Perguntas[apache-httpd](unix)

Acredito que os dois problemas que estou tendo estão relacionados, mas não sei por onde começar. O primeiro problema é que quando um domínio específico que resolve para meu servidor é solicitado, seu arquivo conf em sites-enabled é ignorado, assim como 000-default.conf, em vez disso, o primeiro conf em ordem alfabética é usado e esse site aparece, mas com o domínio que solicitei na barra do navegador.

Isso só acontece com esse domínio, o que leva ao segundo problema. Tenho um certificado multidomínio (CA) e todos os domínios nele aparecem como esperado. Tenho um certificado certbot instalado para esse outro domínio. Quando uso o openssl com o nome de domínio desse outro domínio, ele mostra o conteúdo do certificado multidomínio. Quando uso um verificador SSL, obtenho os mesmos resultados, com ele notando que o nome de domínio que inseri não está incluído no certificado.

Percebi que quando executo apachectl -S antes de listar os arquivos *:443 e *:80, ele lista um host virtual com o endereço IP do servidor como o servidor nomeado, e o primeiro arquivo listado não é o 000-default (que É listado como o primeiro para *:80 e *:443), mas o próximo em ordem alfabética.

O domínio problemático é halgrossman.com.

halgrossman.com.conf

<VirtualHost *:80>
    ServerName halgrossman.com
    ServerAlias www.halgrossman.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/drupal/halgrossman/web
        <Directory /var/www/html/drupal/halgrossman/web>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

halgrossman.com-le-ssl.conf

<VirtualHost *:443>
    ServerName halgrossman.com
    ServerAlias www.halgrossman.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/drupal/halgrossman/web
        <Directory /var/www/html/drupal/halgrossman/web>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/halgrossman.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/halgrossman.com/privkey.pem
</VirtualHost>

Saída do openssl

openssl s_client -connect halgrossman.com:443 -servername halgrossman.com
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = theaccidentalcoder.com
verify return:1
---
Certificate chain
 0 s:CN = theaccidentalcoder.com
   i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  2 00:00:00 2024 GMT; NotAfter: Dec 21 23:59:59 2024 GMT
 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Nov  2 00:00:00 2018 GMT; NotAfter: Dec 31 23:59:59 2030 GMT
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
 3 s:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

theaccidentalcoder.com é o domínio principal em um certificado CA multidomínio, do qual halgrossman.com não faz parte.

Saída do verificador SSL

halgrossman.com resolves to 45.56.118.187
    
Server Type: Apache/2.4.52 (Ubuntu)
    
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
    
The certificate was issued by Sectigo.    
    
The certificate will expire in 84 days. 
    
None of the common names in the certificate match the name that was entered (halgrossman.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
    Common name: theaccidentalcoder.com
SANs: theaccidentalcoder.com, ascaatl.org, guildbuildersinc.com, musictohealby.com, souknook.com, thetouristlife.com
Valid from September 1, 2024 to December 21, 2024

Saída de apache2ctl -S

45.56.118.187:443      is a NameVirtualHost
         default server guildbuildersinc.com (/etc/apache2/sites-enabled/guildbuildersinc.com.conf:37)
         port 443 namevhost guildbuildersinc.com (/etc/apache2/sites-enabled/guildbuildersinc.com.conf:37)
         port 443 namevhost musictohealby.com (/etc/apache2/sites-enabled/musictohealby.com.conf:37)
         port 443 namevhost theaccidentalcoder.com (/etc/apache2/sites-enabled/theaccidentalcoder.com.conf:23)
         port 443 namevhost thetouristlife.com (/etc/apache2/sites-enabled/thetouristlife.com.conf:21)
*:443                  halgrossman.com (/etc/apache2/sites-enabled/halgrossman.com-le-ssl.conf:2)
*:80                   is a NameVirtualHost
         default server halgrossman.com (/etc/apache2/sites-enabled/00-default.conf:1)
         port 80 namevhost halgrossman.com (/etc/apache2/sites-enabled/00-default.conf:1)
                 alias www.halgrossman.com
         port 80 namevhost default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost guildbuildersinc.com (/etc/apache2/sites-enabled/guildbuildersinc.com.conf:1)
                 alias www.guildbuildersinc.com
         port 80 namevhost halgrossman.com (/etc/apache2/sites-enabled/halgrossman.com.conf:1)
                 alias www.halgrossman.com
         port 80 namevhost musictohealby.com (/etc/apache2/sites-enabled/musictohealby.com.conf:1)
                 alias www.musictohealby.com
         port 80 namevhost theaccidentalcoder.com (/etc/apache2/sites-enabled/theaccidentalcoder.com.conf:1)
                 alias www.theaccidentalcoder.com
         port 80 namevhost thetouristlife.com (/etc/apache2/sites-enabled/thetouristlife.com.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"

