CentOS 5.7 Apache 2.2 虚拟主机 RewriteRule 问题上的 Plone 3.3.5
我在CentOS 5.7上安装了Plone 3.3.5,并将Zope放在Apache后面,为了让URL“看到”我的Plone网站,我使用了虚拟主机和重写规则的概念。然而,尽管网页确实正确显示,但生成的 URL 并不漂亮。
编辑后的 httpd.conf 文件:
NameVirtualHost 164.67.141.42:80
<VirtualHost 164.67.141.42:80>
ServerName www2.oid.ucla.edu
ServerAlias www2.oid.ucla.edu
ServerAdmin [email protected]
ServerSignature On
CustomLog /var/log/httpd/www2-access.log combined
ErrorLog /var/log/httpd/www2-error.log
LogLevel warn
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*) http://www2.oid.ucla.edu:8080/VirtualHostBase/http/www2.oid.ucla.edu:80/Plone/VirtualHostRoot/$1 [L]
</IfModule>
<IfModule mod_proxy.c>
ProxyVia On
# prevent the webserver from being used as proxy
<LocationMatch "^[^/]">
Deny from all
</LocationMatch>
</IfModule>
</VirtualHost>
生成的 URL = "http://www2.oid.ucla.edu:8080/VirtualHostBase/http/www2.oid.ucla.edu:80/Plone/VirtualHostRoot/"
URL 应为 = “http://www2.oid.ucla.edu/”
如果我将“P”添加到RewriteRule ^/(.*) http://www2.oid.ucla.edu:8080/VirtualHostBase/http/www2.oid.ucla.edu:80/Plone/VirtualHostRoot/$1 [L,P] 网页上显示“服务暂时不可用”错误。
错误日志说: [错误] (13)权限被拒绝:代理:HTTP:尝试连接到 164.67.141.42:8080 (*) 失败
可能是什么原因导致的?提前致谢!
I installed Plone 3.3.5 on CentOS 5.7 and put Zope behind Apache, in order for URL to "see" my Plone web site, I used the concepts of virtual host and rewrite rule. However, the URL that results is not pretty, although the web page does come up correctly.
The edited httpd.conf file:
NameVirtualHost 164.67.141.42:80
<VirtualHost 164.67.141.42:80>
ServerName www2.oid.ucla.edu
ServerAlias www2.oid.ucla.edu
ServerAdmin [email protected]
ServerSignature On
CustomLog /var/log/httpd/www2-access.log combined
ErrorLog /var/log/httpd/www2-error.log
LogLevel warn
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*) http://www2.oid.ucla.edu:8080/VirtualHostBase/http/www2.oid.ucla.edu:80/Plone/VirtualHostRoot/$1 [L]
</IfModule>
<IfModule mod_proxy.c>
ProxyVia On
# prevent the webserver from being used as proxy
<LocationMatch "^[^/]">
Deny from all
</LocationMatch>
</IfModule>
</VirtualHost>
The resulting URL = "http://www2.oid.ucla.edu:8080/VirtualHostBase/http/www2.oid.ucla.edu:80/Plone/VirtualHostRoot/"
The URL should be = "http://www2.oid.ucla.edu/"
If I add "P" to RewriteRule ^/(.*) http://www2.oid.ucla.edu:8080/VirtualHostBase/http/www2.oid.ucla.edu:80/Plone/VirtualHostRoot/$1 [L,P]
it errors "Service Temporarily Unavailable" on web page.
The error log says:
[error] (13)Permission denied: proxy: HTTP: attempt to connect to 164.67.141.42:8080 (*) failed
What could be causing this?? Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
确保您的 mod_proxy 处于活动状态并启用,并且您的 apache 设置为允许代理。 “[L,P]”中的“P”表示“代理”,mod_rewrite 本身不会这样做
Make sure you have mod_proxy active and enabled, and that your apache is set up to allow proxying. The 'P' in '[L,P]' means 'proxy', and mod_rewrite won't do that by itself
起初我认为你也许应该看看你的 zope 配置设置,认为它可能绑定到 localhost,但你的示例没有代理标志会触发到域名的重定向,我收集的域名实际上返回了真正的 Plone 响应。所以可能不是这样。
您可能遇到 SELinux 设置问题。要测试这一点,请以 root 身份尝试...
