I am getting this titular error message when following this guide in the Postfix admin section of the tutorial from Apache2's error logs and trying navigate to the website https://mailadmin.example.com/setup.php (also just replaced my website name with example.com) as I'm given a 403 Forbidden.
AH00112: Warning: DocumentRoot [/data/www/mailadmin.example.com/html/public] does not exist
AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
AH01630: client denied by server configuration: /data
Here is my virtual host configuration at sudo nano /etc/apache2/sites-available/mailadmin.example.com-le-ssl.conf
:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mailadmin.example.com
ServerAlias mailadmin.example.com
ServerAdmin admin#example.com
DocumentRoot /data/www/mailadmin.example.com/html/public
<Directory /data/www/mailadmin.example.com/html/public>
Options -Indexes +FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =mailadmin.example.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
I'm unaware what this /data means, and I can't find a folder of the sort. I don't see why I'm getting a 403 Forbidden.
The error says exactly what the problem is:
/data/www/mailadmin.example.com/html/public does not exist
create it!
Also, refer to the official documentation: https://github.com/postfixadmin/postfixadmin.
The guide is probably poorly written and inconsistent.
Related
I am running a website on Ubuntu, apache server and my website is running fine till last night and it suddenly start giving not secure error i.e when accessing using https it is giving error (ssl was installed 1 day back only). When accessing without http it is redirecting to https.
So I reinstall my ssl certificate from certbot, and I did not select all redirect traffic to https. I thought there is some configuration error with ssl so http should work. But issue did not resolve.
Then I thought issue is with my configuration so I checked my logs and I found some errors like -
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
AH01630: client denied by server configuration: /var/www/html/
Such errors are there in my error logs, I am using one virtual host and I have disable the default conf in site-available.
My virtual host file content is
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/domain
ServerName domain.com
ServerAlias www.domain.com
<Directory /var/www/domain/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex home.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
In place of domain I am using my original domain name.
This is my /etc/hosts entry
127.0.1.1 domain.com domain
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Then I try to change the ip 127.0.1.1 with my server ip address and then I reinstall my ssl certificate using command:
sudo certbot --apache -d domain.com -d www.domain.com
It says ssl successfully install but when I try to access my website it is still not working and showing ssl error or when i try without ssl it says access forbidden.
What I understand from logs is that it is not searching my file directory /var/www/domain/ it is searching file directory of default configuration which I disabled /var/www/html/.
So to solve the issue temporary I enabled default host file and changed the directory from /var/www/html/ this to /var/www/domain/ and below in domain.com.conf and domain.com-le-ssl.conf host file I changed https to http
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So website start working for http and redirecting all traffic from https to http. But I need to install ssl and want to make all configuration proper. Can anyone help me out to solve this issue!
Edit -
here is my vhost 443 entry
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/domain
ServerName domain.com
ServerAlias www.domain.com
<Directory /var/www/domain/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex home.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/letsfindcourse.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/letsfindcourse.com/privkey.pem
</VirtualHost>
</IfModule>
I have a server which maintains multiple domains using VirtualHost and I'm trying to setup GitWeb according to Gitweb - ArchWiki.
According to the wiki, I have to append the lines below to an Apache config file.
Alias /gitweb "/usr/share/gitweb"
<Directory "/usr/share/gitweb">
DirectoryIndex gitweb.cgi
Options ExecCGI
Require all granted
<Files gitweb.cgi>
SetHandler cgi-script
</Files>
SetEnv GITWEB_CONFIG /etc/gitweb.conf
</Directory>
After this, Alias works and I can access the service by accessing one of
192.168.10.102/gitweb/ (local IP)
https://my_domain_1.com/gitweb/
https://my_domain_2.com/gitweb/
...
So far, everything's okay.
Now I'd like to limit the effect of the Alias to one domain: my_domain_1.com. So I moved the lines above inside its existing VirtualHost settings.
<VirtualHost *:80>
DocumentRoot "/var/www/html1"
ServerName my_domain_1.com
# The lines are pasted here.
RewriteEngine on
RewriteCond %{SERVER_NAME} =my_domain_1.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} END,NE,R=permanent]
</VirtualHost>
However, when I access https://my_domain_1.com/gitweb/, 404 error occurs. The error log says nothing and I have no .htaccess for the domain.
How can I make it work?
