问题[arch-linux](server)

我在（最新的）Arch Linux 服务器上遇到了问题。我已经能够用 netcat 重现它。

如果我开始在我的服务器上收听：

ncat -l -p 2000 -k

接着

telnet (my local ip) 2000

从本地机器上，我可以看到双向连接。

但是，如果我从远程计算机上 telnet，则连接已建立，但我在服务器端键入的任何内容都不会出现在远程端。如果我在远程端输入一些东西，一旦按下 Enter，第一行就会出现在服务器端，但随后连接会以Connection closed by foreign host..

我能够确认此问题与我的路由器无关：将同一端口转发到另一台 Debian 机器一切正常。这会阻止 nginx 和其他服务器工作。

我目前没有任何 iptables 规则：

$ iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

猫：

# ncat -l -p 2000 -k -v             
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Listening on :::2000
Ncat: Listening on 0.0.0.0:2000


Ncat: Connection from (remote public ip).
Ncat: Connection from (remote public ip):60990.

本地机器上的 tcpdump：

# tcpdump -nnvvS port 2000
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:09:46.847867 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    (server local ip).2000 > (remote public ip).60990: Flags [S.], cksum 0x5399 (incorrect -> 0x8744), seq 1434025023, ack 276028935, win 65160, options [mss 1460,sackOK,TS val 422478433 ecr 3525397188,nop,wscale 7], length 0
13:09:46.870265 IP (tos 0x0, ttl 64, id 14989, offset 0, flags [DF], proto TCP (6), length 53)
    (server local ip).2000 > (remote public ip).60990: Flags [P.], cksum 0x5392 (incorrect -> 0xa864), seq 1434025024:1434025025, ack 276028935, win 510, options [nop,nop,TS val 422478455 ecr 3525397212], length 1
13:09:49.931230 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    (server local ip).2000 > (remote public ip).60990: Flags [R], cksum 0x94ad (correct), seq 1434025024, win 0, length 0

远程机器上的 tcpdump：

# tcpdump -nnvvS port 2000
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:09:46.835291 IP (tos 0x10, ttl 64, id 59780, offset 0, flags [DF], proto TCP (6), length 60)
    (remote public ip).60990 > (server public ip).2000: Flags [S], cksum 0xff3a (incorrect -> 0x4c94), seq 276028934, win 64240, options [mss 1460,sackOK,TS val 3525397188 ecr 0,nop,wscale 7], length 0
13:09:46.858924 IP (tos 0x0, ttl 48, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    (server public ip).2000 > (remote public ip).60990: Flags [S.], cksum 0xdbaa (correct), seq 1434025023, ack 276028935, win 65160, options [mss 1452,sackOK,TS val 422478433 ecr 3525397188,nop,wscale 7], length 0
13:09:46.858957 IP (tos 0x10, ttl 64, id 59781, offset 0, flags [DF], proto TCP (6), length 52)
    (remote public ip).60990 > (server public ip).2000: Flags [.], cksum 0xff32 (incorrect -> 0x06ea), seq 276028935, ack 1434025024, win 502, options [nop,nop,TS val 3525397212 ecr 422478433], length 0
13:09:49.920045 IP (tos 0x10, ttl 64, id 59782, offset 0, flags [DF], proto TCP (6), length 58)
    (remote public ip).60990 > (server public ip).2000: Flags [P.], cksum 0xff38 (incorrect -> 0x0603), seq 276028935:276028941, ack 1434025024, win 502, options [nop,nop,TS val 3525400273 ecr 422478433], length 6
13:09:49.941752 IP (tos 0x0, ttl 48, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    (server public ip).2000 > (remote public ip).60990: Flags [R], cksum 0xe90b (correct), seq 1434025024, win 0, length 0

