I'm trying to setup some VH in Apache 2.4.6 on CentOS 7 but without success since it's not working. This is what I've tried til now:
我正在尝试在CentOS 7上的Apache 2.4.6中安装一些VH,但是由于它不起作用,所以没有成功。这是我一直在尝试的:
-
Since in
/etc/httpd/conf/httpd.confis this lineInclude conf.modules.d/*.confthen I create a file under/etc/httpd/conf.d/vhost.confand place this inside it:因为在/etc/httpd/conf/httpd.这一行包括conf.modules.d/*。然后我在/etc/httpd/conf.d/vhost.下创建一个文件把它放在里面:
NameVirtualHost *:80 <VirtualHost *:80> ServerName webserver ServerAlias localhost devserver development DocumentRoot /var/www/html </VirtualHost> -
Reload/Restart Apache service (tried both):
重新加载/重新启动Apache服务(同时尝试):
service httpd reload|restart -
At Windows side edit the file
C:\Windows\system32\drivers\etc\hostsand add this line:在窗户旁边C:\Windows\system32\drivers\etc\hosts编辑文件并添加这一行:
192.168.3.131 webserver localhost devserver development # this is the IP of Apache Server -
Open the browser and tried:
http://webserver,http://devserverand both goes to default Apache page so VH is not working.打开浏览器并尝试:http://webserver, http://devserver,两者都进入默认的Apache页面,因此VH不工作。
-
Place a file under
/var/www/html/index.phpwith this lines<?php phpinfo(); ?>just to know which modules is Apache loading, this is the result:将文件放在/var/www/html/ index.0下。php与这行 只知道Apache正在加载哪些模块,结果是:
core mod_so http_core mod_access_compat mod_actions mod_alias mod_allowmethods mod_auth_basic mod_auth_digest mod_authn_anon mod_authn_core mod_authn_dbd mod_authn_dbm mod_authn_file mod_authn_socache mod_authz_core mod_authz_dbd mod_authz_dbm mod_authz_groupfile mod_authz_host mod_authz_owner mod_authz_user mod_autoindex mod_cache mod_cache_disk mod_data mod_dbd mod_deflate mod_dir mod_dumpio mod_echo mod_env mod_expires mod_ext_filter mod_filter mod_headers mod_include mod_info mod_log_config mod_logio mod_mime_magic mod_mime mod_negotiation mod_remoteip mod_reqtimeout mod_rewrite mod_setenvif mod_slotmem_plain mod_slotmem_shm mod_socache_dbm mod_socache_memcache mod_socache_shmcb mod_status mod_substitute mod_suexec mod_unique_id mod_unixd mod_userdir mod_version mod_vhost_alias mod_dav mod_dav_fs mod_dav_lock mod_lua prefork mod_proxy mod_lbmethod_bybusyness mod_lbmethod_byrequests mod_lbmethod_bytraffic mod_lbmethod_heartbeat mod_proxy_ajp mod_proxy_balancer mod_proxy_connect mod_proxy_express mod_proxy_fcgi mod_proxy_fdpass mod_proxy_ftp mod_proxy_http mod_proxy_scgi mod_systemd mod_cgi mod_php5
And apparently mod_vhost is loaded but is not working, did I miss something? Any help or advice around this? Maybe I forgot something but I read Apache docs and doesn't found something helpful
显然,mod_vhost是加载的,但不工作,我错过什么了吗?有什么帮助或建议吗?也许我忘记了什么,但是我读了Apache文档,没有发现什么有用的东西
Update: test1
更新:test1
I made some changes to VH definition and now this is what I have:
我对VH的定义做了一些修改现在我有:
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName webserver
#ServerAlias localhost devserver development
<Directory "/var/www/html">
Options FollowSymLinks Includes ExecCGI
AllowOverride All
Allow from all
#Require local
#Require 192.168.3.0/16
#Require 192.168.1.0/16
</Directory>
</VirtualHost>
But I'm getting a 403 Forbidden
但是403是禁止的
Forbidden
被禁止的
You don't have permission to access /index.php on this server.
您没有访问/索引的权限。这个服务器上的php。
What is failing here?
失败是什么呢?
3 个解决方案
#1
2
A couple of thing that may be causing you problems :-
有两件事可能会给你带来麻烦:-
NameVirtualHost *:80
Is no longer a valid syntax for Apache 2.4.x you should remove it completely.
