我有一个现有的 Ubuntu 16.04 安装,其中安装了 nextcloud /var/www/cloud
(wordpress 在根目录中)。它已经运行了一段时间,但最近我发现 collabora 是 google docs 的替代品,我真的很想让它工作。当我尝试打开文档时,我收到“访问被禁止”错误。我已根据找到的说明安装了 collabora这里
我检查了 lsof -i 的输出,可以看到 docker 在 9980 上监听,在 Nextcloud 中配置了 URL,老实说,我不太确定如何开始解决此问题。如果社区中的任何人可以给我一些指导,那就太好了。下面是一些附加信息。
参赛作品来自Apache 错误日志位于/var/log/apache2:
[Mon Jan 02 22:05:30.027625 2017] [authz_core:error] [pid 26396] [client <IPADDRESS>:54120] AH01630: client denied by server configuration: /var/www/html/cloud/data/.ocdata
[Mon Jan 02 22:05:32.314370 2017] [authz_core:error] [pid 3122] [client <IPADDRESS>:54123] AH01630: client denied by server configuration: /var/www/html/cloud/data/.ocdata
我的净化版collabora vhost 的 Apache 配置:
<VirtualHost *:443>
ServerName sub.domain.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA$
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes On
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
ServerAlias sub.domain.com
</VirtualHost>
我的 nextcloud 实例的地址是domain.com/cloud
输出lsof -i | grep docker我相信这表明 docker 容器正在监听来自 9980 上的本地主机的流量以发送到容器
docker-pr 1634 root 4u IPv4 19492 0t0 TCP localhost:9980 (LISTEN)
理论:我有一个理论,这次我可能需要再次设置 nextcloud,将 nextcloud 放在 webroot 中,将我的博客放在 webroot 内的文件夹中,因为我从文档中得到的感觉是 nextcloud 应该在自己的机器上,有自己的域名,并且此服务连接到该根域名的子域。所以 domain.com/cloud 让整个事情陷入了循环
如果有人能给我一些指导,我将不胜感激,因为 nextcloud 是我真正感兴趣的投资产品。
答案1
这篇文章由 Mike Griffen 撰写恰好解决了这个问题,而且它似乎是一个简单的解决方案。
Authz_core:error Client Denied by Server Configuration
...
mod_authz_core
在 Apache2.3 中引入。这改变了声明访问控制的方式从:
Order allow, deny Allow from all
到:
Require all granted
这意味着目录的总体配置现在如下所示:
<Directory /path/to/directory> Options FollowSymlinks AllowOverride none Require all granted </Directory>
重新启动 apache,一切就会正常运行。