我想将pvmove逻辑卷转换为更小但更快的驱动器，将多余的部分留在原始驱动器上。这能轻松实现吗？

我正在为这个问题撕扯头发。

我想在我的家庭服务器上添加一个热插拔托架，以便轻松添加和移除 HDD，例如轻松轮换异地备份。有问题的主板是带有四个本机 SATA 端口的 Asrock J4105-ITX 主板，这些端口分为 ASM1062 和英特尔处理器 SATA 控制器。两者都可以正常工作并使用ahci内核模块。BIOS 中有一个热插拔选项，但似乎没有效果。

如果驱动器断开连接（通过echo 1 > /sys/block/sdX/device/delete或粗鲁地移除驱动器），重新连接后将无法识别新设备。我尝试强制重新扫描 ( echo "- - -" > /sys/class/scsi_host/host<n>/scan) 但无济于事，SATA 端口实际上在下次重新启动之前不再可用。我还尝试了一些更极端的命令，但没有任何运气：

echo 1 > /sys/class/scsi_device/2:0:0:0/device/reset
echo 1 > /sys/devices/pci0000:00/0000:00:1f.2/rescan
echo 1 > /sys/devices/pci0000:00/0000:00:1f.2/reset

（取自如何让 Linux 识别我在不重新启动的情况下热插拔的新 SATA /dev/sda 驱动器？）

“好吧，可能是芯片组不支持热插拔或者BIOS坏了。” 所以我订购了两个 PCIe SATA 控制器（一个使用 ASM1064，另一个使用 Marvell 88SE9215）。两者都表现出相同的问题，尽管其他买家表示热插拔适用于他们，所以我猜这个问题要么与软件有关（我的安装？我正在运行 Arch OS，它会尽职尽责地保持最新状态）。

一些希望有用的信息：

$ uname -a
Linux servername 5.14.14-arch1-1 #1 SMP PREEMPT Wed, 20 Oct 2021 21:35:18 +0000 x86_64 GNU/Linux

$ dmesg | grep ahci
[    0.447450] ahci 0000:00:12.0: version 3.0
[    0.447842] ahci 0000:00:12.0: SSS flag set, parallel bus scan disabled
[    0.457970] ahci 0000:00:12.0: AHCI 0001.0301 32 slots 2 ports 6 Gbps 0x3 impl SATA mode
[    0.457981] ahci 0000:00:12.0: flags: 64bit ncq sntf stag pm clo only pmp pio slum part sxs deso sadm sds apst 
[    0.458750] scsi host0: ahci
[    0.459204] scsi host1: ahci
[    0.469788] ahci 0000:01:00.0: AHCI 0001.0000 32 slots 4 ports 6 Gbps 0xf impl SATA mode
[    0.469801] ahci 0000:01:00.0: flags: 64bit ncq sntf led only pmp fbs pio slum part sxs 
[    0.470767] scsi host2: ahci
[    0.471203] scsi host3: ahci
[    0.471562] scsi host4: ahci
[    0.471904] scsi host5: ahci
[    0.472341] ahci 0000:04:00.0: SSS flag set, parallel bus scan disabled
[    0.472376] ahci 0000:04:00.0: AHCI 0001.0200 32 slots 2 ports 6 Gbps 0x3 impl SATA mode
[    0.472382] ahci 0000:04:00.0: flags: 64bit ncq sntf stag led clo pmp pio slum part ccc 
[    0.472803] scsi host6: ahci
[    0.473011] scsi host7: ahci

