这个问题主要针对 Zope 和 Plone 管理员和开发人员。
我一直在尝试使用 apache、Plone.org 和 Zope 基金会的文档来获取 Apache 重写规则。我找到了一些小例子,但它们似乎没有足够的解释可以用来应用到我的情况。我向为这些组织创建文档的任何人道歉——这些文档非常出色。我只是没有成功地独自解决问题。
概述:上下文是企业防火墙后面的 Intranet 门户样式设置。我使用 Apache 作为在 zeo 服务器(端口 8080)上运行的 plone 实例(名称 = wiki)的代理。出于安全原因,我不希望任何人直接通过端口 8080 访问克隆站点。我希望 Apache 侦听端口 80 以重定向/代理到克隆站点。这也使我能够隐藏对用户而言过于复杂的 URL 部分。我有一个单独的 DNS 服务器,它指向 Plone 服务器(Plone 主机名 = wiki.domain.net),这样可以降低一些地址的复杂性。用户可以输入“wiki”从我们的域内访问服务器。请记住,我的老板还要求将克隆站点名称命名为“wiki”。因此,当前用户可以使用以下约定访问 plone:
http://wiki:8080/wiki
http://wiki.domain.net:8080/wiki
Apache 正在运行,但无法通过端口 80 重定向——实际上,有人可以直接在端口 8080 上访问 zope/plone。我希望 Apache 能够接收到流量并重定向到克隆实例。
这是我的 httpd.conf 文件的虚拟主机部分:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName wiki.domain.net
ErrorLog logs/wiki.domain.net-error_log
CustomLog logs/wiki.domain.net-access_log common
RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80/wiki/VirtualHostRoot/$1 [L,P]
</VirtualHost>
从我的浏览器中我收到:
`错误的请求
您的浏览器发送了该服务器无法理解的请求。
Apache/2.2.15 (CentOS) 服务器位于 wiki 端口 80`
Apache 错误日志:$ tail -20 error_log:
[Fri Jan 13 09:20:37 2012] [notice] 摘要:完成
[2012 年 1 月 13 日星期五 09:20:37] [警告] mod_wsgi:为 Python/2.6.2 编译。
[2012 年 1 月 13 日星期五 09:20:37] [警告] mod_wsgi:使用 Python/2.6.5 的运行时。
[2012 年 1 月 13 日星期五 09:20:37] [通知] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2
mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_wsgi/3.2 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1 配置 -- 恢复正常操作
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[2012 年 1 月 13 日星期五 09:30:49] [错误] 异常 KeyError: KeyError(139958166271968,) in 被忽略
[Fri Jan 13 09:30:50 2012] [通知] 捕获 SIGTERM,正在关闭
[Fri Jan 13 09:30:51 2012] [通知] SELinux 策略已启用; httpd 作为上下文运行 unconfined_u:system_r:httpd_t:s0
[Fri Jan 13 09:30:51 2012] [通知] suEXEC 机制已启用(包装器:/usr/sbin/suexec)
[Fri Jan 13 09:30:51 2012] [通知] 摘要:生成摘要身份验证的秘密...
[Fri Jan 13 09:30:51 2012] [通知] 摘要:完成
[2012 年 1 月 13 日星期五 09:30:51] [警告] mod_wsgi:为 Python/2.6.2 编译。
[2012 年 1 月 13 日星期五 09:30:51] [警告] mod_wsgi:使用 Python/2.6.5 的运行时。
[2012 年 1 月 13 日星期五 09:30:51] [通知] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2 mod_ssl/2.2.15
OpenSSL/1.0.0-fips mod_wsgi/3.2 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1 配置-
恢复正常运营
记录与 $ grep -i proxy 相关的错误:
./domain.net-error_log:[Thu Jan 12 14:53:02 2012] [error] (13)权限被拒绝:代理:HTTP:尝试连接到 127.0.0.1:8080 (*)失败的
./domain.net-error_log:[Thu Jan 12 14:57:44 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 14:57:45 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot/favicon.ico
./domain.net-error_log:[Thu Jan 12 14:57:45 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot/favicon.ico
./domain.net-error_log:[Thu Jan 12 15:18:18 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot/
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:18:21] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot/
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:18:34] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:21:49 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot/
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:21:50] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot/
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:21:53] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot/
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:21:58] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot/
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:22:34] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:23:07 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/域名.net:80/VirtualHostRoot/
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:25:10] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot//
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:25:10] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot //favicon.ico
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:25:20] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot //维基
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:25:21] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot //favicon.ico
./domain.net-error_log:[Thu Jan 12 15:25:29 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot//
./domain.net-error_log:[Thu Jan 12 15:25:29 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/VirtualHostRoot //favicon.ico
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:26:40] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot//
./domain.net-error_log:[2012 年 1 月 12 日星期四 15:26:40] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot //favicon.ico
./domain.net-error_log:[Thu Jan 12 15:26:41 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot//
./domain.net-error_log:[Thu Jan 12 15:26:41 2012] [错误] [客户端 172.18.136.33] 客户端被服务器配置拒绝:代理:http://127.0.0.1:8080/VirtualHostBase/http/维基:80/wiki/VirtualHostRoot //favicon.ico
所有这些都在具有标准构建配置和 6 GB 内存的 CentOS 6.0 x64 上运行。防火墙端口对 8080、8081 和 80(及其他)开放。感谢您的时间和专业知识。
This question will be mainly for Zope and Plone administrators and developers.
