I'm trying to setup an apache2 server on debian jessie with multiple vhosts. I want each one of them to have a different FastCgiExternalServer. I'm using the php version from php5-fpm package on jessie with default /etc/php5/fpm configuration files.
Basic apache configuration is working fine :
<VirtualHost *:80>
ServerName lalala.org
DocumentRoot "/path/to/app/www"
<Directory "/path/to/app/www">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
FastCgiExternalServer /path/to/app/www -socket /var/run/php5-fpm.sock
AddHandler php-fcgi .php
Action php-fcgi /path/to/app/www
</VirtualHost>
However, I got 403 errors on .css, .js files. I read this article : http://whocares.de/fastcgiexternalserver-demystified/8/, but even with this configuration :
FastCgiExternalServer /path/to/app/www -socket /var/run/php5-fpm.sock
AddHandler php-fcgi .php
Action php-fcgi /virtualpath
Alias /virtualpath /path/to/app/fcgi-uri
(/path/to/app/fcgi-uri is a symlink to /path/to/app/www)
It doesn't work. It's as if I had a local problem but can't figure out what.
Thanks
EDIT :
I found a solution that makes fastcgi execution work :
<FilesMatch \.php$>
SetHandler "proxy:unix:/path/to/sock/socket.sock|fcgi://localhost"
</FilesMatch>
But I think this is more a workaround than a solution.
Related
CONTEXT. I work on a server running Centos 8.3 with Apache 2.4.37.
In Apache's vhosts.conf configuration file I have this vhost for one of my websites:
<VirtualHost *:80>
ServerAdmin se#site.com
DocumentRoot /var/www/html/site
ServerName site.com
ErrorLog /var/log/httpd/admin-site.com-error_log
CustomLog /var/log/httpd/admin-site.com-access_log common
<Directory "/var/www/html/site">
Options SymLinksIfOwnerMatch
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<Files ~ "test\.txt">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch "\.(txt|png)$">
Order Allow,Deny
Deny from all
</FilesMatch>
</VirtualHost>
I have these two different scenarios:
If in the DocumentRoot folder I put only static files (html, css, images, etc), the Files and FilesMatch directives work perfectly and the frontend looks excellent.
If I put a Ghost installation in the DocumentRoot folder, I necessarily have to add the following Proxy directives to the vhost. And when doing so, the frontend looks great too, but the Files and FilesMatch directives NOT work at all, i.e. the browser allows me to open site.com/test.txt and site.com /file.png, when they shouldn't open.
ProxyRequests off
ProxyPass / http://localhost:2368/
ProxyPassReverse / http://localhost:2368/
Any ideas how to get the Files and FilesMatch directives to work on my Ghost installation?
I already tried this:
For those thinking about .htaccess. If I activate AllowOverride so that the .htaccess is read: I already tried and the directives in the .htaccess don't work either.
For those thinking of Deny from all. I know Deny from all is for Apache 2.2, and for 2.4 Require all denied should be used. I have done tests and in my Apache 2.4 the Require does not work, it only works Deny from all.
I need some advice on how to properly setup the vhosts file directives preferably without changing the apache2.conf contents. This is for apache 2.4.
Currently, I get AH01797: client denied by server configuration probably caused by the Require all denied in the apache2.conf.
apache2.conf:
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
Require all denied
</Directory>
vhosts file:
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName sub.example.com
ServerAlias sub.example.com
<Directory /var/www/sub.example.com>
AllowOverride None
Allow from all
Require all granted
</Directory>
</VirtualHost>
</IfModule>
Thank you!
UPDATE
Adding this to the apache2.conf works, it just doesn't work in vhosts file. Any idea why?
<Directory /var/www/sub.example.com>
AllowOverride None
Allow from all
Require all granted
</Directory>
In 2.4, you shouldn't use Order, Deny, or Allow at all. Purge them and replace with Require.
UPDATE Adding this to the apache2.conf works, it just doesn't work in vhosts file. Any idea why?
Maybe the vhosts file isn't included in your configuration, or mod_ssl is not loaded so the whole thing is commented out? The IfModule doesn't make much sense here.