I found the solution.
Since I requested that all of http requests should be redirected to the https versions, I should have written the gitweb settings not in <VirtualHost *:80> (http) but in <VirtualHost *:443> (https). The result should be
<VirtualHost *:443>
DocumentRoot "/var/www/html1"
ServerName my_domain_1.com
# The lines are pasted here.
SSLCertificateFile /etc/letsencrypt/live/my_domain_1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my_domain_1.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Now it works perfectly.
I am facing a problem of certificate SSL.
I have a dedicated host, and I cannot get what I am missing to receive the error by navigator:
Chrome:
NET::ERR_CERT_COMMON_NAME_INVALID
Mozilla:
SSL_ERROR_BAD_CERT_DOMAIN
Messages in browser are quite similar:
Impossible to verify from server that it is truly domain: site2.com, because its certif of security come from *.sub.site1.com. It may come from a bad config or connection getting catch by pirate. (translated message)
So it seems that the certificate is not taken while it goes threw vitrual box:
<VirtualHost *:80>
ServerName www.site2.com
ServerAlias site2.com
Redirect permanent / https://site2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.site2.com
ServerAlias site2.com
DocumentRoot /var/www/site2
Protocols h2 http:/1.1
<If "%{HTTP_HOST} == 'www.site2.com'">
Redirect permanent / https://site2.com/
</If>
ErrorLog ${APACHE_LOG_DIR}/site2-error.log
CustomLog ${APACHE_LOG_DIR}/site2-access.log combined
SSLEngine On
SSLCertificateFile /home/certifs/site2.crt
SSLCertificateKeyFile /home/certifs/site2.key
SSLCertificateChainFile /home/certifs/site2.pem
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCompression off
SSLUseStapling on
<Directory /var/www/site2/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/site2/>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [PT,L]
</Directory>
</VirtualHost>
FInaly, if I choose to go anyway to the website it is arriving to a sign in gitlab page like:
site2.com/users/sign_in
For information server works with apache2 and debian, and we have gitlab install.
Thank you in advance for your help.
The problem was that in apache2, I was creating well the conf file into the site-available folder. But I was never adding it to site-enabling folder.
Executing the command "a2ensite site2.conf" Fix this problem.
To check if you a enable well your site, I advice you to execute this command: apachectl -S. Please check this subject to because it may change depending your server config: How to debug an apache virtual host configuration?
I have a problem to redirect some request to an other port. Here's my configuration:
I have a public domain like XXXX.ddns.net
I have a Rapsbian server with apache and files in my /var/www folders are correctly served (angular website)
On the same Raspbian server there is a REST server running on the 3000 port
This is running on HTTPS with SSL(letsencrypt)
I would like that all requests to XXXX.ddns.net/api/* to be redirected to the 3000 port.
I change the .htaccess file and the rewrite rule seems to works on local but I can't make it working from my internet site. API requests achieve with a error 500.
Here is my current .htaccess file:
RewriteEngine On
RewriteRule ^api/(.*) https://localhost:3000/api/$1 [QSA]
# not sure if it should be http or https in the rule but nothing works
#RewriteRule ^api/(.*) http://localhost:3000/api/$1 [QSA]
# If an existing asset or directory is requested go to it as it is
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]
# If the requested pattern is file and file doesn't exist, send 404
RewriteCond %{REQUEST_URI} ^(\/[a-z_\-\s0-9\.]+)+\.[a-zA-Z]{2,4}$
RewriteRule ^ - [L,R=404]
Here is my current 000-default-le-ssl.conf file (in /etc/apache2/sites-available):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ServerName XXXX.ddns.net
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Location /api>
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
</IfModule>
If someone could help me to achieve it...
Thanks!
Your self-found solution looks strange to me. You switch on the SSLProxyEngine and than disable all security measures. Is the backend API running under HTTPS and HTTP at port 3000 at the same time? This is not possible.
I use this setup (apache as proxy to backend application) pretty often and would suggest the following configuration:
As I did not understand the purpose of the rewrite directives I left them out. The VirtualHost at port 80 always redirects HTTP requests to HTTPS. If this works add permanent to the directive (permanent is cached by some browsers, see comment in VirtualHost *:80).
