Php

fast-cgi 下的 lighttpd2 和 php 返回 403 ‘Permission denied’

  • March 18, 2015

lighttpd2 正在開發中,但對於我想開始使用它的地方來說已經足夠遠了。我已經克服了安裝它並使 vhost 等工作的障礙。

  • PHP 5.6.6 (cgi-fcgi)(建構時間:2015 年 2 月 20 日 17:27:21)
  • lighttpd-angel/2.0.0 - 一個快速輕量級的網路伺服器| 建構日期:2015 年 3 月 17 日 13:42:32
  • Arch Linux | linux 3.18.6-1
  • VMWare 工作站 11.1.0 build-2496824

然而php讓我最頭疼。

/etc/lighttpd2/php.conf如下所示:

if phys.path =$ ".php" {
       log.write "Accessing php file";
       fastcgi "unix:/srv/http/php.sock";
}

sock 曾經位於 /var/run/lighttpd2/ 下,但出於訪問/調試目的,我將其移至整個 doc-root 所在的 /srv/http。

這就是我的/etc/lighttpd2/lighttpd.conf樣子:

setup {

       module_load [
               "mod_accesslog",
               "mod_dirlist",
               "mod_vhost"
               "mod_fastcgi"
       ];

       listen "0.0.0.0:80";
       listen "[::]:80";

       log [
               "info" => "/var/log/lighttpd2/info.log",
               "error" => "/var/log/lighttpd2/error.log",
               "abort" => "/var/log/lighttpd2/error.log",
               "backend" => "/var/log/lighttpd2/backend.log",
               "debug" => "/var/log/lighttpd2/debug.log",
               default => "/var/log/lighttpd2/error.log"
       ];
       accesslog "/var/log/lighttpd2/access.log";
       accesslog.format "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"";

       static.exclude_extensions [ ".php", ".pl", ".fcgi", "~", ".inc" ];

}

include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";

#docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];

dirlist;
static;

不知道我是否應該static在最後發表評論。

最後,我的 php“啟動腳本”如下所示:

#!/bin/sh

exec 2>&1

PHP_FCGI_CHILDREN=2 \
PHP_FCGI_MAX_REQUESTS=10000 \
LANG=C LC_ALL=C \
exec /usr/bin/spawn-fcgi -n -s /srv/http/php.sock -u www-data -U www-data -- /usr/bin/php-cgi

我的日誌幾乎是空的,但他們說的是:

systemd 的啟動日誌

Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:166): activate
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:177): done
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: suspended (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: stopping (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: stopping (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: down (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: down (dest: down)
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30956]: 17/Mar/2015 17:14:21 CET (info) lighttpd_worker.c:141: going down
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: debug (angel_server.c:367): instance released
Mar 17 17:14:21 ArchKB lighttpd2[30955]: 2015-03-17 17:14:21 CET: info (angel_main.c:94): going down
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:166): activate
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:171): activate: core
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_server.c:184): Instance (30976) spawned: /usr/lib/lighttpd-2.0.0/lighttpd2/lighttpd2-worker
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_plugin.c:177): done
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: info (angel_main.c:90): parsed config file
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) lighttpd_worker.c:105: config path: /etc/lighttpd2/lighttpd.conf
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_accesslog'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_dirlist'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_vhost'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) plugin_core.c:1254: loaded module 'mod_fastcgi'
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: loading (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: suspended (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: suspended (dest: suspended)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_plugin_core.c:638): listen to ipv4: '0.0.0.0:80' (port: 80)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: debug (angel_plugin_core.c:679): listen to ipv6: '::' (port: 80)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: warmup (dest: running)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:765: Reached state: warmup (dest: running)
Mar 17 17:14:21 ArchKB lighttpd2[30975]: 2015-03-17 17:14:21 CET: lighttpd2-worker[30976]: 17/Mar/2015 17:14:21 CET (debug) server.c:677: Try reaching state: running (dest: running)

錯誤日誌為空,但顯示info.log

17/Mar/2015 17:14:21 CET (info) server.c:58: Got signal, shutdown

debug.log說:

17/Mar/2015 17:12:29 CET (debug) server.c:677: Try reaching state: suspending (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:765: Reached state: suspending (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:677: Try reaching state: suspended (dest: down)
17/Mar/2015 17:12:29 CET (debug) server.c:765: Reached state: running (dest: running)

