线。

openssl ec -in privatekey.pem -text -noout | grep "Private-Key"

适用于椭圆曲线，但我需要区分 rsa 和 ec。应该有一种更简单的方法来获得位长？