Heroku 上的 Symfony:403 Forbidden 您无权访问此服务器上的 /
Symfony on Heroku: 403 Forbidden You don't have permission to access / on this server
我已成功将我的 Symfony 2 应用程序部署到 Heroku,但现在,当我尝试访问它时,我收到以下 403 错误:
Forbidden
You don't have permission to access / on this server.
这是来自 Heroku 的日志:
2015-07-29T14:31:41.827491+00:00 heroku[router]: at=info method=GET path="/" host=my-app.herokuapp.com request_id=557a70f4-ea11-4519-b8df-301b714f6ffa fwd="151.77.103.253" dyno=web.1 connect=0ms service=1ms status=403 bytes=387
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
2015-07-29T14:31:41.829009+00:00 app[web.1]: 10.100.0.139 - - [29/Jul/2015:14:31:41 +0000] "GET / HTTP/1.1" 403 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36
似乎 Symfony(或 Heroku?)正在尝试提供目录 /app/ 但我认为这是不正确的,从日志中可以看出:
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29
14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784]
[client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No
matching DirectoryIndex (index.php,index.html,index.htm) found, and
server-generated directory index forbidden by Options directive
在 tutorial on the Symfony Documentation about how to deploy to Heroku 之后,我创建了我的 .procfile 并放入了:
web: bin/heroku-php-apache2 web/
我也删除了 DemoBundle,现在我的根 URL 在 DefaultController 中配置为这样:
<?php
// \AppBundle\Controller\DefaultController.php
namespace AppBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
class DefaultController extends Controller
{
/**
* @Route("/", name="Homepage")
*/
public function indexAction()
{
return $this->render('default/index.html.twig');
}
}
我认为,最后,我的 .htaccess 存在一些问题,即 Symfony 标准版附带的那个:
# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex app.php
<IfModule mod_rewrite.c>
RewriteEngine On
# Determine the RewriteBase automatically and set it as environment variable.
# If you are using Apache aliases to do mass virtual hosting or installed the
# project in a subdirectory, the base path will be prepended to allow proper
# resolution of the app.php file and to redirect to the correct URI. It will
# work in environments without path prefix as well, providing a safe, one-size
# fits all solution. But as you do not need it in this case, you can comment
# the following 2 lines to eliminate the overhead.
RewriteCond %{REQUEST_URI}:: ^(/.+)/(.*)::$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by apache
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect to URI without front controller to prevent duplicate content
# (with and without `/app.php`). Only do this redirect on the initial
# rewrite by Apache and not on subsequent cycles. Otherwise we would get an
# endless redirect loop (request -> rewrite to front controller ->
# redirect -> request -> ...).
# So in case you get a "too many redirects" error or you always get redirected
# to the start page because your Apache does not expose the REDIRECT_STATUS
# environment variable, you have 2 choices:
# - disable this feature by commenting the following 2 lines or
# - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
# following RewriteCond (best solution)
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^app\.php(/(.*)|$) %{ENV:BASE}/ [R=301,L]
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .? - [L]
# Rewrite all other queries to the front controller.
RewriteRule .? %{ENV:BASE}/app.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the start page to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 302 ^/$ /app.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
我的应用程序的另一部分可能是导致此问题的原因:security.yml,目前是这样的:
# you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
FOS\UserBundle\Model\UserInterface: sha512
# http://symfony.com/doc/current/cookbook/security/acl.html#bootstrapping
acl:
connection: default
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: ROLE_USER
# ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
logout: true
anonymous: true
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/cookbook/security/access_control.html
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
但是,访问 http:// my-app.herokuapp.com/login(似乎是 "open to the world"),无论如何我都会收到一个漂亮的 404 错误:
Not Found
The requested URL /login was not found on this server.
那么,可能是哪个问题?哪个设置阻止我在 Heroku 上访问我的 Symfony 应用程序?
这是不可能的。 3个多小时才找到解决办法。
我在这里发布的所有代码中都找不到的解决方案。
一个真正、简单、愚蠢的小解决方案:procfile 名称。
你注意到了吗?我都是用小写字母写的。
解决办法? Procfile,首字母大写。
真是太糟糕了,但我终于启动了我的应用程序 运行! :D
如果有人仍然遇到这个问题,您可以尝试在 Procfile 中用单引号替换双引号
例子
"web: vendor/bin/heroku-php-apache2 public/"
应该是
'web: vendor/bin/heroku-php-apache2 public/'
最简单的方法是键入不带引号的行。
例如
web: vendor/bin/heroku-php-apache2 public/
部署时检查此通知:
注意:没有 Procfile,使用 'web: heroku-php-apache2'。
对我来说,直接在Heroku云设置中写web:heroku-php-apache2public/后就没什么区别了。
然后我发现这个 solution 并且有效。
If you are not on the local master branch while deploying the code to
Heroku, you will end up with errors. You need to push to Heroku
master while you are on your local master branch. This is the default
setup.
