我的设置:
运行 Debian 8 的 Digital Ocean droplet
2 个网站及其域名均在 Apache2 上运行
尝试安装 nginx 并按照以下说明将其配置为反向代理: https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet
它立即破坏了我的网站,当我尝试访问它们时出现 Forbidden 403 错误。
我花了很多时间尝试让它工作,现在决定放弃它并像以前一样使用 Apache2。
但是现在即使停止 nginx,网站仍然显示 Forbidden 403。简要安装了 lighttpd + lighttpd php5-cgi,然后我可以访问网站,但是,两个域上都只显示 1 个网站。
我已经 chown -R www-data:www-data /var/www
还做了 chmod -R 755 /var/www
如果有人能提供一些意见,我会非常高兴。我快要疯了,想解决这个问题。:(
Apache 端口.conf:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Apache 错误日志的示例:
[Thu Mar 03 13:56:36.965194 2016] [authz_core:error] [pid 31517] [client 185.106.92.253:55470] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu Mar 03 13:56:43.316074 2016] [authz_core:error] [pid 31518] [client 185.106.92.253:52484] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu Mar 03 13:56:47.635774 2016] [authz_core:error] [pid 31496] [client 185.106.92.253:53967] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu Mar 03 13:57:00.853631 2016] [authz_core:error] [pid 31670] [client 185.106.92.253:50494] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu Mar 03 13:57:08.455024 2016] [authz_core:error] [pid 31668] [client 185.106.92.253:45464] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu Mar 03 13:57:21.641599 2016] [authz_core:error] [pid 31517] [client 185.106.92.253:38106] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu Mar 03 13:57:28.132631 2016] [authz_core:error] [pid 31518] [client 185.106.92.253:48468] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
Apache2.conf:
Mutex file:${APACHE_LOCK_DIR} default
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 100
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/site1>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/site2>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /srv/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
站点1.conf:
<VirtualHost *:80>
ServerName www.site1.com
ServerAlias site1.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/site1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/site1/>
Options FollowSymlinks
AllowOverride none
Require all granted
</Directory>
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header Authorization
</IfModule>
</VirtualHost>
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
站点2.conf:
<VirtualHost *:80>
ServerName www.site2.com
ServerAlias site2.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/site2
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/site2/>
Options FollowSymlinks
AllowOverride none
Require all granted
</Directory>
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header Authorization
</IfModule>
</VirtualHost>
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
答案1
评论太长但可能不是完整的答案:
奇怪的是,您在 DocumentRoot 路径之外的文件系统路径上遇到/var/www/html/
错误。/var/www/site1
/var/www/site2
这意味着可能还有另一个配置文件在起作用。您可能需要检查这些 Include 指令正在加载什么:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
以及是否有任何.htaccess
文件想要从 /var/www/html 获取内容。
在下面的错误信息中:
[Thu Mar 03 13:57:28.132631 2016] [authz_core:error] [pid 31518] [client 185.106.92.253:48468] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
你会看到它是由模块生成的:authz_core
这表明它与该模块管理的访问控制有关;手动的列出了不少。
顺便说一下,这个服务器配置拒绝访问:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
一个合理的默认访问策略,除非特别允许,否则拒绝访问,但您不允许路径的任何内容/var/www/html
;您只特别允许访问: /usr/share
/var/www/site1
/var/www/site2
& /srv
。
编辑 嗯,/var/www/html
可能是编译时默认的 DocumentRoot。
从您的描述来看hapache2.conf
,似乎IncludeOptional sites-enabled/*.conf
缺少或类似内容。
这就可以解释为什么你会被定向到 /var/www/html 并且失败
答案2
感谢@HBruijn 的贡献。意义重大!
现在我的网站又可以运行了。一个显示 500 内部错误,但另一个正常。:) 我可以管理!
我将 /etc/apache2/mods-available/fastcgi.conf 更改为以下内容,从而解决了问题:
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi_example.com
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi_example.com -socket /var/run/php5-fpm_example.com.sock -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>