Note que a lista de domínios que aparece primeiro é listada para o IP e não inclui 000-default. O que ** lista ** primeiro, guildbuildersinc.com, é o primeiro, em ordem alfabética, depois de 000-default, e o site que aparece ao solicitar https://halgrossman.com .

Servidor web Apache no Rocky Linux 9, com certificados SSL obtidos da LetsEncrypt. Esta é a configuração de um host virtual específico "myvhost", mas o problema surge para todos os vhosts no meu servidor:

/etc/httpd/conf.d/myvhost.conf:

<VirtualHost *:80>

    ServerName myvhost.example.org
    DocumentRoot "/var/www/html/myvhost"

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =myvhost.example.org
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

/etc/httpd/conf.d/myvhost-le-ssl.conf(gerado automaticamente por LetsEncrypt):

<IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerName myvhost.example.org
    DocumentRoot "/var/www/html/myvhost"

    Include /etc/letsencrypt/options-ssl-apache.conf

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

    TraceEnable off

    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem

</VirtualHost>
</IfModule>

O comando curl -i http://myvhost.example.orgretorna:

HTTP/1.1 400 Bad Request
Date: Wed, 19 Jun 2024 12:39:10 GMT
Server: Apache
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>

Por que ele está fazendo isso? Entre outras coisas, o erro HTTP 400 impede certbot renewa verificação do domínio e a renovação do certificado.

É importante notar que exatamente a mesma configuração no CentOS Stream 8 não resultou neste problema.

EDIT: saída do comando for f in $(grep -l -e SSLCertificate -e :80 /etc/httpd/conf.d/*.conf); do printf '\n== %s ==\n' "$f"; grep -hE 'SSLCertificate|VirtualHost|Server(Name|Alias)' "$f" | sed -e 's/#.*//' -e '/^[[:space:]]*$/d'; done | less:

==  /etc/httpd/conf.d/main-le-ssl.conf ==
<VirtualHost *:443>
    ServerName example.org
    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem
</VirtualHost>

==  /etc/httpd/conf.d/main.conf ==
<VirtualHost *:80>
    ServerName example.org
</VirtualHost>

==  /etc/httpd/conf.d/myvhost-le-ssl.conf ==
<VirtualHost *:443>
    ServerName myvhost.example.org
    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem
</VirtualHost>

==  /etc/httpd/conf.d/myvhost.conf ==
<VirtualHost *:80>
    ServerName myvhost.example.org
</VirtualHost>

==  /etc/httpd/conf.d/anothervhost-le-ssl.conf ==
<VirtualHost *:443>
    ServerName anothervhost.example.org
    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem
</VirtualHost>

==  /etc/httpd/conf.d/anothervhost.conf ==
<VirtualHost *:80>
    ServerName anothervhost.example.org
</VirtualHost>

==  /etc/httpd/conf.d/ssl.conf ==
SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem

Estou tentando criar um host virtual Apache fechado para todos os endereços IP, com exceção de um endereço IP e dois URLs que devem ser acessíveis publicamente.

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName example.com
    ServerAdmin [email protected]
    DocumentRoot "/var/www/example.com/app/webroot"

    <Directory "/var/www/example.com/app/webroot">
        Options FollowSymLinks Includes ExecCGI
        AllowOverride All
        ErrorDocument 403 "https://example.com/403.php"
        DirectoryIndex index.php
    </Directory>

    <Location "/foo/bar/">
          Require all granted
    </Location>

    <Location "/.well-known/">
        Require all granted
    </Location>

    <Location "/">
          Require ip 1.2.3.4
    </Location>

    SSLProxyEngine on   
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass           /api/ https://host.docker.internal:8443/api/ connectiontimeout=5 timeout=300
    ProxyPassReverse    /api/ https://host.docker.internal:8443/api/

    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Tentei alterar a ordem das Locationtags, mas todas as solicitações são redirecionadas para ErrorDocumento valor da diretiva.

