在一臺Apache服務器上設置多個IP地址

Question

我有一臺運行apache2的服務器設置。有2個公共IP地址指向服務器，每個IP地址分配一個不同的域名。 我設置了虛擬主機來管理這些域。第一個域名工作正常。另一方面不是。這時請求超時，當我從外面ping到它，當我從內部ping到它，我得到一個「目標主機不可達報文」

這裏的虛擬主機設置來回網站的作品：

<IfModule mod_ssl.c> 
<VirtualHost 200.46.83.210:443> 
    ServerName creditlinefast.com 
    ServerAlias www.creditlinefast.com 
    ServerAdmin webmaster@localhost 

    DocumentRoot /var/www/creditlinefast.com 
    <Directory /> 
     Options FollowSymLinks 
     AllowOverride None 
    </Directory> 
    <Directory /var/www/> 
     Options Indexes FollowSymLinks MultiViews 
     AllowOverride None 
     Order allow,deny 
     allow from all 
    </Directory> 

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 
    <Directory "/usr/lib/cgi-bin"> 
     AllowOverride None 
     Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 
     Order allow,deny 
     Allow from all 
    </Directory> 

    ErrorLog ${APACHE_LOG_DIR}/error.log 

    # Possible values include: debug, info, notice, warn, error, crit, 
    # alert, emerg. 
    LogLevel warn 

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined 

    Alias /doc/ "/usr/share/doc/" 
    <Directory "/usr/share/doc/"> 
     Options Indexes MultiViews FollowSymLinks 
     AllowOverride None 
     Order deny,allow 
     Deny from all 
     Allow from 127.0.0.0/255.0.0.0 ::1/128 
    </Directory> 

    # SSL Engine Switch: 
    # Enable/Disable SSL for this virtual host. 
    SSLEngine on 

    # A self-signed (snakeoil) certificate can be created by installing 
    # the ssl-cert package. See 
    # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. 
    # If both key and certificate are stored in the same file, only the 
    # SSLCertificateFile directive is needed. 
    SSLCertificateFile /etc/apache2/ssl/cert.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/server.key 

    # Server Certificate Chain: 
    # Point SSLCertificateChainFile at a file containing the 
    # concatenation of PEM encoded CA certificates which form the 
    # certificate chain for the server certificate. Alternatively 
    # the referenced file can be the same as SSLCertificateFile 
    # when the CA certificates are directly appended to the server 
    # certificate for convinience. 
    SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt 

    # Certificate Authority (CA): 
    # Set the CA certificate verification path where to find CA 
    # certificates for client authentication or alternatively one 
    # huge file containing all of them (file must be PEM encoded) 
    # Note: Inside SSLCACertificatePath you need hash symlinks 
    #   to point to the certificate files. Use the provided 
    #   Makefile to update the hash symlinks after changes. 
    #SSLCACertificatePath /etc/ssl/certs/ 
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt 

    # Certificate Revocation Lists (CRL): 
    # Set the CA revocation path where to find CA CRLs for client 
    # authentication or alternatively one huge file containing all 
    # of them (file must be PEM encoded) 
    # Note: Inside SSLCARevocationPath you need hash symlinks 
    #   to point to the certificate files. Use the provided 
    #   Makefile to update the hash symlinks after changes. 
    #SSLCARevocationPath /etc/apache2/ssl.crl/ 
    #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl 

    # Client Authentication (Type): 
    # Client certificate verification type and depth. Types are 
    # none, optional, require and optional_no_ca. Depth is a 
    # number which specifies how deeply to verify the certificate 
    # issuer chain before deciding the certificate is not valid. 
    #SSLVerifyClient require 
    #SSLVerifyDepth 10 

    # Access Control: 
    # With SSLRequire you can do per-directory access control based 
    # on arbitrary complex boolean expressions containing server 
    # variable checks and other lookup directives. The syntax is a 
    # mixture between C and Perl. See the mod_ssl documentation 
    # for more details. 
    #<Location /> 
    #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ 
    #   and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ 
    #   and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ 
    #   and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ 
    #   and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20  ) \ 
    #   or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ 
    #</Location> 

    # SSL Engine Options: 
    # Set various options for the SSL engine. 
    # o FakeBasicAuth: 
    #  Translate the client X.509 into a Basic Authorisation. This means that 
    #  the standard Auth/DBMAuth methods can be used for access control. The 
    #  user name is the `one line' version of the client's X.509 certificate. 
    #  Note that no password is obtained from the user. Every entry in the user 
    #  file needs this password: `xxj31ZMTZzkVA'. 
    # o ExportCertData: 
    #  This exports two additional environment variables: SSL_CLIENT_CERT and 
    #  SSL_SERVER_CERT. These contain the PEM-encoded certificates of the 
    #  server (always existing) and the client (only existing when client 
    #  authentication is used). This can be used to import the certificates 
    #  into CGI scripts. 
    # o StdEnvVars: 
    #  This exports the standard SSL/TLS related `SSL_*' environment variables. 
    #  Per default this exportation is switched off for performance reasons, 
    #  because the extraction step is an expensive operation and is usually 
    #  useless for serving static content. So one usually enables the 
    #  exportation for CGI and SSI requests only. 
    # o StrictRequire: 
    #  This denies access when "SSLRequireSSL" or "SSLRequire" applied even 
    #  under a "Satisfy any" situation, i.e. when it applies access is denied 
    #  and no other module can change it. 
    # o OptRenegotiate: 
    #  This enables optimized SSL connection renegotiation handling when SSL 
    #  directives are used in per-directory context. 
    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    <FilesMatch "\.(cgi|shtml|phtml|php)$"> 
     SSLOptions +StdEnvVars 
    </FilesMatch> 
    <Directory /usr/lib/cgi-bin> 
     SSLOptions +StdEnvVars 
    </Directory> 

