I've seen hudreds of questions like this and most of them end up in changing the syntax to latest Apache version or messing up with .htaccess. But not in my case since I used fresh F23 install and never played with erarlier Apache versions. I'm trying to set up a simple virtual host that binds to one of my IP's. Here is what I put in /etc/httpd/conf.d/internal.conf
Listen 10.10.1.177:80
<VirtualHost 10.10.1.177:80>
DocumentRoot "/home/www"
DirectoryIndex index.html
ServerName internal:80
<Directory “/home/www“>
Options All Indexes FollowSymLinks
Options +Indexes
Require all granted
</Directory>
LogLevel debug
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/internal-error.log
CustomLog /var/log/httpd/internal-access.log combined
</VirtualHost>
When I try:
curl http://10.10.1.17
From other host in that network, first 403 page appears and get redirected to default fedora-apache page. This entries entries gets into error log:
2016-04-21 22:45:50.610696 AH01626: authorization result of Require all denied: denied
2016-04-21 22:45:50.610724 AH01626: authorization result of <RequireAny>: denied
2016-04-21 22:45:50.610729 AH01630: client denied by server configuration: /home/www/
2016-04-21 22:45:50.610763 AH01626: authorization result of Require all granted: granted
2016-04-21 22:45:50.610771 AH01626: authorization result of <RequireAny>: granted
I just want this virtual server to serve anything that I put to /home/www. What am I missing?
I changed main httpd.conf file to bind to my other network interface.
I have "greped" all .conf files for "deny|denied" statements and found only default "Require all denied" for "/" directory and .ht files in main config.
There is a LocationMatch directive in /etc/httpd/conf.d/welcome.conf that is causing this behavior:
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /.noindex.html
</LocationMatch>
Comment out the comments of that file (or empty out that file), but
do not remove that file, because a subsequent upgrade of the httpd
package will then bring it back. It will not be overwritten if you
have modified it locally.
Related
I have a VirtualHost that I am using to serve requests to files in /var/www/project/src.
I also have a Perl script (CGI binary) that is in /var/www/project/src/cgi-bin/index.pl.
Here's the part of the directive relevant to my question:
<VirtualHost example.com:443>
...
DocumentRoot "/var/www/project/src"
<Directory "/var/www/project/src">
Require all granted
Options +MultiViews +ExecCGI
AddHandler cgi-script .pl
DirectoryIndex /cgi-bin/index.pl
</Directory>
</VirtualHost>
The server starts, but access to the host fails as I get a 403 error.
The Apache logs indicate that the web server cannot find {document-root}/cgi-bin/index.pl:
[Thu Nov 09 11:37:03.578316 2017] [autoindex:error]
[pid 122783] [client example-client.com:57203] AH01276:
Cannot serve directory /var/www/project/src/: No matching
DirectoryIndex (/cgi-bin/index.pl) found, and server-
generated directory index forbidden by Options directive
This directory and index.pl file are in the right location, are owned by the apache user, and have permissions which allow others to read the contents of directories and execute the index.pl CGI-bin.
Moreover, if I change paths in DocumentRoot and Directory variables, the following configuration works:
<VirtualHost example.com:443>
...
DocumentRoot "/"
<Directory "/">
Require all granted
Options +MultiViews +ExecCGI
AddHandler cgi-script .pl
DirectoryIndex /var/www/project/src/cgi-bin/index.pl
</Directory>
</VirtualHost>
Apache starts up, and my access to the host in turn loads /cgi-bin/index.pl, which is rendered correctly.
Question: What would cause the first set of directives to fail, where the second set works?
More specifically: What is preventing the first set of directives from finding /cgi-bin/index.pl in the specified document root, while the second set correctly finds the fully-qualified path /var/www/project/src/cgi-bin/index.pl?
Note: The items in ... do not seem relevant to the issue — whether I remove them, alter them, or leave them, the error and log messages are the same in any case — so I am leaving them out for brevity.
Try changing permissions for /var/www, /var/www/project, /var/www/project/src and/or /var/www/project/src/cgi-bin
Update: Also, don't forget to restart Apache server after making changes.
What's happening is your excessive zeal an excess in your zeal... in the first example, DirectoryIndex /cgi-bin/index.pl points towards your ROOT directory, then searching for a folder caller cgi-bin. This also happens in the second example, but since you give the full path, Apache finds it. Try removing the / before cgi-bin and the issue should fix itself.
