带有 FastCGI 和 suexec-custom 的 Apache 2.4 VHosts

tag-icon tag-icon apache-2.4 virtualhost hosts-file suexec
带有 FastCGI 和 suexec-custom 的 Apache 2.4 VHosts

我在本地机器上安装了带有 suexec-custom 的 Ubuntu 22.04 Apache 2.4。实际上,从 Ubuntu 16 到这次更新到 22.04,这个设置一直有效。我只加载了一些模块,重新加载了一些其他模块,suexec 在测试站点上运行良好:/home/test 更新后,我输入了一些命令:

sudo apt-get update
sudo apt install libapache2-mod-fcgid
sudo apt-get -y install apache2-suexec-custom
# remove or disable libapache2-mod-php
sudo apt-get remove libapache2-mod-php
# or
# sudo a2dismod php*
sudo a2dismod mpm_prefork
sudo a2enmod mpm_event
sudo systemctl restart apache2

然后打字localhost/my/test/file就得到了我所期望的结果!我甚至测试了:

//index.php
<?php

echo '<b>';
echo php_sapi_name();
echo '</b><br>';
printf("%s<br>", 'parent of DOCUMENT_ROOT=<b>'.\dirname($_SERVER['DOCUMENT_ROOT']).'</b>');
printf("%s<br>", 'DOCUMENT_ROOT=<b>'.$_SERVER['DOCUMENT_ROOT'].'</b>');
printf("%s", 'User=<b>');
system('whoami');
echo '</b>';

/**
 * A front controller redirector.
 */
// ...bla-bla

phpinfo();

预期的结果是:

cgi-fcgi
parent of DOCUMENT_ROOT=/home/test
DOCUMENT_ROOT=/home/test/public_html/
User=test*
PHP Version 8.1.2-1ubuntu2.10
Linux cent 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023
x86_64
Build Date
Jan 16 2023 15:19:49
Build System
Linux
Server API
CGI/FastCGI
Virtual Directory Support
disabled
Configuration File (php.ini) Path
/etc/php/8.1/cgi
Loaded Configuration File
/home/suexec/test/conf/php.ini
Scan this dir for additional .ini files /etc/php/8.1/cgi/conf.d
........

我不会描述如何设置 suexec-custom 的细节:

/home/suexec/test/cgi-bin/php-fcgi-wrapper
/home/suexec/test/conf/php.ini
/home/test/public_html
/home/test/...<program dirs & files>

我唯一要说的是,当我开始对我的进行一些修改时,/etc/hosts我丢失了我的 suexec: 404 The requested URL was not found on this server。我以前的 hosts 文件

127.0.0.1    localhost
127.0.0.1    localhost.test   localhost.test
# The following lines are desirable for IPv6 capable hosts
::1
ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouter

它不再起作用了,我不知道为什么(???)。但一切都在那里!

在升级之前,出于开发的原因,我改变了成功dir的所有者testsudo chown -R cent:cent /home/test)以及 vhost 文件:

#000-default.conf
<VirtualHost *:80>
  ServerName localhost
  ServerAlias localhost
  ServerAdmin [email protected]
  DocumentRoot /home/test/
  Header set Access-Control-Allow-Origin "*"

<IfModule mod_fcgid.c>
  SuexecUserGroup cent cent
  <Directory /home/test/>
    Options +ExecCGI
    Options -Indexes
    AllowOverride None
    AddHandler fcgid-script .php
    FCGIWrapper /home/suexec/test/cgi-bin/php-fcgi-wrapper .php
    Require all granted
    RewriteEngine On
    RewriteCond "%{REQUEST_URI}" "!=/index.php"
    RewriteRule "^(.*)$" "/index.php?$1" [NC,NE,L,QSA]
  </Directory>
</IfModule>

  # CPU usage limits 5s 10s
  RLimitCPU 5 10
  # memory limits to 10M 20M
  RLimitMEM 10000000 20000000 
  # limit of forked processes 20 30
  RLimitNPROC 20 30 

  LogLevel warn
  ErrorLogFormat connection "[%t] New connection: [%{c}L] [ip: %a]"
  ErrorLogFormat request "[%t] [%{c}L] New request: [%L] [pid %P] %F: %E"
  ErrorLogFormat "[%t] [%{c}L] [%L] [%l] [pid %P] %F: %E: %M"
  ErrorLog /home/test/log/apache_error.log
  CustomLog /home/test/log/apache_access.log combined
  ServerSignature Off

</VirtualHost>

它曾经很坚固。

现在来说说是什么破坏了它: 我对文件做了更改hosts

127.0.0.1 test test localhost

是什么让它暂时起作用:

由于 suexec 损坏,我决定恢复我的所有者:

 sudo chown -R test:test /home/test
# also at vhost file: SuexecUserGroup test test

