I'm attempting to setup a apache2 vhost in the latest version of Ubuntu and i keep getting a "Forbidden" when trying to access the page.
I have setup a folder for this new site under
/root/websites/panel.joosh.eu/www
And this has the owner/group of root:root so i can edit it and permissions of 644
This is my vhost file in sites-avaliable (yes i also enabled it)
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName panel.joosh.eu
ServerAdmin josh#joosh.eu
DocumentRoot /root/websites/panel.joosh.eu/www
<Directory /root/websites/panel.joosh.eu/www>
Order allow,deny
Allow from all
Require all granted
</Directory>
ErrorLog /root/websites/panel.joosh.eu/logs/error.log
CustomLog /root/websites/panel.joosh.eu/logs/access.log combined
Ive tried everything but i still get forbidden, any ideas?
sudo chown -R www-data:www-data /root/websites/panel.joosh.eu/www
your permission is wrong
Understanding and Using File Permissions
move your project folder to /var/www/html and try
Related
I currently have a domain, and want to point my folder to my apache config file, to then use certbot, but I dont know how to exactly point it. So far I've done:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName mydomain.org
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/bfia
#..other stuff
</VirtualHost>
Where /var/www/html/bfia is the directory of the express app and the rest of the needed files. As of right now, the only page that appears is the default apache page.
You have to allow or deny access to that directory using the "Directoiry" module (https://httpd.apache.org/docs/2.4/sections.html). You also need to configure the directoryIndex to define which file read and present to the client (https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex).
I've installed vanilla at Ubuntu server with public-ip by the steps at https://www.vultr.com/docs/how-to-install-vanilla-forum-on-ubuntu-16-04
Then config /etc/apache2/sites-available/forum.example.com.conf as below
<VirtualHost *:80>
ServerName forum.example.com
DocumentRoot /var/www/vanilla
<Directory /var/www/vanilla>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Then I can access http://public-ip at browser, but the result is Apache2 Ubuntu Default Page.
How can I access the installed vanilla at the browser? Should I make any change to the forum.example.com.conf?
If the request doesn't match a virtual host, Apache will serve files from the top level (not inside a <VirtualHost> block) DocumentRoot config value.
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot /var/www/html
I don't know Ubuntu well but I'd guess this is in /etc/apache2/apache2.conf. You can change this to /var/www/vanilla to serve your forum instead of the default page.
Alternatively you could rename / delete the existing /var/www/html and make it a symlink to /var/www/vanilla: then Apache would pick up the forum files without any config change.
Or if you just want to set up access for yourself then you can add the DNS name to your hosts file (/etc/hosts on Linux, \Windows\System32\drivers\etc\hosts on Windows)
forum.example.com AAA.BBB.CCC.DDD
and then you can use forum.example.com in your browser as normal, which will send the 'Host' header so Apache will match the virtual host, even though this isn't configured as public DNS.
I have asked a similar question before
Restrict access to directories through ip address
at that time the problem was solved for apache 2.2. Recently I re-installed the OS (to Debian 8) and it comes with apache 2.4.
I want to restrict access to files - when the request comes "by" IP. Mainly if in the browser I try to open http://192.168.252.178/test/image.jpg it should show error - 403 forbidden. Directory test is in www directory of apache. However I should be able to access that image if I type http://www.example.com/image.jpg - considering that example.com points to that test directory.
With apache version 2.2 I would simply put this lines in my default site config file - and the problem was solved
<Files ~ ".+">
Order allow,deny
Deny from all
</Files>
Now, trying the same thing does not work: I am getting 403 forbidden even if I try to open any site by the domain name.
Considering the changes in 2.4 I also tried this, but again getting the the same 403 forbidden when trying to open some site.
<Files ~ ".+">
Require all denied
</Files>
My goal is to prevent any kind of access to directories and files - if they are being accessed through ip address. I have also this lines in my default site's config to prevent the directory access and this works fine.
<Directory /home/username/www>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
So, the question is - how to prevent file access through IP address. Also I need to achieve this by apache config, by htaccess is not a solution for me. And I need to achieve this for all the directories/files inside www recursively, so specifying the exact file names and/or directories is not a solution either.
Thanks
When you use name based virtual hosts, the main server goes away. Apache will choose which virtual host to use according to IP address (you may have more than one) and port first, and only after this first selection it will search for a corresponding ServerName or ServerAlias in this subset of candidates, in the order in which the virtual hosts appear in the configuration.
If no virtual host is found, then the first VHost in this subset (also in order of configuration) will be choosen. More.
I mention this because it will be important you have only one type of VirtualHost directive:
<VirutalHost *:80>
or
<VirtualHost 123.45.67.89:80>
I'll use the wildcard in the example.
You need a directory like /var/www/catchall with a file index.html or similar, as you prefer.
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
# It will be used as the catchall.
ServerName 123.45.67.89
# Giving this DocRoot will avoid any request based on IP or any other
# wrong request to get to the other users directories.
DocumentRoot "/var/www/catchall"
<Directory /var/www/catchall>
...
</Directory>
</VirtualHost>
# Now you can add as usuall the configuration for any other VHost you need.
<VirtualHost *:80>
ServerName site1.com
ServerAlias www.site2.com
DocumentRoot "/home/username1/www"
<Directory /home/username1/www>
...
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName site2.com
ServerAlias www.site2.com
DocumentRoot "/home/username2/www"
<Directory /home/username2/www>
...
</Directory>
</VirtualHost>
Debian specific :
For Debian, you ideally put one VHost configuration per file, and put the file in the /etc/apache2/sites-available directory.
Name the files as you like, only the file containing the catchall vhost should be named something like 000-catchall, because they will be read in alphabetic order from the /etc/apache2/sites-enabled directory.
