Penegal's questions

我有一个具有此配置的 Apache httpd 2.4 测试实例：

<VirtualHost *:9979>
    ServerName 192.168.0.162

    # Encoded slashes need to be allowed
    AllowEncodedSlashes On

    # Container uses a unique non-signed certificate
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off

    # keep the host
    ProxyPreserveHost On

    # static html, js, images, etc. served from loolwsd
    # loleaflet is the client part of LibreOffice Online
    ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
    ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

    # WOPI discovery URL
    ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

    # Main websocket
    ProxyPass   /lool/ws      wss://127.0.0.1:9980/lool/ws

    # Admin Console websocket
    ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /lool https://127.0.0.1:9980/lool
    ProxyPassReverse    /lool https://127.0.0.1:9980/lool

    <Proxy *>
        # Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
        Require all granted
    </Proxy>
</VirtualHost>

我已加载所需的模块：

root@dd340bf80de3:/etc/apache2# apache2ctl -M
[Fri Aug 19 12:49:48.930521 2016] [core:trace3] [pid 21392:tid 140679377049472] core.c(3056): Setting LogLevel for all modules to trace8
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)

尽管如此，Apache 并没有代理请求：

 [Fri Aug 19 09:40:04.701822 2016] [core:trace5] [pid 10272:tid 139810871797504] protocol.c(618): [client 192.168.0.162:42645] Request received from client: GET /loleaflet HTTP/1.1
 [Fri Aug 19 09:40:04.701934 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(301): [client 192.168.0.162:42645] Headers received from client:
 [Fri Aug 19 09:40:04.701945 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Host: 192.168.0.162:9979
 [Fri Aug 19 09:40:04.701955 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Connection: keep-alive
 [Fri Aug 19 09:40:04.701979 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Cache-Control: max-age=0
 [Fri Aug 19 09:40:04.701989 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Upgrade-Insecure-Requests: 1
 [Fri Aug 19 09:40:04.701998 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
 [Fri Aug 19 09:40:04.702008 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 [Fri Aug 19 09:40:04.702017 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   DNT: 1
 [Fri Aug 19 09:40:04.702026 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Accept-Encoding: gzip, deflate, sdch
 [Fri Aug 19 09:40:04.702035 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,ru;q=0.2,de;q=0.2
 [Fri Aug 19 09:40:04.702122 2016] [authz_core:debug] [pid 10272:tid 139810871797504] mod_authz_core.c(809): [client 192.168.0.162:42645] AH01626: authorization result of Require all granted: granted
 [Fri Aug 19 09:40:04.702133 2016] [authz_core:debug] [pid 10272:tid 139810871797504] mod_authz_core.c(809): [client 192.168.0.162:42645] AH01626: authorization result of <RequireAny>: granted
 [Fri Aug 19 09:40:04.702143 2016] [core:trace3] [pid 10272:tid 139810871797504] request.c(293): [client 192.168.0.162:42645] request authorized without authentication by access_checker_ex hook: /loleaflet
 [Fri Aug 19 09:40:04.702171 2016] [core:info] [pid 10272:tid 139810871797504] [client 192.168.0.162:42645] AH00128: File does not exist: /var/www/html/loleaflet
 [Fri Aug 19 09:40:04.702217 2016] [http:trace3] [pid 10272:tid 139810871797504] http_filters.c(1003): [client 192.168.0.162:42645] Response sent with status 404, headers:
 [Fri Aug 19 09:40:04.702228 2016] [http:trace5] [pid 10272:tid 139810871797504] http_filters.c(1010): [client 192.168.0.162:42645]   Date: Fri, 19 Aug 2016 09:40:04 GMT
 [Fri Aug 19 09:40:04.702237 2016] [http:trace5] [pid 10272:tid 139810871797504] http_filters.c(1013): [client 192.168.0.162:42645]   Server: Apache/2.4.10 (Debian)
 [Fri Aug 19 09:40:04.702247 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Content-Length: 288
 [Fri Aug 19 09:40:04.702256 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Keep-Alive: timeout=5, max=100
 [Fri Aug 19 09:40:04.702265 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Connection: Keep-Alive
 [Fri Aug 19 09:40:04.702274 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Content-Type: text/html; charset=iso-8859-1

tcpdump确认没有与 127.0.0.1:9980 的数据包交换，甚至没有 TCP SYN。如您所见，Apache httpd 仅在其目录中搜索请求的 URL 并返回 404，而不是按照配置中的请求将请求传递到 127.0.0.1。怎么了‽

你好呀。

我管理一些启用了 IPv6 的 Wheezy 服务器。它们都有一个全局 IPv6 /64 块，使用块中的第一个地址作为主要地址，即：

root@Host /h/david# ifconfig
eth0      Link encap:Ethernet  HWaddr 4c:72:b9:56:03:6e  
          […]
          adr inet6: fe80::4e72:b9ff:fe56:36e/64 Scope:Lien
          adr inet6: 2001:1234:1234:1234::1/64 Scope:Global
          […]

我最近看到，即使在接口上配置了整个块，也只有块定义中的一个，这里2001:1234:1234:1234::1，响应 IPv6 请求。例如，如果我 ping2001:1234:1234:1234::2或2001:1234:1234:1234::42，我没有得到任何答复。我已经检查了防火墙，它允许所有 ICMPv6 请求通过，包括 NDP 请求，但 NDP 对我来说仍然是一个问题：Wheezy 不响应邻居请求。以下是tcpdump我边听边听的内容ping：

root@Host /h/david# tcpdump icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode                                            
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes                                              
10:55:23.224447 IP6 fe80::264:40ff:fe3a:fac0 > ff02::1:ff00:55: ICMP6, neighbor solicitation, who has 2001:1234:1234:1234::55, length 32                                                                                                       
10:55:24.311669 IP6 fe80::264:40ff:fe3a:fac0 > ff02::1:ff00:55: ICMP6, neighbor solicitation, who has 2001:1234:1234:1234::55, length 32                                                                                                       
10:55:25.392511 IP6 fe80::264:40ff:fe3a:fac0 > ff02::1:ff00:55: ICMP6, neighbor solicitation, who has 2001:1234:1234:1234::55, length 32                                                                                                       
^C

如您所见，Wheezy 不回应邻居的请求。我考虑过内核参数，但我没有更改任何一个，而且我不明白为什么默认配置会忽略 NDP 数据包，根据我的阅读，这些数据包很关键。此外，我尝试更改以下参数：

root@Host /h/david# sysctl -w net.ipv6.conf.all.accept_ra=1     
net.ipv6.conf.all.accept_ra = 1                                   
root@Host /h/david# sysctl -w net.ipv6.conf.default.accept_ra=1 
net.ipv6.conf.default.accept_ra = 1                               
root@Host /h/david# sysctl -w net.ipv6.conf.eth0.accept_ra=1    
net.ipv6.conf.eth0.accept_ra = 1                                  

这也不起作用。有人知道为什么 Wheezy 不回应邻居的请求吗？

希望了解问题出在哪里

问候。

我正在尝试使我的 Nginx 服务器配置合理化，但我有一个我无法解决的相当愚蠢的问题。所以，这里有一个问题：是try_files在之前还是之后解析rewrite ？以不同的方式问，我是否必须放置所有指令，或者 Nginx 配置解析器是否足够聪明，可以在所有相关指令try_files之后进行评估？ rewritetry_files rewrite

配置合理化的链接是这个问题的答案将改变配置的组织，即如果配置文件顺序try_files和rewrite改变配置行为，它将迫使我分散我的包含，其中一些包含try_files，其他包含rewrite，因为我也有rewrite直接在nginx.conf。