它就在那里,但是在不同的网址(!!!)test/my/test/file

我决定再次尝试使用 hosts,结果 bam: 404

幸运的是,我录制了一条消息/var/log/apache2/

[Tue Feb 14 10:52:04.708251 2023] [mpm_event:notice] [pid 6335:tid 140549831124864] AH00493: SIGUSR1 received.  Doing graceful restart
[Tue Feb 14 10:52:04.819895 2023] [mpm_event:notice] [pid 6335:tid 140549831124864] AH00489: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 configured -- resuming normal operations
[Tue Feb 14 10:52:04.819953 2023] [core:notice] [pid 6335:tid 140549831124864] AH00094: Command line: '/usr/sbin/apache2'
[Tue Feb 14 10:52:04.819995 2023] [mpm_event:warn] [pid 6335:tid 140549831124864] AH00488: long lost child came home! (pid 7645)
suexec policy violation: see suexec log for more details

/var/log/suexec.log

[2023-02-14 10:52:10]: uid: (1000/cent) gid: (1000/cent) cmd: php-fcgi-wrapper
[2023-02-14 10:52:10]: cannot open current working directory

我无法再将 suexec 恢复正常。我应该使用类似test.conf或的vhost 文件吗000-default.conf?我们是否仍然需要默认文件?

你在我的配置中看到错误了吗?我应该关闭连接到 suexec 的 pid 并让 Apache 重新创建一个吗?我很困惑!

PS:我还计划使用用户权限测试 FPM,这意味着不同的 vhost 文件 - 如果您知道如何做,我可以完全跳过 suexec!

答案1

什么解决了我的问题:

sudo apt-get purge apache2
sudo apt-get purge suexec-custom
sudo apt-get purge libapache2-mod-php

然后从开始安装!

sudo apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

为了抑制该错误,请打开/etc/hosts并添加:

# set FQDN from hostname: 
# ip       FQDN      alias
127.0.1.1   cent.machine.com    cent

格式为:[hostname].whatever.you.want [hostname]

然后打开或创建/etc/hostname

cent

格式是[hostname]

关于/etc/apache2/sites-enabled/000-default.conf保持原样:

<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

对于 suexec-custom 方案下的 vhosts

您的选择取决于您想要的测试站点数量:

  • 一个带有测试 URL 的网站localhost/my/path,或者

  • 有多少个网站有测试网址my-local-url.localhost/my/path

一个带有测试网址的网站localhost/my/path

您必须输入主机:

# that existed:
127.0.0.1 localhost
# that was added:
127.0.0.1 my-local-url my-local-url   localhost

(您失去了多个本地测试域的能力)。

ServerName使用 url 在 vhost 中写入指令localhost

ServerName localhost
ServerAlias localhost

许多网站都有测试网址my-local-url.localhost/my/path

最后一种情况下,在多个本地域中,在内部写入/etc/hosts

127.0.0.1 my-local-url

无动于衷!

在 vhost 中写入指令ServerName,其中 url 为站点根文件夹的名称加上 localhost:

ServerName my-local-url.localhost
ServerAlias my-local-url.localhost

记住:my-local-url = 根文件夹名称或 Web 用户的主目录

输入以下命令进行测试:

my-local-url.localhost/my/path

我做错了什么

  1. 我加载了000-default.conf文件,在其中添加了我的 vhost 文件的内容(!),因此ServerName: localhost,我以为 Apache 正在解析我的 vhost 文件,而它使用了带有正确指令的默认值ServerName

  2. 我在 /etc/hosts 中添加了错误的条目,这些条目的形式localhost.my-local-url很容易用简单方法调试(!),ping my-local-url并在指令下的 vhost 文件中重复了它们ServerName(!)——当然 Apache 从未到达该文件,最后,

  3. 我的指令DocumentRoot /home/test与我的浏览器网址不兼容。

最后一种情况非常有趣,有以下几种替代方案:

  • 离开DocumentRootroot 用户并搜索localhost/public_html/index.phpphp 文件的 URL,或者

  • 离开DocumentRootroot 用户,修改RewriteRule "^(.*)" "/public_html/index.php?$1" [NC,NE,L,PT,QSA]并搜索localhost/index.php可取的!) 或者,

  • 修改DocumentRoot /home/test/public_html网站根目录),保持RewriteRule原样并搜索localhost/index.php(但如果媒体存在于更高目录中,则您无法添加更多规则来将媒体的处理传递给 Apache!)

结论

按照以下步骤调试 Apache vhost 文件:

  • 使能够LogLevel debug

  • 禁用大多数 vhosts 指令以调试尤其是重写

  • 逐个启用指令并检查错误。

希望对大家有帮助!

如果您知道调试 Apache 的方法,那将会非常有帮助!

相关内容