Then you disable Debian's usual default site :
a2dissite 000-default
and you enable the new catchall site and the other VHosts if needed :
a2ensite 000-catchall
An ls /etc/apache2/sites-enabled command should show the catchall as the first of list, if not change its file name so that it will always be the first. Restart Apache: service apache2 restart
Of course you could do all this changes in the original default VHost config file, but I usually prefer keep an original model.
I want that every *.dev Host will be routed to my vagrant machine to /var/www/vhosts/*.dev/public, for example my local development environment project1.dev is located in /var/www/vhosts/project1.dev/public
So when I add a new (sub)project into my box, I do not need to change my config.yaml (Vagrant installed via puphpet.com) and reload the machine.
On my computer, I added the following to the hosts file in /private/etc:
192.168.56.101 *.dev
On my VM, I changed my 10-default_vhosts80.conf in /etc/apache2/sites-enabled to:
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
<VirtualHost *:80>
ServerName default
## Vhost docroot
DocumentRoot "/var/www/default"
## Directories, there should at least be a declaration for /var/www/default
<Directory "/var/www/default">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
## Load additional static includes
## Logging
ErrorLog "/var/log/apache2/default_vhost_80_error.log"
ServerSignature Off
CustomLog "/var/log/apache2/default_vhost_80_access.log" combined
## Custom fragment
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/default/$1
</VirtualHost>
<VirtualHost *.dev:80>
ServerName dev
VirtualDocumentRoot /var/www/vhosts/%0
</VirtualHost>
Unfortunately, this doesn't work. Any ideas? I am a beginner in this subject.
I use a proxy auto configuration file. This works on Windows, MacOS and Linux. Easy, flexible and no additional software required. The following example routes all *.dev traffic to your vagrant box:
function FindProxyForURL(url, host) {
if (dnsDomainIs(host, ".dev")) {
return "PROXY 127.0.0.1:8080";
}
return 'DIRECT';
}
When needed, replace 127.0.0.1:8080 with the IP and webserver port of your vagrant box. Store this file somewhere. You can store it locally or let the webserver on your Vagrant-box host the file.
Windows: See here how to use the PAC file on Windows.
MacOS: See here how to use the PAC file on MacOS. You can link to the file using file:///Users/username/path/to/proxy.pac.
Linux: For linux it depends, but I'm sure linux users will be able to Google for their specific situation.
Unfortunately hosts files do not support using wildcards. You have to manually define each and every host to redirect.
Also, your hosts file is at /etc/hosts
In the end, I use dnsmasq to route all .localdev Domains to 127.0.0.1. Note that I am using .localdev instead of just .dev or .local as this seems to cause problem (OS X 10.10) because .dev is a proposed gTLD and .local is used by Apple's Bonjour.
Then I configured Apache by creating and enabling this site:
<VirtualHost *:80>
ServerAlias localhost *.localdev #wildcard catch all
VirtualDocumentRoot /hosts/%1/public
UseCanonicalName Off
<Directory "hosts">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
(from: http://brunodbo.ca/blog/2013/04/26/setting-up-wildcard-apache-virtual-host-wildcard-dns)
I have a server with multiple websites hosted and distinguishable using name-based virtual hosting of apache.
How do I set it so that a specific website is hosted when the ip of my server is entered in the address bar?
What you want to use is the _default_ VirtualHost.
<VirtualHost _default_:80>
DocumentRoot /www/default80
# ...
</VirtualHost>
It's described here. Basically if nothing else match the request the _default_ host will be used.
EDIT
This could also be written as:
<VirtualHost *>
DocumentRoot /www/default
# ...
</VirtualHost>
Is is important that this is the first VirtualHost in the configuration since Apache will start matching them from top to bottom, selecting the one that fit the best based on ServerName and ServerAlias.
This post might also be of interest:
Apache default VirtualHost
just find the Include sites-enabled/ line in your apache2.conf file and add the path to the conf file you want to be site default above it. from:
Include sites-enabled/
to
Include sites-enabled/mydefault.conf
Include sites-enabled/
When you first install apache2, there is a site configuration file named 000-default.conf. This is going to be the default because it is very likely to appear first in the list of files under /etc/apache2/sites-enabled.
To have your own file as the default, you can either replace the file under /etc/apache2/sites-available/000-default.conf with your own, or replace the link like so:
sudo rm /etc/apache2/sites-enabled/000-default.conf
sudo ln -s ../sites-available/my-site-setup.conf /etc/apache2/sites-enabled/000-default.conf
Then restart apache2 (or just reload).
The _default_ as mentioned by the other answer is for defining a virtual host which can be found with the default IP address. It's not the default virtual host.
<VirtualHost _default_:80>
...
is equivalent to
<VirtualHost *:80>
...
The * is a globing pattern which matches any IP addresses.
Note:
Replacing the 000-default.conf file is okay, but in most cases the installation package is going to view that as a modified file and manage it in some weird way which is why I think it's cleaner to only change the soft link.
Keep it clean, don't delete or edit anything in /etc/apache2/sites-available/.
Create all new site configurations in /etc/apache2/sites-available/. Copy whatever site configuration you want enabled to /etc/apache2/sites-enabled/. Only make sure /etc/apache2/sites-enabled/ has only one configuration file.
Sample format for new apache site configurations in Ubuntu 20.04 LTS is
<VirtualHost *:80>
ServerName http://localhost
ServerAdmin admin#mysite.com
DocumentRoot /var/www/html/mysiteroot/public
<Directory /var/www/html/mysiteroot>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Notice that 000-default.conf is by default in both directories mentioned above and should only be replaced by your new configuration in /etc/apache2/sites-enabled/ so that it can be restored anytime you need it.
Restart Apache2 service after you make any configuration changes.