Debain Jessie Apache 2.4 配置

Debain Jessie Apache 2.4 配置

我尝试配置我的 Apache 2.4 Debian Web 服务器以进行 PHP-POST 文件上传。但我怀疑我是否理解正确,因此在使用前想问一下。我需要一个用于文件上传的 tmp 目录,检查文件后我想将其复制到另一个目录。

在 /etc/apache2/apache.conf 中我刚刚更改了:

#comment, because this is in virtual hosts file
#<Directory /var/www/>
#   Options Indexes FollowSymLinks
#   AllowOverride None
#   Require all granted
#</Directory>

这是我的虚拟主机文件:

<VirtualHost *:80>

    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias "/upload" "/var/www/upload" 

    #Directory for file upload (temp)
    <Directory "/var/www/upload/">
        Require all granted
        AllowOverride None
        SetHandler none
        SetHandler default-handler
        Options -ExecCGI
        php_flag engine off
        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        <Files *>
            AllowOverride None
            SetHandler none
            SetHandler default-handler
            Options -ExecCGI
            php_flag engine off
            RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        </Files>
    </Directory>

    Alias "/pics" "/var/www/pics"

    #to save the pictures
    <Directory "/var/www/pics/">
        AllowOverride None
        SetHandler none
        SetHandler default-handler
        Options -ExecCGI
        php_flag engine off
        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        <Files *>
            AllowOverride None
            SetHandler none
            SetHandler default-handler
            Options -ExecCGI
            php_flag engine off
            RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
        </Files>
    </Directory>

    ScriptAlias "/php" "/var/www/php"

    #Directory for secret php-Scripts like mysql-connect, etc 
    <Directory "/var/www/php/">
        AllowOverride None
        Options ExecCGI 
        LoadModule php5_module modules/libphp5.so
        php_flag engine on
    </Directory>

    #Directory for index.php and .php .html pages
    #<Directory "/var/www/html/">
    <Directory "/">
        Require all granted
        AllowOverride None
        Options ExecCGI Indexes FollowSymLinks
        LoadModule php5_module modules/libphp5.so
        php_flag engine on
    </Directory>

</VirtualHost>

作为权限我将使用这个:(Apache-User 是 www-data 我的用户是 webadmin 组是 fe web(webadmin,www-data))

chown webadmin /var/www/html
chgrp web /var/www/html
chmod 755 /var/www/html
chmod 644 /var/www/html/*

chown webadmin /var/www/php
chgrp web /var/www/php
chmod 755 /var/www/php
chmod 711 /var/www/php/*
(just execute the files)

chown webadmin /var/www/pics
chgrp web /var/www/pics
chmod 740 /var/www/pics
chmod 600 /var/www/pics/*
(www-data have the write)

chown webadmin /var/www/upload
chgrp web /var/www/upload
chmod 775 /var/www/upload
chmod 775 /var/www/upload/*

我可以做哪些更改来使其更好或更安全?我忘记了什么?哪些权限更好?

答案1

检查用户“www-data”是否在“web”组中

相关内容