Im setting up a localhost for the first time. I have something weird going on.
I running Fedora 24 with apache with the root folder at /var/www/html.
I have tested that this works by using vi to create an index.html which loads fine.
But now I have written some html and php files and moved them to the root dir.
Imediately I get 403 message. Log writes Out this:
[Tue Apr 04 16:06:52.116376 2017] [core:error] [pid 15260] (13)Permission denied: [client ::1:40686] AH00132: file permissions deny server access: /var/www/html/index.html
Now I create a test.html with sudo vi test.html and this file is able to load without a 403.
I then matched all the ownership and permissions to the file that loaded correctly.
And still nothing.
in the config file This stands out:
<Directory "/var/www">
AllowOverride None
Allow open access:
Require all granted
</Directory>
and:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Am i missing somthing here?
It's been a while since I used the Apache httpd web server in windows.
when I try to request localhost/index.html, I get a 500 error and I see this in the error log:
[client 127.0.0.1] configuration error: couldn't perform authentication. AuthType not set!: /
This line in my httpd.conf may be involved.
<Directory />
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
my apache version is 2.2
OS : windows 7
how do I solve this 500 error?
Remove the line Require all granted.
Allow from all in version <2.4 is equivalent to Require all granted for 2.4+.
I have made a setup of Apache2.4 + FastCgi, PHP-FPM, SuExec which works correctly without Suexec. But when i enable Suexec its giving me File does not exist error (404 Not Found Error in browser when i access php script).
Note: PHP Script works through PHP-FPM when i turn OFF "FastCgiWrapper" but when i turn ON its giving me 404 error.
Apache Error Log (Last Line):
[authz_core:debug] [pid 3906:tid 140546979436288] mod_authz_core.c(802): [client 192.168.91.132:58225] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 3906:tid 140546979436288] mod_authz_core.c(802): [client 192.168.91.132:58225] AH01626: authorization result of <RequireAny>: granted
[authz_core:debug] [pid 3906:tid 140546979436288] mod_authz_core.c(802): [client 192.168.91.132:58225] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 3906:tid 140546979436288] mod_authz_core.c(802): [client 192.168.91.132:58225] AH01626: authorization result of <RequireAny>: granted
[core:info] [pid 3906:tid 140546979436288] [client 192.168.91.132:58225] AH00128: File does not exist: /etc/apache2/fcgi-app/info.php
Configuration:
/etc/apache2/mods-available/fastcgi.conf
FastCgiWrapper On
/etc/apache2/suexec/www-data
/var/www/html
/cgi-bin
/etc/apache2/sites-available/example.net.conf
<VirtualHost *:80>
ServerName example.net
ServerAdmin example#example.net
DocumentRoot /var/www/html/example.net/public_html
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
SuexecUserGroup example examplegrp
AddHandler php-fcgi-hand .php
Action php-fcgi-hand /php-fcgi-uri
Alias /php-fcgi-uri fcgi-app
FastCgiExternalServer fcgi-app -socket /var/run/php5-fpm-example.sock -pass-header Authorization -idle-timeout 30000 -flush
<Location /php-fcgi-uri>
Require all granted
</Location>
</VirtualHost>
/etc/php5/fpm/pool.d/example.conf
[example]
user = example
group = examplegrp
listen = /var/run/php5-fpm-example.sock
listen.owner = example
listen.group = examplegrp
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
/var/www/html/example.net/cgi-bin/php.cgi
#!/bin/sh
PHP_FCGI_CHILDREN=5
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=500
export PHP_FCGI_MAX_REQUESTS
exec /var/www/html/example.net/cgi-bin
Folder Structure and Permission
/var/www/html/example.net/cgi-bin/php.cgi
/var/www/html/example.net/public_html/info.php
drwxrwxrwx 13 www-data www-data var
|____drwxr-xr-x 5 www-data www-data www
|____drwxr-xr-x 6 www-data www-data html
|____ drwxr-xr-x 4 example examplegrp example.net
|______ drwxr-xr-x 2 example examplegrp cgi-bin
|_____-r-xr-xr-x 1 example examplegrp php.cgi
|______ drwxr-xr-x 2 example examplegrp public_html
|_____-rwxr-xr-x 1 example examplegrp info.php
I wrote this working configuration long ago and it works on Apache 2.4.x so I'm going to recommend you give it a try https://gist.github.com/diemuzi/3849349. It's too large to post in an answer here. You'll find all the configurations you'll need. You may even see something I have done differently compared to what you have posted here too.