I have been attempting to get an Apache rewrite rule working using documentation from apache, Plone.org, and Zope foundation. I have found small examples but they don't seem to have enough explanation that I can use to apply to my situation. I apologize to anyone who creates documentation for these organizations--the documentation is outstanding. I am just not successfully resolving the problem on my own.
Overview: The context is intranet portal style setup behind a corporate firewall. I am using Apache as a proxy to a plone instance (name = wiki) running on a zeo server (port 8080). I don't want anyone to access the plone site directly through port 8080 for security reasons. I want Apache listening on port 80 to redirect/proxy to the plone site. This will also give me the ability to hide parts of the URL that are too complex for users. I have a separate DNS server that points to the Plone server (Plone hostname = wiki.domain.net) so that some of the address complexity is cut down. Users can type "wiki" to get to the server from within our domain. Keep in mind my boss also required that the plone site name be called "wiki". So, currently users can access plone using the following conventions:
http://wiki:8080/wiki
http://wiki.domain.net:8080/wiki
Apache is running but not able to redirect through port 80--effectively someone can just access zope/plone directly on port 8080. I want Apache to pick up the traffic and redirect to the plone instance.
This is the virtual host section of my httpd.conf file:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName wiki.domain.net
ErrorLog logs/wiki.domain.net-error_log
CustomLog logs/wiki.domain.net-access_log common
RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80/wiki/VirtualHostRoot/$1 [L,P]
</VirtualHost>
From my browser I am receiving:
`Bad Request
Your browser sent a request that this server could not understand.
Apache/2.2.15 (CentOS) Server at wiki Port 80`
The Apache error_log: $ tail -20 error_log:
[Fri Jan 13 09:20:37 2012] [notice] Digest: done
[Fri Jan 13 09:20:37 2012] [warn] mod_wsgi: Compiled for Python/2.6.2.
[Fri Jan 13 09:20:37 2012] [warn] mod_wsgi: Runtime using Python/2.6.5.
[Fri Jan 13 09:20:37 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2
mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_wsgi/3.2 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
[Fri Jan 13 09:30:50 2012] [notice] caught SIGTERM, shutting down
[Fri Jan 13 09:30:51 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Jan 13 09:30:51 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jan 13 09:30:51 2012] [notice] Digest: generating secret for digest authentication ...
[Fri Jan 13 09:30:51 2012] [notice] Digest: done
[Fri Jan 13 09:30:51 2012] [warn] mod_wsgi: Compiled for Python/2.6.2.
[Fri Jan 13 09:30:51 2012] [warn] mod_wsgi: Runtime using Python/2.6.5.
[Fri Jan 13 09:30:51 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2 mod_ssl/2.2.15
OpenSSL/1.0.0-fips mod_wsgi/3.2 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1 configured-
resuming normal operations
log errors with respect to $ grep -i proxy:
./domain.net-error_log:[Thu Jan 12 14:53:02 2012] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
./domain.net-error_log:[Thu Jan 12 14:57:44 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 14:57:45 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/favicon.ico
./domain.net-error_log:[Thu Jan 12 14:57:45 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/favicon.ico
./domain.net-error_log:[Thu Jan 12 15:18:18 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:18:21 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:18:34 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:21:49 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:21:50 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:21:53 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:21:58 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:22:34 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:23:07 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/domain.net:80/VirtualHostRoot/
./domain.net-error_log:[Thu Jan 12 15:25:10 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//
./domain.net-error_log:[Thu Jan 12 15:25:10 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//favicon.ico
./domain.net-error_log:[Thu Jan 12 15:25:20 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//wiki
./domain.net-error_log:[Thu Jan 12 15:25:21 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//favicon.ico
./domain.net-error_log:[Thu Jan 12 15:25:29 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//
./domain.net-error_log:[Thu Jan 12 15:25:29 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//favicon.ico
./domain.net-error_log:[Thu Jan 12 15:26:40 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//
./domain.net-error_log:[Thu Jan 12 15:26:40 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//favicon.ico
./domain.net-error_log:[Thu Jan 12 15:26:41 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//
./domain.net-error_log:[Thu Jan 12 15:26:41 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//favicon.ico
All of this is running on a CentOS 6.0 x64 with the standard build configuration and 6 GB memory. The firewall ports are open for 8080, 8081, and 80 (and others). Thank you for your time and expertise.
发布评论
评论(3)
您遇到的错误是由于 Apache 版本 >2.2 中增强的安全级别(您的是 2.2.15)。解决方案是将其添加到您的虚拟主机配置中:
更多信息:
The error that you are facing is due to an enhanced security level in Apache version >2.2 (your is 2.2.15). The solution is to add this in your vhost config:
More info:
我怀疑您可能错过了启用 Apache 的代理模块。请参阅本指南中的第二步:https://weblion.psu.edu/trac/weblion/维基/ProxyApacheToZope
I suspect that you may have missed out enabling Apache's proxy modules. See step two in this guide: https://weblion.psu.edu/trac/weblion/wiki/ProxyApacheToZope
尝试:
在虚拟主机容器内。
Try:
inside your virtual host container.