Heroku 上的 Symfony：403 Forbidden 您无权访问此服务器上的 /

Posted 2023-03-31

【中文标题】Heroku 上的 Symfony：403 Forbidden 您无权访问此服务器上的 /

【英文标题】：Symfony on Heroku: 403 Forbidden You don't have permission to access / on this server

【发布时间】：2015-10-20 15:29:31

【问题描述】：

我已成功将我的 Symfony 2 应用程序部署到 Heroku，但现在，当我尝试访问它时，收到以下 403 错误：

禁止

您无权访问此服务器上的 /。

这是 Heroku 的日志：

2015-07-29T14:31:41.827491+00:00 heroku[router]: at=info method=GET path="/" host=my-app.herokuapp.com request_id=557a70f4-ea11-4519-b8df-301b714f6ffa fwd="151.77.103.253" dyno=web.1 connect=0ms service=1ms status=403 bytes=387
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
2015-07-29T14:31:41.829009+00:00 app[web.1]: 10.100.0.139 - - [29/Jul/2015:14:31:41 +0000] "GET / HTTP/1.1" 403 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36

似乎 Symfony（或 Heroku？）正在尝试为目录 /app/ 提供服务，但我认为这是不正确的，从日志来看：

2015-07-29T14:31:41.828428+00:00 app[web.1]: [7 月 29 日星期三 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [客户端 10.100.0.139:16096] AH01276：无法提供目录 /app/：否 找到匹配的 DirectoryIndex (index.php,index.html,index.htm)，并且 选项指令禁止服务器生成的目录索引

在tutorial on the Symfony Documentation about how to deploy to Heroku 之后，我创建了我的.procfile 并放入：

web: bin/heroku-php-apache2 web/

我也把DemoBundle去掉了，现在我的根URL在DefaultController中是这样配置的：

<?php

// \AppBundle\Controller\DefaultController.php

namespace AppBundle\Controller;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;

class DefaultController extends Controller

    /**
     * @Route("/", name="Homepage")
     */
    public function indexAction()
    
        return $this->render('default/index.html.twig');
    

我认为，最后，我的.htaccess 存在一些问题，即 Symfony 标准版附带的那个：

# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex app.php

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Determine the RewriteBase automatically and set it as environment variable.
    # If you are using Apache aliases to do mass virtual hosting or installed the
    # project in a subdirectory, the base path will be prepended to allow proper
    # resolution of the app.php file and to redirect to the correct URI. It will
    # work in environments without path prefix as well, providing a safe, one-size
    # fits all solution. But as you do not need it in this case, you can comment
    # the following 2 lines to eliminate the overhead.
    RewriteCond %REQUEST_URI::$1 ^(/.+)/(.*)::\2$
    RewriteRule ^(.*) - [E=BASE:%1]

    # Sets the HTTP_AUTHORIZATION header removed by apache
    RewriteCond %HTTP:Authorization .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%HTTP:Authorization]

    # Redirect to URI without front controller to prevent duplicate content
    # (with and without `/app.php`). Only do this redirect on the initial
    # rewrite by Apache and not on subsequent cycles. Otherwise we would get an
    # endless redirect loop (request -> rewrite to front controller ->
    # redirect -> request -> ...).
    # So in case you get a "too many redirects" error or you always get redirected
    # to the start page because your Apache does not expose the REDIRECT_STATUS
    # environment variable, you have 2 choices:
    # - disable this feature by commenting the following 2 lines or
    # - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
    #   following RewriteCond (best solution)
    RewriteCond %ENV:REDIRECT_STATUS ^$
    RewriteRule ^app\.php(/(.*)|$) %ENV:BASE/$2 [R=301,L]

    # If the requested filename exists, simply serve it.
    # We only want to let Apache serve files and not directories.
    RewriteCond %REQUEST_FILENAME -f
    RewriteRule .? - [L]

    # Rewrite all other queries to the front controller.
    RewriteRule .? %ENV:BASE/app.php [L]
</IfModule>

<IfModule !mod_rewrite.c>
    <IfModule mod_alias.c>
        # When mod_rewrite is not available, we instruct a temporary redirect of
        # the start page to the front controller explicitly so that the website
        # and the generated links can still be used.
        RedirectMatch 302 ^/$ /app.php/
        # RedirectTemp cannot be used instead
    </IfModule>
</IfModule>

我的应用程序的另一部分可能是导致此问题的原因：security.yml，目前是这样的：

# you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

# http://symfony.com/doc/current/cookbook/security/acl.html#bootstrapping
acl:
    connection: default

# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    # ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
    ROLE_SUPER_ADMIN: ROLE_ADMIN

# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: security.csrf.token_manager
        logout:    true
        anonymous: true

    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/cookbook/security/access_control.html
access_control:
    #-  path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https 
    -  path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY 
    -  path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY 
    -  path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY 

但是，访问http:// my-app.herokuapp.com/login（这似乎是“向世界开放”），无论如何我都会收到一个漂亮的 404 错误：

找不到

在此服务器上找不到请求的 URL /login。

那么，这可能是问题所在？哪个设置阻止我访问 Heroku 上的 Symfony 应用？

【参考方案1】：

这是不可能的。 3个多小时才找到解决办法。 在我在这里发布的所有代码中都找不到的解决方案。

一个真正、简单、愚蠢、小的解决方案：procfile 名称。 你注意到了吗？我都是用小写字母写的。

解决方案？ Procfile，首字母大写。

这是一个地狱，但最终我的应用程序启动并运行了！ :D

【讨论】：

所以我在同一个地方发疯了，因为我试图找到解决方案已经超过 11 个小时，我的个人资料名称是正确的，但我仍然遇到同样的错误。如果你能告诉我我是否遗漏了什么，我将非常感激***.com/questions/41150864/…

【参考方案2】：

最简单的方法是键入不带引号的行。

举例

web: vendor/bin/heroku-php-apache2 public/

【参考方案3】：

如果有人仍然遇到此问题，您可以尝试在 Procfile 中将双引号替换为单引号

例子

"web: vendor/bin/heroku-php-apache2 public/"

应该是

'web: vendor/bin/heroku-php-apache2 public/'

【参考方案4】：

部署时检查此通知： 注意：没有 Procfile，使用 'web: heroku-php-apache2'。 对我来说，直接在 Heroku 云设置中编写 web:heroku-php-apache2 public/ 后没有区别。 然后我找到了这个solution，它可以工作。

如果您在部署代码时不在本地 master 分支上 Heroku，你最终会出错。你需要推送到 Heroku 当您在本地主分支上时掌握。这是默认设置 设置。

换句话说，只能从 Procfile 设置新的 docroot，并且应该从本地 ma​​ster 分支推送部署。

【讨论】：

请在这里也回答这个问题，因为有时网站会脱机或链接失效，访问者将无法处理失效链接