这是一个创建于 2620 天前的主题,其中的信息可能已经有所发展或是发生改变。
用 letsencrypt 弄了证书,然后准备配置 apache,配置完访问提示 403 forbidden,但是 http 访问正常
该站点的单独配置文件如下:
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/data/wwwroot/www.chanzhicms.com" ServerName www.chanzhicms.com ServerAlias chanzhicms.com ErrorLog "/data/wwwlogs/www.chanzhicms.com_error_apache.log" CustomLog "/data/wwwlogs/www.chanzhicms.com_apache.log" combined <Directory "/data/wwwroot/www.chanzhicms.com"> SetOutputFilter DEFLATE Options FollowSymLinks ExecCGI Require all granted AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html index.php <VirtualHost *:443> DocumentRoot /data/wwwroot/www.chanzhicms.com ServerName https://www.chanzhicms.com:443 ServerAdmin [email protected] SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.chanzhicms.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.chanzhicms.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/www.chanzhicms.com/chain.pem
<Directory "/data/wwwroot/www.chanzhicms.com"> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html index.php </Directory>  | 1 zw1one 2018-08-11 17:45:27 +08:00 via Android server.xml 里面看下是不是访问的 https 的那个端口。 |
 | 2 luoyayu 2018-08-11 17:57:24 +08:00 楼主好巧,昨天我也遇到了,我的解决方法是在每个 403 vhost 下都添加 ServerAlias xxxx Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/xxxx/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/xxxx/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/xxxx/chain.pem 例如 vhost-ssl.conf,vhost-le-ssl.conf |
 | 4 humansjl 2018-08-11 21:28:24 +08:00 |
 | 5 vss80p585 2018-08-11 21:41:01 +08:00 用宝塔保平安 |
 | 6 GavinHsueh OP @luoyayu 你好,你解决了么?我并没有 options-ssl-apache.conf 这个文件 |
| 7 luoyayu 2018-08-12 10:40:02 +08:00 via Android 你在生成证书的时候加上--apache 了吗 |
 | 8 artvista 2018-08-12 11:10:39 +08:00 via Android 装个宝塔面板吧,方便很多 |
| 9 GavinHsueh OP 终于成功了,还是要谢谢大家~ 找到原因了,我 apache 用的是 2.4+版本,需要在网站单独配置文件里加上 Require all granted 才行。这条命令是 apache2.4 新增加的,用以替代 allow,deny 以及 order 指令。 <Directory "/data/wwwroot/www.chanzhicms.com"> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html index.php Require all granted </Directory> @luoyayu |
Select Language