我对此很陌生,并且在网上阅读了很多,但是什么配置是正确的?
在 apache2 中,有些人在谈论httpd.conf,并将所有配置放在一个文件中。
我的安装对我的每个虚拟站点都有 2 个配置文件,一个用于端口 80,一个用于 443。
当我在 apache 的网站上阅读时,看起来只有一个文件?
我很混乱..
有没有区别,还是针对不同的版本?
我对此很陌生,并且在网上阅读了很多,但是什么配置是正确的?
在 apache2 中,有些人在谈论httpd.conf,并将所有配置放在一个文件中。
我的安装对我的每个虚拟站点都有 2 个配置文件,一个用于端口 80,一个用于 443。
当我在 apache 的网站上阅读时,看起来只有一个文件?
我很混乱..
有没有区别,还是针对不同的版本?
我想增加MaxSpareServers
.
<IfModule mpm_prefork_module>
MaxSpareServers 20
</IfModule>
但是,我在测试时收到以下错误。
[root@server_1 conf.modules.d]# httpd -t
AH00526: Syntax error on line 26 of /etc/httpd/conf.modules.d/00-mpm.conf:
Invalid command 'MaxSpareServers', perhaps misspelled or defined by a module not included in the server configuration
然后我验证了几个点,例如 MPM 选择
[root@server_1 worker]# httpd -V | grep -i mpm
Server MPM: worker
[root@server_1 worker]# httpd -M | grep -i mpm
mpm_worker_module (shared)
奇怪的是,当我检查加载的模块时,我找不到worker.c
[root@server_1 worker]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c
这可能是无法更改服务器配置的原因MaxSpareServers
吗?如果是这样,我该如何解决这个问题?
请参阅下面的版本详细信息
[root@server_1 worker]# yum info httpd
Loaded plugins: auto-update-debuginfo, changelog, fastestmirror, product-id, search-disabled-repos, subscription-manager
Loading mirror speeds from cached hostfile
Installed Packages
Name : httpd
Arch : x86_64
Version : 2.4.52
Release : 1.codeit.el7
Size : 4.3 M
Repo : installed
From repo : CodeIT
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
第一次尝试这样做,我完全迷失了。
我有一个 Oracle Linux 7.9 服务器,它有一个需要通过 HTTP 共享给用户的目录,以便他们可以下载文件以发送给第三方。
我很容易让它对所有人可见和开放,但到目前为止我还无法让 LDAP 工作——它甚至不会提示我输入凭据。
我已经为:httpd、openldap、openldap-clients、nss_ldap 和 mod_ldap 进行了 yum 安装(根据网络上各种文章中的说明)。
我已经编辑了 /etc/httpd/conf/httpd.conf 并添加了
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
(httpd 日志显示这些已经加载并且它无论如何都会跳过它)。
在 /etc/httpd/conf.d/interfaces.conf 我有以下(为了安全而编辑):
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName mywebserer
ServerAlias x.x.x.x
DocumentRoot /
LogLevel warn
ErrorLog "logs/interfaces_prd_webdav_error_log"
CustomLog "|/usr/sbin/rotatelogs /var/log/httpd/webdav_access_log.%Y-%m-%d-%H_%M_%S 5M" "%t %h \"%r\" %>s %b"
LimitXMLRequestBody 131072
DavLockDB /var/lib/dav/lockdb
# ************************************************************
<Directory "/directory/to/export">
AuthType Basic
AuthName "Use Your App Login"
AuthBasicProvider ldap
AuthLDAPURL "ldap://mydomain.local:389/ou=OU1,ou=MyBusiness,dc=mycompany,dc=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPGroupAttributeIsDN on
AuthLDAPBindDN "ldapsearchuser"
AuthLDAPBindPassword "secret_password"
# Require group cn=group,ou=Groups,dc=mycompany,dc=local
Require valid-user
</Directory>
Alias /files /directory/to/export
<Location /files>
Dav on
Order allow,deny
Allow from all
Require all granted
Options +Indexes
</Location>
</VirtualHost>
“要求组”被注释掉了,因为在这个阶段我只是试图获得初始凭证挑战并得到验证。
如果重要的话,我连接的服务器是 Linux OpenLDAP 服务器,而不是 Microsoft AD。
