We Keep Coding

Docker HTTPD running, but the website is not accessible

I have created a container from httpd docker image via Dockerfile:
FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/
The public-html file contains just a simple html file:
# cat public-html/index.html
<html>
<body>
Simple Page
</body>
</html>
Then I created the container:
# docker build -t apachehttpd .
And started:
docker run -dit -p 8080:80 apachehttpd
The container is up and running:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0912f4f7d1a8 apachehttpd "httpd-foreground" 19 hours ago Up 19 hours 0.0.0.0:8080->80/tcp keen_almeida
Netstat says that it's really listening:
tcp6 0 0 :::8080 :::* LISTEN
However the website is not reachable via browser nor cURL. But with telnet I am able to connect to the socket, but with GET it returns "Bad Request":
# curl -v telnet://localhost:8080
* About to connect() to localhost port 8080 (#0)
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
GET /
HTTP/1.1 400 Bad Request
Date: Sat, 17 Mar 2018 19:28:45 GMT
Server: Apache/2.4.29 (Unix)
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
* Closing connection 0
And I can see my requests in logs:
# docker logs 0912f4f7d1a8
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sat Mar 17 00:32:09.681368 2018] [mpm_event:notice] [pid 1:tid 139650427893632] AH00489: Apache/2.4.29 (Unix) configured -- resuming normal operations
[Sat Mar 17 00:32:09.681422 2018] [core:notice] [pid 1:tid 139650427893632] AH00094: Command line: 'httpd -D FOREGROUND'
172.17.0.1 - - [17/Mar/2018:18:52:41 +0000] "GET /" 400 226
172.17.0.1 - - [17/Mar/2018:19:21:56 +0000] "GET /index.html" 400 226
172.17.0.1 - - [17/Mar/2018:19:28:45 +0000] "GET /" 400 226
Could you please support me, why the page is not accessible via browser?

The only thing you missing is to create the user and set permissions. due to not any permission cause to kill container and through error.
Here is my docker file with little modification.
FROM httpd:2.4
COPY index.html /usr/local/apache2/htdocs/index.html
RUN mkdir -p /run/apache2/ && \
chown www-data:www-data /run/apache2/ && \
chmod 777 /run/apache2/
EXPOSE 80 443
my index.html
<html>
<h1>
Welcome to docker :)
</h1>
</html>
And here wo go :)

1) Open Kinematic and go check whether container is ruining or not .
2) Click on highlighted arrow it will open link in new browser .

I tried everything of this answer Permission issues with Apache inside Docker unlucky
Just this worked for me:
RUN chown www-data:www-data /usr/local/apache2/htdocs/ -R
Here my complete Dockerfile
FROM httpd:2.4
WORKDIR /usr/local/apache2/htdocs/
RUN chmod -R 755 /usr/local/apache2/htdocs/
COPY ./index.html /usr/local/apache2/htdocs/
RUN chown www-data:www-data /usr/local/apache2/htdocs/ -R
If don't work, put the chmod sentence inside of container using the ENTRYPOINT ["entrypoint.sh"]

Perl+Apache+Postgre SQL on CentOS 7 [duplicate]