$ echo 0 > /selinux/enforce
这将暂时禁用 SELinux。如果代理现在可以工作,则您已找到问题。在这种情况下,以下内容可能会帮助您...
$ /usr/sbin/setsebool -P httpd_can_network_connect 1
但我建议您在阅读更多有关 SELinux 的内容之前不要应用此修复程序。在不了解自己在做什么的情况下调整服务器安全配置的旋钮可能并不明智。
可能与您的问题不直接相关,但这里有一些其他建议:
1)您不需要 ServerAlias 行。列出的域已作为 ServerName 列出。
2)其他人已经指出你需要'P'标志。在这种情况下,“L”标志本身只会生成重定向,这不是您想要的。对于“P”标志,隐含“L”,因此只需 [P] 即可。
3) Martijn 提到的 betabug.ch 站点没问题,但请注意,它也错误地添加了“L”标志,并假设某些请求中可能不存在初始“/”(在 VirtualHost 上下文中,路径将始终以带有'/'——只有在目录上下文中你才需要担心这个,而在 Plone 设置中你永远不会有这个问题)。这些都不会破坏 RewriteRule——它们只是不必要地弄乱配置。
4) 您不需要 LocationMatch 位来防止代理滥用。您正在设置反向代理,而不是转发代理。需要特别注意的是转发代理。如果您不确定是否有转发代理——或者如果您很偏执——只需使用“ProxyRequests off”显式关闭转发代理行为即可。您通常不需要担心这一点,因为 ProxyRequests 默认情况下处于关闭状态。
At first I thought you should maybe look at your zope config settings, thinking that it might be bound to localhost but your example without the proxy flag would have triggered a redirect to the domain name which I gather actually returned a real Plone response. So that's probably not it.
You might have an issue with the SELinux settings. To test that, try this as root...
$ echo 0 > /selinux/enforce
This will temporary disable SELinux. If the proxy now works, you've found the issue. In this case, the following might help you...
$ /usr/sbin/setsebool -P httpd_can_network_connect 1
But I suggest you don't apply this fix until you've read up on SELinux a bit more. It's probably not wise to twist knobs on your server's security configuration without understanding what you are doing.
Probably not directly relevant to your question but here are few other bits of advice:
1) You don't need the ServerAlias line. The domain listed is already listed as the ServerName.
2) Others have already pointed out that you need the 'P' flag. The 'L' flag by itself will, in this case, just generate a redirect, which is not what you want. With a 'P' flag, the 'L' is implied so just [P] will do.
3) The betabug.ch site mentioned by Martijn is okay but note that it also incorrectly adds the 'L' flag and assumes that an initial '/' may not be present in some requests (in the VirtualHost context, the path will always begin with a '/' -- it's only in Directory context that you have to worry about this which you never have in a Plone setup). Neither of these will break the RewriteRule -- they just needlessly clutter up the config.
4) You don't need the LocationMatch bit to protect against Proxy abuse. You're setting up a reverse proxy, not a forward proxy. It's the forward proxies that need special care. If you're not sure if you've got a forward proxy -- or if you're paranoid -- just explicitly turn off forward proxy behavior with "ProxyRequests off". You don't usually need to worry about this as ProxyRequests is off by default.
$ setenforce 0
另一方面,阅读selinux的一些文档。有一种方法可以让它吞掉这个 apache 配置。
SELinux 是你的朋友,当然,但要小心对待他:)
$ setenforce 0
on the other and, read some documentation of selinux. There is a way to make it swallows this apache configuration.
SELinux, is your friend, for shure, but treat HIM with care :)