$ lspci -v
[...]
01:00.0 SATA controller: Marvell Technology Group Ltd. 88SE9215 PCIe 2.0 x1 4-port SATA 6 Gb/s Controller (rev 11) (prog-if 01 [AHCI 1.0])
    Subsystem: Marvell Technology Group Ltd. 88SE9215 PCIe 2.0 x1 4-port SATA 6 Gb/s Controller
    Flags: bus master, fast devsel, latency 0, IRQ 127
    I/O ports at e050 [size=8]
    I/O ports at e040 [size=4]
    I/O ports at e030 [size=8]
    I/O ports at e020 [size=4]
    I/O ports at e000 [size=32]
    Memory at a1340000 (32-bit, non-prefetchable) [size=2K]
    Expansion ROM at a1300000 [disabled] [size=256K]
    Capabilities: [40] Power Management version 3
    Capabilities: [50] MSI: Enable+ Count=1/1 Maskable- 64bit-
    Capabilities: [70] Express Legacy Endpoint, MSI 00
    Capabilities: [e0] SATA HBA v0.0
    Capabilities: [100] Advanced Error Reporting
    Kernel driver in use: ahci
[...]

所以我想弄清楚如何建立隧道，但没有别的。我不希望用户拥有 shell 访问权限。

我发现这个ssh 隧道只能访问

这些信息是过时的还是什么？每次我尝试通过 ssh 登录时，我已将用户的 shell 设置为 /usr/(s)bin/nologin 或 /bin/false、bin/true 等，

而不是说：

This account is currently not available.

它说：

Permission denied, please try again.

密码正确。我非常肯定地知道这一点，因为我输入了它，然后将其粘贴到控制台中以确保没有错误。将用户的 shell 更改回 nologin 并尝试使用与仍在剪贴板中的实际 shell 相同的密码重新连接，它说 Permission denied。

我尝试将 ForcedCommand internal-sftp 放在配置文件中，但这也没有做任何事情。

我已经尝试使用从搜索中找到的那些脚本来制作 fakesh 并将用户的 shell 设置为此，但 ssh 也不接受。使其工作的唯一方法是将用户设置为实际的外壳。这里发生了什么？

所以看起来在最近的 Arch 系统升级之后，我的 NextCloud 服务器不再工作，目前给了我"This version of Nextcloud is not compatible with > PHP 7.4. You are currently running 8.0.1."

php -v现在给了我PHP 8.0.1，但我也安装了/usr/bin/php7（PHP 7.4.14）。

我基本上只是将 PHP 用于nextcloud (cur. v20.0.6-1)，通过 Apache +php-fpm

所以我想知道选择继续使用的正确“拱形方式”或解决方法是php7什么？（至少目前）

任何方式我可以例如降级php和php-fm包或什么？（最好不要破坏其他东西）。还是我应该只是等待新nextcloud版本与当前php版本兼容？

我已经在 QEMU 上使用 Windows 10 完全虚拟化了一个 VM，并且必须进行主机直通才能使其工作。

因为无法设置 SMBIOS 来反映主机，所以我想知道是否有任何方法可以更改System Manufacturer我的来宾操作系统中的密钥。

我想设置一个 NFS 服务器，所以我在Archlinux 教程中设置 NFS，有两个挂载点：

[jenia@jenia ~]$ sudo exportfs -arv
point 1
point 2
point 3
exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "192.168.1.0/24:/srv/nfs".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exportfs: /etc/exports [4]: Neither 'subtree_check' or 'no_subtree_check' specified for export "192.168.1.0/24:/srv/nfs/music".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exporting 192.168.1.0/24:/srv/nfs/music
exporting 192.168.1.0/24:/srv/nfs

但没有任何回应nfs://192.168.1.0/srv/nfs：

[jenia@jenia ~]$ sudo nfs-ls nfs://192.168.1.0/srv/nfs
Failed to mount nfs share : nfs_mount_async failed. Failed to start connection. Failed to start connection. connect() to server failed. Network is unreachable(101)
[jenia@jenia ~]$

当我这样做journalctl --follow -xn并重新启动 nfs 守护程序时systemctl restart nfs-server.service，我得到：

