Virtualhost 在 Fedora 上无法工作,出现 403

Virtualhost 在 Fedora 上无法工作,出现 403

我已在主目录下创建了一个项目。然后,我在 /etc/httpd/conf.d 下创建的新 httpd conf 文件(我将其命名为 z-httpd.conf)中创建了一个虚拟主机。问题是我无法访问我创建的命名虚拟主机。当我浏览到 myservice.localhost(我也已将其添加到 /etc/hosts 中)时,出现 403 错误。z-httpd.conf 文件如下:

<Directory />
    AllowOverride none
    Require all denied
</Directory>


DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/home/johndoe/src">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>


# Further relax access to the default document root:
<Directory "/home/johndoe/src/webservice">
    #
    Options Indexes FollowSymLinks

    AllowOverride None

    #
    Require all granted
</Directory>


#Add a virtual host
NameVirtualHost *:80
<VirtualHost *:80>
    ServerName myservice.localhost
    DocumentRoot /home/johndoe/src/webservice/public
    ServerPath /home/johndoe/src/webservice/public
    SetEnv APPLICATION_ENV "development"
    <Directory /home/johndoe/src/webservice/public>
        DirectoryIndex index.php
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

我确认 z-httpd.conf 包含在主 Apache conf 文件中,并且我的 DocumentRoot 中也有一个 index.php 文件。也试过了setenforce 0。也没有用。DocumentRoot上
的输出ls -lZa如下:

drwxr-xr-x. 6 johndoe johndoe unconfined_u:object_r:user_home_t:s0 4096 Apr 16 12:31 .
drwxr-xr-x. 7 johndoe johndoe unconfined_u:object_r:user_home_t:s0 4096 Apr 17 10:23 ..
drwxr-xr-x. 2 johndoe johndoe unconfined_u:object_r:user_home_t:s0 4096 Apr 16 12:31 css
drwxr-xr-x. 2 johndoe johndoe unconfined_u:object_r:user_home_t:s0 4096 Apr 16 12:31 fonts
-rwxr-xr-x. 1 johndoe johndoe unconfined_u:object_r:user_home_t:s0  748 Apr 16 12:31 .htaccess
drwxr-xr-x. 2 johndoe johndoe unconfined_u:object_r:user_home_t:s0 4096 Apr 16 12:31 img
-rwxr-xr-x. 1 johndoe johndoe unconfined_u:object_r:user_home_t:s0 1255 Apr 16 12:31 index.php
drwxr-xr-x. 2 johndoe johndoe unconfined_u:object_r:user_home_t:s0 4096 Apr 16 12:31 js
-rwxr-xr-x. 1 johndoe johndoe unconfined_u:object_r:user_home_t:s0 1032 Apr 16 12:31 web.config

为了回应其中一条评论,我添加了 httpd error_log 输出:

[Tue Apr 17 13:02:45.838159 2018] [core:error] [pid 9883:tid 140703779542784] (13)Permission denied: [client ::1:43674] AH00035: access to / denied (filesystem path '/home/johndoe/src') because search permissions are missing on a component of the path
[Tue Apr 17 13:06:11.389019 2018] [mpm_event:notice] [pid 9879:tid 140704428511232] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Apr 17 13:06:12.498547 2018] [core:notice] [pid 10363:tid 140006580465664] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Apr 17 13:06:12.499134 2018] [suexec:notice] [pid 10363:tid 140006580465664] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[Tue Apr 17 13:06:12.515517 2018] [lbmethod_heartbeat:notice] [pid 10363:tid 140006580465664] AH02282: No slotmem from mod_heartmonitor
[Tue Apr 17 13:06:12.519962 2018] [mpm_event:notice] [pid 10363:tid 140006580465664] AH00489: Apache/2.4.29 (Fedora) OpenSSL/1.1.0g-fips mod_perl/2.0.10 Perl/v5.26.1 configured -- resuming normal operations
[Tue Apr 17 13:06:12.519991 2018] [core:notice] [pid 10363:tid 140006580465664] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Apr 17 13:29:23.288313 2018] [core:error] [pid 10368:tid 140005758412544] (13)Permission denied: [client ::1:44974] AH00035: access to / denied (filesystem path '/home/johndoe/src') because search permissions are missing on a component of the path
[Tue Apr 17 13:29:29.223311 2018] [core:error] [pid 10368:tid 140005783590656] (13)Permission denied: [client 127.0.0.1:44392] AH00035: access to / denied (filesystem path '/home/johndoe/src') because search permissions are missing on a component of the path

以及 .htaccess 内容(位于public):

RewriteEngine On
# The following rule tells Apache that if the requested filename
# exists, simply serve it.
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [L]
# The following rewrites all other queries to index.php. The 
# condition ensures that if you are using Apache aliases to do
# mass virtual hosting or installed the project in a subdirectory,
# the base path will be prepended to allow proper resolution of
# the index.php file; it will work in non-aliased environments
# as well, providing a safe, one-size fits all solution.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}/index.php [L]

附加信息:
服务器版本:Apache/2.4.29(Fedora)内核版本:4.15.4-300.fc27.x86_64

答案1

此错误与 Unix 权限有关,因此您需要检查此错误。在某些情况下,它也可能由 SELinux 引起。

具体来说,这意味着 Apache 无法搜索请求文件上方的某个目录,因此您需要检查整个路径的权限。

幸运的是,Linux 有一个工具可以做到这一点,称为namei.Run namei -l /home/johndoe/src,​​然后您可以检查并修复有问题的目录的权限。

我敢打赌它看起来会是这样的:

[johndoe@localhost src]$ namei -l /home/johndoe/src
f: /home/johndoe/src
dr-xr-xr-x root    root    /
drwxr-xr-x root    root    home
drwx------ johndoe johndoe johndoe
drwxr-xr-x johndoe johndoe src

现在问题很明显了:/home/johndoe除了所有者之外,其他人都没有该目录的搜索权限。显然,您可以使用 来解决这个问题chmod +x /home/johndoe

您还需要检查 SELinux 布尔值httpd_read_user_content。如果没有此布尔值,Web 服务器将无法访问用户主目录中的任何内容。

[root@localhost ~]$ semanage boolean -l | grep httpd_read_user_content
httpd_read_user_content        (off  ,  off)  Allow httpd to read user content

如果它是关闭的,如本例所示,请将其打开。

[root@localhost ~]$ setsebool -P httpd_read_user_content on

答案2

这是因为你被明确拒绝 Apache 访问 '/' 目录 - 这是没有必要的

 AH00035: access to / denied (filesystem path '/home/johndoe/src') because search permissions are missing on a component of the path

删除此内容

<Directory />
    AllowOverride none
    Require all denied
</Directory>

我还想问一下为什么您要添加虚拟主机而不是简单地将其添加到默认配置中 - 因为您正在监听默认端口上的所有 IP *:80,以及为什么您要从主目录提供文件。 - Apache 不拥有此目录,它拥有 /var/www/ - 您将需要更改所有者和可能的组以及设置正确的权限。

chown -R apache:apache /home/johndoe/src

&

chmod -R 755 /home/johndoe/src

相关内容