当我转到http://xxxx/files - 它只是给了我目录的内容,对凭据没有挑战。
我在最近一次访问后(删除现有日志后)检查了 /var/log/httpd 文件夹,并且没有将任何内容添加到任何日志文件中。
重新启动 httpd 时,error_log 显示:
[Tue Jul 13 17:07:00.277230 2021] [mpm_prefork:notice] [pid 11681] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jul 13 17:07:01.345552 2021] [suexec:notice] [pid 15751] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jul 13 17:07:01.357475 2021] [so:warn] [pid 15751] AH01574: module ldap_module is already loaded, skipping
[Tue Jul 13 17:07:01.357497 2021] [so:warn] [pid 15751] AH01574: module authnz_ldap_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::221:f6ff:fe6e:9c69. Set the 'ServerName' directive globally to suppress this message
[Tue Jul 13 17:07:01.383713 2021] [lbmethod_heartbeat:notice] [pid 15751] AH02282: No slotmem from mod_heartmonitor
[Tue Jul 13 17:07:01.387200 2021] [mpm_prefork:notice] [pid 15751] AH00163: Apache/2.4.6 () configured -- resuming normal operations
[Tue Jul 13 17:07:01.387228 2021] [core:notice] [pid 15751] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
尝试通过浏览器访问目录时,我得到:
在 interfaces_prd_webdav_error_log 中(我不认为过分担心这个 atm):
[Tue Jul 13 17:07:20.015412 2021] [authz_core:error] [pid 15754] [client 10.1.7.44:55820] AH01630: client denied by server configuration: /favicon.ico, referer: http://172.17.9.21/files/
在 webdav_access_log 中:
[13/Jul/2021:17:07:19 -0400] 10.1.7.44 "GET /files/ HTTP/1.1" 200 1303
[13/Jul/2021:17:07:20 -0400] 10.1.7.44 "GET /favicon.ico HTTP/1.1" 403 213
任何人都可以提供任何建议吗?
提前致谢。
我的网址是这种形式
/sites/site-name/Subpath-2/page-name.page
/sites/site-name/Subpath-3/Subpath-4/index.page
这应该被重写为/sitename/subpath/pagename
(删除扩展.page
名)子路径也可以有多个文件夹,即(/sites/site-name/Subpath-2/..../page-name.page)
如果我们有一个以 index.page 结尾的 url,那么我们必须删除 index.page 例如:
/sites/site-name/...subpath.../index.page
应该是/sites/site-name/...subpath.../
我尝试过以这种方式使用反向引用
ProxyHTMLURLMap "\/sites\/([A-Za-z-0-9]+|-)\/([A-Za-z-0-9]+|-)\/([A-Za-z-0-9]+|-)\.page$" "/$1/$2/$3" R
对于以 index 结尾的网址
ProxyHTMLURLMap "\/sites\/([A-Za-z-0-9]+|-)\/([A-Za-z-0-9]+|-)\/(index)\.page$" "/$1/$2/" R
但是我需要重写 URL,这样子路径可以很多,即它应该适用于任何可以有超过三个子路径的 URL,
它需要为/sites/site-name/Subpath-3/Subpath-4/index.page
/sites/site-name/Subpath-1/Subpath-2/ 工作子路径 3/home.page
第一个问题:为什么会有两个错误日志文件?一种是 /var/www/mywebsite/error.log,<VirtualHost>
在 ErrorLog 指令中指定。另一个是 /var/log/httpd/error_log。我找不到它的定义位置。/etc/httpd/conf/httpd.conf 外面有一行<VirtualHost>
:
ErrorLog "logs/error_log"
但我认为这与/var/log/httpd/error_log 不对应。
第二个问题:为什么两个错误日志文件的所有者都是 root:root,而不是 /etc/httpd/conf/httpd.conf 中指定的 apache:apache:
User apache
Group apache
我在 Apache httpd 中设置了一个子域,它是 Tomcat 服务器的前端,httpd 服务器由 Let's Encrypt 保护。
如果我在 conf 文件中激活了以下重写,则 certbot 失败。
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
如果我将其注释掉,则 certbot 可以工作。
我不完全确定,但我认为它是 100% 一致的。当然,使用挑战缓存,我无法在成功续订后的整整一个月内获得另一个有意义的测试结果。
我正在寻找在 Apache 中添加 HSTS 标头...