This question already has answers here:
How can I troubleshoot my Perl CGI script?
(8 answers)
Unable to connect to Postgres via PHP but can connect from command line and PgAdmin on different machine
(1 answer)
Closed 5 years ago.
I have to configure Apache + Perl + PostgreSQL on CentOS 7 which kernel's version is 3.10.0-514.el7.x86-64.
Because the server I have to configure is separated from WAN, I downloaded Everything ISO image.
First, I installed CentOS in Minimal Install, using Everything ISO, not connecting to the Internet.
In this clean status, I mounted CD-ROM.
# mount /dev/cdrom /media/cdrom
then, I installed lynx and wget.
# yum --disable-repo=\* --enable-repo=c7-media install lynx wget
It was successful.
and I installed Perl.
# yum --disable-repo=\* --enable-repo=c7-media install perl
It was also successful.
and I intalled Apache.
# yum --disable-repo=\* --enable-repo=c7-media install httpd
It was also successful.
and I modified httpd.conf like this:
<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI
AddHandler cgi-script .pl .cgi
Require all granted < /Directory >
and I wrote a test page(chmod a+x applied) and it works well.
However, the problem is Postgre SQL.
I installed it by entering
# yum --disable-repo=\* --enable-repo=c7-media install postgresql postgresql-server postgresql-contrib postgres-devel
# yum --disable-repo=\* --enable-repo=c7-media install perl-DBD-Pg
and I initialized by entering
# postgresql-setup initdb
and started the daemon.
# service postgresql start
and set a password the account of 'postgres' on unix
# passwd postgres
and set the same password of the account 'postgres' on PSQL
# psql --username=postgres
POSTGRES # alter user postgres encrypted password '1234asdf';
and set the authorization method to MD5 in /var/lib/pgsql/data/pg_hba.conf
local all all trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
I restarted the daemon.
** Now, I wrote an example:
#!/usr/bin/perl
use DBI;
use strict;
my $driver = "Pg";
my $database = "postgres";
my $host="127.0.0.1";
my $connstr = "DBI:$driver:dbname=$database;host=$host";
my $userid = "postgres";
my $userpw = "1234asdf";
my $dbconn = DBI->connect($constr, $userid, $userpw, { RaiseError => 1 }) or die $DBI::errstr;
print "Content-type: text/html\n\n";
print disconnect();
When I run on terminal(eg. # ./foo.cgi), it works without any error.
HOWEVER When I run on the browser, It shows HTTP 403 Error.
error_log is below::
[Fri Aug 04 02:10:27.471889 2017] [cgi:error] [pid 2231] [client 127.0.0.1:48724] AH01215: DBI connect('dbname=postgres;host=127.0.0.1;','postgres',...) failed: could not connect to server: Permission denied
[Fri Aug 04 02:10:27.471959 2017] [cgi:error] [pid 2231] [client 127.0.0.1:48724] AH01215: \tIs the server running on host "127.0.0.1" and accepting
[Fri Aug 04 02:10:27.471975 2017] [cgi:error] [pid 2231] [client 127.0.0.1:48724] AH01215: \tTCP/IP connections on port 5432? at /var/www/cgi-bin/cc.cgi line 14.
What can I do for this situation? I'm in trouble for several days...

boot2docker windows 10, unable to access container via browser

I am trying to use docker on Windows 10 via boot2docker and VB.
boot2docker ssh
boot2docker ip => 192.168.59.103
docker run -tip 80:80 tutum/apache-php bash
ping 192.168.59.103 from host machine
It is sounds working pretty good exepts :
via the browser, when I go to http://192.168.59.103 the page is not found
Do you have some idea about my issue ?
Thanks.
Edit : my logs
docker#boot2docker:~$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ecb75ba8f5f9 tutum/apache-php "/run.sh" 20 minutes ago Up 20 minutes 0.0.0.0:80->80/tcp ecstatic_galileo
docker#boot2docker:~$ docker logs ec
==> /var/log/apache2/access.log <==
==> /var/log/apache2/error.log <==
==> /var/log/apache2/other_vhosts_access.log <==
==> /var/log/apache2/error.log <==
[Mon Aug 17 10:18:25.361931 2015] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 configured -- resuming normal operations
[Mon Aug 17 10:18:25.363857 2015] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
docker#boot2docker:~$

You've told the container to run a bash shell, not a web server.
Try changing the run command to:
docker run -d -p 80:80 tutum/apache-php
Then accessing the URL. The should run the default command for the container, which will presumably start apache. In your case you overrode the default command to be "bash", which won't start apache.

