當前位置: 首頁>>技術教程>>正文


Ubuntu Server上的Apache 2.4.6:服務器配置(PHP FPM)拒絕了客戶端[加載PHP文件時]

, ,

問題描述

今天,我更新了Ubuntu server 13.04(競賽環尾)→13.10(Saucy am)。

我的Apache 2安裝已損壞。

這是我的配置:

檔案error.log

[Fri Oct 18 10:48:07.237170 2013] [:notice] [pid 8292:tid 139804677900160] FastCGI: process manager initialized (pid 8292)
[Fri Oct 18 10:48:07.241185 2013] [mpm_event:notice] [pid 8289:tid 139804677900160] AH00489: Apache/2.4.6 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 configured -- resuming normal operations
[Fri Oct 18 10:48:07.241652 2013] [core:notice] [pid 8289:tid 139804677900160] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 18 10:48:28.313923 2013] [authz_core:error] [pid 8294:tid 139804573181696]   [client 81.219.59.75:3536] AH01630: client denied by server configuration: /usr/lib/cgi-bin/php5-fcgi

檔案default.conf

#EU
<VirtualHost *:80>
    #ServerName
    DocumentRoot /var/www/dev_stable

    DirectoryIndex index.php index.html index.htm

    <Directory /var/www/dev_stable>
          Options Indexes FollowSymLinks MultiViews

          AllowOverride all
          Require all granted
    </Directory>
</VirtualHost>

檔案mods-enabled/fastcgi.conf

#<IfModule mod_fastcgi.c>
#  AddHandler fastcgi-script .fcgi
# FastCgiWrapper /usr/lib/apache2/suexec
#  FastCgiIpcDir /var/lib/apache2/fastcgi
#</IfModule>


<IfModule mod_fastcgi.c>
    AddHandler php5-fcgi .php
    Action php5-fcgi /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
</Ifmodule>

當我嘗試通過瀏覽器加載文件時,得到了:

site_name/TEST/

Forbidden

You don't have permission to access /php5-fcgi/TEST/index.php on this server.

我該怎麽解決?

最佳方案

我有完全一樣的問題。我在本地計算機上運行了兩個虛擬主機以進行開發。

首先,我更改了/etc/apache2/conf-available/php5-fpm.conf。我更換了每個

Order Deny,Allow
Deny from all

Require all granted

必須通過a2enconf php5-fpm啟用配置。我對虛擬主機配置進行了相同的操作,並進行了替換。

我認為出於安全原因不建議這樣做,但是隻要我將服務器用於本地目的,就可以使用它。

次佳方案

我在安裝新的Apache 2.4時遇到了這個確切的問題。經過數小時的穀歌搜索和測試,我終於發現我還必須允許訪問包含Alias指令的目標(不存在)的目錄。也就是說,這對我有用:

# File: /etc/apache2/conf-available/php5-fpm.conf
<IfModule mod_fastcgi.c>
    AddHandler php5-fcgi .php
    Action php5-fcgi /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization

    # NOTE: using '/usr/lib/cgi-bin/php5-cgi' here does not work,
    #   it doesn't exist in the filesystem!
    <Directory /usr/lib/cgi-bin>
        Require all granted
    </Directory>
</Ifmodule>

第三種方案

我今天遇到了類似的問題(但使用mod_wsgi)。這可能是Apache 2.2到2.4的問題。完整的更改列表可在here中找到。

對我來說,這有助於為error-log抱怨的每個路徑添加一個額外的<Directory>-條目,並用Require all granted填充該部分。

因此,您可以嘗試

<Directory /usr/lib/cgi-bin/php5-fcgi>
    Require all granted
    Options FollowSymLinks
</Directory>

並且我不得不將配置文件從文件夾conf.d移到文件夾sites-enabled

總而言之,這對我來說是成功的訣竅,但我不保證它也可以在您的情況下使用。

第四種方案

我最近遇到了同樣的問題。我必須從以下位置更改虛擬主機:

<VirtualHost *:80>
  ServerName local.example.com

  DocumentRoot /home/example/public

  <Directory />
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

至:

<VirtualHost *:80>
  ServerName local.example.com

  DocumentRoot /home/example/public

  <Directory />
    Options All
    AllowOverride All
    Require all granted
  </Directory>
</VirtualHost>

第五種方案

apache2.conf中,替換或刪除<目錄/> AllowOverride無要求所有拒絕的< /Directory&gt ;,如建議的Jan Czarny。

例如:

<Directory />
    Options FollowSymLinks
    AllowOverride None
    #Require all denied
    Require all granted
</Directory>

這在Ubuntu 14.04(Trusty Tahr)中有效。

第六種方案

您的virtualhost文件名應為mysite.com.conf,並應包含此信息

<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    ServerName mysite.com
    ServerAlias www.mysite.com

    ServerAdmin info@mysite.com
    DocumentRoot /var/www/mysite

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory "/var/www/mysite">
Options All
AllowOverride All
Require all granted
</Directory>


    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

第七種方案

我不認為在此指令中將“需要全部拒絕”替換為“需要全部授予”:

<Directory>

    Options FollowSymLinks
    AllowOverride None
    #Require all denied
    Require all granted
</Directory>

由Jan Czarny建議並由user3801675取代是解決此問題的最安全方法。

根據Apache配置文件,該行拒絕訪問服務器的整個文件係統。替換它可能確實允許訪問您的虛擬主機文件夾,但代價是也允許訪問您的整個計算機!

Gev Balyan的方法似乎是這裏最安全的方法。這是今天早上設置新Apache服務器後困擾我的“訪問被拒絕問題”的答案。

參考資料

本文由Ubuntu問答整理, 博文地址: https://ubuntuqa.com/zh-tw/article/10468.html,未經允許,請勿轉載。