# HSTS / Header Strict Transport Security
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
...但我有一长串不同但相关的站点/子站点的虚拟主机列表。我宁愿不必在我的每个虚拟主机定义中都定义它,但我不知道有一种方法可以在主要https.conf
中包含一个仅适用于443 / https
这些虚拟主机版本的设置,因为它会在验证器中引发警告你将 HSTS 应用于标准80 / http
站点。
我尝试将其包装在<IfModule mod_ssl.c>...</IfModule>
标签中,但如果我没记错的话,这实际上只是在询问SSL 模块是否已加载? 我尝试了很多不同的方法,但是当您不知道要查找的术语时,很难对所有静态进行分类。有什么建议么?谢谢!
我的主要主机 IP 和服务的虚拟主机面临着一种奇怪的行为,基本上我有以下几点:
|- 148.x.x.x /var/www/html/public_html
|- domain01.com /var/www/html/domain01.com/public_html
|- domain02.com /var/www/html/domain02.com/public_html
|- domain03.com /var/www/html/domain03.com/public_html
问题 01:现在,如果我访问 148.xxx 上的任何页面,我都会得到,如果托管的页面名称相同,404
http codedomain01.com
那么它的内容就会显示出来。
问题 02:如果在其他域中未找到任何页面并且它发生的页面名称相同,domain01
则它会被提供。我的 httpd.conf:
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName 148.x.x.x:80
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html/public_html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html/public_html">
Options All Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
<IfModule mod_http2.c>
Protocols h2 h2c http/1.1
</IfModule>
NameVirtualHost *
IncludeOptional conf.d/*.conf
IncludeOptional conf.d/domains/*.conf
虚拟主机配置:
<VirtualHost *:80>
ServerName domain01.com
ServerAlias www.domain01.com
ServerAdmin webmaster@domain01
DocumentRoot /var/www/html/domain01/public_html
<Directory /var/www/html/domain01/public_html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/domain01-error.log
CustomLog /var/log/httpd/domain01-access.log combined
</VirtualHost>
其他域共享相同的配置。
错误日志:
[Sun May 10 04:35:40.554754 2020] [suexec:notice] [pid 20023] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun May 10 04:35:40.579226 2020] [lbmethod_heartbeat:notice] [pid 20023] AH02282: No slotmem from mod_heartmonitor
[Sun May 10 04:35:40.579272 2020] [http2:warn] [pid 20023] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun May 10 04:35:40.579277 2020] [http2:warn] [pid 20023] AH02951: mod_ssl does not seem to be enabled
[Sun May 10 04:35:40.608931 2020] [mpm_prefork:notice] [pid 20023] AH00163: Apache/2.4.41 () PHP/7.3.16 configured -- resuming normal operations
[Sun May 10 04:35:40.608967 2020] [core:notice] [pid 20023] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun May 10 04:54:07.699619 2020] [mpm_prefork:notice] [pid 20023] AH00170: caught SIGWINCH, shutting down gracefully
[Sun May 10 04:54:08.784661 2020] [suexec:notice] [pid 20172] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun May 10 04:54:08.815681 2020] [lbmethod_heartbeat:notice] [pid 20172] AH02282: No slotmem from mod_heartmonitor
[Sun May 10 04:54:08.815727 2020] [http2:warn] [pid 20172] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun May 10 04:54:08.815732 2020] [http2:warn] [pid 20172] AH02951: mod_ssl does not seem to be enabled
[Sun May 10 04:54:08.845184 2020] [mpm_prefork:notice] [pid 20172] AH00163: Apache/2.4.41 () PHP/7.3.16 configured -- resuming normal operations
[Sun May 10 04:54:08.845215 2020] [core:notice] [pid 20172] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun May 10 04:55:20.189266 2020] [mpm_prefork:notice] [pid 20172] AH00170: caught SIGWINCH, shutting down gracefully
[Sun May 10 04:55:21.262210 2020] [suexec:notice] [pid 20236] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun May 10 04:55:21.289998 2020] [lbmethod_heartbeat:notice] [pid 20236] AH02282: No slotmem from mod_heartmonitor
[Sun May 10 04:55:21.290044 2020] [http2:warn] [pid 20236] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun May 10 04:55:21.290048 2020] [http2:warn] [pid 20236] AH02951: mod_ssl does not seem to be enabled
[Sun May 10 04:55:21.314344 2020] [mpm_prefork:notice] [pid 20236] AH00163: Apache/2.4.41 () PHP/7.3.16 configured -- resuming normal operations
[Sun May 10 04:55:21.314377 2020] [core:notice] [pid 20236] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun May 10 04:56:16.858055 2020] [mpm_prefork:notice] [pid 20236] AH00170: caught SIGWINCH, shutting down gracefully
