Persistent 403 Forbidden使用Apache + Django

oaxa6hgo  于 2023-03-31  发布在  Apache
关注(0)|答案(2)|浏览(118)

我希望你能帮我解决一个看似简单但我不明白错误来自哪里的问题
我的Django应用程序在我当前的配置下仍然无法访问
apache2/error.log

[Fri Mar 24 16:35:24.094998 2023] [mpm_event:notice] [pid 101389:tid 140233809427776] AH00494: SIGHUP received.  Attempting to restart
[Fri Mar 24 16:35:24.168460 2023] [mpm_event:notice] [pid 101389:tid 140233809427776] AH00489: Apache/2.4.54 (Debian) mod_wsgi/4.7.1 Python/3.9 configured -- resuming normal operations
[Fri Mar 24 16:35:24.168499 2023] [core:notice] [pid 101389:tid 140233809427776] AH00094: Command line: '/usr/sbin/apache2'
[Fri Mar 24 16:35:27.794864 2023] [authz_core:error] [pid 106856:tid 140233787946752] [client 192.168.130.131:55869] AH01630: client denied by server configuration: /home/sullivan/webapp/webapp-proto/appback/wsgi.py

appback/wsgi.py

import os
from django.core.wsgi import get_wsgi_application
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'appback.settings')
application = get_wsgi_application()

apache2 webapp_prod.conf

<VirtualHost *:80>
    ServerName localhost

    WSGIDaemonProcess webapp_prod python-home=/home/sullivan/venv python-path=/home/sullivan/webapp/webapp-proto/webapp/appback/
    WSGIProcessGroup webapp_prod
    WSGIScriptAlias / /home/sullivan/webapp/webapp-proto/appback/wsgi.py
#    WSGIScriptAlias / /home/sullivan/webapp/webapp-proto/appback/django.wsgi

    <Directory /home/sullivan/webapp/webapp-proto/webapp/appback/>
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

apache2 apache2.conf

# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

ServerName localhost

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#Mutex file:${APACHE_LOCK_DIR} default

#
# The directory where shm and other runtime files will be stored.
#

DefaultRuntimeDir ${APACHE_RUN_DIR}

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

<Directory /usr/share>
    AllowOverride None
    Require all granted
</Directory>

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

#<Directory /srv/>
#   Options Indexes FollowSymLinks
#   AllowOverride None
#   Require all granted
#</Directory>



# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
    Require all denied
</FilesMatch>

#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

申请文件为:/home/sullivan/webapp/webapp-proto/webapp/appback/
我在webapp(webapp-proto下的那个)上给出了权限755和644的组www-data。
救命啊!

o0lyfsai

o0lyfsai1#

目录路径中有两个webapp,但www.example.com的路径wsgi.py不同:

WSGIScriptAlias / /home/sullivan/webapp/webapp-proto/appback/wsgi.py

    <Directory /home/sullivan/webapp/webapp-proto/webapp/appback/>
        Require all granted
    </Directory>
nkoocmlb

nkoocmlb2#

最终,问题当然是由于上述文件夹的权利. cp到www-data文件夹解决了403禁止.然而,我现在仍然有一个500错误.继续努力吧.

相关问题