I'm stuck around this problem for days, anyone here can point me out?
I installed Phoenix CTMS on a clean aws CentOS9 instance, now it seems okay by check from terminal:
curl -k https://localhost/login.jsf
It returns the correct html of that page. and then I did these:
Allow 80 and https 443 in security list of this instance;
confirmed tomcat8 and apache2 service are running;
but, when try to visit site https://public_ip/login.jsf it goes 403 Forbidden.
There are 4 conf under /etc/apache2/:
000-default.conf
default-ssl.conf
00_ctsms_http.conf
00_ctsms_https.conf
The last one is like
#<IfDefine SSL>
#<IfDefine !NOSSL>
<VirtualHost *:443>
ServerName localhost:443
TransferLog /var/log/apache2/access.log
ErrorLog /var/log/apache2/error.log
Include /etc/apache2/blocklist.conf
#Alias /documents /ctsms/documents/
#<Directory "/ctsms/documents">
#Options Indexes Multiviews
#AllowOverride None
#Require all granted
#</Directory>
Alias /signup/css /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/css
Alias /signup/fonts /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/fonts
Alias /signup/images /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/images
Alias /signup/js /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/js
Alias /signup/themes /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/themes
ScriptAliasMatch ^/signup(.*) /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/dispatch.fcgi$1
#DocumentRoot /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public
<Directory "/ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#Order allow,deny
#Allow from all
Require all granted
AddHandler fcgid-script .fcgi
</Directory>
SetEnvIf Request_URI "/static/*" no-jk
SetEnvIf Request_URI "/signup/*" no-jk
Alias /resources /var/lib/tomcat8/webapps/ROOT/resources
<Directory "/var/lib/tomcat8/webapps/ROOT/resources">
#Options FollowSymLinks
#allow from all
AllowOverride None
Require all granted
</Directory>
Alias / /var/lib/tomcat8/webapps/ROOT/
<Directory "/var/lib/tomcat8/webapps/ROOT">
#Options FollowSymLinks
#allow from all
AllowOverride None
Require all granted
</Directory>
<Location "/WEB-INF/">
#AllowOverride None
deny from all
</Location>
DocumentRoot /var/lib/tomcat8/webapps/ROOT
JkMount /*.jsf ajp13
JkMount /rest/* ajp13
JkMount /inputfieldimage ajp13
JkMount /file ajp13
JkMount /beacon/* ajp13
JkMount /unsubscribe/* ajp13
SSLEngine on
#SSLProtocol -ALL +SSLv3 +TLSv1
#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/ComodoIntermediateCertificates.crt
</VirtualHost>
#</IfDefine>
#</IfDefine>
I tried uncomment the line allow from all then restart apache2, still got 403 error.
Related
I installed mod_xsendfile on the apache server, How can I enable this module for the user correctly in Ubuntu 18.04.5 LTS? I need to edit the apache main config file or user config file? Anyone, please help me with it?
here is the user apache configuration
<Directory "/home/users/rowan/www/">
Require all granted
Options FollowSymLinks
</Directory>
# domain.com
<VirtualHost *:80>
ServerName domain.com
ServerAdmin test#gmail.com
DocumentRoot "/home/users/rowan/www/"
SuexecUserGroup "rowan" "rowan"
# log
LogLevel warn
CustomLog "/home/users/rowan/logs/access.log" keyhelp_log
ErrorLog "/home/users/rowan/logs/error.log"
# php support
<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php/keyhelp_rowan.socket|fcgi://keyhelp_rowan.socket"
</FilesMatch>
# Set some proxy properties (the string "unique-domain-name-string" should match
# the one set in the FilesMatch directive.
<Proxy fcgi://keyhelp_rowan.socket>
ProxySet connectiontimeout=5 timeout=600000
</Proxy>
<Directory "/home/users/rowan/www/">
AllowOverride All
Options -Indexes
CGIPassAuth On
</Directory>
</VirtualHost>
Migrating Froxlor from a Debian 7 to Debian 8 System.
I have now the problem, that the auto-generated vhost file of Froxlor, has vhost's in it which reference to the wrong directory. Is it possible to change them to the correct destination?
They referencing to /var/www/admin but now i only want them to reference to /var/www. I could not find it in the Database of Froxlor nor in the config Files nor in the Webinterface Settings of Froxlor itself.
The reason to change it is that I have a froxlor installation listening on www.example.com/froxlor and phpMyAdmin on www.example.com/phpmyadmin. Now I want my Overview-Page running on www.example.com.
This is the file which is not correct generated. (I replace the IP's and ServerName's)
# vhosts.conf
# Created 25.09.2016 15:31
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
Listen 192.168.0.1:443
<VirtualHost 192.168.0.1:443>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/3384.ssl-fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/3384.ssl-fpm.external
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/froxlor-ssl/cert.pem
SSLCertificateKeyFile /root/froxlor-ssl/key.pem
SSLCACertificateFile /root/froxlor-ssl/root_trust_chain.pem
SSLCertificateChainFile /root/froxlor-ssl/root_trust_chain.pem
</VirtualHost>
Listen 192.168.0.1:80
<VirtualHost 192.168.0.1:80>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/34d3.fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/34d3.fpm.external
</VirtualHost>
Listen [::1]:443
<VirtualHost [::1]:443>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/e36f.ssl-fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/e36f.ssl-fpm.external
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/froxlor-ssl/cert.pem
SSLCertificateKeyFile /root/froxlor-ssl/key.pem
SSLCACertificateFile /root/froxlor-ssl/root_trust_chain.pem
SSLCertificateChainFile /root/froxlor-ssl/root_trust_chain.pem
</VirtualHost>
Listen [::1]:80
<VirtualHost [::1]:80>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/fae9.fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/fae9.fpm.external
</VirtualHost>
Is it possible to disable the root directory auto creation of froxlor? And use this solution. http to https
<VirtualHost *:80>
ServerName **
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_php5.c>
php_admin_flag display_errors off
php_admin_flag display_startup_errors off
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =**
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName **
DocumentRoot /var/www/website/silex/web/
<Directory /var/www/website/silex/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
DirectoryIndex /index.php
FallbackResource /index.php
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_php5.c>
php_admin_flag display_errors on
php_admin_flag display_startup_errors on
</IfModule>
SSLEngine On
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/ssl/cert.pem
SSLCertificateKeyFile /root/ssl/key.pem
</VirtualHost>
The Alias Config Files:
# froxlor default Apache configuration
Alias /froxlor /var/www/froxlor/
<Directory /var/www/froxlor/>
Options FollowSymLinks
DirectoryIndex index.php
Require all granted
</Directory>
I found the solution.