换句话说,新的 docroot 只能从 Procfile 设置,部署应该从本地 master 分支推送。
我已成功将我的 Symfony 2 应用程序部署到 Heroku,但现在,当我尝试访问它时,我收到以下 403 错误:
Forbidden
You don't have permission to access / on this server.
这是来自 Heroku 的日志:
2015-07-29T14:31:41.827491+00:00 heroku[router]: at=info method=GET path="/" host=my-app.herokuapp.com request_id=557a70f4-ea11-4519-b8df-301b714f6ffa fwd="151.77.103.253" dyno=web.1 connect=0ms service=1ms status=403 bytes=387
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
2015-07-29T14:31:41.829009+00:00 app[web.1]: 10.100.0.139 - - [29/Jul/2015:14:31:41 +0000] "GET / HTTP/1.1" 403 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36
似乎 Symfony(或 Heroku?)正在尝试提供目录 /app/ 但我认为这是不正确的,从日志中可以看出:
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
在 tutorial on the Symfony Documentation about how to deploy to Heroku 之后,我创建了我的 .procfile 并放入了:
web: bin/heroku-php-apache2 web/
我也删除了 DemoBundle,现在我的根 URL 在 DefaultController 中配置为这样:
<?php
// \AppBundle\Controller\DefaultController.php
namespace AppBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
class DefaultController extends Controller
{
/**
* @Route("/", name="Homepage")
*/
public function indexAction()
{
return $this->render('default/index.html.twig');
}
}
我认为,最后,我的 .htaccess 存在一些问题,即 Symfony 标准版附带的那个:
# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex app.php
<IfModule mod_rewrite.c>
RewriteEngine On
# Determine the RewriteBase automatically and set it as environment variable.
# If you are using Apache aliases to do mass virtual hosting or installed the
# project in a subdirectory, the base path will be prepended to allow proper
# resolution of the app.php file and to redirect to the correct URI. It will
# work in environments without path prefix as well, providing a safe, one-size
# fits all solution. But as you do not need it in this case, you can comment
# the following 2 lines to eliminate the overhead.
RewriteCond %{REQUEST_URI}:: ^(/.+)/(.*)::$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by apache
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect to URI without front controller to prevent duplicate content
# (with and without `/app.php`). Only do this redirect on the initial
# rewrite by Apache and not on subsequent cycles. Otherwise we would get an
# endless redirect loop (request -> rewrite to front controller ->
# redirect -> request -> ...).
# So in case you get a "too many redirects" error or you always get redirected
# to the start page because your Apache does not expose the REDIRECT_STATUS
# environment variable, you have 2 choices:
# - disable this feature by commenting the following 2 lines or
# - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
# following RewriteCond (best solution)
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^app\.php(/(.*)|$) %{ENV:BASE}/ [R=301,L]
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .? - [L]
# Rewrite all other queries to the front controller.
RewriteRule .? %{ENV:BASE}/app.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the start page to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 302 ^/$ /app.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
我的应用程序的另一部分可能是导致此问题的原因:security.yml,目前是这样的:
# you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
FOS\UserBundle\Model\UserInterface: sha512
# http://symfony.com/doc/current/cookbook/security/acl.html#bootstrapping
acl:
connection: default
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: ROLE_USER
# ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
logout: true
anonymous: true
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/cookbook/security/access_control.html
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
但是,访问 http:// my-app.herokuapp.com/login(似乎是 "open to the world"),无论如何我都会收到一个漂亮的 404 错误:
Not Found
The requested URL /login was not found on this server.
那么,可能是哪个问题?哪个设置阻止我在 Heroku 上访问我的 Symfony 应用程序?
这是不可能的。 3个多小时才找到解决办法。 我在这里发布的所有代码中都找不到的解决方案。
一个真正、简单、愚蠢的小解决方案:procfile 名称。
你注意到了吗?我都是用小写字母写的。
解决办法? Procfile,首字母大写。
真是太糟糕了,但我终于启动了我的应用程序 运行! :D
如果有人仍然遇到这个问题,您可以尝试在 Procfile 中用单引号替换双引号
例子
"web: vendor/bin/heroku-php-apache2 public/"
应该是
'web: vendor/bin/heroku-php-apache2 public/'
最简单的方法是键入不带引号的行。
例如
web: vendor/bin/heroku-php-apache2 public/
部署时检查此通知: 注意:没有 Procfile,使用 'web: heroku-php-apache2'。 对我来说,直接在Heroku云设置中写web:heroku-php-apache2public/后就没什么区别了。 然后我发现这个 solution 并且有效。
If you are not on the local master branch while deploying the code to Heroku, you will end up with errors. You need to push to Heroku master while you are on your local master branch. This is the default setup.
换句话说,新的 docroot 只能从 Procfile 设置,部署应该从本地 master 分支推送。