Apache가 심볼릭 링크를 따르지 않음 (403 금지됨)

Apache가 심볼릭 링크를 따르지 않음 (403 금지됨)

---

Ubuntu에서 Apache를 설정하는 데 문제가 있습니다. 나는 이 가이드를 따르고있다 .

# /usr/sbin/apache2 -v
Server version: Apache/2.2.17 (Ubuntu)
Server built:   Feb 22 2011 18:33:02

내 공개 디렉토리 인 / var / www는 그 안에있는 PHP 페이지를 성공적으로 제공하고 실행할 수 있습니다. 그러나 내 홈 폴더의 디렉토리를 가리키고 거기에 페이지를 제공하는 / var / www에 심볼릭 링크를 만들고 싶습니다.

[root /var/www]# ll
total 36
drwxr-xr-x  3 root root 4096 2011-09-11 14:22 .
drwxr-xr-x 14 root root 4096 2011-06-04 22:49 ..
lrwxrwxrwx  1 root root   16 2011-09-11 13:21 about -> /root/site/about

브라우저에서 / about에 액세스하려고하면

Forbidden

You don't have permission to access /about on this server.

내가 아는 한, 제공하려는 파일에 충분한 권한을 부여했습니다.

[root ~/site/about]# ll
total 24
drwxr-xr-x 5 root root 4096 2011-09-11 13:20 .
drwxr--r-- 3 root root 4096 2011-09-11 13:19 ..
drwxr-xr-x 2 root root 4096 2011-09-11 13:21 contact
-rwxr-xr-x 1 root root 1090 2011-09-11 13:19 index.php
drwxr-xr-x 2 root root 4096 2011-09-11 13:20 me
drwxr-xr-x 2 root root 4096 2011-09-11 13:21 resume

FollowSymLinks 옵션을 알고 있으며 내 / etc / apache2 / sites-enabled / 000-default 파일에 설정되어 있다고 생각합니다.

DocumentRoot /var/www
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /var/www/>
    Options FollowSymLinks Indexes MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

내가 뭘 놓칠 수 있는지 아십니까?

---

Apache에 /root, /root/site및에 대한 실행 권한이 있는지 확인하십시오 /root/site/about.

운영:

chmod o+x /root /root/site /root/site/about

---

403 오류는 암호화 된 파일 시스템 (예 : 암호화 된 홈 폴더에 대한 심볼릭 링크)으로 인해 발생할 수도 있습니다 .

심볼릭 링크가 암호화 된 폴더를 가리키는 경우 apache 및 파일 / 폴더 권한이 올바르게 설정되어 있어도 apache 사용자 (예 : www-data)가 콘텐츠에 액세스 할 수 없습니다. www-data 사용자 의 액세스는 다음 호출로 테스트 할 수 있습니다.

sudo -u www-data ls -l /var/www/html/<your symlink>/

이에 대한 해결 방법 / 솔루션이 있습니다. 예를 들어 www-data 사용자를 비공개 그룹에 추가 (암호화 된 데이터를 웹 사용자에게 노출)하거나 암호화되지 않은 rsynced 폴더를 설정 (아마도 다소 안전함)합니다. 나는 개발 중에 rsync 솔루션을 사용할 것입니다.

https://askubuntu.com/questions/633625/public-folder-in-an-encrypted-home-directory

A convenient tool for my purposes is lsyncd. This allows me to work directly in my encrypted home folder and being able to see changes almost instantly in the apache web page. The synchronization is triggered by changes in the file system, calling an rsync. As I'm only working on rather small web pages and scripts, the syncing is very fast. I decided to use a short delay of 1 second before the rsync is started, even though it is possible to set a delay of 0 seconds.

Installing lsyncd (in Ubuntu):

sudo apt-get install lsyncd

Starting the background service:

lsyncd -delay 1 -rsync /home/<me>/<work folder>/ /var/www/html/<web folder>/

---

I was having a similar problem that I could not resolve for a long time on my new server. In addition to palacsint's answer, a good question to ask is: are you using Apache 2.4? In Apache 2.4 there is a different mechanism for setting the permissions that do not work when done using the above configuration, so I used the solution explained in this blog post.

Basically, what I needed to do was convert my config file from:

Alias /demo /usr/demo/html

<Directory "/usr/demo/html">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    allow from all

</Directory>

to:

Alias /demo /usr/demo/html

<Directory "/usr/demo/html">
    Options FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

Note how the Order and allow lines have been replaced by Require all granted

---

Related to this question, I just figured out why my vhost was giving me that 403.

I had tested ALL possibilities on this question and others without luck. It almost drives me mad.

I am setting up a server with releases deployment similar to Capistrano way through symlinks and when I tried to access the DocRoot folder (which is now a symlink to current release folder) it gave me the 403.

My vhost is:

DocumentRoot /var/www/site.com/html
<Directory /var/www/site.com/html>
        AllowOverride All
        Options +FollowSymLinks
        Require all granted
</Directory>

and my main httpd.conf file was (default Apache 2.4 install):

DocumentRoot "/var/www"
<Directory "/var/www">
    Options -Indexes -FollowSymLinks -Includes
(...)

It turns out that the main Options definition was taking precedence over my vhosts fiel (for me that is counter intuitive). So I've changed it to:

DocumentRoot "/var/www"
<Directory "/var/www">
    Options -Indexes +FollowSymLinks -Includes
(...)

and Eureka! (note the plus sign before FollowSymLinks in MAIN httpd.conf file. Hope this help some other lost soul.

---

There is another way that symbolic links may fail you, as I discovered in my situation. If you have an SELinux system as the server and the symbolic links point to an NFS-mounted folder (other file systems may yield similar symptoms), httpd may see the wrong contexts and refuse to serve the contents of the target folders.

In my case the SELinux context of /var/www/html (which you can obtain with ls -Z) is unconfined_u:object_r:httpd_sys_content_t:s0. The symbolic links in /var/www/html will have the same context, but their target's context, being an NFS-mounted folder, are system_u:object_r:nfs_t:s0.

The solution is to add fscontext=unconfined_u:object_r:httpd_sys_content_t:s0 to the mount options (e.g. # mount -t nfs -o v3,fscontext=unconfined_u:object_r:httpd_sys_content_t:s0 <IP address>:/<server path> /<mount point>). rootcontext is irrelevant and defcontext is rejected by NFS. I did not try context by itself.

---

First disable selinux (vim /etc/selinux/config)

vim /etc/httpd/conf/httpd.conf edit following lines for symlinks and directory indexing:

documentroot /var/www/html
<directory /var/www/html>
    Options Indexes FollowSymLinks
    AllowOverride None
</directory>

If .htaccess file then AllowOverride all

---

For anyone having trouble after upgrading to 14.04 https://askubuntu.com/questions/452042/why-is-my-apache-not-working-after-upgrading-to-ubuntu-14-04 as root changed before upgrade = /var/www after upgrade = /var/www/html

참고URL : https://stackoverflow.com/questions/7381371/apache-wont-follow-symlinks-403-forbidden