You can set it up in the Webinterface under ips and ports. And edit the Ip Adresses their.
Ressourcen/IPs and Ports/Optionen | Edit
Their is the userdefined document root for the Website.
It was not under System Settings.
I managed to get my Redmine reachable at a example.org/redmine URL.
But actually, it's still reachable at example.org/
I can't manage to make it work only on the /redmine alias.
Here is my configuration
<VirtualHost *:80>
LoadModule passenger_module /usr/local/share/gems/gems/passenger-5.0.11/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/share/gems/gems/passenger-5.0.11
PassengerDefaultRuby /usr/bin/ruby
PassengerUser apache
</IfModule>
DocumentRoot /var/www
PassengerAppRoot /var/www/redmine
RailsBaseURI /redmine
Alias /redmine /var/www/redmine/public
TransferLog "logs/redmine_acess_log"
ErrorLog "logs/redmine_error_log"
</VirtualHost>
When I enter example.org/zriogjqoerqgj I'd like to have the default ErrorDocument, not something hooked up by Redmine.
Add the Directory directive, for example:
<Directory /var/www/redmine>
Order allow,deny
Allow from all
Require all granted
</Directory>
And another one
<Directory /var/www>
Order deny,allow
Deny from all
</Directory>
Your Virtual Host shoud looks like this:
<VirtualHost *:80>
ServerName example.org
DocumentRoot /var/www
ErrorLog logs/redmine_error_log
<Directory "/var/www/">
Allow from all
Options -MultiViews
</Directory>
Alias /redmine /var/www/redmine/public/
<Location /redmine>
PassengerBaseURI /redmine
PassengerAppRoot /var/www/redmine
</Location>
<Directory /var/www/redmine/public/ >
Options Indexes ExecCGI FollowSymLinks -MultiViews
Order allow,deny
Allow from all
AllowOverride all
</Directory>
</VirtualHost>
I did this solution following the Passenger documentation
I'm having troubles setting up a moodle instance behind an apache proxy.
Here's my apache front-end that proxies to the running server.
NameVirtualHost www.example.com:443
<VirtualHost www.example.com:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias www.example.com
ProxyPass / http://192.168.1.101/
ProxyPassReverse / http://192.168.1.101/
SSLEngine on
SSLCertificateFile /etc/ssl/crt/example.com.crt
SSLCertificateKeyFile /etc/ssl/crt/example.com.key
SSLCACertificatePath /etc/ssl/crt
SSLCertificateChainFile /etc/ssl/crt/example.com.bundle.crt
</VirtualHost>
On the concrete server I've got.
$CFG->wwwroot = 'http://192.168.1.101/classes';
And
<VirtualHost 192.168.1.101:80>
ServerAlias 192.168.1.101
ServerAdmin webmaster#localhost
ServerName 192.168.1.101
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
The thing is that I keep getting that moodle is only accessible from 182.168.1.101 something is not quite matching the expected. I've been able to configure confluence and other platforms but moodle doesn't work.
The concrete error is as follows.
Incorrect access detected, this server may be accessed only through "http://192.168.1.101/classes" address, sorry. Please notify server administrator.
Does anyone know what might be happening?
Its a Moodle error message, the wwwroot in config.php has to match.
You could try
$CFG->wwwroot = 'http://' . $_SERVER['HTTP_HOST'];
Although this might not allow some command line updates in Moodle.
On the proxy server, modify the VirtualHost entry as follows:
ProxyPass / http://192.168.1.101/classes
ProxyPassReverse / http://192.168.1.101/classes
For Moodle, what you set in Moodle's config.php for
$CFG->wwwroot
...has to match your ProxyPass and ProxyPassReverse values in the VirtualHost definition on the Proxy server.
So, what's the URL that points to your front end?
That's what you need to set $CFG->wwwroot to.
I am trying to run my Haskel fastcgi program with apache (Server version: Apache/2.2.15 (Cent OS 6)),
Following are the changes done in httpd.conf
<IfModule fastcgi_module>
AddHandle fastcgi-script .fcgi
</IfModule>
LoadModule fastcgi_module modules/mod_fastcgi.so
<VirtualHost *:80>
ServerAdmin webmaster#<hostname>
DocumentRoot /var/www
ServerName <hostname>
ErrorLog logs/<hostname>.com-error_log
CustomLog logs/<hostname>-access_log common
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/http">
Options -Indexes FollowSymLinks +ExecCGI
AllowOverride AuthConfig FileInfo
AddHandler fastcgi-script .fcgi
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I followed all the instructions as specified here
When I visit the link curl --include http:// hostname/cgi-bin/test.fcgi
I get error in apache server log as
[error] Premature end of script headers: test.fcgi
How can I debug this issue ?