为什么我在尝试访问 view-source:https://ccachicago.pragmatometer.com/admin/static/css/base.css 时出现 403 错误?

tag-icon tag-icon apache-2.2 ubuntu virtualhost django alias
为什么我在尝试访问 view-source:https://ccachicago.pragmatometer.com/admin/static/css/base.css 时出现 403 错误?

我一直在想尽各种办法尝试在 Apache SSL VirtualHost 中提供 /admin/static/ 服务,最好是通过 Apache(它将 SSL 流量转发到 Django Gunicorn 实例),或者除了 Apache 之外,至少 Gunicorn 可以在我研究更好的解决方案时提供静态内容。

我得到了一个 Apache 提供的 403,并且我检查过的所有权限都表明 /usr/lib/python2.7/dist-packages/django/contrib/admin/static/ 目录(以及所需的父目录)可供运行服务器的用户读取和执行。

您是否发现下面的 VirtualHost 中存在任何错误,这可以解释为什么 Apache 没有将相关目录作为别名目录提供?

<VirtualHost *:443>
    ServerName ccachicago.pragmatometer.com

    Alias /media/ "/home/jonathan/ccachicago/media/"
    <Directory "/home/jonathan/ccachicago/media/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    Alias /admin/static/ "/usr/lib/python2.7/dist-packages/django/contrib/admin/static/"
    <Directory "/usr/lib/python2.7/dist-packages/django/contrib/admin/static/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    ProxyPass /media/ !
    ProxyPass /admin/static/ !
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/ssl.crt
     SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
    ServerAdmin [email protected]
</VirtualHost>

- 更新 -

如果我注释掉拒绝/允许行,我会得到相同的 403 错误页面。日志文件包含:

[Mon Jan 27 21:52:34.297099 2014] [authz_core:error] [pid 4818] [client 205.197.161.146:44895] AH01630: client denied by server configuration: /usr/lib/python2.7/dist-packages/django/contrib/admin/static/css

因此,我的配置中显然有些东西不起作用;我现在有:

<VirtualHost *:443>
    ServerName ccachicago.pragmatometer.com

    Alias /media/ "/home/jonathan/ccachicago/media/"
    ErrorLog /var/log/apache2/error.log
    <Directory "/home/jonathan/ccachicago/media/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    Alias /admin/static/ "/usr/lib/python2.7/dist-packages/django/contrib/admin/static/"
    <Directory "/usr/lib/python2.7/dist-packages/django/contrib/admin/static/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        #Order deny,allow
        #Deny from all
        #Allow from 127.0.0.0/255.0.0.0 ::1/128
        #Allow from 0.0.0.0 ::1/128
        #Allow from all
    </Directory>

    ProxyPass /media/ !
    ProxyPass /admin/static/ !
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/ssl.crt
     SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
    ServerAdmin [email protected]
</VirtualHost>

答案1

您仅允许从 127.0.0.0 和 ::1 进行访问。您确定是通过这些地址访问网站吗?我首先会禁用访问限制,然后看看会发生什么。

您的日志片段显示您没有从 127.0.0.1 或 ::1 访问服务器,因此您设置的访问限制在生效时将拒绝访问。

相关内容