We Keep Coding

Deploying static website on Centos 7 using Apache

i have trouble on set up home.html the main page.
When i set up virtual host on httpd.conf with options: -indexes , the main page return status 403 and index.html,
<VirtualHost *:80>
ServerAlias cninfineon.com
ServerAdmin root#localhost
DocumentRoot /var/www/website
DirectoryIndex home.html
ErrorLog /var/www/website/log/error.log
CustomLog /var/www/website/log/access.log combined
Options -Indexes
</VirtualHost>
<Directory "/var/www/website">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Include conf.d/autoindex.conf
Result:
HTTP/1.1 403 Forbidden
Date: Fri, 27 Jan 2023 09:52:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
however, i set up with options: indexes FollowSymLinks, the main page return status 200 and index of file directory.
File Structure:
/var/www/website/
home.html, file contain photo, file with log
How should i to set home.html as the main page or solve 403 status code when i set as disable autoindex?

You can set home.html on DirectoryIndex of /etc/httpd/conf/httpd.conf.
<IfModule dir_module>
DirectoryIndex index.html index.php home.html,
</IfModule>
And then run:
sudo systemctl restart httpd.service

Apache reverse proxy - URL without / is refused

I use reverse proxy to show backend server content for a subdomain.
The subdomain.mydomain.com (server A) should display content of server with IP 123.123.123.123 port 1111 (server B).
Virtual host of subdomain.mydomain.com (server A):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName subdomain.mydomain.com
SSLEngine on
SecAuditEngine On
RewriteEngine On
SSLProxyEngine on
ProxyPreserveHost On
LogLevel warn
<Directory />
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Location />
ProxyPass https://123.123.123.123:1111
ProxyPassReverse https://123.123.123.123:1111
</Location>
ErrorLog /var/log/apache2/error.log
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLVerifyClient none
SSLVerifyDepth 1
SSLCertificateFile /etc/apache2/cert.site/chain_wildcard_site_combined.crt
SSLCertificateKeyFile /etc/apache2/cert.site/key_wildcard_site.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
Virtual host of 123.123.123.123:1111 (server B):
<IfModule mod_ssl.c>
<VirtualHost 123.123.123.123:1111>
DocumentRoot /srv/www/site/htdocs
SSLEngine on
RewriteEngine On
SSLProxyEngine on
ProxyPreserveHost On
LogLevel warn
<Location "/">
Require ip 222.222.222.222
</Location>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /srv/www/site/htdocs>
Options -Indexes +FollowSymLinks +MultiViews
DirectoryIndex index.php
AllowOverride None
Require all granted
</Directory>
ErrorLog /srv/www/site/log/error.log
CustomLog /srv/www/site/log/access.log combined
CustomLog /srv/www/site/log/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLVerifyClient none
SSLVerifyDepth 1
SSLCertificateFile /etc/apache2/cert.site/chain_wildcard_site_combined.crt
SSLCertificateKeyFile /etc/apache2/cert.site/key_wildcard_site.key
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
If I load URL:
https://subdomain.mydomain.com/dir/
it loads successfully.
If I load URL (without trailing slash):
https://subdomain.mydomain.com/dir
it results error page: ERR_CONNECTION_REFUSED.
EDIT1:
I execute command:
curl -IL https://subdomain.mydomain.com/dir
and I get this result:
HTTP/1.1 301 Moved Permanently
Date: Mon, 23 Aug 2021 13:45:13 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000; includeSubDomains
Strict-Transport-Security: max-age=15768000; includeSubDomains
Location: https://subdomain.mydomain.com:1111/dir/
Content-Type: text/html; charset=iso-8859-1
curl: (7) Failed to connect to subdomain.mydomain.com port 1111: Connection refused
EDIT2:
I added trailing slash
<Location />
ProxyPass https://123.123.123.123:1111/
ProxyPassReverse https://123.123.123.123:1111/
</Location>
But I still get the Connection refused error.
Any idea why is it resulting error, when trailing slash is missing?
Thanks!

Since you used ProxyPreserveHost ON, your ProxyPassReverse should be ProxyPassReverse https://subdomain.mydomain.com:1111/ because this is the Location: header your backend is producing that you need the frontend to fixup.
The backend unfortunately sees no port in the Host: header and picks the port of the local connection. It is a problem that only happens when the default port is used on the frontend + ProxyPreserveHost. ServerName with an explicit port :443 might help on the backend.

You cannot use port 1111 for SSL - it MUST be 443 (modern certificates and CORS do not work or accept different ports)

Local resources (images/js/css) not showing in Virtual Host

I'm setting up a virtual host for nagios with Apache 2.4 using mod_proxy_fcgi to forawrd php requests to php-fpm.
I wonder if it's the ProxyPassMatch that is making all of the local resources including images,js,css won't load when I go to 200.000.00:22222/nagios/index.php.
All of the resources are interpreted as Content-Type:text/html; charset=iso-8859-1 as shown in the response headers. They show 403 Forbidden error and in the error log it shows AH01630: client denied by server configuration.
/etc/httpd/conf.d/nagio.conf:
Listen 22222
<VirtualHost *:22222>
ServerName {IP}:22222
AddType image/jpeg jpeg jpg jpe
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
DocumentRoot "/usr/local/nagios"
<Directory "/usr/local/nagios/sbin">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
<LocationMatch "/nagios/((.*\.php)(/.*)?)$">
ProxyPassMatch "fcgi://localhost:9000/usr/local/nagios/share/$1"
</LocationMatch>
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

