Apache – 允许访问全球别名目录,而无需身份validation

我有一个虚拟主机,它有一些像这样configuration访问限制:

<Location "/"> AuthType Basic AuthName "Restricted Content" AuthUserFile /var/www/domain/htdocs/.htpasswd Require valid-user </Location> 

除此之外,我还有以下conf文件:

 Alias /.well-known/acme-challenge/ "/var/www/letsencrypt/" <Location /.well-known/acme-challenge/> # Security Options Options None AllowOverride None ForceType text/plain RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)" # Do not redirect to https or perform other rewrites RewriteEngine off </Location> 

我需要/.well-known/acme-challenge/才能无需授权即可访问。

我已经尝试添加不同的Require all granted我的conf文件,但无济于事。

我如何使/.well-known/acme-challenge/无需身份validation访问所有的虚拟主机? (我不想修改任何虚拟主机,这个虚拟主机就是一个例子)。

从服务器上下文中的虚拟主机上下文中覆盖<Location />语句是不可能的。 从apache文档 :

<VirtualHost>部分内的部分应用在虚拟主机定义之外的相应部分之后。 这允许虚拟主机覆盖主服务器configuration。

合并顺序是(上次合并组获胜):

  1. <Directory> (正则expression式除外)和.htaccess同时完成(使用.htaccess,如果允许,覆盖<Directory>
  2. <DirectoryMatch> (和<Directory "~">
  3. 同时完成<Files><FilesMatch>
  4. <Location><LocationMatch>同时完成
  5. <If>

除了<Directory> ,每个组按照出现在configuration文件中的顺序进行处理。

<VirtualHost><If> <VirtualHost>是不允许的,所以<Location>是最后的合并。

如果您只在https虚拟主机中提供站点(由于身份validation,这是合理的),您可以执行以下操作(不会影响您的https虚拟主机):

Apache v2.2

 <VirtualHost *:80> ServerName example.com Include letsencrypt-well-known.conf RedirectMatch permanent ^(?!/\.well-known/acme-challenge/)(.*) "https://example.com$1" </VirtualHost> <VirtualHost *:443> ServerName example.com DocumentRoot /var/www/html <Location "/"> AuthType Basic AuthName "Restricted Content" AuthUserFile /var/www/domain/htdocs/.htpasswd Require valid-user </Location> ... </VirtualHost> 

letsencrypt-well-known.conf

 <IfModule mod_proxy.c> ProxyPass /.well-known ! </IfModule> Alias /.well-known/ /var/www/html/.well-known/ <Location /.well-known/acme-challenge> Options None Require all granted </Location> 

Apache v2.4

 <Macro RedirectTo $protocol $domain> <If "'${well_known_enabled}' == 'On' && %{REQUEST_URI} =~ m#^/\.well-known(/|$)#"> # Do nothing </If> <ElseIf "tolower(req('Host')) != '$domain' || tolower(%{REQUEST_SCHEME}) != '$protocol'"> Redirect permanent / $protocol://$domain/ </ElseIf> </Macro> <VirtualHost *:80> ServerName example.com Include letsencrypt-well-known.conf RedirectTo https example.com </VirtualHost> <VirtualHost *:443> ServerName example.com DocumentRoot /var/www/html <Location "/"> AuthType Basic AuthName "Restricted Content" AuthUserFile /var/www/domain/htdocs/.htpasswd Require valid-user </Location> ... </VirtualHost> 

letsencrypt-well-known.conf

 <IfModule mod_proxy.c> ProxyPass /.well-known ! </IfModule> Define well_known_enabled On Define well_known_root "/var/www/html" Alias /.well-known/ "${well_known_root}/.well-known/ <Directory "${well_known_root}/.well-known"> Options None AllowOverride None Require all granted </Directory> <Location /.well-known/acme-challenge> Options None Require all granted </Location> 

在Apache 2.4中,您可以将一个Require expr语句添加到第一个位置块并评估请求URI,如下所示:

 Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*# 

或沿着这条线(语法没有实际testing)。 奇怪的m#语法是正则expression式能够在string中使用的替代forms。

expr文档: https : //httpd.apache.org/docs/2.4/expr.html