I've inherited an existing Silverstripe 3.4 site and am setting up a new Vagrant VM for it. It has an /app directory that Grunt copies into /public-www on build. Composer pulls everything else into public-www.
Website loads fine. Home page, and subpages multiple levels deep like http://mysite.local/dev/tasks. However it's not possible to load the admin login page.
http://mysite.local/admin redirects to http://mysite.localadmin/pages
(slash removed)
http://mysite.local/admin/pages redirects to
http://mysite.localsecurity/login?BackURL=%2Fadmin%2Fpages (slash
removed again after redirecting to security this time)
http://mysite.local/security/login?BackURL=%2Fadmin%2Fpages redirects
to a 404 (Silverstripe type, not apache)
http://mysite.local/Security/login?BackURL=%2Fadmin%2Fpages (note manually changing to uppercase "Security") loads the login form, but the default dev login defined in _config.php does not work.
Surely an Apache issue. The .htaccess file is the same that is running live right now without issue. But I can't see the problem in either. The following is my apache config (/etc/apache2/sites-enabled/default.conf)
ServerName local
DocumentRoot /var/www/html
<IfModule mod_fastcgi.c>
AddHandler php56-fcgi-www .php
Action php56-fcgi-www /php56-fcgi-www
Alias /php56-fcgi-www /usr/lib/cgi-bin/php56-fcgi-www
FastCgiExternalServer /usr/lib/cgi-bin/php56-fcgi-www -socket /run/php/php5.6-fpm.sock -idle-timeout 1800 -pass-header Authorization
<Directory "/usr/lib/cgi-bin">
Require all granted
</Directory>
</IfModule>
<IfModule mod_fastcgi.c>
AddHandler php71-fcgi-www .php
Action php71-fcgi-www /php71-fcgi-www
Alias /php71-fcgi-www /usr/lib/cgi-bin/php71-fcgi-www
FastCgiExternalServer /usr/lib/cgi-bin/php71-fcgi-www -socket /run/php/php7.1-fpm.sock -idle-timeout 1800 -pass-header Authorization
<Directory "/usr/lib/cgi-bin">
Require all granted
</Directory>
</IfModule>
<IfModule mod_fastcgi.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler php56-fcgi-www
</FilesMatch>
</IfModule>
<Directory "/var/www/">
AllowOverride All
</Directory>
<VirtualHost *:80>
DocumentRoot /var/www/html/mysite/public-www
ServerName mysite.local
<IfModule mod_fastcgi.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler php56-fcgi-www
</FilesMatch>
</IfModule>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/phpmyadmin
ServerName phpmyadmin.mysite.local
<IfModule mod_fastcgi.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler php56-fcgi-www
</FilesMatch>
</IfModule>
</VirtualHost>
I found the cause of this weird URL redirection. The /mysite/_config.php file had this in it:
Director::setBaseURL('http://mysite.local');
It looks like it was there to get around errors when /dev/build was run from the command line, which I have since seen show up, but at least now admin works. I tried adding a trailing slash, and that certainly did fix the URLs, but then I couldn't log in for some reason. Remove it entirely and I can log in.
Note those errors are complaining about this:
You probably want to define an entry in $_FILE_TO_URL_MAPPING that
covers "/var/www/html/website/public-www"
Despite exactly that being right above the setBaseURL() line I removed.
global $_FILE_TO_URL_MAPPING;
$_FILE_TO_URL_MAPPING['/var/www/html/website/public-www'] = 'http://mysite.local';
Which I think is in the wrong place in /mysite/_config.php. After moving to _ss_environment.php, all is well there too.
I have the following problem:
I want to access a mono application via ssl. I want it to be not accessible without ssl.