不再是Apache 2.4的有效语法。你应该把它完全移除。
On the Windows side once you have changed the HOSTS file, you need to reload the DNS Client service, so either reboot or better still, launch a command window using "Run as Administrator" and do this :-
在Windows端,一旦您更改了主机文件,您需要重新加载DNS客户端服务,因此要么重新启动,要么更好,使用“作为管理员运行”启动命令窗口并执行以下操作:-
net stop dnscache
net start dnscache
Lastly, within your virtual hosts definition, it will help to tell apache from where it is allowed to accept connections to this Virtual Host like so :-
最后,在您的虚拟主机定义中,它将帮助告诉apache在哪里可以接受到这个虚拟主机的连接,比如:-
<VirtualHost *:80>
ServerName webserver
ServerAlias localhost devserver development
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
This will allow access from the machine running apache Require local and from any ip address on the local network Require ip 192.168.3
这将允许从运行apache的机器访问本地,从本地网络上的任何ip地址访问ip 192.168.3
Also I am not sure where Apache on unix puts its default document root but it might be an idea to differentiate your 3 domain names to different directories like so
我也不确定unix上的Apache将它的默认文档根放在哪里,但是将您的3个域名与不同的目录区分开来可能是个好主意
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName webserver
ServerAlias webserver
DocumentRoot /var/www/html/webserver
<Directory "/var/www/html/webserver">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName development
ServerAlias development
DocumentRoot /var/www/html/development
<Directory "/var/www/html/development">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName devserver
ServerAlias devserver
DocumentRoot /var/www/html/devserver
<Directory "/var/www/html/devserver">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
Then put a simple html file in each directory saying 'Hello from Servername' and change servername in each file so you know you have got to the correct server.
然后在每个目录中放置一个简单的html文件,并在每个文件中更改Servername,这样您就知道您到达了正确的服务器。
RE: Update test1.php
再保险:更新test1.php
Allow from all
Is not valid Apache 2.4 syntax either, unless you have loaded LoadModule access_compat_module modules/mod_access_compat.so
也不是有效的Apache 2.4语法,除非您已经加载了LoadModule access_compat_module模块/ mod_access_compatso ?
Even then it should be
即便如此,也应该如此
Order Allow,Deny
Allow from all
So USE Apache 2.4 syntax
因此使用Apache 2.4语法
Require all granted
If you want to take the lazy route and allow access from the universe.
如果你想走懒人路线,允许从宇宙进入。
#2
4
To elaborate on jap1968's post, CentOS 7 comes with SELinux's pain in the butt level set to enforcing. This causes all kinds of confusion when perfectly normal service configuration silently fail (Apache).
为了详细阐述日本1968年的文章,CentOS 7与SELinux在屁股水平设置强制的痛苦。当完全正常的服务配置静默失败(Apache)时,这会导致各种混乱。
To disable SELinux you'll need to:
要禁用SELinux,您需要:
0) [optional] Crack open a shell and become root... or enjoy a shiny new, super fun, configuring sudo to let you do "root stuffs" project. Probably.
[可选]打开一层壳,变成根……或者享受一个全新的,超级有趣的,配置sudo来让你做“root stuff”项目。可能。
su -l
1) Get the current status of SELinux. Run sestatus:
1)获取SELinux的当前状态。sestatus运行:
sestatus
2) If SELinux is causing hair loss and premature aging you'll get something like this:
2)如果SELinux导致脱发和过早老化,你将会得到这样的结果:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
3) Edit the /etc/selinux/config file. Change SELINUX=enforcing to SELINUX=permissive. Doing this will set you up for endless joy next time you reboot. You'll end up with something like this:
3)编辑/etc/selinux/config文件。改变SELINUX =执行SELINUX =宽容。这样做会让你在下次重启的时候获得无尽的快乐。你会得到这样的结果:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUX=enforcing
# ===> VOODOO HERE <===
SELINUX=permissive
# ===> END VOODOO <===
#
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
4) Disable SELinux. You can reboot at this point but it's easier to tell SELinux to take time off from tormenting you. Run setenforce to reset SELinux's enforcement level to match the /etc/selinux/config file:
4)禁用SELinux。您可以在这一点重新启动,但是让SELinux停止对您的折磨更容易。运行setenforce来重置SELinux的执行级别以匹配/etc/selinux/config文件:
setenforce 0
5) Check sestatus again:
5)检查sestatus:
sestatus
If everything went as expected sestatus will return something like this:
如果一切按计划进行,sestatus将返回如下内容:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
6) Restart Apache. If your vhost's domain name is resolving to the server you're working on you'll see your shiny new virtual host:
6)重新启动Apache。如果您的vhost的域名解析到正在处理的服务器,您将看到您闪亮的新虚拟主机:
# Restart apache:
systemctl restart httpd.service
# Be lazy by checking your virtual host from the command line:
curl www.example.com/new-file-that-only-exists-in-your-new-vhost.txt
6.5) Stop reading here. Or don't. I'm a message board post, not your Mom.
