我做了以下操作来使我的网站能够使用 https(德语):http://www.tecchannel.de/a/owncloud-9-unter-ubuntu-server-16-04-lts-installieren,3277807,2
现在如果我启动 apache2 我会收到此错误:
> Job for apache2.service failed. See 'systemctl status apache2.service'
> and 'journalctl -xn' for details.
细节:
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Drop-In: /lib/systemd/system/apache2.service.d
└─forking.conf
Active: failed (Result: exit-code) since Sun 2017-03-26 18:55:09 CEST; 17s ago
Process: 4328 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 5164 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
Mar 26 18:55:09 root599046.kms4.cc apache2[5164]: Starting web server: apache2 failed!
Mar 26 18:55:09 root599046.kms4.cc apache2[5164]: The apache2 configtest failed. ... (warning).
Mar 26 18:55:09 root599046.kms4.cc apache2[5164]: Output of config test was:
Mar 26 18:55:09 root599046.kms4.cc apache2[5164]: apache2: Syntax error on line 219 of /etc/apache2/apache2.conf: Syntax error on line 4 of /etc/apache2/sites-enabled/default-ssl.conf: <IfModule takes one argument, Container for directives based on existence of specified modules
Mar 26 18:55:09 root599046.kms4.cc apache2[5164]: Action 'configtest' failed.
Mar 26 18:55:09 root599046.kms4.cc apache2[5164]: The Apache error log may have more information.
Mar 26 18:55:09 root599046.kms4.cc systemd[1]: apache2.service: control process exited, code=exited status=1
Mar 26 18:55:09 root599046.kms4.cc systemd[1]: Failed to start LSB: Apache2 web server.
Mar 26 18:55:09 root599046.kms4.cc systemd[1]: Unit apache2.service entered failed state.
但是 ifModule 有什么问题?我的 apache2.conf:
> # This is the main Apache server configuration file. It contains the
> # configuration directives that give the server its instructions.
> # See http://httpd.apache.org/docs/2.4/ for detailed information about
> # the directives and /usr/share/doc/apache2/README.Debian about Debian specific
> # hints.
> #
> #
> # Summary of how the Apache 2 configuration works in Debian:
> # The Apache 2 web server configuration in Debian is quite different to
> # upstream's suggested way to configure the web server. This is because Debian's
> # default Apache2 installation attempts to make adding and removing modules,
> # virtual hosts, and extra configuration directives as flexible as possible, in
> # order to make automating the changes and administering the server as easy as
> # possible.
>
> # It is split into several files forming the configuration hierarchy outlined
> # below, all located in the /etc/apache2/ directory:
> #
> # /etc/apache2/
> # |-- apache2.conf
> # | `-- ports.conf
> # |-- mods-enabled
> # | |-- *.load
> # | `-- *.conf
> # |-- conf-enabled
> # | `-- *.conf
> # `-- sites-enabled
> # `-- *.conf
> #
> #
> # * apache2.conf is the main configuration file (this file). It puts the pieces
> # together by including all remaining configuration files when starting up the
> # web server.
> #
> # * ports.conf is always included from the main configuration file. It is
> # supposed to determine listening ports for incoming connections which can be
> # customized anytime.
> #
> # * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
> # directories contain particular configuration snippets which manage modules,
> # global configuration fragments, or virtual host configurations,
> # respectively.
> #
> # They are activated by symlinking available configuration files from their
> # respective *-available/ counterparts. These should be managed by using our
> # helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
> # their respective man pages for detailed information.
> #
> # * The binary is called apache2. Due to the use of environment variables, in
> # the default configuration, apache2 needs to be started/stopped with
> # /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
> # work with the default configuration.
>
>
> # Global configuration
> #
>
> #
> # ServerRoot: The top of the directory tree under which the server's
> # configuration, error, and log files are kept.
> #
> # NOTE! If you intend to place this on an NFS (or otherwise network)
> # mounted filesystem then please read the Mutex documentation (available
> # at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
> # you will save yourself a lot of trouble.
> #
> # Do NOT add a slash at the end of the directory path.
