文章智能摘要
AI正在生成摘要
宝塔面板启用 SSL 后,默认站点未指定时,HTTPS 会访问已开启 SSL 的站点,即“https窜站”。解决方法是在宝塔面板中添加一个站点域名并配置 SSL 证书,将默认站点设置为该域名。如果需要,可删除该域名的 404.html 和 index.html 文件。
群里有人问,为什么用宝塔面板网站搭建好后 https://ip 也能打开他的网站?
按照宝塔官方说法:在未指定默认站点时,未开启 SSL 的站点使用 HTTPS 会直接访问到已开启 SSL 的站点。
这也就是大家常说的的https窜站!
新版宝塔已经没有这个问题了,网站列表管理中直接打开 HTTPS 防窜站就好。
但是有很多人还是用旧版宝塔的,毕竟新版的宝塔一言难尽,于是就水一篇吧~~
这问题具体有什么影响就不多说了,直接说解决方案。
宝塔面板中添加站点
域名为a.com(可以随便填),提交。
给 a.com 配置 SSL 证书
密钥和证书填写如下
密钥(KEY)
-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPPPynNLmSGfC8 CXODplocOVy/Re9lEhpGtxm0hBoEh3dO61yr2oo8K7Z761o6pkP4Wll+8PaWGGgY IYORsI1DxgTJ0hCdeLy+tJbTZYmbcpboqGD62T68pf4Opsb6ntwWScjFiN1nrqW5 9ctyiOlQmeX48mEv7VxTdHPCdhTwVsbEeFlMbTQfrh88Ph/TmgIJ5gbwRblBEv2T 6oqNQP3u5IFeMI3ACs7ryxSQixfkpktVo72XO8VemgreCvjH8co4fd0788HcYbdV 031o5gqSvmBM1Pz+Lkb+XRP0rpLul/ArEUQ9MAySIr7GskULZD9sue0YQfAHeNrZ 43Zdbe9xAgMBAAECggEBAK3n680UvbUQ96eT9s+/RVbx/Ba2xVH3gv1cocGOKZcr Zr9fWwEL/3zG4ffTZIBbDibXCssvwn3qNVAqr5IOqjz5awNBuJesvhb6zKbRSkyc OG88/UUEEVWVpkD9S3T84owBlu3NEJ71PDV1Qij3I3Nz8jyaiVwCv7t4ubuyA5g6 dy+Y6PnDQ9do8spQDJLQbisAGiyUSuV7pYil5OZAAG7ngMflQYT+0rn4/ChX20sA /WRQ1PmYU/xEQnAYvM5CAjgaZCw92Cn83JN3mgAXU4gdPbxGQOIqTL99Rn8HI4yH x5RLNJ5hS7g2qlLmroZBVis/0Q+8lWc0cb9qqeicghECgYEA6RkNDZI16AOwwPvR Nkcb1uxt6hMT6qC0PFW86u0XQDne49RwG68DYMgI0XaPEfzGzGKSJVY0IpxF5tAg 2xB4RsVRxPiXF9EeM9Xq9RSYKTCP1jGnnqaI4PVSq7eMrRgsAhJdPapLKRhlia6W OnJ4hubQGakKYns2bEg66w/HnPsCgYEA45mBtghS5xE5VNosHxqXrDA6JDcwnjBT FcFuE8FIc2bR91yNejFZ13K0/r41bcVVHRkGC2xVMolQhBxiv3NesvnJ5OEr+OYF FswZQMafOx0Zhy0DySRfJvGp6VhiQOhDIley4rlMGwK2QCDWYQsiN9wAOUkO06H/ nt5jN6rw4YMCgYBOIJVdbRogT8xYgo6W0LKmEMyuXgKY65A9gMc3PoxCfKMWXcfN n5VURPefrUs6ziybqJYvaXtD9nj/adb5VcXagpxrlp6d3vtuiE6eIm71r08mjbIO 3OaX7+HrqDPAeI+XiiwyVPeoKIMv6JJ1uJRpMsehMiVG6OFO3c7RppJTLQKBgA2L SQjIHgbaI4tFIHMJZhU9GXimQCJpxcf5ps9OJT2Y1M3fmBu5bBtCHDs8nnlV0ObW YmGzpK5JNZ1nAwlZmD0WWElijPdW2N6ubqJIL5mY9bfxmdQScgcjQnU8aTxrlfMp PN/5HupMkwPl8Fv+CZ9BXFIMYvF9JnURzt21Mnh5AoGAX7VG378PtgZeZM66vERq mquF5B78plvga3okZG0n/qFRhy1MVFursjHwccPVjdgiSw5co8D06wnqfCO7pQ84 IrszGROKzv8HgoYgYfh/PhNCZN4RsASWAmVNIFm3V5YgrE5yaaUFiUFq3FC1yCJT 499ofkwdWuWyhpw1FP/v7gA= -----END PRIVATE KEY-----
证书(PEM格式)
-----BEGIN CERTIFICATE----- MIIDOzCCAiOgAwIBAgIUVCECiiqIa/rBlvNeP+6QiKwJTTEwDQYJKoZIhvcNAQEF BQAwODEVMBMGA1UEAwwM6ZqU5aOB6ICB5p2OMRIwEAYDVQQKDAlnZWJpbGFvbGkx CzAJBgNVBAYTAkNOMCAXDTI0MDcyNDAyNDQwMFoYDzI5OTkxMjMxMTU1NTAwWjBW MQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYDVQQHDAbljJfkuqwx FTATBgNVBAoMDOmalOWjgeiAgeadjjEOMAwGA1UEAwwFYS5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPPPynNLmSGfC8CXODplocOVy/Re9lEhpG txm0hBoEh3dO61yr2oo8K7Z761o6pkP4Wll+8PaWGGgYIYORsI1DxgTJ0hCdeLy+ tJbTZYmbcpboqGD62T68pf4Opsb6ntwWScjFiN1nrqW59ctyiOlQmeX48mEv7VxT dHPCdhTwVsbEeFlMbTQfrh88Ph/TmgIJ5gbwRblBEv2T6oqNQP3u5IFeMI3ACs7r yxSQixfkpktVo72XO8VemgreCvjH8co4fd0788HcYbdV031o5gqSvmBM1Pz+Lkb+ XRP0rpLul/ArEUQ9MAySIr7GskULZD9sue0YQfAHeNrZ43Zdbe9xAgMBAAGjHTAb MAsGA1UdEQQEMAKCADAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBX 3m6nkKou9T5GSPpD51KsC7ctjSrA3GtOEdr+N52r8SDkJapW/cCNFU5vAm6eWDVW g7qtTn/xX+taveLCLHumxpQO/4oFMmA/ULnsSRgJro1Jq5l/8cBSFw6ckictFDTp /hUI+RBJm+wP6vzN5nq5AZRb5reaolbYzn3g4pR1on1MofIi9GTGcXqmdErKuGm8 lLb7hXIvGjjJ+5ojtMxqXEsqWVMccAnc1nm4wXEFWhMVvZjDXXXPnOIYgLsFgcHe PdeD6B7bzevC5XKPPT9IYaEaBeqNvJpiiUS8hMFRRAyEAmViQJXQOD8QlHp5rt12 KUiWMQH12iQgN2jCoOxR -----END CERTIFICATE-----
设置默认站点为 a.com
如有必要,可以去a.com文件夹内删掉404.html和index.html。
搞定!
其实说白了就是新建一个虚假域名的默认站点,添加一个自签的证书。
有需要的可以参考。