However I will also recommend that you stop thinking about using the FastCgiExternalServer like you are trying and as you will find in my example. But instead look into using the mod_proxy_fcgi. This is a much simpler way of connecting to FPM now and it does support sockets as of recently.
Here is an example of the mod_proxy_fcgi way:
# PHP-FPM via Socket
<IfModule proxy_module>
<IfModule proxy_fcgi_module>
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/usr/local/php/etc/php-fpm/[USERNAME].sock|fcgi://localhost/vhosts/[DOMAIN]/public/
</IfModule>
</IfModule>
Of course you will want to change the unix: path and the path to your root document too. Notice the localhost part, that is not a mistake. It really does not matter what you put for localhost but I figured it looked better. Yes, my domain is accessible via the IP and Domain even though it says localhost so don't let that fool you.
If you want to use the TCP way of using mod_proxy_fcgi you can do it this way too:
# PHP-FPM via TCP
<IfModule proxy_module>
<IfModule proxy_fcgi_module>
<Location ~ ^/(.*\.php(/.*)?)$>
ProxyPass fcgi://127.0.0.1:[PORT]/vhosts/[DOMAIN]/public/
</Location>
</IfModule>
</IfModule>
Of course make sure the 127.0.0.1:[PORT] matches what you have inside of your FPM Pool, so change it accordingly. Again, make sure you change the path to the document root too.
The three answers I've given you are all working examples. I even tested just before I posted this answer.
You ask for Apache to run as user example, but you set the configuration file for user www-data . The documentation says that the config file /etc/apache2/suexec/www-data is read when the Apache user is www-data. I never experimented with that, but it might be that you need to set the config file /etc/apache2/suexec/example. One thing that I find a bit confusing is these two stages: the Apache user and then the target user, which is allowed to run the target cgi. Suexec runs checks in these two stages. The custom version of suexec allows a different Apache user to run with a different config file, but this is different from the selection of a target user with the SuexecUserGroup Apache directive. We don't need to change the Apache user, if we only want to change the target user, the one that will run the CGI. For that purpose, the pristine version is sufficient. Anyway, this is my understanding. I hope it helps someone.
I am using a new CentOS 6.3 minimal install with fresh httpd installed
When I go to my virtual host it is showing me the apache test page, and then if I go to mydomain.co.uk/index.html (That I have just set up to test with) it says forbidden. All the usual answers to this don't seem to be working and I have honestly looked through tons of forums and other people questions/answers and nothing seems to be working for me.
I have created a group called 'www' that I have added the user 'apache' to.. This is my root directory in httpd.conf file, I have left it pretty open just for testing:
<Directory />
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from All
</Directory>
This is my vhosts file:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www/html/
</VirtualHost>
<VirtualHost *:80>
ServerName domain.co.uk
ServerAlias www.domain.co.uk
DocumentRoot /home/domain/public_html
<Directory "/home/domain/public_html">
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
From /home/ onwards I have set the group to www
When ls -lA on home folder I get
drwxrwsr-x. 5 root www 4096 Feb 5 20:57 home
The error I am getting in my logs file is a permission one:
[Wed Feb 06 10:24:42 2013] [error] [client 62.254.7.226] (13)Permission denied: access to /index.html denied (filesystem path '/home/domain/public_html/index.html') because search permissions are missing on a component of the path
As is everything else in that folder. I really don't know what to try next. I have come to the point of needing to ask for my specific setup as following other tutorials or answers has not worked for me. Any help is greatly appreciated!
Error 13 means that the user/group specified in your apache configuration (httpd.conf) didn't have permission to access the files. The files, and all the directories above them, need to have permission that allow for that user and group.
One of the trickier bits can be extended permissions. If you are running selinux, the server user could be denied because of the extended permissions on the file. To check for this, run (from the command line):
setenforce 0
If the problem goes away (i.e. the page is visible) then your extended permissions are blocking access.
See http://wiki.apache.org/httpd/13PermissionDenied for details.
Selinux is not expecting the http server to access files under /home/domain since it is not a standard path.
You can change it with following command:
chcon -R --type=httpd_sys_rw_content_t /home/domain/public_html/