    # SSL Protocol Adjustments: 
    # The safe and default but still SSL/TLS standard compliant shutdown 
    # approach is that mod_ssl sends the close notify alert but doesn't wait for 
    # the close notify alert from client. When you need a different shutdown 
    # approach you can use one of the following variables: 
    # o ssl-unclean-shutdown: 
    #  This forces an unclean shutdown when the connection is closed, i.e. no 
    #  SSL close notify alert is send or allowed to received. This violates 
    #  the SSL/TLS standard but is needed for some brain-dead browsers. Use 
    #  this when you receive I/O errors because of the standard approach where 
    #  mod_ssl sends the close notify alert. 
    # o ssl-accurate-shutdown: 
    #  This forces an accurate shutdown when the connection is closed, i.e. a 
    #  SSL close notify alert is send and mod_ssl waits for the close notify 
    #  alert of the client. This is 100% SSL/TLS standard compliant, but in 
    #  practice often causes hanging connections with brain-dead browsers. Use 
    #  this only for browsers where you know that their SSL implementation 
    #  works correctly. 
    # Notice: Most problems of broken clients are also related to the HTTP 
    # keep-alive facility, so you usually additionally want to disable 
    # keep-alive for those clients, too. Use variable "nokeepalive" for this. 
    # Similarly, one has to force some clients to use HTTP/1.0 to workaround 
    # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 
    # "force-response-1.0" for this. 
    BrowserMatch "MSIE [2-6]" \ 
     nokeepalive ssl-unclean-shutdown \ 
     downgrade-1.0 force-response-1.0 
    # MSIE 7 and newer should be able to use keepalive 
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown 

</VirtualHost> 
</IfModule> 

這裏是虛擬主機建立從網站沒有：

<VirtualHost 200.46.83.211:80> 
    ServerAdmin webmaster@localhost 
ServerName unitedcreditline.com 
    ServerAlias www.unitedcreditline.com 
DocumentRoot /var/www/unitedcreditline.com 
    <Directory /> 
     Options FollowSymLinks 
     AllowOverride None 
    </Directory> 
    <Directory /var/www/> 
     Options Indexes FollowSymLinks MultiViews 
     AllowOverride None 
     Order allow,deny 
     allow from all 
    </Directory> 

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 
    <Directory "/usr/lib/cgi-bin"> 
     AllowOverride None 
     Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 
     Order allow,deny 
     Allow from all 
    </Directory> 

    ErrorLog ${APACHE_LOG_DIR}/error.log 

    # Possible values include: debug, info, notice, warn, error, crit, 
    # alert, emerg. 
    LogLevel warn 

    CustomLog ${APACHE_LOG_DIR}/access.log combined 

    Alias /doc/ "/usr/share/doc/" 
    <Directory "/usr/share/doc/"> 
     Options Indexes MultiViews FollowSymLinks 
     AllowOverride None 
     Order deny,allow 
     Deny from all 
     Allow from 127.0.0.0/255.0.0.0 ::1/128 
    </Directory> 

</VirtualHost> 

Answer 1

這聽起來更像是一個網絡問題，而不是一個特定的Apache問題。

您是否檢查過您的網絡和防火牆設置，以確保連接在第二個IP地址時被端口80接受？您可能想針對不工作的IP運行nmap，並查看它找到的端口是否處於打開狀態。

Answer 2

當您爲IP地址配置VirtualHost並且它不起作用時，您可能希望（來自link @bradym在註釋中提供）編輯/ etc/network/interfaces，使用命令nano -w /etc/network/interfaces並在文件末尾添加：

auto eth0:0 
iface eth0:0 inet static 
    address 10.10.10.200 # change to your ip 
    netmask 255.255.255.0 

如果已經在該文件eth0:0，增加新的接口時，使用eth0:1，來代替。然後，你只需要運行：

/etc/init.d/networking restart 

您可能還需要添加虛擬主機後重置阿帕奇：

/etc/init.d/apache2 restart 

然後，當你去到該IP瀏覽器一切都應該按預期工作。

Answer 3

這是一箇舊的線程，但我看到它沒有回答。

也許您設置了某種使用「聽」指令結合的第一個IP（見https://httpd.apache.org/docs/2.2/bind.html），或「了NameVirtualHost」（見https://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost）

在這種情況下，你應該嘗試添加以下到Apache配置：

了NameVirtualHost 200.46.83.211:80

聽200.46.83.211:80