fast-cgi下的lighttpd2和php返回403“权限被拒绝”

tag-icon tag-icon php cgi fastcgi lighttpd
fast-cgi下的lighttpd2和php返回403“权限被拒绝”

lighttpd2 正在开发中,但对于我想开始使用它的地方来说已经足够了。我已经克服了安装它并使虚拟主机等工作的障碍。

  • PHP 5.6.6 (cgi-fcgi)(构建时间:2015 年 2 月 20 日 17:27:21)
  • lighttpd-angel/2.0.0 - 一个快速且轻量级的网络服务器|构建日期:2015 年 3 月 17 日 13:42:32
  • Arch Linux | linux 3.18.6-1
  • VMWare 工作站 11.1.0 内部版本 2496824

然而 php 让我最头疼。

/etc/lighttpd2/php.conf看起来如下:

if phys.path =$ ".php" {
        log.write "Accessing php file";
        fastcgi "unix:/srv/http/php.sock";
}

袜子曾经驻留在 /var/run/lighttpd2/ 下,但出于访问/调试目的,我将其移动到整个文档根目录所在的 /srv/http 。

这就是我的/etc/lighttpd2/lighttpd.conf样子:

setup {

        module_load [
                "mod_accesslog",
                "mod_dirlist",
                "mod_vhost"
                "mod_fastcgi"
        ];

        listen "0.0.0.0:80";
        listen "[::]:80";

        log [
                "info" => "/var/log/lighttpd2/info.log",
                "error" => "/var/log/lighttpd2/error.log",
                "abort" => "/var/log/lighttpd2/error.log",
                "backend" => "/var/log/lighttpd2/backend.log",
                "debug" => "/var/log/lighttpd2/debug.log",
                default => "/var/log/lighttpd2/error.log"
        ];
        accesslog "/var/log/lighttpd2/access.log";
        accesslog.format "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"";

        static.exclude_extensions [ ".php", ".pl", ".fcgi", "~", ".inc" ];

}

include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";

#docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];

dirlist;
static;

不确定我是否应该static在最后发表评论。

最后,我的 php“启动脚本”如下所示:

#!/bin/sh

exec 2>&1

PHP_FCGI_CHILDREN=2 \
PHP_FCGI_MAX_REQUESTS=10000 \
LANG=C LC_ALL=C \
exec /usr/bin/spawn-fcgi -n -s /srv/http/php.sock -u www-data -U www-data -- /usr/bin/php-cgi

我的日志几乎是空的,但他们是这么说的:

systemd 的启动日志

Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:166): activate
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:177): done
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: suspended (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: stopping (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: stopping (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: down (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: down (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (info) lighttpd_worker.c:141: going down
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: debug (angel_server.c:367): instance released
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_main.c:94): going down
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:166): activate
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:171): activate: core
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_server.c:184): Instance (30976) spawned: /usr/lib/lighttpd-2.0.0/lighttpd2/lighttpd2-worker
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:177): done
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_main.c:90): parsed config file
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) lighttpd_worker.c:105: config path: /etc/lighttpd2/lighttpd.conf
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_accesslog'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_dirlist'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_vhost'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_fastcgi'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: loading (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: suspended (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: suspended (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_plugin_core.c:638): listen to ipv4: '0.0.0.0:80' (port: 80)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_plugin_core.c:679): listen to ipv6: '::' (port: 80)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: warmup (dest: running)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: warmup (dest: running)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: running (dest: running)

错误日志为空,但info.log显示:

17/Mar/2015 17:14:21 CET (info) server.c:58: Got signal, shutdown

debug.log说:

17/Mar/2015 17:12:29 CET (debug) server.c:677: Try reaching state: suspending (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:765: Reached state: suspending (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:677: Try reaching state: suspended (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:765: Reached state: running (dest: running)

并且access.log(在我请求index.php之后)说:

192.168.253.1 192.168.253.130 - [17/Mar/2015:17:12:36 +0100] "GET / HTTP/1.1" 403 3744 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36"

访问文件

如果我注释掉所有与php,我将文件作为下载对象获取,其内容如下:

<?php
    header($_SERVER['SERVER_PROTOCOL'] . ' 302 Ok', true, 302);
    print 'OK!';
?>

header()模组只是为了确保 lighttp 不会搞砸标题,因为它是 CGI(之前发生过,这个应该不会以不好的方式影响最终结果)。

权限如下所示:

-rwxrwxrwx 1 www-data www-data       84 Mar 17 16:40 index.php
srw-r----- 1 www-data www-data        0 Mar 17 16:47 php.sock
-rw-r--r-- 1 root     root            5 Mar 17 17:06 wham.html

“有趣”的是,我可以wham.html毫无问题地请求,并且它由root拥有,但根据文档,只有工作应该以非root身份运行,我是:

root     30975  0.0  0.6   5104  3140 ?        Ss   17:14   0:00 /usr/sbin/lighttpd2 -c /etc/lighttpd2/angel.conf
www-data 30976  0.0  0.7  52048  3760 ?        Ssl  17:14   0:00 /usr/lib/lighttpd-2.0.0/lighttpd2/lighttpd2-worker --angel -c /etc/lighttpd2/lighttpd.conf

我到底哪里错了?

我的结论是,这与 相关php.conf,因为log.write从不执行,或者至少我在任何日志中看不到任何内容。

所以我非常需要帮助!

答案1

简单地说,“会议”更像是一种编程语言,一次一行地顺序执行事物。我忘记尝试/index.php直接打电话而不是依靠index []工作。

这令人悲伤,php.conf检查一下是否请求的路径在函数将请求从to重写.php之前结束。index []//index.php

为此,改变:

include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";

#docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];


docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];

include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";

做了所有的区别。
配置/执行的顺序很重要!

这是来自开发论坛的原始消息

你好!

lighttpd2 配置基本上是一种编程语言,即按顺序执行的操作列表。这些操作中只有一小部分实际上是在请求上下文中设置的选项。

如果在执行 的内容时php.conf,物理路径不是以“.php”结尾,则不会运行 php;但只有在主配置的末尾,你才可以搜索index.php! (并且您实际上并没有请求“/index.php”,该请求只是针对“/”)所以:

  • vhost.conf 可能应该在所有情况下设置文档根;让它还处理“默认”文档根目录。
  • 要么在你想要的虚拟主机中调用index,要么在vhost.conf之后调用它来为所有虚拟主机运行;但把它放在“php.conf”之前
  • 可以使用 log.write 来调试 php.conf 中 if 之前的 phys.path 的内容: log.write "%{phys.path}";

顺便说一句:howto 显示了正确的顺序:)

我通常将(几乎)所有内容放入虚拟主机配置中(请参阅 http://doc.lighttpd.net/lighttpd2/mod_vhost.html用于处理默认虚拟主机和通用概念);我特别只在我真正想要的块中激活 php;您可以为常见配置操作定义别名(如 php howto 演示的那样)。

——施比勒

相关内容