问题[apache-httpd](unix)

我相信我遇到的两个问题是相关的，但不知道从哪里开始。第一个问题是，当请求解析到我的服务器的特定域时，其在 sites-enabled 中的 conf 文件会被忽略，000-default.conf 也是如此，而是使用按字母顺序排列的第一个 conf，并显示该站点，但浏览器栏中显示的是我请求的域。

这只发生在这个域上，这导致了第二个问题。我有一个多域证书（CA），其中的所有域都按预期显示。我为这个其他域安装了 certbot 证书。当我将 openssl 与这个其他域的域名一起使用时，它会显示多域证书的内容。当我使用 SSL 检查器时，我得到了相同的结果，它指出我输入的域名不包含在证书中。

我注意到，当我在列出 *:443 和 *:80 文件之前执行 apachectl -S 时，它会列出一个以服务器 IP 地址为命名服务器的虚拟主机，并且它列出的第一个文件不是 000-default（它是 *:80 和 *:443 的第一个文件），而是按字母顺序排列的下一个文件。

有问题的域名是 halgrossman.com。

halgrossman.com.conf

<VirtualHost *:80>
    ServerName halgrossman.com
    ServerAlias www.halgrossman.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/drupal/halgrossman/web
        <Directory /var/www/html/drupal/halgrossman/web>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

halgrossman.com-le-ssl.conf

<VirtualHost *:443>
    ServerName halgrossman.com
    ServerAlias www.halgrossman.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/drupal/halgrossman/web
        <Directory /var/www/html/drupal/halgrossman/web>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/halgrossman.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/halgrossman.com/privkey.pem
</VirtualHost>

openssl 的输出

openssl s_client -connect halgrossman.com:443 -servername halgrossman.com
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = theaccidentalcoder.com
verify return:1
---
Certificate chain
 0 s:CN = theaccidentalcoder.com
   i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  2 00:00:00 2024 GMT; NotAfter: Dec 21 23:59:59 2024 GMT
 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Nov  2 00:00:00 2018 GMT; NotAfter: Dec 31 23:59:59 2030 GMT
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
 3 s:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

theaccidentalcoder.com 是多域 CA 证书上的主要域，halgrossman.com 不属于该域。

SSL 检查器的输出

halgrossman.com resolves to 45.56.118.187
    
Server Type: Apache/2.4.52 (Ubuntu)
    
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
    
The certificate was issued by Sectigo.    
    
The certificate will expire in 84 days. 
    
None of the common names in the certificate match the name that was entered (halgrossman.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
    Common name: theaccidentalcoder.com
SANs: theaccidentalcoder.com, ascaatl.org, guildbuildersinc.com, musictohealby.com, souknook.com, thetouristlife.com
Valid from September 1, 2024 to December 21, 2024

apache2ctl -S 的输出

45.56.118.187:443      is a NameVirtualHost
         default server guildbuildersinc.com (/etc/apache2/sites-enabled/guildbuildersinc.com.conf:37)
         port 443 namevhost guildbuildersinc.com (/etc/apache2/sites-enabled/guildbuildersinc.com.conf:37)
         port 443 namevhost musictohealby.com (/etc/apache2/sites-enabled/musictohealby.com.conf:37)
         port 443 namevhost theaccidentalcoder.com (/etc/apache2/sites-enabled/theaccidentalcoder.com.conf:23)
         port 443 namevhost thetouristlife.com (/etc/apache2/sites-enabled/thetouristlife.com.conf:21)
*:443                  halgrossman.com (/etc/apache2/sites-enabled/halgrossman.com-le-ssl.conf:2)
*:80                   is a NameVirtualHost
         default server halgrossman.com (/etc/apache2/sites-enabled/00-default.conf:1)
         port 80 namevhost halgrossman.com (/etc/apache2/sites-enabled/00-default.conf:1)
                 alias www.halgrossman.com
         port 80 namevhost default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost guildbuildersinc.com (/etc/apache2/sites-enabled/guildbuildersinc.com.conf:1)
                 alias www.guildbuildersinc.com
         port 80 namevhost halgrossman.com (/etc/apache2/sites-enabled/halgrossman.com.conf:1)
                 alias www.halgrossman.com
         port 80 namevhost musictohealby.com (/etc/apache2/sites-enabled/musictohealby.com.conf:1)
                 alias www.musictohealby.com
         port 80 namevhost theaccidentalcoder.com (/etc/apache2/sites-enabled/theaccidentalcoder.com.conf:1)
                 alias www.theaccidentalcoder.com
         port 80 namevhost thetouristlife.com (/etc/apache2/sites-enabled/thetouristlife.com.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"