[Sun May 10 04:56:17.942478 2020] [suexec:notice] [pid 20300] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun May 10 04:56:17.967937 2020] [lbmethod_heartbeat:notice] [pid 20300] AH02282: No slotmem from mod_heartmonitor
[Sun May 10 04:56:17.967989 2020] [http2:warn] [pid 20300] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun May 10 04:56:17.967994 2020] [http2:warn] [pid 20300] AH02951: mod_ssl does not seem to be enabled
[Sun May 10 04:56:17.995419 2020] [mpm_prefork:notice] [pid 20300] AH00163: Apache/2.4.41 () PHP/7.3.16 configured -- resuming normal operations
[Sun May 10 04:56:17.995465 2020] [core:notice] [pid 20300] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun May 10 09:52:00.857620 2020] [mpm_prefork:notice] [pid 20300] AH00170: caught SIGWINCH, shutting down gracefully
[Sun May 10 09:52:18.179419 2020] [suexec:notice] [pid 21600] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun May 10 09:52:18.208499 2020] [lbmethod_heartbeat:notice] [pid 21600] AH02282: No slotmem from mod_heartmonitor
[Sun May 10 09:52:18.208546 2020] [http2:warn] [pid 21600] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun May 10 09:52:18.208550 2020] [http2:warn] [pid 21600] AH02951: mod_ssl does not seem to be enabled
[Sun May 10 09:52:18.240064 2020] [mpm_prefork:notice] [pid 21600] AH00163: Apache/2.4.41 () PHP/7.3.16 configured -- resuming normal operations
[Sun May 10 09:52:18.240096 2020] [core:notice] [pid 21600] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
我正在尝试在 aws lightsail 实例上配置 apache2。该实例是 aws wordpress + aws linux 的默认设置。我有一个 node.js 服务器在此实例的端口 5000 上运行。
apache 服务器位于/opt/bitnami/apache2
.
首先,我尝试将非 http 请求的端口重定向到 5000,它运行良好。
这是 .conf 文件:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName example.com
ServerAlias www.example.com
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://example:5000/
ProxyPassReverse / http://example:5000/
</VirtualHost>
然后我用 bitnami bncert-tool 配置了 ssl 证书。我在配置 ssl 时打开了强制 https 重定向。
然后我配置example-https.conf
如下:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName example.com
ServerAlias www.example.com
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/example.com.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/example.com.key"
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://example.com:5000/
ProxyPassReverse / http://example.com:5000/
</VirtualHost>
但这一次它不起作用。请求被重定向到 https 并且响应来自 wordpress,而不是我的 node.js 服务器。
这些conf
文件在/var/www
其中,我已将它们包含在httpd.conf
使用中
Include "/var/www/*.conf"
我设置了一些 Apache mod_rewrite 规则来将 Maven 部署从一个 url/服务器重定向到另一个。我们正在从 Nexus 迁移到 Artifactory,需要设置这些重定向,以便团队仍然可以在一段时间内使用 Nexus URL 而不会破坏构建。这是我们的 mod_rewrite 规则的示例:
RewriteRule ^/nexus/content/repositories/nexus-repository/(.*)$ https://artifactory-instance.net/repository/$1 [NE,R=301,L]
该规则成功地将 GET 请求重定向到新的 Artifactory URL,但我们遇到了授权标头在重定向中被丢弃的问题。我们收到 401 错误,通过运行 cURL PUT 命令来推送单个工件,我可以看到授权标头正在被删除:
...
> PUT /nexus/content/repositories/nexus-repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar HTTP/1.1
> Host: nexus-instance.com
> Authorization: Basic XXXXXXXXXX
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 2540
> Expect: 100-continue
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 23 Apr 2020 17:27:22 GMT
< Server: Apache/2.4.37 (Red Hat Enterprise Linux)
< Location: https://artifactory-instance.net/repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar
< Content-Length: 311
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
...
> PUT /repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar HTTP/1.1
> Host: artifactory-instance.net
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 2540
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 401 Unauthorized
< Date: Thu, 23 Apr 2020 17:27:22 GMT
...
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Artifactory Realm"
< Content-Type: application/json;charset=ISO-8859-1
< Transfer-Encoding: chunked
...
cURL 有一个名为--location-trusted
. 当我将它应用到我的测试 cURL 命令时,它会将授权标头传递给重定向。
--location-trusted
我的问题是,在 httpd中是否有任何等价物?我该怎么做才能通过重定向传递身份验证标头?