O URL /foo/bar/é reescrito por .htaccesslocalizado em DocumentRoot(para fins de teste, tentei remover .htaccesssem efeito).

Versão Apache:

• Versão do servidor: Apache/2.4.59 (Debian)
• Servidor construído: 2024-04-05T12:02:26

O Apache é executado em um contêiner Docker, mas provavelmente não tem significado para o problema.

P: O que há de errado com a configuração?

rpm -qc httpd não mostra todos os arquivos de configuração do httpd. Meu sistema operacional é instável 9.3. Alguém tem alguma sugestão?

[root@rocky9 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-03-22 03:26:10 +0330; 19min ago
       Docs: man:httpd.service(8)
   Main PID: 11100 (httpd)
     Status: "Total requests: 7; Idle/Busy workers 100/0;Requests/sec: 0.00616; Bytes served/sec:  36 B/sec"
      Tasks: 213 (limit: 23102)
     Memory: 33.7M
        CPU: 2.390s
     CGroup: /system.slice/httpd.service
             ├─11100 /usr/sbin/httpd -DFOREGROUND
             ├─11101 /usr/sbin/httpd -DFOREGROUND
             ├─11102 /usr/sbin/httpd -DFOREGROUND
             ├─11103 /usr/sbin/httpd -DFOREGROUND
             └─11104 /usr/sbin/httpd -DFOREGROUND

Mar 22 03:26:09 rocky9 systemd[1]: Starting The Apache HTTP Server...
Mar 22 03:26:10 rocky9 httpd[11100]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::a00>
Mar 22 03:26:10 rocky9 httpd[11100]: Server configured, listening on: port 80
Mar 22 03:26:10 rocky9 systemd[1]: Started The Apache HTTP Server.
[root@rocky9 ~]# rpm -qc httpd
/etc/httpd/conf.modules.d/00-brotli.conf
/etc/httpd/conf.modules.d/00-systemd.conf
[root@rocky9 ~]# ls /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf

O servidor possui uma CPU 4C/8T e 32 GB de RAM. SO: Debian 12. Apache/PHP não responde após uso de aproximadamente 500 MB. Tentei PHP8.2 e PHP8.1, mas o resultado é o mesmo. Se eu reiniciar o PHP, o Apache começará a responder. Verifiquei o log de erros do Apache e há apenas um aviso abaixo, não há outros tipos de erros no log de erros.

[Terça-feira, 28 de novembro 13:50:31.932468 2023] [http2:warn] [pid 13336:tid 139689031698112] [cliente 10.41.23.50:34858] h2_stream(13336-348-1,CLEANUP): iniciado=1, agendado=1, pronto = 0, out_buffer = 0

Baixei o software confluente para atualização no /var/www/htmldiretório. Preciso criar um index.html para listagem de diretórios para cada diretório. Tentei adicionar abaixo ao .htaccessarquivo no diretório (vi em algum lugar onde index.htmlexistiam arquivos no diretório), mas não funcionou:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Existe um utilitário ou ferramenta que me permitirá fazer isso? Alguém me pediu para criá-lo manualmente, mas eu realmente não quero criá-lo manualmente.

ATUALIZAR

@Ipor Sircer / @Marcus Müller

Atualizei o httpd.confarquivo - agora está como abaixo:

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options +Indexes +FollowSymLinks
    IndexOptions +FancyIndexing +HTMLTable

    #Options None

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    #AllowOverride None
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

Isto está abaixo /var/www/html:

pwd
/var/www/html

drwxr-xr-x 5 root root  86 Nov  7 18:10 .
drwxr-xr-x 4 root root  33 Aug 12 15:33 ..
drwxr-xr-x 4 root root  46 Nov  6 13:35 clients
drwxr-xr-x 3 root root  55 Nov  6 19:52 packages.confluent.io
drwxr-xr-x 3 root root  17 Nov  6 15:57 rpm

Mas quando vou ao servidor, recebo o seguinte:

Considerando que se eu for server/rpm, recebo isto:

O que mais preciso alterar para poder ver o diretório /var/www/htmlno navegador?

