Home Sign Up Sign In
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
GavinHsueh
V2EX  ›  Linux

apache 启用 https,访问提示 403 forbidden

  •   
  •   GavinHsueh · Aug 11, 2018 · 7519 views
    This topic created in 2825 days ago, the information mentioned may be changed or developed.

    用 letsencrypt 弄了证书,然后准备配置 apache,配置完访问提示 403 forbidden,但是 http 访问正常

    该站点的单独配置文件如下:

    <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/data/wwwroot/www.chanzhicms.com" ServerName www.chanzhicms.com ServerAlias chanzhicms.com ErrorLog "/data/wwwlogs/www.chanzhicms.com_error_apache.log" CustomLog "/data/wwwlogs/www.chanzhicms.com_apache.log" combined <Directory "/data/wwwroot/www.chanzhicms.com"> SetOutputFilter DEFLATE Options FollowSymLinks ExecCGI Require all granted AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html index.php <VirtualHost *:443> DocumentRoot /data/wwwroot/www.chanzhicms.com ServerName https://www.chanzhicms.com:443 ServerAdmin [email protected] SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.chanzhicms.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.chanzhicms.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/www.chanzhicms.com/chain.pem

    <Directory "/data/wwwroot/www.chanzhicms.com">
    SetOutputFilter DEFLATE
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    DirectoryIndex index.html index.php
</Directory>
  • Data
  • wwwroot
  • Apache
  • allow
    9 replies    2018-08-12 15:41:09 +08:00
    zw1one
        1
    zw1one  
       Aug 11, 2018 via Android
    server.xml 里面看下是不是访问的 https 的那个端口。
    luoyayu
        2
    luoyayu  
       Aug 11, 2018
    楼主好巧,昨天我也遇到了,我的解决方法是在每个 403 vhost 下都添加
    ServerAlias xxxx
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/xxxx/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/xxxx/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/xxxx/chain.pem
    例如 vhost-ssl.conf,vhost-le-ssl.conf
    luoyayu
        3
    luoyayu  
       Aug 11, 2018
    @luoyayu 443
    humansjl
        4
    humansjl  
       Aug 11, 2018
    <VirtualHost *:443>
    ServerName www.chanzhicms.com

    LZ 试试。
    vss80p585
        5
    vss80p585  
       Aug 11, 2018
    用宝塔保平安
    GavinHsueh
        6
    GavinHsueh  
    OP
       Aug 12, 2018
    @luoyayu 你好,你解决了么?我并没有 options-ssl-apache.conf 这个文件
    luoyayu
        7
    luoyayu  
       Aug 12, 2018 via Android
    你在生成证书的时候加上--apache 了吗
    artvista
        8
    artvista  
       Aug 12, 2018 via Android
    装个宝塔面板吧,方便很多
    GavinHsueh
        9
    GavinHsueh  
    OP
       Aug 12, 2018
    终于成功了,还是要谢谢大家~
    找到原因了,我 apache 用的是 2.4+版本,需要在网站单独配置文件里加上 Require all granted 才行。这条命令是 apache2.4 新增加的,用以替代 allow,deny 以及 order 指令。
    <Directory "/data/wwwroot/www.chanzhicms.com">
    SetOutputFilter DEFLATE
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    DirectoryIndex index.html index.php
    Require all granted
    </Directory>
    @luoyayu
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   5458 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 64ms · UTC 09:26 · PVG 17:26 · LAX 02:26 · JFK 05:26
    ♥ Do have faith in what you're doing.