rhel7,apache2.4-403 禁止使用符号链接

tag-icon tag-icon redhat apache-2.4 virtualhost symlink rhel7
rhel7,apache2.4-403 禁止使用符号链接

我在谷歌上搜索了很多关于此问题的信息,但没有一个提出的解决方案对我有帮助。

我拥有的:

  • 清洁rhel7系统
  • 干净的apache 2.4
  • 网站目录:/var/www/domain.com/public_html
  • 符号链接:/var/www/domain.com/publik_html/src=>/home/user/src
  • /home/user/srcindex.html一些文字

我的 Apache VH 配置(/etc/httpd/sites-available/domain.com.conf):

<VirtualHost *:80>
    ServerName www.domain.com
    ServerAlias domain.com
    DocumentRoot /var/www/domain.com/public_html
    <Directory /var/www/domain.com/public_html>
        Options Indexes FollowSymLinks
        Require all granted
        AllowOverride All
    </Directory>
</VirtualHost>

Apache 主配置中的一些感兴趣的部分:

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    Options Indexes FollowSymLinks
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

问题:当我尝试访问时domain.com/src/index.html被禁止。

我的尝试:

  • chmod o+x /home /home/user /home/user/src /home/user/src/index.html
  • chown -R apache:apache /var/www/
  • chown -R apache:apache /home/user/src/
  • FollowSymLinks和游戏SymLinksIfOwnerMatch
  • 玩游戏chmod

我还能尝试什么?谢谢...

更新#1:SE Linux 已禁用

答案1

如果您使用基于 rhel7 的系统(centos、fedora 等),则默认启用了 SElinux。根据我的实践,95% 的问题是 selinux 配置不匹配,我认为您的 apache 配置正确。请以 root 权限执行:

        # getenfore

禁用 selinux 模式后将会输出,因此问题不在于它。输出:

         disabled

如果输出将是 Permissive 或 Enforce。只需更改为测试 SELinux 模式,通过 getenforce 验证它是否更改:

       # setenforce 0
       # getenfore

使用您的 apache 服务器尝试再进行一次 http 查询(尝试使用您的浏览器加载页面并访问 example.com)。如果此解决方案有帮助,请在此处写下。顶部写的所有解决方案仅用于查找问题所在,请勿在生产服务器上使用这些更改。请不要禁用 SELinux,因为它会禁用许多管理员,这是不安全的。我将在您写下第一部分是否生效后写下启用 SELinux 权限的命令的第二部分。

答案2

啊,只是文件夹的 x 权限有问题。抱歉,谢谢您的帮助!

此外,这也对我有帮助: https://askubuntu.com/questions/537032/how-to-configure-apache2-with-symbolic-links-in-var-www

相关内容