在操作系统升级(包括将 Apache 从 2.2 更新到 2.4)后,我现在尝试访问时出现 403 错误http://files.fierydragonlord.com/和http://status.fierydragonlord.com/。 然而,http://www.fierydragonlord.com有效。发生了什么事?
以下是我的vhosts.conf:
#
# VirtualHost template
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
# about virtual hosts.
#
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.fierydragonlord.com
# Specify alternative domain names for the virtual host like this
# (wildcards * and ? may be used, and multiple aliases may be specified):
# ServerAlias domain.tld extra.domain.tld *.domain.tld
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot /srv/www/htdocs/
# Set log file location
ErrorLog /var/log/apache2/error_log
CustomLog /var/log/apache2/access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature On
# Use custom error documents
ErrorDocument 400 /00-Error/400.php
ErrorDocument 401 /00-Error/401.php
ErrorDocument 403 /00-Error/403.php
ErrorDocument 404 /00-Error/404.php
ErrorDocument 410 /00-Error/410.php
ErrorDocument 414 /00-Error/414.php
ErrorDocument 500 /00-Error/500.php
ErrorDocument 503 /00-Error/503.php
</VirtualHost>
<VirtualHost *:80>
ServerName status.fierydragonlord.com
# Specify alternative domain names for the virtual host like this
# (wildcards * and ? may be used, and multiple aliases may be specified):
# ServerAlias domain.tld extra.domain.tld *.domain.tld
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot /srv/www/vhosts/status/
DirectoryIndex index.php
# Set log file location
ErrorLog /var/log/apache2/status-error_log
CustomLog /var/log/apache2/status-access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature On
<Directory />
Options None
Require all granted
</Directory>
# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Require all denied
</Files>
</VirtualHost>
<VirtualHost *:80>
ServerName files.fierydragonlord.com
# Specify alternative domain names for the virtual host like this
# (wildcards * and ? may be used, and multiple aliases may be specified):
# ServerAlias domain.tld extra.domain.tld *.domain.tld
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot /srv/www/vhosts/files/
DirectoryIndex index.html
# Set log file location
ErrorLog /var/log/apache2/files-error_log
CustomLog /var/log/apache2/files-access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature On
<Directory />
Options None
Require all granted
</Directory>
# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Require all denied
</Files>
# Use custom error documents
ErrorDocument 400 /00-Error/400.php
ErrorDocument 401 /00-Error/401.php
ErrorDocument 403 /00-Error/403.php
ErrorDocument 404 /00-Error/404.php
ErrorDocument 410 /00-Error/410.php
ErrorDocument 414 /00-Error/414.php
ErrorDocument 500 /00-Error/500.php
ErrorDocument 503 /00-Error/503.php
</VirtualHost>
我在日志中收到如下错误:
[Fri Nov 22 12:37:53.271724 2013] [access_compat:error] [pid 5445] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/, referer: http://www.fierydragonlord.com/
[Fri Nov 22 12:46:14.115480 2013] [access_compat:error] [pid 5440] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/index.php
apache2ctl -S
返回以下内容:
[Fri Nov 22 12:56:50.229301 2013] [core:warn] [pid 5529] AH00117: Ignoring deprecated use of DefaultType in line 140 of /etc/apache2/httpd.conf.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/vhosts.d/vhosts.conf:16
VirtualHost configuration:
*:80 is a NameVirtualHost
default server www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
ServerRoot: "/srv/www"
Main DocumentRoot: "/srv/www/htdocs"
Main ErrorLog: "/var/log/apache2/error_log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="wwwrun" id=30
Group: name="www" id=8
答案1
Apache 2.4 处理虚拟主机指令的方式与 2.2 不同,请查看以下链接中的示例。
http://httpd.apache.org/docs/current/vhosts/examples.html
基本上,更改 NameVirtualHost *:80 -> Listen 80
所以它看起来像这样:
Listen 80
# This is the "main" server running on 172.20.30.40
ServerName server.example.com
DocumentRoot /www/mainserver
<VirtualHost 172.20.30.50>
DocumentRoot /www/example1
ServerName www.example.com
# Other directives here ...
</VirtualHost>
<VirtualHost 172.20.30.50>
DocumentRoot /www/example2
ServerName www.example.org
# Other directives here ...
</VirtualHost>
您可能还想检查 httpd.conf 和 vhosts.conf 的其余部分是否存在其他弃用和冲突。请参阅此链接。http://httpd.apache.org/docs/trunk/upgrading.html
你自己回答的部分是正确的,顺序/要求有所改变,但如果你浏览该页面,你会看到更多。我建议你仔细阅读,确保你已经解决了所有问题。即使你让它工作了,也要反复检查,有些变化可能不会破坏 apache 甚至日志……但可能会导致其他问题(安全性/稳定性)。
答案2
原来,旧Order deny,allow
语法和新Require all granted
语法之间存在冲突。openSUSE 本身提供的系统主配置文件未配置为使用新Require
语法。由于Order
语法由与语法不同的模块处理Require
,旧语法会覆盖新语法,从而导致失败。
我已经恢复了旧的Order
语法,并在自定义配置文件中添加了一条注释来解释该问题。