阿帕奇在码头工人说：不准符号链接 [英] Apache in Docker says: Symbolic link not allowed

问题描述

我用一个码头工人形象：<一href=\"https://github.com/docker-library/php/blob/fec7f537f049aafd2102202519c3ca9cb9576707/5.5/apache/Dockerfile\" rel=\"nofollow\">https://github.com/docker-library/php/blob/fec7f537f049aafd2102202519c3ca9cb9576707/5.5/apache/Dockerfile

我用它与码头工人，撰写

 阿帕奇：
  打造：./site/docker/apachephp
  环境：
     -  VIRTUAL_HOST = www.test.dev
  卷：
     -  ./site/$c$c:/var/www/app
  暴露：
     - 80后
 

在code是一个symfony的应用程序，并使用符号链接在网络文件夹，但在符号链接的所有资产我在Apache日志得到：

AH00037：符号链接不允许或链接目标不可访问：在/ var / WWW /应用/网络/测试

其他所有code运行正常。结果
我不知道这的选项+了FollowSymLinks -SymLinksIfOwnerMatch的使用正确的，如果有可能其他配置文件覆盖成才？

或者是它的一些权限问题？
主机上的文件属于不apache用户WWW的数据，但给其他用户，但阅读权限设置。

Apache的配置是：

 ＃看到http://sources.debian.net/src/apache2/2.4.10-1/debian/config-dir/apache2.conf互斥文件：在/ var /锁/ Apache2默认
PIDFILE /var/run/apache2/apache2.pid
超时300
上的KeepAlive
MaxKeepAliveRequests 100
5的KeepAliveTimeout
用户WWW的数据
组www数据
HostnameLookups关闭
错误日志的/ proc /自/ FD / 2
LOGLEVEL警告IncludeOptional启用MODS-/ *。负荷
IncludeOptional启用MODS-/ *。CONF＃ports.conf
听80
＆LT; IfModule ssl_module＆GT;
    听443
＆LT; / IfModule＆GT;
＆LT; IfModule mod_gnutls.c＆GT;
    听443
＆LT; / IfModule＆GT;＆LT;目录/＆GT;
    设置AllowOverride无
    要求所有被拒绝
＆LT; /目录＆GT;＆LT;目录/ var /网络/应用＆GT;
    选项​​+的FollowSymLinks -SymLinksIfOwnerMatch
    所有的AllowOverride
    要求所有批准
＆LT; /目录＆GT;DocumentRoot的/无功/网络/应用/网络AccessFileName的.htaccess
＆LT; FilesMatch^ \\ HT。＆GT;
    要求所有被拒绝
＆LT; / FilesMatch＆GT;的LogFormat％V：％P％H％L％U％T \\％r \\％＆GT; S％氧气\\％{Referer的}​​ I \\\\％{用户代理} I \\vhost_combined
的LogFormat％H％L％U％T \\％r \\％＆GT; S％氧气\\％{Referer的}​​ I \\\\％{用户代理} I \\组合拳
的LogFormat％H％L％U％T \\％r \\％＆GT; S％O普通
的LogFormat％{Referer的}​​ I  - ＆GT;％U引荐
的LogFormat％{用户代理} I代理的CustomLog的/ proc /自/ FD / 1相结合＆LT; FilesMatch \\ .PHP $＆GT;
    SetHandler应用程序/ X的httpd  -  PHP
＆LT; / FilesMatch＆GT;＃在同一范围内的多个DirectoryIndex的指令将增加
＃资源列表中寻找，而不是更换
＃https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
禁用的DirectoryIndex
DirectoryIndex的app_dev.php的index.php index.html的IncludeOptional启用CONF-/ *。CONF
IncludeOptional启用站点-/ *。CONF
 

解决方案

要回答我的问题：
得益于上述评论的技巧，我登录容器，并检查了pathes和符号链接是主机的pathes，使想不出工作。

所以我可能有在容器中创建符号链接，除非有某种方式来告诉泊坞窗跟随符号连接从主机，但我对此表示怀疑。

I use a Docker image: https://github.com/docker-library/php/blob/fec7f537f049aafd2102202519c3ca9cb9576707/5.5/apache/Dockerfile

And i use it with docker-compose:

apache:
  build: ./site/docker/apachephp
  environment:
    - VIRTUAL_HOST=www.test.dev
  volumes:
    - ./site/code:/var/www/app
  expose:
    - "80"

The code is a symfony app and uses symbolic link in the web folder, but for all assets in the symbolic links i get in the apache logs:

AH00037: Symbolic link not allowed or link target not accessible: /var/www/app/web/test

All other code runs fine.
I wonder if that Options +FollowSymLinks -SymLinksIfOwnerMatch is used correct and if there maybe other config files that override someting?

Or is it some Permission issue? The files on the host belong not to the apache user www-data but to another user, read rights are set however.

The Apache config is:

# see http://sources.debian.net/src/apache2/2.4.10-1/debian/config-dir/apache2.conf

Mutex file:/var/lock/apache2 default
PidFile /var/run/apache2/apache2.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User www-data
Group www-data
HostnameLookups Off
ErrorLog /proc/self/fd/2
LogLevel warn

IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# ports.conf
Listen 80
<IfModule ssl_module>
    Listen 443
</IfModule>
<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

<Directory />
    AllowOverride None
    Require all denied
</Directory>

<Directory /var/www/app>
    Options +FollowSymLinks -SymLinksIfOwnerMatch
    AllowOverride All
    Require all granted
</Directory>

DocumentRoot /var/www/app/web

AccessFileName .htaccess
<FilesMatch "^\.ht">
    Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

CustomLog /proc/self/fd/1 combined

<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>

# Multiple DirectoryIndex directives within the same context will add
# to the list of resources to look for rather than replace
# https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
DirectoryIndex disabled
DirectoryIndex app_dev.php index.php index.html

IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf

解决方案

To answer my own question: thanks to the tips in the comments above, i logged in the container and checked the pathes and the symlinks were pathes of the host, so that couldnt work.

So i probably have to create the symlinks in the container, unless there is some way to tell docker to follow symlinks from the host, but i doubt that.

这篇关于阿帕奇在码头工人说：不准符号链接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！