请注意，首先出现的域名列表是针对 IP 列出的，不包括 000-default。它首先列出的域名 guildbuildersinc.com 是按字母顺序在 000-default 之后的第一个域名，也是请求https://halgrossman.com时出现的站点。

Rocky Linux 9 上的 Apache 网络服务器，具有从 LetsEncrypt 获得的 SSL 证书。这是特定虚拟主机“myvhost”的配置，但我的服务器上的所有虚拟主机都出现了问题：

/etc/httpd/conf.d/myvhost.conf：

<VirtualHost *:80>

    ServerName myvhost.example.org
    DocumentRoot "/var/www/html/myvhost"

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =myvhost.example.org
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

/etc/httpd/conf.d/myvhost-le-ssl.conf（由 LetsEncrypt 自动生成）：

<IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerName myvhost.example.org
    DocumentRoot "/var/www/html/myvhost"

    Include /etc/letsencrypt/options-ssl-apache.conf

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

    TraceEnable off

    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem

</VirtualHost>
</IfModule>

命令curl -i http://myvhost.example.org返回：

HTTP/1.1 400 Bad Request
Date: Wed, 19 Jun 2024 12:39:10 GMT
Server: Apache
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>

为什么会这样？除其他外，HTTP 错误 400 阻止certbot renew验证域和更新证书。

值得注意的是，在 CentOS Stream 8 上完全相同的配置并没有导致这个问题。

编辑：命令的输出for f in $(grep -l -e SSLCertificate -e :80 /etc/httpd/conf.d/*.conf); do printf '\n== %s ==\n' "$f"; grep -hE 'SSLCertificate|VirtualHost|Server(Name|Alias)' "$f" | sed -e 's/#.*//' -e '/^[[:space:]]*$/d'; done | less：

==  /etc/httpd/conf.d/main-le-ssl.conf ==
<VirtualHost *:443>
    ServerName example.org
    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem
</VirtualHost>

==  /etc/httpd/conf.d/main.conf ==
<VirtualHost *:80>
    ServerName example.org
</VirtualHost>

==  /etc/httpd/conf.d/myvhost-le-ssl.conf ==
<VirtualHost *:443>
    ServerName myvhost.example.org
    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem
</VirtualHost>

==  /etc/httpd/conf.d/myvhost.conf ==
<VirtualHost *:80>
    ServerName myvhost.example.org
</VirtualHost>

==  /etc/httpd/conf.d/anothervhost-le-ssl.conf ==
<VirtualHost *:443>
    ServerName anothervhost.example.org
    SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem
</VirtualHost>

==  /etc/httpd/conf.d/anothervhost.conf ==
<VirtualHost *:80>
    ServerName anothervhost.example.org
</VirtualHost>

==  /etc/httpd/conf.d/ssl.conf ==
SSLCertificateFile /etc/letsencrypt/live/example.org-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org-0001/privkey.pem

我正在尝试创建对所有 IP 地址关闭的 Apache 虚拟主机，但一个 IP 地址和两个应该可公开访问的 URL 除外。

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName example.com
    ServerAdmin [email protected]
    DocumentRoot "/var/www/example.com/app/webroot"

    <Directory "/var/www/example.com/app/webroot">
        Options FollowSymLinks Includes ExecCGI
        AllowOverride All
        ErrorDocument 403 "https://example.com/403.php"
        DirectoryIndex index.php
    </Directory>

    <Location "/foo/bar/">
          Require all granted
    </Location>

    <Location "/.well-known/">
        Require all granted
    </Location>

    <Location "/">
          Require ip 1.2.3.4
    </Location>

    SSLProxyEngine on   
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass           /api/ https://host.docker.internal:8443/api/ connectiontimeout=5 timeout=300
    ProxyPassReverse    /api/ https://host.docker.internal:8443/api/

