Question

摘要

我已经阅读了很多Google结果和stackoverflow问题，但无法弄清楚。核心问题似乎是：

基本设置为Apache/2.4.10，libapache2-mod-wsgi-py3 4.3.0-1和烧瓶1.0.2
在使用certbot设置HTTPS之前，此方法工作正常
使用虚拟主机在单独的.conf文件中设置了两个子域。 .conf文件除了目录和项目名称/ URL之外都是相同的
Apache日志表明请求以某种方式从project_2 URL重定向到project_1 WSGI脚本，我不明白为什么
如果有人可以指出正确的方向，我将永远感激

Apache日志：

[ssl:debug] ssl_engine_kernel.c(243): AH02034: Initial (No.1) HTTPS request received for child 67 (server project_2.domain.com:443) [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all denied: denied [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied [authz_core:error] AH01630: client denied by server configuration: /home/username/projects/project_1/app/run_site.wsgi [ssl:debug] ssl_engine_kernel.c(243): AH02034: Subsequent (No.2) HTTPS request received for child 68 (server project_2.domain.com:443), ref$ [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all denied: denied, referer: https://www.project_2.domain.com/ [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied, referer: https://www.project_2.domain.com/ authz_core:error] AH01630: client denied by server configuration: /home/username/projects/project_1/app/run_site.wsgi, referer: https://www.project_2.domain.com/

Apache .conf文件

/etc/apache2/sites-available/project_2.conf

WSGIDaemonProcess project_2 user=username group=username threads=5
WSGIScriptAlias / "/home/username/projects/project_2/run_site.wsgi"

<VirtualHost *:80>
        ServerName project_2.domain.com
        ServerAlias www.project_2.domain.com

        <Directory "/home/username/projects/project_2/">
                WSGIProcessGroup project_2
                WSGIApplicationGroup %{GLOBAL}
                WSGIScriptReloading On

                Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/notifier_error.log
        CustomLog ${APACHE_LOG_DIR}/notifier_access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.project_2.domain.com [OR]
RewriteCond %{SERVER_NAME} =project_2.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

/etc/apache2/sites-available/project_2-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName project_2.domain.com
        ServerAlias www.project_2.domain.com

        <Directory "/home/username/projects/project_2/">
                WSGIProcessGroup project_2
                WSGIApplicationGroup %{GLOBAL}
                WSGIScriptReloading On

                Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/project_2_error.log
        CustomLog ${APACHE_LOG_DIR}/project_2_access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.project_2.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.project_2.domain.com/privkey.pem
</VirtualHost>
</IfModule>

sudo apachectl -S：

VirtualHost configuration: *:443 is a NameVirtualHost default server project_1.domain.com (/etc/apache2/sites-enabled/project_1-le-ssl.conf:2) port 443 namevhost project_1.domain.com (/etc/apache2/sites-enabled/project_1-le-ssl.conf:2) alias www.project_1.domain.com port 443 namevhost project_2.domain.com (/etc/apache2/sites-enabled/project_2-le-ssl.conf:2) alias www.project_2.domain.com *:80 is a NameVirtualHost default server project_1.domain.com (/etc/apache2/sites-enabled/project_1.conf:4) port 80 namevhost project_1.domain.com (/etc/apache2/sites-enabled/project_1.conf:4) alias www.project_1.domain.com port 80 namevhost project_2.domain.com (/etc/apache2/sites-enabled/project_2.conf:4) alias www.project_2.domain.com ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/lock/apache2" mechanism=fcntl PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG Define: ENABLE_USR_LIB_CGI_BIN User: name="www-data" id=33 Group: name="www-data" id=33

Answer 1

好的，我发现了我的错误。设置certbot时，我将这两行都移到了虚拟主机之外：

WSGIDaemonProcess project_2 user=username group=username threads=5
WSGIScriptAlias / "/home/username/projects/project_2/run_site.wsgi"

这导致我的两个WSGIScriptAlias文件中有两个.conf行，一个覆盖了另一个。解决此问题的方法是将WSGIScriptAlias放入脚本project_1.conf和project_2.conf的虚拟主机中，以及将其手动重新添加到project_1-le-ssl.conf和project_2-le-ssl.conf < / p>

产生的.conf示例：

WSGIDaemonProcess project_2 user=username group=username threads=5

<VirtualHost *:80>
        ServerName project_2.domain.com
        ServerAlias www.project_2.domain.com

        WSGIScriptAlias / "/home/username/projects/project_2/run_site.wsgi"

        <Directory "/home/username/projects/project_2/">
                WSGIProcessGroup project_2
                WSGIApplicationGroup %{GLOBAL}
                WSGIScriptReloading On

                Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/notifier_error.log
        CustomLog ${APACHE_LOG_DIR}/notifier_access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.project_2.domain.com [OR]
RewriteCond %{SERVER_NAME} =project_2.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

AH01630：客户端被服务器配置拒绝，从一台虚拟主机重定向到另一台

摘要

Apache日志：

Apache .conf文件

/etc/apache2/sites-available/project_2.conf

/etc/apache2/sites-available/project_2-le-ssl.conf

sudo apachectl -S：

1 个答案: