設定過無數次的reverse proxy, 沒想到在centos上踢鐵板. 來說說這次設定的過程..
由於之前事先安裝了apache 2.4.6, 本以為和之前版本及windows版一樣, 只要設定檔設好就好了. 沒想到惡夢連連, 浪費了我許多時間.
依據文件, 只要把proxy and proxy_html module loadmodule load進來, 並設定好就可以了. 所以就像之前版本及做法一樣, 以為所有modules應該存在modules目錄下, 沒多想設定好後開始測試..結果完全不work.. 也看不到錯誤訊息(以前啟動時, 有問題會在error log log 中看到相關訊息, 這次完全找不到.. 可以還給我以前單純的作業模式..不想要另一個windows..一堆黑箱, 超難debug .
後來看到一篇文章, 提及要先install proxy_html_module, 這一驚才去看modules下是否存在該module, 終於找到問題了, module不存在...
# yum install mod_proxy_html
.......
modules 下終於找到mod_proxy_html.so
為何會花這麼多時間才發現問題? 因為被系統誤導了..
在cond.modules.d的目錄下有兩個檔案, 00-proxy.conf and 00-proxyhtml.conf, 從兩個檔案的內容來看, 00-proxy.conf是設定loading proxy相關modules, 而00-proxyhtml.conf主要loading proxy_html_mod, 看到這個設定檔, 會想到module不存在嗎? 後來install mod_proxy_html, 竟然在00-proxy.conf中也出現了一行loading mod_proxy_html.so.....這不是搞笑嗎? centos你要嘛就做好, 不要只做一半, 還出現衝突狀況.
唉總算設定好了, 就來測一下.....失敗. 怎麼會呢? 調整下設定還是沒用...
此時想起error log可能有資訊....發現了
[error] (13)Permission denied: proxy: HTTP: attempt to connect to 192.168.1.1:8080 faile
上網找了一下很怪有答案..
By default, SELinux prevents Apache from initiating outbound connections, so it is unable to proxy requests to Bitbucket Server.
Resolution
Run the following command on the server to allow apache to make outbound connections.
/usr/sbin/setsebool -P httpd_can_network_connect 1
又是SELinux 惹的禍....看來用SELinux 很多地方都有雷..
2019年6月25日 星期二
2018年11月29日 星期四
Add, remove, edit, backup, restore Stored User Names and Passwords in Windows 10
rundll32.exe keymgr.dll,KRShowKeyMgr
2018年11月27日 星期二
2018年11月16日 星期五
Mount Google Cloud Storage in Linux
How to mount cloud storage (bucket)
If not in GCP, Setting Up Authentication for Server to Server Production Applications
Refer to https://cloud.google.com/docs/authentication/production#auth-cloud-app-engine-python
1. Generate service account credentials (a json file)
2. Set GOOGLE_APPLICATION_CREDENTIALS environment variable
# export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
Install FUSE
1. Configure the gcsfuse using yum repo:
# vi /etc/yum.repos.d/gcsfuse.repo
[gcsfuse]
name=gcsfuse (packages.cloud.google.com)
baseurl=https://packages.cloud.google.com/yum/repos/gcsfuse-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
2. Install gcsfuse:
# yum install gcsfuse
3. To mount a bucket using gcsfuse over an existing directory /path/to/mount, invoke it like this:
# gcsfuse my-bucket /path/to/mount
or
# gcsfuse --implicit-dirs my-bucket /path/to/mount
Umount ----
# fusermount -u /path/to/mount
If not in GCP, Setting Up Authentication for Server to Server Production Applications
Refer to https://cloud.google.com/docs/authentication/production#auth-cloud-app-engine-python
1. Generate service account credentials (a json file)
2. Set GOOGLE_APPLICATION_CREDENTIALS environment variable
# export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
Install FUSE
1. Configure the gcsfuse using yum repo:
# vi /etc/yum.repos.d/gcsfuse.repo
[gcsfuse]
name=gcsfuse (packages.cloud.google.com)
baseurl=https://packages.cloud.google.com/yum/repos/gcsfuse-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
2. Install gcsfuse:
# yum install gcsfuse
3. To mount a bucket using gcsfuse over an existing directory /path/to/mount, invoke it like this:
# gcsfuse my-bucket /path/to/mount
or
# gcsfuse --implicit-dirs my-bucket /path/to/mount
Umount ----
# fusermount -u /path/to/mount
2018年1月15日 星期一
如何以系統(SYSTEM)帳號MAP網路磁碟機
1. 先下載pstools
2. 執行pstools中的psexec如下:
psexec -i -s cmd.exe
.......
此時會開啟cmd的command window. 此時echo %USERNAME%則會出現主機名稱而不是登入者名稱
3. 在新視窗中以 net use X: \\xxxxx\share_name /User:user_name password
mappping network device
2. 執行pstools中的psexec如下:
psexec -i -s cmd.exe
.......
此時會開啟cmd的command window. 此時echo %USERNAME%則會出現主機名稱而不是登入者名稱
3. 在新視窗中以 net use X: \\xxxxx\share_name /User:user_name password
mappping network device
2016年9月13日 星期二
Apache says DocumentRoot doesn't exist when it does or permission denied
Here's a tutorial approach to the SELinux case:
Find out if SELinux is active:
If SELinux is not actively messing with the resource,
Yes, I learned the hard way tonight.
Find out if SELinux is active:
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
/var/www/html, but we want it somewhere else like /path/to/document/root.If SELinux is not actively messing with the resource,
ls -dZ on the directory will show something like:$ ls -dZ /path/to/document/root
? /path/to/document/root/
ls -dZ looks more like:$ ls -dZ /path/to/document/root
drwxrws--x+ cfgadm cfgadmin system_u:object_r:file_t:s0 /path/to/documentroot
$ ls -dZ /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html
_r and _t relate to -r (--role and -t (--type) arguments to chcon. Here is a cut-down man page:NAME
chcon - change file security context
SYNOPSIS
chcon [OPTION]... CONTEXT FILE...
chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...
chcon [OPTION]... --reference=RFILE FILE...
DESCRIPTION
Change the security context of each FILE to CONTEXT. With --reference,
change the security context of each FILE to that of RFILE.
--reference=RFILE
use RFILE's security context rather than specifying a CONTEXT value
-R, --recursive
operate on files and directories recursively
$ sudo chcon -R -t httpd_sys_content_t /path/to/document/root
$ sudo chcon -R -t httpd_sys_content_t /path/to/document
$ sudo chcon -R -t httpd_sys_content_t /path/to
$ sudo chcon -R -t httpd_sys_content_t /path
Yes, I learned the hard way tonight.
2014年9月5日 星期五
Apache Server新增資料目錄程序
於apache http server 新增一個資料目錄步驟
1. 建立目錄如
# mkdir /home/backup
2. 設定目錄權限,必須是執行apache的帳號可以讀取
3. 若為SELinux系列OS,則需執行
# chcon -R --reference=/var/www /home/backupStore
4. 修改設定檔 httpd.conf
1. 建立目錄如
# mkdir /home/backup
2. 設定目錄權限,必須是執行apache的帳號可以讀取
3. 若為SELinux系列OS,則需執行
# chcon -R --reference=/var/www /home/backupStore
4. 修改設定檔 httpd.conf
訂閱:
文章 (Atom)