    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

我尝试更改Location标签的顺序，但所有请求都被重定向到ErrorDocument指令值。

URL由located in/foo/bar/重写（出于测试目的，我尝试删除但没有效果）。.htaccessDocumentRoot.htaccess

阿帕奇版本：

• 服务器版本：Apache/2.4.59（Debian）
• 服务器建成：2024-04-05T12:02:26

Apache 运行在 Docker 容器中，但它可能对问题没有任何意义。

问：配置有什么问题？

rpm -qc httpd 不显示所有 httpd 配置文件。我的操作系统很不稳定 9.3。有人有建议吗？

[root@rocky9 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-03-22 03:26:10 +0330; 19min ago
       Docs: man:httpd.service(8)
   Main PID: 11100 (httpd)
     Status: "Total requests: 7; Idle/Busy workers 100/0;Requests/sec: 0.00616; Bytes served/sec:  36 B/sec"
      Tasks: 213 (limit: 23102)
     Memory: 33.7M
        CPU: 2.390s
     CGroup: /system.slice/httpd.service
             ├─11100 /usr/sbin/httpd -DFOREGROUND
             ├─11101 /usr/sbin/httpd -DFOREGROUND
             ├─11102 /usr/sbin/httpd -DFOREGROUND
             ├─11103 /usr/sbin/httpd -DFOREGROUND
             └─11104 /usr/sbin/httpd -DFOREGROUND

Mar 22 03:26:09 rocky9 systemd[1]: Starting The Apache HTTP Server...
Mar 22 03:26:10 rocky9 httpd[11100]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::a00>
Mar 22 03:26:10 rocky9 httpd[11100]: Server configured, listening on: port 80
Mar 22 03:26:10 rocky9 systemd[1]: Started The Apache HTTP Server.
[root@rocky9 ~]# rpm -qc httpd
/etc/httpd/conf.modules.d/00-brotli.conf
/etc/httpd/conf.modules.d/00-systemd.conf
[root@rocky9 ~]# ls /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf

该服务器具有4C/8T CPU和32GB RAM。操作系统：Debian 12。Apache/PHP 在使用约 500MB 后变得无响应。我尝试了PHP8.2和PHP8.1，但结果是一样的。如果我重新启动 PHP，Apache 就会开始响应。我检查了Apache错误日志，只有如下警告，错误日志上没有其他类型的错误。

[11 月 28 日星期二 13:50:31.932468 2023] [http2:warn] [pid 13336:tid 139689031698112] [客户端 10.41.23.50:34858] h2_stream(13336-348-1,CLEANUP): 开始 = 1, 计划 = 1,就绪=0，输出缓冲区=0

我已经在目录下下载了用于升级的confluence软件/var/www/html。我需要为每个目录创建一个index.html 来列出目录。我尝试将以下内容添加到.htaccess目录中的文件中（我在某个地方看到了它，index.html目录中存在文件），但它不起作用：

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

有没有实用程序或工具可以让我做到这一点？有人让我手动创建它，但我真的不想手动创建它。

更新

@Ipor Sircer / @Marcus Müller

我更新了httpd.conf文件 - 现在如下所示：

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options +Indexes +FollowSymLinks
    IndexOptions +FancyIndexing +HTMLTable

    #Options None

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    #AllowOverride None
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

这是在/var/www/html：

pwd
/var/www/html

drwxr-xr-x 5 root root  86 Nov  7 18:10 .
drwxr-xr-x 4 root root  33 Aug 12 15:33 ..
drwxr-xr-x 4 root root  46 Nov  6 13:35 clients
drwxr-xr-x 3 root root  55 Nov  6 19:52 packages.confluent.io
drwxr-xr-x 3 root root  17 Nov  6 15:57 rpm

但是当我访问服务器时，我得到以下信息：

而如果我去server/rpm，我会得到这个：

我还需要更改什么才能/var/www/html从浏览器中看到下面的目录？

运行 Virualmin，仍然有大约 1GB 的可用内存，apache 日志充满了：

[mpm_prefork:error] [pid 119747] (11)Resource temporarily unavailable: AH00159: fork: Unable to fork new process


<IfModule mpm_prefork_module>
    StartServers          20
    MinSpareServers       50
    MaxSpareServers       100        
    MaxRequestWorkers     1000
    Serverlimit           2000    
    MaxConnectionsPerChild  10000
</IfModule>

