403错误Apache服务器与Django应用程序上 [英] 403 error on Apache Server with Django application

问题描述

我一直在寻找整个网站的解决方案，但一直没能找到一个。我有一个CentOS 6.4服务器与Apache 2.2.15，Django的1.6和3.2的mod_wsgi。我使用Apache显示静态文件和mod_wsgi的显示内容的Django。

I've been searching throughout this site for a solution but haven't been able to find one. I have a CentOS 6.4 server with Apache 2.2.15, Django 1.6 and mod_wsgi 3.2. I am using Apache to display static files and mod_wsgi to display Django content.

我把Django的项目文件中的 / SRV 目录由于<一个href=\"http://stackoverflow.com/questions/2894611/safely-hosting-a-django-project-over-apache-using-centos\">this页。

I placed the Django project files in the /srv directory due to this page.

当我运行Django开发服务器，我适当地写了显示测试页面。然而，当我开始我的Apache服务器，并参观127.0.0.1，我得到一个403 Forbidden错误。

When I run the Django development server, the test page that I wrote up displays properly. However, when I start my Apache server and visit 127.0.0.1, I get a 403 Forbidden error.

django.wsgi （在/ SRV / mysite的）

django.wsgi (in /srv/mysite)

import os
import sys

envpath = '/usr/lib/python2.6/site-packages'

pwd = os.path.dirname(os.path.abspath(__file__))
os.chdir(pwd)
sys.path = [env] + sys.path

os.environ['PYTHON_EGG_CACHE'] = '/srv/mysite/.python-egg'
os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'

site.addsitedir(envpath)

from django.core.handlers.wsgi import WSGIHandler
application = WSGIHandlers()

的httpd.conf

WSGIScriptAlias / /srv/mysite/django.wsgi
WSGIPythonPath /srv/mysite
<more aliases and tags in order to get the right static files to show>

在的httpd.conf 文件中，列出的用户和组是默认的阿帕奇。我跑了的ls -l <​​/ code>在 / SRV 目录和它的所有者和组被列为根。所以，我跑了须藤CHOWN R的阿帕奇：阿帕奇/ SRV / mysite的这改变了目录及其所有子目录使用阿帕奇作为所有者和组。

In the httpd.conf file, the user and group that is listed is the default apache. I ran a ls -l on the /srv directory and its owner and group were listed as root. So, I ran sudo chown -R apache:apache /srv/mysite which changed the directory and all subdirectories to use apache as owner and group.

但是，不管我有多谷歌或尝试，我不能在这个403的错误提示。

However, no matter how much I Google or try, I can't get over this 403 error.

编辑：

我发现，当我禁用SELinux，并在的http.conf 文件中的 WSGIPythonPath 变量 django.wsgi ，它会导致500内部服务器错误。然而，当我将其更改为 wsgi.py ，我的网站显示正常。我很好奇，这是为什么。

I've discovered that when I disable SELinux, and the WSGIPythonPath variable in the http.conf file is django.wsgi, it results in a 500 Internal Server error. However, when I change it to wsgi.py, my website displays properly. I am curious as to why that is.

在任何情况下，因为这将是一个生产机器，我preFER保持了SELinux上，并找出如何才能获得相应的权限想通了。

In any case, since this will be a production machine, I prefer to keep SELinux on and figure out how to get the appropriate permissions figured out.

编辑2：

我已经编辑我的 django.wsgi 文件（上述改变）ALA <一个href=\"http://stackoverflow.com/questions/9353092/could-not-import-settings-myproject-settings-is-it-on-sys-path-no-module-n\">this链接

I've edited my django.wsgi file (changed above) ala this link

修改3：

我想提出我的项目文件到我的/ home /文件夹。我一直在试图 django.wsgi 和 wsgi.py 但仍无法让过去的403禁止交替错误。我认为这本来是一个权限问题与 / SRV 目录，但似乎并非如此......我想摸不着头脑，但没有什么工作。

I tried moving my project files into the my /home/ folder. I've been alternating between trying django.wsgi and wsgi.py but still can't get past the 403 Forbidden error. I thought it was originally a permissions issue with the /srv directory but it appears that's not the case...I am trying to figure this out but nothing is working.

修改4：

我决定只坚持开发服务器现在...但我仍然需要得到这个工作，我在我的绳子结束。有没有人在那里，可以帮助我吗？

I decided to just stick the development server for now...but I still need to get this working and I am at the end of my rope. Is there anyone out there that can help me?

推荐答案

SELinux的有它自己的授权访问的系统。您永远的过程，必须授予取决于SELinux上下文的文件系统访问文件。有一些默认的政治和SELinux中定义的上下文这些都是有用的为您的安装默认情况下。只是网络文件预计将在'/无功/网络。你可以多为检查文件的当前上下文或使用交换机处理-Z，见

SELinux has its own system of granting access. Your process ever has to be granted to access files on filesystem depending on SELinux context. There are some default politics and contexts defined in SELinux those are usefull for default cases of your installation. Just web files are expected to be in '/var/www'. You can mostly check the current context of files or processes using switch '-Z', see

[root@localhost]#  ls -Z /var
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 www

检查/ SRV / mysite的

Check the context of /srv/mysite

[root@localhost]#  ls -Z /srv
drwxr-xr-x. root root system_u:object_r:var_t:s0       mysite

执行Apache服务器允许BYT不允许在SELinux类型var_t访问文件在SELinux类型httpd_sys_content_t访问文件。

The Apache HTTPD server is allowed to access files with SELinux type httpd_sys_content_t byt it is NOT allowed to access files with SELinux type var_t.

1。更改SELinux的类型目录，并检查上下文

[root@localhost]#  chcon -R -t  httpd_sys_content_t /srv/mysite
[root@localhost]#  ls -Z /srv
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mysite

检查您的网站是否工作现在。

Check if your webiste is working right now.

到现在为止还没有完成呢，当你重新标记文件系统默认或如果你使用一个守护进程来检查或重新标记本身，你就有可能失去你的新的标签。

Till now it is not finished yet, while you relabel filesystem to default or if you use a daemon to check or relabel itself, you risk to lose your new labeling.

2。使默认labaling您的目录

通过创建semange默认标签和的restorecon

Create the default labeling by 'semange' and apply it on your directory by 'restorecon'

[root@localhost]#  semanage fcontext -a -t httpd_sys_content_t /srv/mysite
[root@localhost]#  restorecon -v -R /srv/mysite
[root@localhost]#  ls -Z /srv
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mysite

现在SELinux的标签都是固定的。

Right now your SELinux labeling is fixed.

注意：可以定期EX pressions定义默认情况下

Note: It is possible regular expressions to define default context.

Debian的：我不是一个Debian用户，所以SELinux的类型可以是有点不同，原理是一样的，检查SELinux的类型Apache目录，并设置它在你的目录你想成为Apache的访问。

Debian: I'm not a Debian user, so the SELinux type can be a bit different, the principle is just the same, check the SELinux type of your apache directory and set it on your directory you want to be accessible from apache.

了解更多在RedHat的：
<一href=\"https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html\" rel=\"nofollow\">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html

Read more at RedHat: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html

Fedora的SELinux的文件：
http://docs.fedoraproject.org/en-US/ Fedora的/ 13 / HTML /安全性Enhanced_Linux /

Fedora SELinux documentation: http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/

这篇关于403错误Apache服务器与Django应用程序上的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！