I am using apache2.4 and mod-mono-server4.exe 3.0.0.0
At the moment I have a working configuration like this:
<VirtualHost *:80>
DocumentRoot /srv/www/htdocs/my-mono-app
#SSLEngine on
#SSLCertificateFile /path/to/key.pem
#SSLCertificateKeyFile /path/to/key.pem
MonoAutoApplication disabled
MonoServerPath my-mono-app "/usr/bin/mod-mono-server4"
MonoApplications my-mono-app "/my-mono-app:/srv/www/htdocs/my-mono-app"
<Directory /srv/www/htdocs/my-mono-app>
Require all granted
MonoSetServerAlias my-mono-app
SetHandler mono
</Directory>
</VirtualHost>
But as soon as I turn the SSLEngine on and change the port to 443 it does not work anymore. It just says: Object not found! if i navigate to the address.
It does not record any errors in the logs.
Can you help me with this please?
PS: Here is the complete not working configuration:
<VirtualHost *:443>
DocumentRoot /srv/www/htdocs/my-mono-app
SSLEngine on
SSLCertificateFile /path/to/key.pem
SSLCertificateKeyFile /path/to/key.pem
MonoAutoApplication disabled
MonoServerPath my-mono-app "/usr/bin/mod-mono-server4"
MonoApplications my-mono-app "/my-mono-app:/srv/www/htdocs/my-mono-app"
<Directory /srv/www/htdocs/my-mono-app>
Require all granted
MonoSetServerAlias my-mono-app
SetHandler mono
</Directory>
</VirtualHost>
I used mono 5.x once. From that experience what I can recall, mod_mono.conf needed modification for directory path. I reached that solution from Apache access and error logs. I tried many ways before that searching the whole earth - symlinking, purge installation and building from source etc. You may try my way keeping a backup of mod_mono.conf.
<IfModule !mono_module>
LoadModule mono_module "libexec/apache2/mod_mono.so"
</IfModule>
<IfModule mono_module>
AddType application/x-asp-net .config .cs .csproj .dll .resources .resx .sln .vb .vbproj
AddType application/x-asp-net .asax .ascx .ashx .asmx .aspx .axd .browser .licx .master .rem .sitemap .skin .soap .webinfo
MonoAutoApplication enabled
MonoDebug true
MonoServerPath "/usr/bin/mod-mono-server4"
MonoSetEnv LANG=fr_FR.UTF-8
MonoUnixSocket "/tmp/.mod_mono"
<IfModule dir_module>
DirectoryIndex Default.aspx
</IfModule>
<DirectoryMatch "/(bin|App_Code|App_Data|App_GlobalResources|App_LocalResources)/">
Order deny,allow
Deny from all
</DirectoryMatch>
<Location "/my-mono-app">
Order deny,allow
Deny from all
Allow from 127.0.0.1 ::1
SetHandler mono-ctrl
</Location>
</IfModule>
It was too bigger to write as comment, it is possibly not 100% warranted answer, depends on your try. That thing in your config is correct :
Require all granted
MonoSetServerAlias my-mono-app
SetHandler mono
Without that stanza odd errors appear.
I'm setting up a virtual host for nagios with Apache 2.4 using mod_proxy_fcgi to forawrd php requests to php-fpm.
I wonder if it's the ProxyPassMatch that is making all of the local resources including images,js,css won't load when I go to 200.000.00:22222/nagios/index.php.
All of the resources are interpreted as Content-Type:text/html; charset=iso-8859-1 as shown in the response headers. They show 403 Forbidden error and in the error log it shows AH01630: client denied by server configuration.
/etc/httpd/conf.d/nagio.conf:
Listen 22222
<VirtualHost *:22222>
ServerName {IP}:22222
AddType image/jpeg jpeg jpg jpe
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
DocumentRoot "/usr/local/nagios"
<Directory "/usr/local/nagios/sbin">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
<LocationMatch "/nagios/((.*\.php)(/.*)?)$">
ProxyPassMatch "fcgi://localhost:9000/usr/local/nagios/share/$1"
</LocationMatch>
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
You need a <Directory /usr/local/nagios> section that permits Apache to serve from that directory. Basically, you need one of these for every Alias or DocumentRoot that isn't under an existing one.
Usually you just need "require all granted" or "order deny,allow (2.2.x and older) in the Directory section -- but check the ones for your existing DocumentRoot's