apache - Artifactory 403 匿名访问

Question

我正在使用 ajp 在 Apache(无身份验证)后面运行 Artifactory 3.9.2。 UI 工作正常，但是当我尝试访问此存储库中的 Artifactory 或列出目录 (http://ziath.com/artifactory/libs-release/) 时，我得到 403 返回。 000-默认文件如下:

    DocumentRoot /var/www

    ProxyPreserveHost on
    ProxyPass  /xxx ajp://127.0.0.1:8009/xxx
    ProxyPassReverse /xxx ajp://127.0.0.1:8009/xxx

    ProxyPass /yyy ajp://127.0.0.1:8009/yyy
    ProxyPassReverse /yyy ajp://127.0.0.1:8009/yyy

    ProxyPass /zzz ajp://127.0.0.1:8009/zzz
    ProxyPassReverse /zzz ajp://127.0.0.1:8009/zzz

    ProxyPass /artifactory ajp://127.0.0.1:8009/artifactory
    ProxyPassReverse /artifactory ajp://127.0.0.1:8009/artifactory
    ProxyPassReverseCookiePath /artifactory /repository

    <Directory />
            Options FollowSymLinks
            AllowOverride None
    </Directory>
    <Directory /var/www/>
            Options -Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

x/y/z 线是其他正常通过的应用程序。查看日志，我可以看到 Apache 请求进入，但我能看到的唯一人工日志条目在 request.log 中:

20170626192333|262|REQUEST|217.33.228.150|anonymous|GET|/libs-release/|HTTP/1.0|
200|0

有趣的是，当我输入“坏的； repo ( http://ziath.com/artifactory/libs-releasexx/ ) 我收到回复:

{
  "errors" : [ {
    "status" : 404,
    "message" : "/artifactory/libs-releasexx/"
  } ]
}

日志消息也出现在 artifactory.log 中:

2017-06-26 19:21:54,726 [TP-Processor7] [WARN ] (o.a.w.s.RequestUtils:132) - Request /libs-releasexx/ should be a repo request and does not match any repo key

所以看起来 artifactory 确实正在接受请求，但随后返回 403，尽管我找不到超过 request.log 条目的任何日志。

不用多说；现在是 20:30，我被困住了 - 请问有人对我有什么建议吗？

顺便说一句；我尝试了 Artifactory 5.1.4，但我需要在我自己的 tomcat 实例中运行(不是专用于 artifactory 的实例)，当我尝试 5.1.4 时，它反复说它无法连接到 derby 实例 - 即使我尝试过进行全新安装。

谢谢；提前寻求您的帮助。

• 附录 - 根据建议，我去了本地邮箱并使用 curl 获取详细信息；命令

  curl -vv http://localhost:8080/artifactory/libs-release

给出响应

* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /artifactory/libs-release HTTP/1.1
> User-Agent: curl/7.26.0
> Host: localhost:8080
> Accept: */*
>
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 302 Found
< Server: Artifactory/3.9.2
< X-Artifactory-Id: 0e44c1983dacd590:4572b75b:15ce5fb3a3f:-8000
< Location: http://localhost:8080/artifactory/libs-release/
< Content-Length: 0
< Date: Fri, 30 Jun 2017 13:25:06 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0

我们知道 curl 有效，因为如果您输入错误的存储库地址，您会得到:

curl -vv http://localhost:8080/artifactory/libs-releasexx

返回

* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /artifactory/libs-releasexx HTTP/1.1
> User-Agent: curl/7.26.0
> Host: localhost:8080
> Accept: */*
>
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 404 Not Found
< Server: Artifactory/3.9.2
< X-Artifactory-Id: 0e44c1983dacd590:4572b75b:15ce5fb3a3f:-8000
< Content-Type: application/json
< Content-Length: 92
< Date: Fri, 30 Jun 2017 13:26:29 GMT
<
{
  "errors" : [ {
    "status" : 404,
    "message" : "/artifactory/libs-releasexx"
  } ]
* Connection #0 to host localhost left intact
}* Closing connection #0

如果我们按“目录”而不是存储库名称搜索，我们会得到:

curl -vv http://localhost:8080/artifactory/libs-release/

返回

* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /artifactory/libs-release/ HTTP/1.1
> User-Agent: curl/7.26.0
> Host: localhost:8080
> Accept: */*
>
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Server: Artifactory/3.9.2
< X-Artifactory-Id: 0e44c1983dacd590:4572b75b:15ce5fb3a3f:-8000
< Set-Cookie: JSESSIONID=94DCD54787E6A1A928B7B0C08C66EA8D; Path=/artifactory
< Date: Fri, 30 Jun 2017 13:27:27 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store
< Content-Type: text/html;charset=UTF-8
< Transfer-Encoding: chunked
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of libs-release/</title>
</head>
<body>
<h1>Index of libs-release/</h1>
<pre>Name  Last modified      Size</pre>
<hr/>
<pre><a href="com/">com/</a>   05-Oct-2016 12:27    -
</pre>
<hr/>
<address style="font-size:small;">Artifactory/3.9.2 Server at localhost Port 8080</address>
</body>
</html>
* Connection #0 to host localhost left intact
* Closing connection #0

有趣的是，这似乎给出了 repos 的索引，但是当它通过 apache 运行时，我们得到:

禁止

您无权访问此服务器上的/artifactory/libs-release/。

因此我们在 apache 上得到的响应与 artifactory 上的响应不同。

干杯，

尼尔

Answer 1

最后放弃了 - 买了一个新盒子并从头开始安装