Nov 17 20:36:21 jenia sudo[45585]: pam_unix(sudo:session): session opened for user root(uid=0) by jenia(uid=0)
Nov 17 20:36:21 jenia systemd[1]: Condition check resulted in Kernel Module supporting RPCSEC_GSS being skipped.
-- Subject: A start job for unit auth-rpcgss-module.service has finished successfully
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- A start job for unit auth-rpcgss-module.service has finished successfully.
--
-- The job identifier is 2142.
Nov 17 20:36:21 jenia systemd[1]: Stopping NFS server and services...
-

一切systemctl status nfs-mountd nfsdcld nfs-idmapd都在成功运行。

做事systemctl status nfs-server说：

[jenia@jenia ~]$ sudo systemctl status nfs-server.service
* nfs-server.service - NFS server and services
     Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
     Active: active (exited) since Tue 2020-11-17 20:42:09 EST; 3s ago
    Process: 45946 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
    Process: 45947 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
   Main PID: 45947 (code=exited, status=0/SUCCESS)

Nov 17 20:42:09 jenia exportfs[45946]: exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "192.168.1.0/24:/srv/nfs".
Nov 17 20:42:09 jenia exportfs[45946]:   Assuming default behaviour ('no_subtree_check').
Nov 17 20:42:09 jenia exportfs[45946]:   NOTE: this default has changed since nfs-utils version 1.0.x
Nov 17 20:42:09 jenia exportfs[45946]: exportfs: /etc/exports [4]: Neither 'subtree_check' or 'no_subtree_check' specified for export "192.168.1.0/24:/srv/nfs/music".
Nov 17 20:42:09 jenia exportfs[45946]:   Assuming default behaviour ('no_subtree_check').
Nov 17 20:42:09 jenia exportfs[45946]:   NOTE: this default has changed since nfs-utils version 1.0.x
Nov 17 20:42:09 jenia exportfs[45946]: point 1
Nov 17 20:42:09 jenia exportfs[45946]: point 2
Nov 17 20:42:09 jenia exportfs[45946]: point 3
Nov 17 20:42:09 jenia systemd[1]: Finished NFS server and services.
[

有人知道我在做什么错吗？

目前，我已经设置了一个 nextcloud 服务器，nginx并使用sudo systemctl enable nginx.service. 当我重新启动时，我收到一条抱怨代理服务器的错误消息，如果我查看一下sudo systemctl status nginx.service，我会收到以下信息：

nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sat 2020-11-14 12:20:55 CET; 16min ago

Nov 14 12:20:55 TORNAX-ARCH systemd[1]: Starting A high performance web server and a reverse proxy server...
Nov 14 12:20:55 TORNAX-ARCH nginx[473]: 2020/11/14 12:20:55 [warn] 473#473: could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_si>
Nov 14 12:20:55 TORNAX-ARCH nginx[473]: 2020/11/14 12:20:55 [emerg] 473#473: bind() to 192.168.178.35:443 failed (99: Unknown error)
Nov 14 12:20:55 TORNAX-ARCH systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Nov 14 12:20:55 TORNAX-ARCH systemd[1]: nginx.service: Failed with result 'exit-code'.
Nov 14 12:20:55 TORNAX-ARCH systemd[1]: Failed to start A high performance web server and a reverse proxy server.

如果我跑步nginx -t，我会得到这个：

2020/11/14 12:37:40 [warn] 68391#68391: could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2020/11/14 12:37:40 [emerg] 68391#68391: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

当我正在寻找有关此open() "/run/nginx.pid" failed (13: Permission denied)错误的解决方案时，我只能获得 docker + nginx 的解决方案，例如这些帖子：

• https://stackoverflow.com/questions/57427162/nginx-emerg-open-var-run-nginx-pid-failed-13-permission-denied
• https://stackoverflow.com/questions/64393237/nginx-emerg-open-run-nginx-pid-failed-13-permission-denied
• https://dockerquestions.com/2020/10/16/nginx-emerg-open-run-nginx-pid-failed-13-permission-denied/
• https://github.com/Wonderfall/dockerfiles/issues/40

