Ubuntu Apache2 基本身份验证问题

Ubuntu Apache2 基本身份验证问题

我正在构建的内部网络实用程序服务器存在问题,特别是围绕基本身份验证。

现在我已经设法让它与以下配置一起工作:-

root@P-UIDMON-02:/# /usr/local/scripts/LinuxVersion.sh

### Linux Standard Base Information
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 23.04
Release:        23.04
Codename:       lunar
### Kernel Release
6.2.0-1015-azure
### Version of Apache2
Server version: Apache/2.4.55 (Ubuntu)
Server built:   2023-10-26T13:37:01

root@P-UIDMON-02:/# /usr/local/scripts/ApacheConfig.sh
### /etc/apache2/apache2.conf Config File
ServerName p-uidmon-02.acas.example.org
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>
<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
### p-uidmon-02.conf Site Specific Config File
<Directory /var/www>
    SSLRequireSSL
</Directory>
<Directory /usr/lib/cgi-bin>
    SSLOptions +StdEnvVars
</Directory>
<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    Redirect "/" "https://p-uidmon-02.acas.example.org/"
    ServerName acas.example.org
    ServerAlias p-uidmon-02.acas.example.org
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    <Directory /var/www/html>
        Options -Indexes +FollowSymLinks
        DirectoryIndex index.html
        AllowOverride All
        SSLRequireSSL
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/auth/.htpasswd
        Require valid-user
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
    <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    ServerName acas.example.org
    ServerAlias p-uidmon-02.acas.example.org
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
### /var/www/html/.htaccess File
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/auth/.htpasswd
Require valid-user

我的问题(我不明白)是我希望能够对虚拟主机使用基本身份验证详细信息,而不必将文件放入.htaccess特定目录中,但我可以让它工作的唯一方法是通过将.htaccess文件放在目录中。这就像它忽略了虚拟主机<Directory>XYZ</Directory>声明。如果我删除该.htaccess文件,它不会对我构成挑战;如果我有它,那么我就会接受挑战!

虽然它有效,但试图理解为什么如果我拿走它就不起作用,这让我发疯.htaccess

你们中的任何人都可以向我解释我在这里做错了什么吗?

答案1

在我看来,您遇到了三个主要问题:

  1. 您已将htaccess配置语句放入虚拟主机管理端口 80 而不是管理端口 443
  2. 您已将 SSL 配置语句放入非 SSL 端口 80 主机而不是 SSL 端口 443 主机
  3. 端口 80 上的虚拟主机相当合理地立即重定向到端口 443 上的虚拟主机,因此任何配置语句都将(大部分)被忽略

相关内容