並且access.log(在我請求 index.php 之後)說:

192.168.253.1 192.168.253.130 - [17/Mar/2015:17:12:36 +0100] "GET / HTTP/1.1" 403 3744 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36"

訪問文件

如果我註釋掉與php相關的所有內容,我會將該文件作為下載的對象獲取,其中包含以下正確內容:

<?php
   header($_SERVER['SERVER_PROTOCOL'] . ' 302 Ok', true, 302);
   print 'OK!';
?>

header()mod只是為了確保lighttp不會因為它是CGI而搞砸標題(它以前發生過,這不應該以不好的方式影響最終結果)。

權限如下所示:

-rwxrwxrwx 1 www-data www-data       84 Mar 17 16:40 index.php
srw-r----- 1 www-data www-data        0 Mar 17 16:47 php.sock
-rw-r--r-- 1 root     root            5 Mar 17 17:06 wham.html

“有趣”的事情是我可以wham.html毫無問題地請求並且它歸 root 所有,但根據文件,只有工作應該以非 root 身份執行,我是:

root     30975  0.0  0.6   5104  3140 ?        Ss   17:14   0:00 /usr/sbin/lighttpd2 -c /etc/lighttpd2/angel.conf
www-data 30976  0.0  0.7  52048  3760 ?        Ssl  17:14   0:00 /usr/lib/lighttpd-2.0.0/lighttpd2/lighttpd2-worker --angel -c /etc/lighttpd2/lighttpd.conf

我到底哪裡錯了?

我的結論是它與php.conf,因為log.write從不執行,或者至少我在任何日誌中都看不到任何東西。

所以我需要幫助,非常糟糕!

簡而言之,*“conf”*更像是一種程式語言,一次按順序執行事物。我忘了嘗試/index.php直接打電話而不是依靠index []工作。

這很傷心,php.conf檢查了請求的路徑是否在函式將請求從to重寫.php之前結束。index []``/``/index.php

在那裡,改變:

include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";

#docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];


docroot "/srv/http";
index [ "index.php", "index.html", "index.htm", "default.htm", "index.lighttpd.html" ];

include "/etc/lighttpd2/mimetypes.conf";
include "/etc/lighttpd2/vhost.conf";
include "/etc/lighttpd2/php.conf";

做了所有的不同。

配置/執行的順序很重要!

這是來自開發論壇的原始消息

你好!

lighttpd2 配置基本上是一種程式語言,即按順序執行的操作列表。這些操作中只有一小部分實際上是在請求上下文中設置的選項。

如果在執行 的內容時php.conf,物理路徑沒有以“.​​php”結尾,則不會執行 php;但只有在主配置的末尾,您才可以搜尋 index.php!(並且您實際上並沒有請求“/index.php”,該請求只是針對“/”)所以:

  • vhost.conf 應該在所有情況下都設置 docroot;讓它也處理“預設”文件根。
  • 要麼在你想要的虛擬主機中呼叫 index ,要麼在 vhost.conf 之後呼叫它來為所有虛擬主機執行;但把它放在“php.conf”之前
  • 您可以在 if: log.write “%{phys.path}”; 之前使用 log.write 來調試 php.conf 中 phys.path 的內容:

順便說一句:howto 顯示正確的順序:)

我通常將(幾乎)所有內容都放入虛擬主機配置中(請參閱 http://doc.lighttpd.net/lighttpd2/mod_vhost.html以了解處理預設虛擬主機和通用概念);我特別只在我真正想要的塊中啟動 php;您可以為常見的配置操作定義別名(如 php howto 展示的)。

– 施特比勒

引用自:https://unix.stackexchange.com/questions/190756

相關問答

Php

Nginx 版本無關的 php-fpm 配置

  • December 31, 2017
檢視問答
Networking

使用專用 Web 伺服器有哪些優勢?

  • August 25, 2016
檢視問答
Debian

Debian 上的 PHP+FastCGI+nginx

  • March 24, 2014
檢視問答
Php

初始化腳本初始化守護程序,但不會返回好的_○到ok

  • October 5, 2011
檢視問答
Debian

Debian 11 Bullseye 和 PHP7 的生命終結 - 2022 年 11 月 28 日之後會發生什麼

  • September 22, 2022
檢視問答
Bash

複雜情況下的引用規則

  • August 17, 2022
檢視問答