我正在构建的内部网络实用程序服务器存在问题,特别是围绕基本身份验证。
现在我已经设法让它与以下配置一起工作:-
root@P-UIDMON-02:/# /usr/local/scripts/LinuxVersion.sh
### Linux Standard Base Information
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 23.04
Release: 23.04
Codename: lunar
### Kernel Release
6.2.0-1015-azure
### Version of Apache2
Server version: Apache/2.4.55 (Ubuntu)
Server built: 2023-10-26T13:37:01
root@P-UIDMON-02:/# /usr/local/scripts/ApacheConfig.sh
### /etc/apache2/apache2.conf Config File
ServerName p-uidmon-02.acas.example.org
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
### p-uidmon-02.conf Site Specific Config File
<Directory /var/www>
SSLRequireSSL
</Directory>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Redirect "/" "https://p-uidmon-02.acas.example.org/"
ServerName acas.example.org
ServerAlias p-uidmon-02.acas.example.org
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
Options -Indexes +FollowSymLinks
DirectoryIndex index.html
AllowOverride All
SSLRequireSSL
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/auth/.htpasswd
Require valid-user
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
ServerName acas.example.org
ServerAlias p-uidmon-02.acas.example.org
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
### /var/www/html/.htaccess File
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/auth/.htpasswd
Require valid-user
我的问题(我不明白)是我希望能够对虚拟主机使用基本身份验证详细信息,而不必将文件放入.htaccess特定目录中,但我可以让它工作的唯一方法是通过将.htaccess文件放在目录中。这就像它忽略了虚拟主机<Directory>XYZ</Directory>声明。如果我删除该.htaccess文件,它不会对我构成挑战;如果我有它,那么我就会接受挑战!
虽然它有效,但试图理解为什么如果我拿走它就不起作用,这让我发疯.htaccess。
你们中的任何人都可以向我解释我在这里做错了什么吗?
答案1
在我看来,您遇到了三个主要问题:
- 您已将
htaccess配置语句放入虚拟主机管理端口 80 而不是管理端口 443 - 您已将 SSL 配置语句放入非 SSL 端口 80 主机而不是 SSL 端口 443 主机
- 端口 80 上的虚拟主机相当合理地立即重定向到端口 443 上的虚拟主机,因此任何配置语句都将(大部分)被忽略