我刚刚进行了基本安装,Apache 2.4 启动正常。我正在从运行 Apache 2.2 的旧服务器迁移过来。
/etc/httpd/conf.d当我将包含定义的文件放入VirtualHost并重新启动服务器时,它在启动时崩溃。此 VirtualHost 定义是我从以前的服务器中使用的。
# systemctl restart httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
# systemctl -l status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2017-01-22 03:03:35 UTC; 10s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 20621 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 20620 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 20620 (code=exited, status=1/FAILURE)
Jan 22 03:03:35 production-frontend-0 systemd[1]: Starting The Apache HTTP Server...
Jan 22 03:03:35 production-frontend-0 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 22 03:03:35 production-frontend-0 kill[20621]: kill: cannot find process ""
Jan 22 03:03:35 production-frontend-0 systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 22 03:03:35 production-frontend-0 systemd[1]: Failed to start The Apache HTTP Server.
Jan 22 03:03:35 production-frontend-0 systemd[1]: Unit httpd.service entered failed state.
Jan 22 03:03:35 production-frontend-0 systemd[1]: httpd.service failed.
#
以下是conf文件的内容(已更改域名):
<VirtualHost *:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
<Directory /home/kenny/domains/mydomain.com/html>
Options Indexes FollowSymLinks MultiViews ExecCGI Includes
AllowOverride All
</Directory>
DocumentRoot /home/kenny/domains/mydomain.com/html
CustomLog /home/kenny/domains/mydomain.com/logs/access.log combined
ErrorLog /home/kenny/domains/mydomain.com/logs/error.log
ScriptAlias /cgi-bin /home/kenny/domains/mydomain.com/cgi
RewriteEngine on
# Does the file exist?
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ http://mydomain.otherdomain.com [R,L]
</VirtualHost>
我检查了文件语法:
# httpd -t
Syntax OK
#
如果我删除该文件并重新启动,Apache 就会正常启动。我已确保我的文件的权限与现有的 conf 文件匹配:
# ls -l
total 20
-rw-r--r--. 1 root root 2926 Nov 14 18:04 autoindex.conf
-rw-r--r--. 1 root root 366 Nov 14 18:05 README
-rw-r--r--. 1 root root 1252 Nov 14 16:53 userdir.conf
-rw-r--r--. 1 root root 674 Jan 22 03:03 vhost.mydomain.com.conf
-rw-r--r--. 1 root root 824 Nov 14 16:53 welcome.conf
#
Apache 2.4 中是否有某些变化与我的 VirtualHost 定义相冲突?
标准 Google Compute 实例中是否存在某种安全措施来拒绝我的配置?
是否存在一些我几年前在旧服务器上调整过的配置选项,而我只是忘记了需要在 Google Compute 实例上进行调整?:)
编辑:
在错误日志中发现:
Permission denied: AH00649: could not open transfer log file /home/kenny/domains/mydomain.com/logs/access.log.
AH00015: Unable to open logs
我检查了一下httpd.conf,上面说服务器以 User:Group 的身份运行apache:apache。因此我做了以下操作来确保 apache 有权写入这些日志文件:
chgrp -R apache /home/kenny/domains
chmod g+w /home/kenny/domains/mydomain.com/logs
我仍然收到错误。我甚至尝试过:
touch /home/kenny/domains/mydomain.com/logs/access.log
chown kenny:apache /home/kenny/domains/mydomain.com/logs/access.log
chmod g+w /home/kenny/domains/mydomain.com/logs/access.log
仍然出现错误。我确保祖先路径对于 apache 也是可执行的。
/home/kenny is owned by kenny:kenny and is 755
/home/kenny/domains is owned by kenny:apache and is 755
/home/kenny/domains/mydomain.com is owned by kenny:apache and is 755
/home/kenny/domains/mydomain.com/logs is owned by kenny:apache and is 775
/home/kenny/domains/mydomain.com/logs/access.log is owned by kenny:apache and is 664
audit.log 的内容:
type=AVC msg=audit(1485115416.525:2112): avc: denied { open } for pid=25759 comm="httpd" path="/home/kenny/domains/mydomain.com/logs/access.log" dev="sda1" ino=36516072 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1485115416.525:2112): arch=c000003e syscall=2 success=no exit=-13 a0=7f6620cd15a8 a1=80441 a2=1b6 a3=ffffff00 items=0 ppid=1 pid=25759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=SERVICE_START msg=audit(1485115416.567:2113): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed
‘
答案1
您正在运行 CentOS 7,它默认启用 SELinux。
当您尝试启动 Apache 时,它会尝试加载用户主目录中的文件,但默认情况下这是不允许的。
您可以允许 Apache读通过设置适当的布尔值,可以删除用户主目录中的文件httpd_read_user_content。将 Web 内容重新定位到更合适的位置(例如,/srv/www或)会是一个更好的主意/var/www。
然而,没有 SELinux 布尔值允许 Web 服务器写到用户主目录,这当然是危险的。您确实应该将日志文件移到其他地方。标准位置是/var/log/httpd。如果用户需要能够读取它们,您可以为他们设置权限。