如果这有帮助：

user@vps:~$ ulimit -a
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) 0
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 1541537
max locked memory           (kbytes, -l) 524288
max memory size             (kbytes, -m) unlimited
open files                          (-n) 1024
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) 8192
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) 62987
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited

我也在运行 PHP-FPM，所以这是它的设置，我尝试将 60 更改为 100 但没有区别：

[154754643814302]
user = user
group = user
listen.owner = user
listen.group = user
listen.mode = 0660
listen = /var/php-fpm/154754643814302.sock
pm = dynamic
pm.max_children = 100
pm.start_servers = 8
pm.min_spare_servers = 1
pm.max_spare_servers = 30
php_value[upload_tmp_dir] = /home/user/tmp
php_value[session.save_path] = /home/user/tmp
php_value[error_log] = /home/user/logs/php_log
php_value[log_errors] = On

我正在尝试禁用 Apache2 Web 服务器上的 PHP 错误消息，但它不起作用。

我已经在php.ini文件中启用了它。

error_reporting = E_ALL

我故意在我的 test.php 脚本中引入错误，并且在脚本本身中，我包含了以下内容，但没有显示错误。

init_set('display_errors', 1);
init_set('display_startup_errors', 1);
error_reporting(E_ALL)

我究竟做错了什么？

我希望 VSFTPD 的根目录是 /var/www/html。
我能怎么做？
这是我的配置文件

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
#utf8_filesystem=YES

请原谅我的英语不好，我真的累了，明天我纠正。

每当我尝试运行时，sudo apt install <package>我都会得到以下输出

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 apache2 : Depends: apache2-bin (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-data (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-utils (= 2.4.41-4ubuntu3.9)
 lollypop : Depends: python3-pylast but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

如果我跑步，sudo apt --fix-broken install我会得到以下信息

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Correcting dependencies... Done
The following additional packages will be installed:
  apache2
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom
The following packages will be upgraded:
  apache2
1 upgraded, 0 newly installed, 0 to remove and 228 not upgraded.
6 not fully installed or removed.
Need to get 0 B/95.5 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
(Reading database ... 425435 files and directories currently installed.)
Preparing to unpack .../apache2_2.4.41-4ubuntu3.10_amd64.deb ...
Unpacking apache2 (2.4.41-4ubuntu3.10) over (2.4.41-4ubuntu3.9) ...
dpkg: error processing archive /var/cache/apt/archives/apache2_2.4.41-4ubuntu3.10_amd64.deb (--unpack):
 trying to overwrite '/var/www/html', which is also in package nginx-common 1.18.0-0ubuntu1.2
Errors were encountered while processing:
 /var/cache/apt/archives/apache2_2.4.41-4ubuntu3.10_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

编辑：当我尝试删除 nginx 或 nginx-common 我得到

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 apache2 : Depends: apache2-bin (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-data (= 2.4.41-4ubuntu3.9) but 2.4.41-4ubuntu3.10 is to be installed
           Depends: apache2-utils (= 2.4.41-4ubuntu3.9)
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

我也尝试过跑步sudo apt install apache2 nginx-common-，但得到以下信息

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 libnginx-mod-http-image-filter : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 libnginx-mod-http-xslt-filter : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 libnginx-mod-mail : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 libnginx-mod-stream : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
 nginx-core : Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

所以然后我尝试sudo apt install apache2 nginx-common- libnginx-mod-http-image-filter- libnginx-mod-http-xslt-filter- libnginx-mod-mail- libnginx-mod-stream- nginx-core-并得到了以下

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 nginx : Depends: nginx-core (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed or
                  nginx-full (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed or
                  nginx-light (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed or
                  nginx-extras (< 1.18.0-0ubuntu1.2.1~) but it is not going to be installed
         Depends: nginx-core (>= 1.18.0-0ubuntu1.2) but it is not going to be installed or
                  nginx-full (>= 1.18.0-0ubuntu1.2) but it is not going to be installed or
                  nginx-light (>= 1.18.0-0ubuntu1.2) but it is not going to be installed or
                  nginx-extras (>= 1.18.0-0ubuntu1.2) but it is not going to be installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

我尝试删除 nginx 并禁用它，但它似乎不起作用，我真的不需要 nginx 所以删除它很好，有人知道我应该怎么做吗？