全新安装后无法访问 collabora

全新安装后无法访问 collabora

我有一个现有的 Ubuntu 16.04 安装,其中安装了 nextcloud /var/www/cloud(wordpress 在根目录中)。它已经运行了一段时间,但最近我发现 collabora 是 google docs 的替代品,我真的很想让它工作。当我尝试打开文档时,我收到“访问被禁止”错误。我已根据找到的说明安装了 collabora这里

我检查了 lsof -i 的输出,可以看到 docker 在 9980 上监听,在 Nextcloud 中配置了 URL,老实说,我不太确定如何开始解决此问题。如果社区中的任何人可以给我一些指导,那就太好了。下面是一些附加信息。

参赛作品来自Apache 错误日志位于/var/log/apache2:

[Mon Jan 02 22:05:30.027625 2017] [authz_core:error] [pid 26396] [client <IPADDRESS>:54120] AH01630: client denied by server configuration: /var/www/html/cloud/data/.ocdata
[Mon Jan 02 22:05:32.314370 2017] [authz_core:error] [pid 3122] [client <IPADDRESS>:54123] AH01630: client denied by server configuration: /var/www/html/cloud/data/.ocdata

我的净化版collabora vhost 的 Apache 配置

<VirtualHost *:443>
  ServerName sub.domain.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite             ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA$
  SSLHonorCipherOrder on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes     On

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse           /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass    /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse           /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch    "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws

  # Admin Console websocket
  ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass   /lool https://127.0.0.1:9980/lool
  ProxyPassReverse           /lool https://127.0.0.1:9980/lool
  ServerAlias    sub.domain.com
</VirtualHost>

我的 nextcloud 实例的地址是domain.com/cloud

输出lsof -i | grep docker我相信这表明 docker 容器正在监听来自 9980 上的本地主机的流量以发送到容器

docker-pr  1634     root    4u  IPv4  19492      0t0  TCP localhost:9980 (LISTEN)

理论:我有一个理论,这次我可能需要再次设置 nextcloud,将 nextcloud 放在 webroot 中,将我的博客放在 webroot 内的文件夹中,因为我从文档中得到的感觉是 nextcloud 应该在自己的机器上,有自己的域名,并且此服务连接到该根域名的子域。所以 domain.com/cloud 让整个事情陷入了循环

如果有人能给我一些指导,我将不胜感激,因为 nextcloud 是我真正感兴趣的投资产品。

答案1

这篇文章由 Mike Griffen 撰写恰好解决了这个问题,而且它似乎是一个简单的解决方案。

Authz_core:error Client Denied by Server Configuration

...mod_authz_core在 Apache2.3 中引入。这改变了声明访问控制的方式

从:

Order allow, deny
Allow from all

到:

Require all granted

这意味着目录的总体配置现在如下所示:

<Directory /path/to/directory>
     Options FollowSymlinks
     AllowOverride none
     Require all granted
</Directory>

重新启动 apache,一切就会正常运行。

相关内容