我最终能够在 DigitalOcean 上启动并运行我的网站,并且在获得 ServerFault 的一些帮助后,证书全部都井然有序。
但是,我访问该网站后似乎无法访问我的资产文件夹
站点网址为:https://www.zandu.biz或者https://zandu.biz
此链接应该有效 https://zandu.biz/icons/menu/menusection_humanresources.jpg
但它没有
对于我在这里遗漏的内容有什么建议吗?
/var/www/html/zeintek/merlin/front_end/dist/ 文件夹是文档根目录,也是索引所在的位置。
这是我的 Apache 配置文件:
ServerRoot "/etc/httpd"
Listen 80
Listen 8029
Include conf.modules.d/*.conf
User apache
Group apache
ServerName localhost
ServerAdmin [email protected]
<Directory />
AllowOverride none
Require all denied
Header set Access-Control-Allow-Origin "*"
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel info
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
IncludeOptional conf/v-hosts/*.conf
这是我的虚拟主机文件:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/var/www/html/zeintek/merlin/front_end/dist/"
ServerName zandu.biz
ServerAlias www.zandu.biz
<Directory "/var/www/html/zeintek/merlin/front_end/dist/">
AddHandler cgi-script .cgi .pl .py
Options Indexes Includes FollowSymLinks ExecCGI
Options +ExecCGI
AllowOverride All
Order Allow,Deny
Allow From All
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
</Directory>
ErrorLog "logs/webservicesliveroot1.zeintek.com-error.log"
CustomLog "logs/webservicesliveroot1.zeintek.com-access.log" common
</VirtualHost>
<VirtualHost *:8029>
ServerAdmin [email protected]
DocumentRoot "/var/www/html/zeintek/merlin/back_end/public/"
ServerName zandu.biz
ServerAlias www.zandu.biz
<Directory "/var/www/html/zeintek/merlin/back_end/public/">
AddHandler cgi-script .cgi .pl .py
Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride All
Order Allow,Deny
Allow From All
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
</Directory>
ErrorLog "logs/webservicesliveroot2.zeintek.com-error.log"
CustomLog "logs/webservicesliveroot2.zeintek.com-access.log" common
</VirtualHost>
这是我的 ssl vhost 文件:
<VirtualHost *:443>
LogLevel warn
SSLEngine On
#we need to prevent the POODLE attach to v3 of SSL is disable. Also we need to enable forward secrecy so disable v2
# SSLProtocol all -SSLv2 -SSLv3
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
#for forward secrecy
SSLHonorCipherOrder on
#for forward secrecy
#SSLCipherSuite EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLCertificateFile /etc/letsencrypt/live/zandu.biz-0002/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zandu.biz-0002/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/zandu.biz-0002/chain.pem
#unused for now
#SSLCACertificateFile NOTUSEDFORNOW #If using a self-signed certificate or a root certificate provided by ca-certificates, omit this line
ServerAdmin [email protected]
DocumentRoot "/var/www/html/zeintek/merlin/front_end/dist/"
ServerName zandu.biz
ServerAlias www.zandu.biz
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/html/zeintek/merlin/front_end/dist/">
SSLOptions +StdEnvVars
AddHandler cgi-script .cgi .pl .py
Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride All
Order Allow,Deny
Allow From All
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</Directory>
TransferLog "logs/webservicesliveroot3.zeintek.com-transfer.log"
ErrorLog "logs/webservicesliveroot3.zeintek.com-error.log"
CustomLog "logs/webservicesliveroot3.zeintek.com-access.log" common
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#CustomLog logs/ssl_request_log \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost *:8039>
LogLevel warn
SSLEngine On
#we need to prevent the POODLE attach to v3 of SSL is disable. Also we need to enable forward secrecy so disable v2
# SSLProtocol all -SSLv2 -SSLv3
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
#for forward secrecy
SSLHonorCipherOrder on
#for forward secrecy
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLCertificateFile /etc/letsencrypt/live/zandu.biz-0002/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zandu.biz-0002/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/zandu.biz-0002/chain.pem
#unused for now
#SSLCACertificateFile NOTUSEDFORNOW #If using a self-signed certificate or a root certificate provided by ca-certificates, omit this line
ServerAdmin [email protected]
DocumentRoot "/var/www/html/zeintek/merlin/back_end/public/"
ServerName zandu.biz
ServerAlias www.zandu.biz
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/html/zeintek/merlin/back_end/public/">
SSLOptions +StdEnvVars
AddHandler cgi-script .cgi .pl .py
Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride All
Order Allow,Deny
Allow From All
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</Directory>
TransferLog "logs/webservicesliveroot4.zeintek.com-transfer.log"
ErrorLog "logs/webservicesliveroot4.zeintek.com-error.log"
CustomLog "logs/webservicesliveroot4.zeintek.com-access.log" common
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#CustomLog logs/ssl_request_log \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
答案1
CentOS 附带的默认 Apache 配置包括一个Alias,它导致以 开头的 URL 路径/icons/从另一个目录加载。
你/etc/httpd/conf.d/autoindex.conf会发现:
Alias /icons/ "/usr/share/httpd/icons/"
由于您的图标不在该目录中,因此您会收到 Apache 404 错误。
您应该从文件中注释掉或删除该行。