6.5)停止阅读。或不。我是留言板上的留言,不是你妈妈。
Everything below is beyond the scope of the original question and only included because you really should be running with SELinux enabled.
下面的所有内容都超出了最初问题的范围,并且只包含在其中,因为您确实应该在启用SELinux的情况下运行。
7) Work towards re-enabling selinux. Start by watching the selinux logs to see some awesome alphabet soup:
7)重新启用selinux。先看看selinux日志,看看一些很棒的字母汤:
tail -f /var/log/audit/audit.log
8) Be amazed at the depth of features, crazy number of poorly named utilities, and ugly UX mess that constitutes SELinux. You should probably put on your big boy pants and drink a whole pot of coffee before you dive in. Here's some Info:
8)惊讶于特性的深度、命名糟糕的实用程序的数量,以及组成SELinux的糟糕UX。你应该穿上你的“大男孩”裤子,在你下水前喝一壶咖啡。这里有一些信息:
- CentoOS HowTo: https://wiki.centos.org/HowTos/SELinux
- CentoOS HowTo:https://wiki.centos.org/HowTos/SELinux
- Project: http://selinuxproject.org/page/Main_Page
- 项目:http://selinuxproject.org/page/Main_Page
#3
3
Be careful also with SELinux. The default configuration will prevent your virtual hosts directories from being accessed by httpd. You will need to set the appropriate context:
对SELinux也要小心。默认配置将阻止httpd访问您的虚拟主机目录。您将需要设置适当的上下文:
# chcon -R -u system_u -r object_r -t httpd_sys_content_t <DocumentRoot>
Another option is just to disable SELinux.
另一个选择是禁用SELinux。
#1
2
A couple of thing that may be causing you problems :-
有两件事可能会给你带来麻烦:-
NameVirtualHost *:80
Is no longer a valid syntax for Apache 2.4.x you should remove it completely.
不再是Apache 2.4的有效语法。你应该把它完全移除。
On the Windows side once you have changed the HOSTS file, you need to reload the DNS Client service, so either reboot or better still, launch a command window using "Run as Administrator" and do this :-
在Windows端,一旦您更改了主机文件,您需要重新加载DNS客户端服务,因此要么重新启动,要么更好,使用“作为管理员运行”启动命令窗口并执行以下操作:-
net stop dnscache
net start dnscache
Lastly, within your virtual hosts definition, it will help to tell apache from where it is allowed to accept connections to this Virtual Host like so :-
最后,在您的虚拟主机定义中,它将帮助告诉apache在哪里可以接受到这个虚拟主机的连接,比如:-
<VirtualHost *:80>
ServerName webserver
ServerAlias localhost devserver development
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
This will allow access from the machine running apache Require local and from any ip address on the local network Require ip 192.168.3
这将允许从运行apache的机器访问本地,从本地网络上的任何ip地址访问ip 192.168.3
Also I am not sure where Apache on unix puts its default document root but it might be an idea to differentiate your 3 domain names to different directories like so
我也不确定unix上的Apache将它的默认文档根放在哪里,但是将您的3个域名与不同的目录区分开来可能是个好主意
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName webserver
ServerAlias webserver
DocumentRoot /var/www/html/webserver
<Directory "/var/www/html/webserver">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName development
ServerAlias development
DocumentRoot /var/www/html/development
<Directory "/var/www/html/development">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName devserver
ServerAlias devserver
DocumentRoot /var/www/html/devserver
<Directory "/var/www/html/devserver">
AllowOverride All
Require local
Require ip 192.168.3
</Directory>
</VirtualHost>
Then put a simple html file in each directory saying 'Hello from Servername' and change servername in each file so you know you have got to the correct server.
然后在每个目录中放置一个简单的html文件,并在每个文件中更改Servername,这样您就知道您到达了正确的服务器。
RE: Update test1.php
再保险:更新test1.php
Allow from all
Is not valid Apache 2.4 syntax either, unless you have loaded LoadModule access_compat_module modules/mod_access_compat.so
也不是有效的Apache 2.4语法,除非您已经加载了LoadModule access_compat_module模块/ mod_access_compatso ?