You need a <Directory /usr/local/nagios> section that permits Apache to serve from that directory. Basically, you need one of these for every Alias or DocumentRoot that isn't under an existing one.
Usually you just need "require all granted" or "order deny,allow (2.2.x and older) in the Directory section -- but check the ones for your existing DocumentRoot's

Getting 403 Forbidden Error Using web2py with Apache2 WSGI on Fedora

I'm getting 403 Forbidden with the webpage displaying:
Forbidden
You don't have permission to access / on this server.
The access log shows the following corresponding to this:
[Mon Jan 20 17:12:03.888576 2014] [authz_core:error] [pid 1940] [client XX.XX.XX.XX:32491] AH01630: client denied by server configuration: /opt/web-apps/web2py/wsgihandler.py
I've the following permissions set for the above directory:
/]# ls -ld opt
drwxrwxrwx. 4 root root 4096 Jan 10 20:05 opt
opt]# ls -ld web-apps
drwxrwxrwx 3 root root 4096 Jan 10 20:10 web-apps
web-apps]# ls -ld web2py
drwxr-xr-x 11 apache apache 4096 Jan 10 21:21 web2py
web2py]# ls -l wsgihandler.py
drwxrwxr-x 1 apache apache 1128 Nov 28 19:23 wsgihandler.py
And my conf file /etc/httpd/conf.d/default.conf is as follows:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
WSGIDaemonProcess web2py user=apache group=apache processes=1 threads=1
WSGIProcessGroup web2py
WSGIScriptAlias / /opt/web-apps/web2py/wsgihandler.py
WSGIPassAuthorization On
<Directory /opt/web-apps/web2py>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(?:_[\d]+.[\d]+.[\d]+/)?(.*) /opt/web-apps/web2py/applications/$1/static/$2
<Directory /opt/web-apps/web2py/applications/*/static>
Options -Indexes
Order Allow,Deny
Allow from all
</Directory>
<Location /admin>
Deny from all
</Location>
<LocationMatch ^/([^/]+)/appadmin>
Deny from all
</LocationMatch>
CustomLog /var/log/httpd/access_log common
ErrorLog /var/log/httpd/error_log
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/self_signed.cert
SSLCertificateKeyFile /etc/httpd/ssl/self_signed.key
WSGIProcessGroup web2py
WSGIScriptAlias /web2py /opt/web-apps/web2py/wsgihandler.py
WSGIPassAuthorization On
<Directory /opt/web-apps/web2py>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(?:_[\d]+.[\d]+.[\d]+/)?(.*) /opt/web-apps/web2py/applications/$1/static/$2
<Directory /opt/web-apps/web2py/applications/*/static>
Options -Indexes
ExpiresActive On
ExpiresDefault "access plus 1 hour"
Order Allow,Deny
Allow from all
</Directory>
CustomLog /var/log/httpd/access_log common
ErrorLog /var/log/httpd/error_log
</VirtualHost>

Try this one :
first of all if you have linux user apache and group apache then put your web2py directory with /home/apache/ and then change your apache sites-available file like this. hope this will for for you.
<VirtualHost *:80>
ServerName example.com
WSGIDaemonProcess web2py user=apache group=apache display-name=%{GROUP}
WSGIProcessGroup web2py
WSGIScriptAlias / /home/apache/web2py/wsgihandler.py
<Directory /home/apache/web2py>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /users/apache/web2py/applications/$1/static/$2
<Directory /users/apache/web2py/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>
If you using virtualenv check your wsgi file as well like this :
activate_this = '/path/to/virtualenv/bin/activate_this.py'
execfile(activate_this, dict(__file__=activate_this)
import sys
sys.path.insert(0, '/path/to/web2py_dir')

It is mostly because your apache2 version is 2.4.
You will need to upgrade you conf file..
Follow the link Upgrading apache2 to 2.4

Apache 2.4.6: client denied by server configuration (PHP FPM)

I found a similar question but it did not helped.
When I open a PHP file via https://site/test.php, the following error comes:
[Tue Oct 29 11:15:53.480855 2013] [authz_core:error] [pid 5424] [client xxx.xxx.xxx.xxx:xxxxx] AH01630: client denied by server configuration: /vhost_site_ssl
Virtualhost:
<VirtualHost *:443>
ServerName site:443
ServerAlias www.site:443
DocumentRoot /opt/web/site
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/privkey.pem
ErrorLog "/opt/log/apache/site_ssl-error.log"
CustomLog "/opt/log/apache/site_ssl-access.log" combined
CustomLog "/opt/log/apache/site_ssl-bandwidth.log" common
<Directory /opt/web/site>
AllowOverride All
Options +Indexes +FollowSymLinks +MultiViews
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /vhost_site_ssl>
AllowOverride All
Order allow,deny
Allow from all
Require all granted
Options +Indexes +FollowSymLinks +MultiViews
</Directory>
<Directory /php5-fpm-handler>
AllowOverride All
Order allow,deny
Allow from all
Require all granted
Options +Indexes +FollowSymLinks +MultiViews
</Directory>
<IfModule mod_fastcgi.c>
<FilesMatch \.php$>
SetHandler php-script
</FilesMatch>
Action php-script /php5-fpm-handler
Alias /php5-fpm-handler /vhost_site_ssl
FastCGIExternalServer /vhost_site_ssl -socket /var/run/sock_site_ssl.sock
</IfModule>
</VirtualHost>
I suppose this error is caused by upgrading apache 2.2 to 2.4. I also read this: http://httpd.apache.org/docs/2.4/upgrading.html but did not helped.
UPDATE
I forgot to attach te exact error page:
Forbidden
You don't have permission to access /php5-fpm-handler/phpinfo.php on this server.
Apache/2.4.6 (Ubuntu) Server at site Port 80