Executando o Virualmin, ainda tenho cerca de 1 GB de memória livre, o log do Apache está cheio de:

[mpm_prefork:error] [pid 119747] (11)Resource temporarily unavailable: AH00159: fork: Unable to fork new process


<IfModule mpm_prefork_module>
    StartServers          20
    MinSpareServers       50
    MaxSpareServers       100        
    MaxRequestWorkers     1000
    Serverlimit           2000    
    MaxConnectionsPerChild  10000
</IfModule>

se isso ajudar:

user@vps:~$ ulimit -a
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) 0
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 1541537
max locked memory           (kbytes, -l) 524288
max memory size             (kbytes, -m) unlimited
open files                          (-n) 1024
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) 8192
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) 62987
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited

Também estou executando o PHP-FPM, então aqui estão as configurações, tentei alterar 60 para 100, mas não houve diferença:

[154754643814302]
user = user
group = user
listen.owner = user
listen.group = user
listen.mode = 0660
listen = /var/php-fpm/154754643814302.sock
pm = dynamic
pm.max_children = 100
pm.start_servers = 8
pm.min_spare_servers = 1
pm.max_spare_servers = 30
php_value[upload_tmp_dir] = /home/user/tmp
php_value[session.save_path] = /home/user/tmp
php_value[error_log] = /home/user/logs/php_log
php_value[log_errors] = On

Estou tentando desabilitar mensagens de erro para PHP no meu servidor web Apache2, mas não está funcionando.

Eu habilitei no php.iniarquivo.

error_reporting = E_ALL

Eu deliberadamente introduzi erros em meu script test.php e no próprio script, incluí o seguinte, mas nenhum erro é exibido.

init_set('display_errors', 1);
init_set('display_startup_errors', 1);
error_reporting(E_ALL)

O que estou fazendo de errado?

eu quero que a raiz do VSFTPD seja /var/www/html.
Como eu posso fazer?
Este é o meu arquivo de configuração

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
#utf8_filesystem=YES

Desculpe-me pelo inglês ruim eu realmente cansei, amanhã eu corrijo.

Sempre que tento executar sudo apt install <package>, recebo a seguinte saída

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 apache2 : Depends: apache2-bin (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-data (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-utils (= 2.4.41-4ubuntu3.9)
 lollypop : Depends: python3-pylast but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

Se eu correr sudo apt --fix-broken install, recebo o seguinte

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Correcting dependencies... Done
The following additional packages will be installed:
  apache2
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom
The following packages will be upgraded:
  apache2
1 upgraded, 0 newly installed, 0 to remove and 228 not upgraded.
6 not fully installed or removed.
Need to get 0 B/95.5 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
(Reading database ... 425435 files and directories currently installed.)
Preparing to unpack .../apache2_2.4.41-4ubuntu3.10_amd64.deb ...
Unpacking apache2 (2.4.41-4ubuntu3.10) over (2.4.41-4ubuntu3.9) ...
dpkg: error processing archive /var/cache/apt/archives/apache2_2.4.41-4ubuntu3.10_amd64.deb (--unpack):
 trying to overwrite '/var/www/html', which is also in package nginx-common 1.18.0-0ubuntu1.2
Errors were encountered while processing:
 /var/cache/apt/archives/apache2_2.4.41-4ubuntu3.10_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Edit : E quando tento remover nginx ou nginx-common, recebo

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 apache2 : Depends: apache2-bin (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-data (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-utils (= 2.4.41-4ubuntu3.9)
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

Eu também tentei executar sudo apt install apache2 nginx-common-, mas recebo o seguinte

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 libnginx-mod-http-image-filter : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 libnginx-mod-http-xslt-filter : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 libnginx-mod-mail : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 libnginx-mod-stream : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 nginx-core : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

Então eu tentei sudo apt install apache2 nginx-common- libnginx-mod-http-image-filter- libnginx-mod-http-xslt-filter- libnginx-mod-mail- libnginx-mod-stream- nginx-core-e consegui o seguinte

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 nginx : Depends: nginx-core (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed or
                  nginx-full (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed or
                  nginx-light (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed or
                  nginx-extras (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed
         Depends: nginx-core (>= 1.18.0-0ubuntu1.2) but it is not going to be installed or
                  nginx-full (>= 1.18.0-0ubuntu1.2) but it is not going to be installed or
                  nginx-light (>= 1.18.0-0ubuntu1.2) but it is not going to be installed or
                  nginx-extras (>= 1.18.0-0ubuntu1.2) but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

Eu tentei remover o nginx e também desativá-lo, mas parece que não funciona, eu realmente não preciso do nginx, então removê-lo está bem, alguém sabe o que devo fazer?