在全新安装的 Debian 9 上,我安装了 PHP 7.2 和 Apache2。
php 已从 Sury repo 安装并带有以下扩展:
php7.2-mysql php7.2-dom php7.2-simplexml php7.2-ssh2 php7.2-xml php7.2-xmlreader php7.2-curl php7.2-exif php7.2-gd php7.2-iconv php7.2-imagick php7.2-json php7.2-mbstring php7.2-posix php7.2-sockets php7.2-tokenizer php7.2-soap php7.2-intl php7.2-mbstring
一切似乎都运行良好,我甚至设法在服务器上安装了 wordpress,但是如果我尝试覆盖 Apache2 的虚拟主机配置中的 php.ini 配置,无论我将它们放在文件中的什么位置,它们都不会被覆盖,我尝试了 Directory 标签内外,并尝试了 php_admin_value、php_value、php_flag 和 php_admin_flag。它们都不起作用,我不知道该怎么做才能解决这个问题。我需要覆盖 open_basedir 设置,因为我需要在同一台服务器上托管多个网站,所以这对它的安全性非常重要。
从 php 信息加载的模块:
core mod_so mod_watchdog http_core mod_log_config mod_logio mod_version mod_unixd mod_access_compat mod_alias mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_host mod_authz_user mod_autoindex mod_deflate mod_dir mod_env mod_filter mod_headers mod_mime prefork mod_negotiation mod_php7 mod_reqtimeout mod_rewrite mod_setenvif mod_status
Loaded Configuration File /etc/php/7.2/apache2/php.ini
解析的其他 .ini 文件:
/etc/php/7.2/apache2/conf.d/10-mysqlnd.ini,
/etc/php/7.2/apache2/conf.d/10-opcache.ini, /etc/php/7.2/apache2/conf.d/10-pdo.ini, /etc/php/7.2/apache2/conf.d/15-xml.ini, /etc/php/7.2/apache2/conf.d/20-calendar.ini, /etc/php/7.2/apache2/conf.d/20-ctype.ini, /etc/php/7.2/apache2/conf.d/20-curl.ini, /etc/php/7.2/apache2/conf.d/20-dom.ini, /etc/php/7.2/apache2/conf.d/20-exif.ini, /etc/php/7.2/apache2/conf.d/20-fileinfo.ini, /etc/php/7.2/apache2/conf.d/20-ftp.ini, /etc/php/7.2/apache2/conf.d/20-gd.ini, /etc/php/7.2/apache2/conf.d/20-gettext.ini, /etc/php/7.2/apache2/conf.d/20-iconv.ini, /etc/php/7.2/apache2/conf.d/20-imagick.ini, /etc/php/7.2/apache2/conf.d/20-intl.ini, /etc/php/7.2/apache2/conf.d/20-json.ini, /etc/php/7.2/apache2/conf.d/20-mbstring.ini, /etc/php/7.2/apache2/conf.d/20-mysqli.ini, /etc/php/7.2/apache2/conf.d/20-pdo_mysql.ini, /etc/php/7.2/apache2/conf.d/20-phar.ini, /etc/php/7.2/apache2/conf.d/20-posix.ini, /etc/php/7.2/apache2/conf.d/20-readline.ini, /etc/php/7.2/apache2/conf.d/20-shmop.ini, /etc/php/7.2/apache2/conf.d/20-simplexml.ini, /etc/php/7.2/apache2/conf.d/20-soap.ini, /etc/php/7.2/apache2/conf.d/20-sockets.ini, /etc/php/7.2/apache2/conf.d/20-ssh2.ini, /etc/php/7.2/apache2/conf.d/20-sysvmsg.ini, /etc/php/7.2/apache2/conf.d/20-sysvsem.ini, /etc/php/7.2/apache2/conf.d/20-sysvshm.ini, /etc/php/7.2/apache2/conf.d/20-tokenizer.ini, /etc/php/7.2/apache2/conf.d/20-wddx.ini, /etc/php/7.2/apache2/conf.d/20-xmlreader.ini, /etc/php/7.2/apache2/conf.d/20-xmlwriter.ini, /etc/php/7.2/apache2/conf.d/20-xsl.ini
。
Server Root /etc/apache2
奇怪的是,尽管我的虚拟主机的根目录是 /var/www/html//,但 php 信息页面返回的 DOCUMENT_ROOT 和 CONTEXT_DOCUMENT_ROOT 为 /var/www/html
ls /etc/apache2/sites-enabled/
000-default.conf <mydomain>.conf
。
ls /etc/apache2/conf-enabled/
charset.conf other-vhosts-access-log.conf
localized-error-pages.conf security.conf
。
ls /etc/apache2/mods-enabled/
access_compat.load autoindex.conf mime.conf reqtimeout.load
alias.conf autoindex.load mime.load rewrite.load
alias.load deflate.conf mpm_prefork.conf setenvif.conf
auth_basic.load deflate.load mpm_prefork.load setenvif.load
authn_core.load dir.conf negotiation.conf status.conf
authn_file.load dir.load negotiation.load status.load
authz_core.load env.load php7.2.conf
authz_host.load filter.load php7.2.load
authz_user.load headers.load reqtimeout.conf
。
我的域名配置文件
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port t$
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
ServerName <mydomain>
DocumentRoot /var/www/html/<mydomain>
DirectoryIndex index.html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/<mydomain>_error.log
CustomLog ${APACHE_LOG_DIR}/<mydomain>_access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/html/<mydomain>>
AllowOverride All
Require host <mydomain>
php_admin_value open_basedir /var/www/html/<mydomain>
</Directory>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
。
不幸的是我无法发布我的 php.ini 文件,因为它太长了。
非常感谢您提供一些帮助,因为这似乎是一个需要解决的谜,而且对于服务器安全非常重要。