I was trying installing roundcube on my apache2,ISPCONFIG3 server, on my LAN using :
https://www.howtoforge.com/using-roundcube-webmail-with-ispconfig-3-on-debian-wheezy-apache2
with the following changes :
remoteuser roundcube
pass password809098
and
https://www.rosehosting.com/blog/how-to-install-roundcube-webmail-on-ubuntu-20-04/
with these changes :
GRANT ALL PRIVILEGES ON roundcube.* TO roundcubeuser#localhost IDENTIFIED BY 'password';
nano /etc/apache2/sites-available/roundcube.jungsf.tv.conf
a2ensite roundcube.jungsf.tv
<VirtualHost *:80>
ServerName roundcube.jungsf.tv
DocumentRoot /var/www/roundcube/
ErrorLog ${APACHE_LOG_DIR}/roundcube.jungsf.tv_error.log
CustomLog ${APACHE_LOG_DIR}/roundcube.jungsf.tv_access.log combined
Options FollowSymLinks
<Directory "/var/www/roundcube/">
AllowOverride All
</Directory>
Options FollowSymLinks MultiViews
<Directory "/var/www/roundcube/">
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
I managed at end to get the roundcube web interface through http://jungsf.tv/webmail
but it still doesn't log in, I don't know which password/username should be,
I tried all combinations roundcube/roundcubeuser/email .... password,PASSWORD,password809098
how can I find the user/pass or how can I delet everything to reinstall it ?
I saw this plugin to set pass, but how can I use it ?
https://github.com/saas-dev/roundcube-forgot_password
I managed to work it by creating mailbox in ispconfig3, there I entered email and pass which are used to login in roundcube.
Related
i just installed apache by source installation, so after i create virtual host my apachectl doesn't restart, start, stop. My webserver is working i can access but these commands sends me back "illegal option ExeCGI"
This is Virtual host code:
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs"
ServerName node.iplaygrid.com
<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Thanks.
Looking at the docs: This option is in a module (mod_cgi). Unless that's active, you won't have the directive available. As you built from source, you'd likely also need to build the modules from source, and definitely load them (or rather: it)
I am working with Apache .conf files on Fedora 30.
In /etc/httpd/conf/httpd.conf, there is :
<Directory />
AllowOverride none
Require all denied
</Directory>
There is also :
DocumentRoot "/var/www/html"
That means that "localhost" starts from this "/var/www/html" repertory.
Question 1 : What is the use of "Require all denied" for Directory "/" whereas DocumentRoot is at a lower level (so the server will not serve any files in higher level repertories) ?
At the end of httpd.conf, there is :
IncludeOptional conf.d/*.conf
So I create a personal.conf in "/etc/httpd/conf.d" ; inside I set :
<Directory "/var/www">
AllowOverride None
Require all denied
</Directory>
I restart Apache (systemctl restart httpd.service) but the localhost/index.html (aka "DocumentRoot"/index.html or "/var/www/html"/index.html) is still available.
It acts as if this Directive in httpd.conf was prioritary :
<Directory "/var/www/html">
Require all granted
</Directory>
Question 2 : So what is the use of "Require all denied" on a higher level repository ?
Thank you for your help :)
Question 1 : What is the use of "Require all denied" for Directory "/" whereas DocumentRoot is at a lower level (so the server will not serve any files in higher level repertories) ?
Question 2 : So what is the use of "Require all denied" on a higher level repository ?
The server could easily serve files below the document root if the Require all denied wasn't there, you only need a small misconfiguration in your server. Imagine for example an Alias like
Alias /etc /etc
which would allow you to read the password file from http://localhost/etc/passwd or other sensitive stuff. With the default configuration you would need an explicit override like
<Directory /etc>
Require all granted
</Directory>
to do this.
The directive
<Directory />
AllowOverride none
Require all denied
</Directory>
is used to prevent any access below your /var/www/html directory as a security mechanism ("be as restrictive as possible").
thank you for your answer.
Now for question 2 ; let's imagine a house : outdoor [door 1] hall [door 2] corridor [door 3] living-room.
In /etc/httpd/conf/httpd.conf, I close the front door [door 1] of the house
<Directory />
AllowOverride none
Require all denied
</Directory>
I open the door between the hall and the corridor [door 2]
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
I open the door between the corridor and the living-room [door 3]
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
Then in a personal.conf file in "/etc/httpd/conf.d" I close the door between the hall and the corridor [door 2] :
<Directory "/var/www">
AllowOverride None
Require all denied
</Directory>
Why is the living-room still accessible (localhost/index.html or /var/www/html/index.html is accessible) whereas the [door 2] is closed ?