The VirtualHost for HTTPS serves content from your DocumentRoot at /var/www/html. The Directory directive takes care that only correctly addressed files are served (no lookups possible). The VirtualHost also provides the proxy for the /api on the same server on port 3000.
It should work for apache 2.4 if your letsencrypt configuration is correct (fill-in the XXXX). Both VirtualHost configurations can be written into a single file, usually located in /etc/apache2/sites-available with a symlink to /etc/apache2/sites-enabled. Please remove/rename your .htaccess file and other configurations before testing this configuration. If you need access control through apache this could also be configured directly in the VirtualHost configuration.
<VirtualHost *:80>
ServerName XXXX.ddns.net
# Always https
Redirect / https://XXXX.ddns.net/
# Redirect permanent / https://XXXX.ddns.net/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName XXXX.ddns.net
# These are your SSL settings; your responsibility
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Your document root; where the JavaScript application lives
DocumentRoot /var/www/html
<Directory /var/www/html/ >
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Order Allow,Deny
Allow From All
</Directory>
# Reverse proxy settings for api
ProxyRequests Off
ProxyPreserveHost On
<Location /api >
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
Thanks for your help. I don't really know how but it works now!
I dont rember exactly what i did, but the last one was to modify my 000-default-le-ssl.conf file like this:
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location /api>
ProxyPass http://127.0.0.1:3000/api/
ProxyPassReverse http://127.0.0.1:3000/api/
ProxyPass https://127.0.0.1:3000/api/
ProxyPassReverse https://127.0.0.1:3000/api/
</Location>
I have word-press website on ec2 with bitnami image in error log file i am getting bellow snippet error.
I have overwrite default htaccess.conf file with my .htaccess file
now the the path for .htaccess file is /opt/bitnami/apps/wordpress/htdocs/
client denied by server configuration: /opt/bitnami/apps/wordpress/htdocs/
client denied by server configuration: /opt/bitnami/apps/wordpress/htdocs/robots.txt
localhost:443:0 server certificate does NOT include an ID which matches the server name
Command line: '/opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -D DISABLE_BANNER'
client denied by server configuration: /opt/bitnami/apps/wordpress/htdocs/wp-content/uploads/easy_team_manager/index.php, referer: http://www.example.com/team/
You can see bellow my conf file structure.
httpd-vhosts.conf file snippet
<VirtualHost *:80>
ServerName mydomainname.com
ServerAlias mydomainname.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
<Directory "/opt/bitnami/apps/wordpress/htdocs">
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName mydomainname.com
ServerAlias mydomainname.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/server.key"
Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>
httpd-app.conf file snippet
<IfDefine USE_PHP_FPM>
<Proxy "unix:/opt/bitnami/php/var/run/wordpress.sock|fcgi://wordpress-fpm" timeout=300>
</Proxy>
</IfDefine>
<Directory "/opt/bitnami/apps/wordpress/htdocs">
Options +MultiViews +FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfDefine USE_PHP_FPM>
<FilesMatch \.php$>
SetHandler "proxy:fcgi://wordpress-fpm/"
</FilesMatch>
</IfDefine>
RewriteEngine On
#RewriteBase /wordpress/
RewriteRule ^index\.php$ - [S=1]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
Include "/opt/bitnami/apps/wordpress/conf/banner.conf"
</Directory>
#Include "/opt/bitnami/apps/wordpress/conf/htaccess.conf"
banner.conf file snippet
# Banner configuration
<IfDefine !DISABLE_BANNER>
<If "%{REQUEST_URI} !~ m!^/+(index\.php)?/*$!i" >
SetEnv "DISABLE_BANNER" "YES"
</If>
Include "/opt/bitnami/apps/bitnami/banner/conf/banner-substitutions.conf"
</IfDefine>
You're probably trying to connect to your local setup over SSL because the error log says
localhost:443:0 server certificate does NOT include an ID which matches the server name
But, your SSL certificate file
SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
has probably been created authenticating example.com only. So, while this SSL setup probably works online, it would fail when accessed over localhost because the browser knows that the local server isn't example.com.
To workaround this problem, you can override a DNS lookup request for example.com by mapping it to localhost in your /etc/hosts file.
127.0.0.1 example.com
127.0.0.1 www.example.com
This allows you to connect to your local setup while still making your browser believe it's on example.com when clearly it's not. The SSL handshake should succeed now as the browser would't reject the server certificate this time.