Heroku 上的 Symfony:403 Forbidden 您无权访问/在此服务器上 [英] Symfony on Heroku: 403 Forbidden You don't have permission to access / on this server
问题描述
我已成功将我的 Symfony 2 应用程序部署到 Heroku,但现在,当我尝试访问它时,收到以下 403 错误:
I've successfully deployed my Symfony 2 App to Heroku but now, when I'm trying to access it, I receive the following 403 error:
禁止
您无权访问此服务器上的/.
You don't have permission to access / on this server.
这是 Heroku 的日志:
This is the log from Heroku:
2015-07-29T14:31:41.827491+00:00 heroku[router]: at=info method=GET path="/" host=my-app.herokuapp.com request_id=557a70f4-ea11-4519-b8df-301b714f6ffa fwd="151.77.103.253" dyno=web.1 connect=0ms service=1ms status=403 bytes=387
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
2015-07-29T14:31:41.829009+00:00 app[web.1]: 10.100.0.139 - - [29/Jul/2015:14:31:41 +0000] "GET / HTTP/1.1" 403 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36
似乎 Symfony(或 Heroku?)正在尝试为目录 /app/ 提供服务,但我认为这是不正确的,从日志来看:
It seems that Symfony (or Heroku?) is trying to serve the directory /app/ but I think this is not correct, as from the logs:
2015-07-29T14:31:41.828428+00:00 应用程序[web.1]:[7 月 29 日星期三14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784][客户端 10.100.0.139:16096] AH01276:无法提供目录/app/:否找到匹配的 DirectoryIndex (index.php,index.html,index.htm),以及选项指令禁止服务器生成的目录索引
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
遵循 关于如何部署到 Heroku 的 Symfony 文档教程,我已经创建了我的 .procfile 并放入了:
Following the tutorial on the Symfony Documentation about how to deploy to Heroku, I've created my .procfile and into I've put:
web: bin/heroku-php-apache2 web/
我还删除了 DemoBundle,现在我的根 URL 以这种方式在 DefaultController 中配置:
I've also removed the DemoBundle, and now my root URL is configured in the DefaultController in this way:
<?php
// AppBundleControllerDefaultController.php
namespace AppBundleController;
use SensioBundleFrameworkExtraBundleConfigurationRoute;
use SymfonyBundleFrameworkBundleControllerController;
class DefaultController extends Controller
{
/**
* @Route("/", name="Homepage")
*/
public function indexAction()
{
return $this->render('default/index.html.twig');
}
}
我认为,最终,我的 .htaccess 存在一些问题,即 Symfony 标准版附带的那个:
I think, in the end, there are some problems with my .htaccess, that is the one shipped with Symfony Standard Edition:
# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex app.php
<IfModule mod_rewrite.c>
RewriteEngine On
# Determine the RewriteBase automatically and set it as environment variable.
# If you are using Apache aliases to do mass virtual hosting or installed the
# project in a subdirectory, the base path will be prepended to allow proper
# resolution of the app.php file and to redirect to the correct URI. It will
# work in environments without path prefix as well, providing a safe, one-size
# fits all solution. But as you do not need it in this case, you can comment
# the following 2 lines to eliminate the overhead.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::2$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by apache
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect to URI without front controller to prevent duplicate content
# (with and without `/app.php`). Only do this redirect on the initial
# rewrite by Apache and not on subsequent cycles. Otherwise we would get an
# endless redirect loop (request -> rewrite to front controller ->
# redirect -> request -> ...).
# So in case you get a "too many redirects" error or you always get redirected
# to the start page because your Apache does not expose the REDIRECT_STATUS
# environment variable, you have 2 choices:
# - disable this feature by commenting the following 2 lines or
# - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
# following RewriteCond (best solution)
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^app.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L]
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .? - [L]
# Rewrite all other queries to the front controller.
RewriteRule .? %{ENV:BASE}/app.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the start page to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 302 ^/$ /app.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
我的应用程序的另一部分可能是这个问题的原因:security.yml,目前是这样的:
Another part of my App could be the cause of this issue: security.yml, that currently is this:
# you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
FOSUserBundleModelUserInterface: sha512
# http://symfony.com/doc/current/cookbook/security/acl.html#bootstrapping
acl:
connection: default
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: ROLE_USER
# ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
logout: true
anonymous: true
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/cookbook/security/access_control.html
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
但是,访问 http://my-app.herokuapp.com/login(这似乎是向世界开放"),无论如何我都会收到一个漂亮的 404 错误:
But, accessing http:// my-app.herokuapp.com/login (that seems to be "open to the world"), I receive anyway a beautiful 404 error:
未找到
在此服务器上找不到请求的 URL/login.
The requested URL /login was not found on this server.
那么,这可能是什么问题?哪个设置阻止我在 Heroku 上访问我的 Symfony 应用程序?
推荐答案
这是不可能的.3个多小时才找到解决办法.我在这里发布的所有代码中都找不到一个解决方案.
It is not possible. more than 3 hours to find a solution. A solution that could not be found in all the code I posted here.
一个真正、简单、愚蠢的小解决方案:procfile 名称.你注意到了吗?我都是用小写字母写的.
A really, simple, stupid, small solution: the procfile name.
Are you noticing? I'm writing it all in lowercase letters.
解决方案?Procfile,首字母大写.
The solution? Procfile, with the first letter in uppercase.
太糟糕了,但我的应用程序终于启动并运行了!:D
It was an hell, but finally I have my app up and running! :D
这篇关于Heroku 上的 Symfony:403 Forbidden 您无权访问/在此服务器上的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