Even then it should be
即便如此,也应该如此
Order Allow,Deny
Allow from all
So USE Apache 2.4 syntax
因此使用Apache 2.4语法
Require all granted
If you want to take the lazy route and allow access from the universe.
如果你想走懒人路线,允许从宇宙进入。
#2
4
To elaborate on jap1968's post, CentOS 7 comes with SELinux's pain in the butt level set to enforcing. This causes all kinds of confusion when perfectly normal service configuration silently fail (Apache).
为了详细阐述日本1968年的文章,CentOS 7与SELinux在屁股水平设置强制的痛苦。当完全正常的服务配置静默失败(Apache)时,这会导致各种混乱。
To disable SELinux you'll need to:
要禁用SELinux,您需要:
0) [optional] Crack open a shell and become root... or enjoy a shiny new, super fun, configuring sudo to let you do "root stuffs" project. Probably.
[可选]打开一层壳,变成根……或者享受一个全新的,超级有趣的,配置sudo来让你做“root stuff”项目。可能。
su -l
1) Get the current status of SELinux. Run sestatus:
1)获取SELinux的当前状态。sestatus运行:
sestatus
2) If SELinux is causing hair loss and premature aging you'll get something like this:
2)如果SELinux导致脱发和过早老化,你将会得到这样的结果:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
3) Edit the /etc/selinux/config file. Change SELINUX=enforcing to SELINUX=permissive. Doing this will set you up for endless joy next time you reboot. You'll end up with something like this:
3)编辑/etc/selinux/config文件。改变SELINUX =执行SELINUX =宽容。这样做会让你在下次重启的时候获得无尽的快乐。你会得到这样的结果:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUX=enforcing
# ===> VOODOO HERE <===
SELINUX=permissive
# ===> END VOODOO <===
#
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
4) Disable SELinux. You can reboot at this point but it's easier to tell SELinux to take time off from tormenting you. Run setenforce to reset SELinux's enforcement level to match the /etc/selinux/config file:
4)禁用SELinux。您可以在这一点重新启动,但是让SELinux停止对您的折磨更容易。运行setenforce来重置SELinux的执行级别以匹配/etc/selinux/config文件:
setenforce 0
5) Check sestatus again:
5)检查sestatus:
sestatus
If everything went as expected sestatus will return something like this:
如果一切按计划进行,sestatus将返回如下内容:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
6) Restart Apache. If your vhost's domain name is resolving to the server you're working on you'll see your shiny new virtual host:
6)重新启动Apache。如果您的vhost的域名解析到正在处理的服务器,您将看到您闪亮的新虚拟主机:
# Restart apache:
systemctl restart httpd.service
# Be lazy by checking your virtual host from the command line:
curl www.example.com/new-file-that-only-exists-in-your-new-vhost.txt
6.5) Stop reading here. Or don't. I'm a message board post, not your Mom.
6.5)停止阅读。或不。我是留言板上的留言,不是你妈妈。
Everything below is beyond the scope of the original question and only included because you really should be running with SELinux enabled.
下面的所有内容都超出了最初问题的范围,并且只包含在其中,因为您确实应该在启用SELinux的情况下运行。
7) Work towards re-enabling selinux. Start by watching the selinux logs to see some awesome alphabet soup:
7)重新启用selinux。先看看selinux日志,看看一些很棒的字母汤:
tail -f /var/log/audit/audit.log
8) Be amazed at the depth of features, crazy number of poorly named utilities, and ugly UX mess that constitutes SELinux. You should probably put on your big boy pants and drink a whole pot of coffee before you dive in. Here's some Info:
8)惊讶于特性的深度、命名糟糕的实用程序的数量,以及组成SELinux的糟糕UX。你应该穿上你的“大男孩”裤子,在你下水前喝一壶咖啡。这里有一些信息:
- CentoOS HowTo: https://wiki.centos.org/HowTos/SELinux
- CentoOS HowTo:https://wiki.centos.org/HowTos/SELinux
- Project: http://selinuxproject.org/page/Main_Page
- 项目:http://selinuxproject.org/page/Main_Page
#3
3
Be careful also with SELinux. The default configuration will prevent your virtual hosts directories from being accessed by httpd. You will need to set the appropriate context:
对SELinux也要小心。默认配置将阻止httpd访问您的虚拟主机目录。您将需要设置适当的上下文:
# chcon -R -u system_u -r object_r -t httpd_sys_content_t <DocumentRoot>
Another option is just to disable SELinux.
另一个选择是禁用SELinux。