> #
> #ServerRoot "/etc/apache2"
>
> #
> # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
> # Mutex file:${APACHE_LOCK_DIR} default
>
> #
> # PidFile: The file in which the server should record its process
> # identification number when it starts.
> # This needs to be set in /etc/apache2/envvars
> # PidFile ${APACHE_PID_FILE}
>
> #
> # Timeout: The number of seconds before receives and sends time out.
> # Timeout 300
>
> #
> # KeepAlive: Whether or not to allow persistent connections (more than
> # one request per connection). Set to "Off" to deactivate.
> # KeepAlive On
>
> #
> # MaxKeepAliveRequests: The maximum number of requests to allow
> # during a persistent connection. Set to 0 to allow an unlimited amount.
> # We recommend you leave this number high, for maximum performance.
> # MaxKeepAliveRequests 100
>
> #
> # KeepAliveTimeout: Number of seconds to wait for the next request from the
> # same client on the same connection.
> # KeepAliveTimeout 5
>
>
> # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP}
>
> #
> # HostnameLookups: Log the names of clients or just their IP addresses
> # e.g., www.apache.org (on) or 204.62.129.132 (off).
> # The default is off because it'd be overall better for the net if people
> # had to knowingly turn this feature on, since enabling it means that
> # each client request will result in AT LEAST one lookup request to the
> # nameserver.
> # HostnameLookups Off
>
> # ErrorLog: The location of the error log file.
> # If you do not specify an ErrorLog directive within a <VirtualHost>
> # container, error messages relating to that virtual host will be
> # logged here. If you *do* define an error logfile for a <VirtualHost>
> # container, that host's errors will be logged there and not here.
> # ErrorLog ${APACHE_LOG_DIR}/error.log
>
> #
> # LogLevel: Control the severity of messages logged to the error_log.
> # Available values: trace8, ..., trace1, debug, info, notice, warn,
> # error, crit, alert, emerg.
> # It is also possible to configure the log level for particular modules, e.g.
> # "LogLevel info ssl:warn"
> # LogLevel warn
>
> # Include module configuration: IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf
>
> # Include list of ports to listen on Include ports.conf
>
>
> # Sets the default security model of the Apache2 HTTPD server. It does
> # not allow access to the root filesystem outside of /usr/share and /var/www.
> # The former is used by web applications packaged in Debian,
> # the latter may be used for local directories served by the web server. If
> # your system is serving content from a sub-directory in /srv you must allow
> # access here, or in any related virtual host. <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory>
>
> <Directory /usr/share> AllowOverride None Require all granted
> </Directory>
>
> <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride
> None Require all granted </Directory>
>
> #<Directory /srv/>
> # Options Indexes FollowSymLinks
> # AllowOverride None
> # Require all granted
> #</Directory>
>
>
>
>
> # AccessFileName: The name of the file to look for in each directory
> # for additional configuration directives. See also the AllowOverride
> # directive.
> # AccessFileName .htaccess
>
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> # <FilesMatch "^\.ht"> Require all denied </FilesMatch>
>
>
> #
> # The following directives define some format nicknames for use with
> # a CustomLog directive.
> #
> # These deviate from the Common Log Format definitions in that they use %O
> # (the actual bytes sent including headers) instead of %b (the size of the
> # requested file), because the latter makes it impossible to detect partial
> # requests.
> #
> # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
> # Use mod_remoteip instead.
> # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s
> %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t
> \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat
> "%{User-agent}i" agent
>
> # Include of directories ignores editors' and dpkg's backup files,
> # see README.Debian for details.
>
> # Include generic snippets of statements IncludeOptional conf-enabled/*.conf
>
> # Include the virtual host configurations: IncludeOptional sites-enabled/*.conf
>
> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
默认-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
<IfModule mod_headers.c>Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"</IfModule>
DocumentRoot /var/www
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crtSSLCertificateKeyFile
/etc/apache2/ssl/apache.key
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
# SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
希望有人能帮忙!:)
答案1
Syntax error on line 4 of /etc/apache2/sites-enabled/default-ssl.conf: <IfModule takes one argument
这是第 4 行
<IfModule mod_headers.c>Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"</IfModule>
我认为您需要将其拆分开来,以便每个指令都在其自己的行上。