它在手动重新启动服务后工作，sudo systemctl restart nginx.service但我仍然open() "/run/nginx.pid" failed (13: Permission denied)在运行时得到nginx -t。

我做错了什么或者我能做些什么来解决这个问题？

我的设置与此线程中显示的完全相同，并且我遇到了同样的问题。在 PHP + Apache + PostgreSQL 的安装过程中，我已经多次回顾了我的步骤，但一无所获。还是同样的错误！我似乎无法修复它。

我的 httpd.conf

#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see 
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" 
# will be interpreted as '/logs/access_log'.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"

#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/run/httpd

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
#LoadModule brotli_module modules/mod_brotli.so
LoadModule mime_module modules/mod_mime.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule lua_module modules/mod_lua.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
#LoadModule proxy_http2_module modules/mod_proxy_http2.so
#LoadModule md_module modules/mod_md.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
    #LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
    #LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so

<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User http
Group http

LoadModule fcgid_module modules/mod_fcgid.so

</IfModule>

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. [email protected]
#
ServerAdmin [email protected]

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other 
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/srv/http"
<Directory "/srv/http">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ".ht*">
    Require all denied
</Files>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd/error_log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "/var/log/httpd/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "/var/log/httpd/access_log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to 
    # exist in your server's namespace, but do not anymore. The client 
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts. 
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    #Scriptsock cgisock
</IfModule>

#
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/srv/http/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA
    #
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig conf/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited

#
# EnableMMAP and EnableSendfile: On systems that support it, 
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted 
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on

# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be 
# included to add extra features or to modify the default configuration of 
# the server, or you may simply copy their contents here and change as 
# necessary.

# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf

# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
Include conf/extra/httpd-autoindex.conf

# Language settings
Include conf/extra/httpd-languages.conf

# User home directories
Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf

# Virtual hosts
#Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf

# Various default settings
Include conf/extra/httpd-default.conf

# FCGID configuration
Include conf/extra/php-fcgid.conf

# phpPgAdmin configuration
Include conf/extra/phppgadmin.conf 

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

这是我用来设置 Apache 的：apache2-mpm-worker 和 mod_fcgid

我正在尝试启动一个正在运行的 openvpn v2.4.9 服务器

systemctl start openvpn-server@server

在 Arch Linux 上作为 root 用户。

这会导致以下错误：

 The job identifier is 176005 and the job result is failed.
Nov 03 13:42:35 hostname audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='[email protected] comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?>
Nov 03 13:42:35 hostname systemd[100169]: [email protected]: Changing to the requested working directory failed: No such file or directory
Nov 03 13:42:35 hostname systemd[100169]: [email protected]: Failed at step CHDIR spawning /usr/bin/openvpn: No such file or directory
Subject: Process /usr/bin/openvpn could not be executed
Defined-By: systemd
Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

The process /usr/bin/openvpn could not be executed and failed.

我不太确定“CHDIR 生成失败”是什么意思。

/usr/bin/openvpn 对所有人都存在且可执行：

root@hostname > ls -l /usr/bin/openvpn
-rwxr-xr-x 1 root root 788544 Apr 20  2020 /usr/bin/openvpn

/usr 和 /usr/bin 也可以被任何人输入。

我的配置位于 /etc/openvpn/server.conf ，如下所示：

user nobody
group nobody

persist-key
persist-tun

proto udp
proto udp6

dev tun

ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/cert.crt
key /etc/openvpn/easy-rsa/pki/private/key.key
dh /etc/openvpn/easy-rsa/pki/dh.pem

cipher AES-256-CBC
auth SHA512
comp-lzo
reneg-sec 36000

server 192.168.100.0 255.255.255.0
push "route 192.168.100.0 255.255.255.0"

keepalive 10 36000

status openvpn-status.log

log /var/log/openvpn.log

verb 6

这两个日志文件都没有列出任何有价值的信息。

您需要我的系统提供的更多信息吗？

非常感谢任何帮助。