(13)Permission denied: access to /~me denied

I am trying to configure Apache httpd.conf (on my CentOS 6.4) to allow access to my user directory (i.e. ~me/public_html/index.html).
I changed the original httpd.conf (i.e. out-of-the-box) as follows:
[root#myhost www]# diff /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.orig.out-of-the-box
366c366
< #UserDir disabled
---
> UserDir disabled
373c373
< UserDir public_html
---
> #UserDir public_html
This should in principle provide access to http://myhost/~me but instead, I am getting the dreaded error:
You don't have permission to access /~me on this server.
I checked the file /var/log/httpd/error_log and, sure enough, it reads:
(13)Permission denied: access to /~me denied
The first weird thing I noticed is that a / is prepended to ~me.
Where does that leading / come from?
Is it only a "red herring"?
Or is this pointing to the root cause of the problem (i.e. something else I need to modify in httpd.conf)?
Most importantly, since I know that my ~me/public_html is has world-readable permissions, how do I troubleshoot a problem like this?
Is there a way to find out why "access to /~me denied"?
SELinux?
httpd.conf?
directory permissions?
all of the above?
Update 1, answering the 2 questions in the comments by #UlrichSchwarz below:
The home directory does seem to have the 'x' permission:
[root#myhost ~]# ls -lad /home/me
drwxr-xr-x. 33 me me 4096 Feb 8 16:30 /home/me
SELinux info on public_html:
[root#myhost ~]# ls -Z -d /home/me/public_html/
drwxrwxr-x. me me unconfined_u:object_r:file_t:s0 /home/me/public_html/
Update 2, after I verified that this is indeed an SELinux issue (thanks to the tip by #Scolytus):
I ran the command:
chcon -R -t httpd_user_content_t /home/me/public_html/
Still no go.
[root#myhost ~]# ls -Z -d /home/me/public_html/
drwxrwxr-x. me me unconfined_u:object_r:httpd_user_content_t:s0 /home/me/public_html/
Then I ran "Allow HTTPD to read home directories" from the command line:
setsebool -P httpd_enable_homedirs=1
Still no go.
/var/log/httpd/error_log now shows (in addition to the (13)permission denied error) the following:
[notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[notice] Apache/2.2.15 (Unix) DAV/2 configured -- resuming normal operations
Perhaps the problem lies in the discrepancy between context_system_u and httpd_user_content_t?
What else do I need to do? (without disabling SELinux completely, that is)
Update 3, thanks to information in #lserni's answer, I discovered the ausearch command:
ausearch -m avc --start today
Which provided the following output:
time->Fri Jul 4 09:16:44 2014
type=SYSCALL msg=audit(1404479804.256:1312): arch=40000003 syscall=196 success=no exit=-13 a0=12c2c80 a1=bfeb1d00 a2=a34ff4 a3=2008171 items=0 ppid=5880 pid=5886 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=193 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1404479804.256:1312): avc: denied { getattr } for pid=5886 comm="httpd" path="/home/me" dev=dm-3 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Huh? Why /home/me and not /home/me/public_html?
Here is the output of ls -Zd /home/me/:
drwxr-xr-x. me me system_u:object_r:file_t:s0 /home/me/
Should I run the chcon -t httpd_user_content_t on /home/me, too?
Continuing to research...
Update 4: Success!
I ran the command:
chcon -t httpd_user_content_t /home/me/
And all is well now.
[root#myhost sa]# ls -Z -d /home/me/
drwxr-xr-x. me me system_u:object_r:httpd_user_content_t:s0 /home/me/

I've seen a slightly different version of the command you gave, supplied by sealert:
SELinux denied access to /var/www/html/file1 requested by httpd.
/var/www/html/file1 has a context used for sharing by different
program. If you would like to share /var/www/html/file1 from httpd
also, you need to change its file context to public_content_t. If
you did not intend to this access, this could signal a intrusion
attempt.
Allowing Access:
You can alter the file context by executing chcon -t public_content_t
'/var/www/html/file1'
Fix Command:
chcon -t public_content_t '/var/www/html/file1'
how do I troubleshoot a problem like this?
Most SELinux-related information is generally in the auditd logs, but you probably want some tool such as sealert to decode it for you. I've done a brief search and came up with this tool that I didn't know of, but seems interesting: SELinux GUI.
Addendum: Some examples with semanage

I can't check immediately, but I recall that commenting out the UserDir disabled isn't the same as enabling!
More specifically, I think you need to include a line in your https.conf file
Userdir enabled me

apache cannot access public_html on CIFS

I have my computer on network, and whole homedir is mounted at login with CIFS. When I access http://localhost everything works fine, but when I access http://localhost/~user it fails.
# cat /etc/mtab
.....
//192.168.1.5/user/ /home/user cifs rw,mand 0 0
ls -l
...
drwxrwxrwx 37 user domain users 0 2011-12-22 09:12 public_html
The browser say:
Forbidden
You don't have permission to access /~lluisforns on this server.
And apache say
cat /var/log/apache2/error.log
[Thu Dec 22 18:19:09 2011] [error] [client 127.0.0.1] (13)Permission denied: access to /~lluisforns denied
Any idea?

Had the same issue, and it turned out to be an SELinux thing: SELinux has a setting that prevents httpd (apache) to follow CIFS links.
To see if you have this issue:
getsebool -a | grep httpd
you should see httpd_use_cifs --> on. if not, your in luck - this is your problem.
To fix:
setsebool httpd_use_cifs on
You may also decide to disable SELinux altogether (assuming you know the risk) - here is a link to one relevant page