I need to be explicit :
<Directory "/var/www/html">
AllowOverride None
Require all denied
</Directory>
in personal.conf
To get the "Forbidden You don't have permission to access this resource." message...
Thanks again.
I have a CentOS 7 WSGI enables Apache Httpd server (on a VirtualBox machine) and it serves my developing Flask site at http://www.myflask.com on port 80.
Since I can't debug there (even if I tried everything I could), like I can on a local version set in a virutalenv at http://127.0.0.1:5000, I was trying to do this:
setting up a virtualenv (with flask installed) on the VB server, called myflaskv (/var/www/myflaskv)
putting myflask dir into myflaskv (/var/www/myflaskv/myflask)
I did end with the following httpd.conf virtual host section:
<VirtualHost *:80>
DocumentRoot "/var/www/myflaskv/myflask"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/myflaskv/myflask">
Options Indexes FollowSymLinks MultiViews
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias / /var/www/myflaskv/myflask/index.wsgi
ServerName www.myflask.com:80
</VirtualHost>
I can load the page http://www.myflask.com (even with virtualenv activated) but I can't load the page http://www.myflask.com:5000 as I would suppose to debug.
So I tried to add a virtualhost on port 5000:
<VirtualHost *:5000>
DocumentRoot "/var/www/myflaskv/myflask"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/myflaskv/myflask">
Options Indexes FollowSymLinks MultiViews
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias / /var/www/myflaskv/myflask/index.wsgi
ServerName www.myflaskv.com:5000
</VirtualHost>
supposing that this way I could load http://www.myfaskv.com, and instead I can't (ERR_CONNECTION_REFUSED).
By the way I temporarly disactivated ip-tables and se-linux.
So is there a way to load from browser the 127.0.0.1:5000 ip address of a remote host?
Or there is a better way to debug flask in an wsgi apache dev environment?
If you want to access the url from outside the box, you will have to run the server at 0.0.0.0:5000.
The url http://127.0.0.1:5000 cannot be accessed from outside the box you are running it in.
When you use wsgi to access your app, the error messages and stack traces are written to the web server error log, by default at /var/log/apache2/error.log. You don't need to use the virtualenv web server. Just write any debug output you need to a local log file (if you have debugging input you want to print) and look for the stack traces in the apache error log.
I installed a LAMP in my AWS EC2 instance. The DocumentRoot folder is in /var/www/html. What I did is to copy the html folder into my /home/ec2-user and rename it to www. Then the DocumentRoot is changed to /home/ec2-user/www. Of course the https.conf is changed accordingly. Here it is:
#DocumentRoot "/var/www/html"
DocumentRoot "/home/ec2-user/www"
<Directory />
#Options FollowSymLinks
#AllowOverride None
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
#<Directory "/var/www/html">
<Directory "/home/ec2-user/www">
The problem is I got the following error message after I restart the https service.
You don't have permission to access / on this server.
The owner and the permission is the same for both folder. Here are the screenshots:
I searched in stack overflow and found some similar issues. But none of them work for me. Can anybody help? Thanks
the issue is the user apache runs as, is not ec2-user.
You could change it, but putting your doc root inside of the ec2-user's home directory is probably not a good idea. More then likely everything you do on your instance is as the ec2-user (who is a sudoer and has access to pretty much everything), so if someone was to compromise a script that apache is running, they would literally have full control over your instance.
Having recently moved from Win XP (x86) to Win 7 (x64), I have also had to reinstall Apache. I have installed the 64 bit versions of Apache (2.4.3) and PHP (2.4).
I installed it to c:\Apache24.
I have got it up and running, but now I need to lock it down to my local PC Only.
If I have:
<Directory "c:/Apache24/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3 apparently:
Require all granted
</Directory>
this works fine, but if I change it to:
<Directory "c:/Apache24/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from 127.0.0.1
# New directive needed in Apache 2.4.3 apparently:
Require all granted
</Directory>
(or 'Allow from Localhost' or 'Allow from 192.x.y.z')
I get an access denied error. How can I get round this?
Everything is installed using my login, which has full local admin rights.
Replace
Order allow,deny
Allow from all
Require all granted
by just
Require local
More: http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html
One approach is to add Listen to httpd.conf:
Listen 127.0.0.1:80
Remember to remove the other Listen directives, if there are any other.
Note that this will lock down the entire server so it only responds to requests from localhost. If you need to fine-tune permissions on a directory-by-directory basis, use the <Directory> syntax:
<Directory /var/www/secure>
Require local
</Directory>
The above is for Apache 2.4, where Order, Allow, and Deny are deprecated.