My ubuntu server, few days ago the access.log and error.log files created under /var/log/apache2, but they still empty,
Currently apache is logging into access.log.1 and error.log.1, this issue is happening for all the virtual hosts on my server.
all permision are normally "rw-r--r--" and owner root:adm under the /var/log/apache2
here is my /etc/logrotate.d/apache2 "we didn't change it"
/var/log/apache2/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 644 root adm
sharedscripts
postrotate
if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
/etc/init.d/apache2 reload > /dev/null
fi
endscript
Did you check permission on the /var/log/apache2 directory?
$ ls -l /var/log/
drwxr-x--- 2 root adm 4096 Apr 12 06:55 apache2
I Found the issue was because the apache2 daemon file under /etc/init.d was "some how" erased!!,
I replaced that file from backup and it is logging normally now.
Related
I am attempting to run a laravel app on a local server in https mode in a Fedora 36 OS, but I am given this message
The stream or file "/var/www/compagnon-be/storage/logs/laravel.log"
could not be opened in append mode: Failed to open stream: Permission
denied The exception occurred while attempting to log
It seems to me that my permissions are correct
My DocumentRoot is /var/www/compagnon-be/public
I used these commands from /var/www
sudo chown -R $USER:apache compagnon-be
and
sudo chmod -R 775 compagnon-be
ls -l returns this (muser being my user)
[jaaf#localhost www]$ ls -l
total 12
drwxr-xr-x. 2 root root 4096 17 juin 13:13 cgi-bin
drwxrwxr-x. 14 muser apache 4096 2 déc. 06:32 compagnon-be
drwxr-xr-x. 4 root root 4096 1 déc. 06:52 html
[jaaf#localhost www]$
What is wrong ?
The trouble was coming from selinux.
I tried
sudo restorecon -R -v /var/www/compagnon-be
After that the message changed to
file_put_contents(/var/www/compagnon-be/storage/framework/views/dc2fe5ffc0c4db448244e2a441f79c65b3812ff5.php):
Failed to open stream: Permission denied
Then I decided to install setroubleshoot package in my Fedora distribution and launched sealert
Refreshing the page triggered an alert and sealert gave me the commands to use
It was:
Vous devez modifier l'étiquette sur (You must change label on) « /var/www/compagnon-be/storage/framework/views »
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/compagnon-be/storage/framework/views'
# restorecon -v '/var/www/compagnon-be/storage/framework/views'
i'm facing the next error in a centos 7 server
I take a look to similar questions saying that is because SELinux doesn't allow to httpd to write in my /home folder, i've tried changing the owner of the folder without success; try changing the context (chcon) to httpd_sys_rw_content_t of my /home with the same error; try disabling SELinux and the error persists; and in the file httpd.conf change the User and Group from apache to test this didn't work either. My server is:
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.4.1708 (Core)
Release: 7.4.1708
Codename: Core
and
Linux localhost 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
When I execute move_uploaded_file() from php -a as user test it works normally, i see that the issue is with the user apache
TLDR:
Do not run setenforce 0 command, this will disable SELinux! You should not disable SELinux for security reasons.
The solution:
You should update policy to make SELinux allow read and write on specific directories:
To allow apcahe to read and write.
chcon -R -t httpd_sys_rw_content_t /path/your_writabl_dir
For read only directories:
chcon -R -t httpd_sys_content_t /path/yourdir
For example you can make your public (document root) directory read only and only allow write on directories that you allow you app to write on:
# Make all read only
chcon -R -t httpd_sys_content_t /var/www/myapp
# Only allow write on uploads dir for example
chcon -R -t httpd_sys_rw_content_t /var/www/myapp/public/uploads
I am trying to set a custom umask for a tomcat 8 instance, tried to make it the good way by using the UMask directive in systemd tomcat unit as seen here without luck.
I'd like to set a 022 umask cause the company dev needs to access tomcat / application logs and they are not in the same group as the tomcat user....
the crazy thing is that the systemd doc says :
Controls the file mode creation mask. Takes an access mode in octal notation. See umask(2) for details. Defaults to 0022.
But the logs (application / tomcat) are set to 640 (not the expected 755) :
-rw-r----- 1 top top 21416 Feb 1 09:58 catalina.out
My service file :
# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[...]
User=top
Group=top
UMask=0022
[Install]
WantedBy=multi-user.target
Any thoughts about this ?
Thanks
Try adding UMASK as Environment variable into tomcat's service file:
[Service]
...
Environment='UMASK=0022'
...
Default catalina.sh is checking for environment's $UMASK:
# Set UMASK unless it has been overridden
if [ -z "$UMASK" ]; then
UMASK="0027"
fi
umask $UMASK
(It seems to me, that UMask from systemd is not used by Tomcat, but I am not completely sure.)
I think you can achieve this with systemd by doing the following:
~]# mkdir -p /etc/systemd/system/tomcat.service.d
~]# echo -e "[Service]\nUMask=0022" >/etc/systemd/system/tomcat.service.d/custom-umask.conf
~]# systemctl daemon-reload
~]# systemctl restart tomcat
/etc/systemd/system/tomcat.service.d/umask-user.conf should overwrite the default values.
Source: https://access.redhat.com/solutions/2220161
P.S: A umask of 0022 would give a file 0644 permissions and a directory 0755
if using jsvc to start Tomcat as daemon process, then we need to set the -umask argument in jsvc command line
System: Ubuntu 14.04 LAMP running on Parallels VM set up with Vagrant
I'm writing my first non-trivial shell script to add new web projects to a dev VM on my Mac laptop.
Create a default folder structure in /var/www/
Add a .conf vhost file to /etc/apache2/sites-available with the new domain replacing placeholders via sed
Enable the new site and restart apache
I've got the folders and files copying over and sed seems happy customizing my index.html and .conf vhost file, but a2ensite doesn't seem to see the .conf file in /etc/apache2/sites-available/
I test for its existence and even print a debug listing: ls -al /etc/apache2/sites-available/ | grep $CONFFILE before attempting to enable the site.
I've read here and elsewhere about the importance of having the .conf extension since Ubuntu 13 (or 14) which seems to be a very common issue. My vhost file has the .conf extension so this seems like a different issue.
Can anyone point me in the right direction? I haven't been able to find other postings with this particular problem.
My feeling is that I've got an error in my $CONFFILE variable expansion in the a2ensite command because the error does not show the .conf extension even though the directory listing does:
ERROR: Site /etc/apache2/sites-available/example-com-80 does not exist!
Edit:
After running a2ensite from the command line per Micheal's suggestion below, it seemed to parse fine, but still doesn't show the extension:
$ sudo a2ensite example-com-80.conf
Enabling site example-com-80.
To activate the new configuration, you need to run:
service apache2 reload
End Edit
Edit: Found answer
After searching with broader terms, a2ensite instead of Ubuntu 14.04 Vagrant etc, I found a two year old question where #raina77ow points out that a2ensite just wants the site name, not the whole path. Changing sudo a2ensite /etc/apache2/sites-available/$CONFFILE to sudo a2ensite $CONFFILE
makes the script work as intended. This also explains why my previous attempts to run a2ensite from the command line failed; I was running it from inside /var/www/templates/ and passing in the whole path to the .conf file.
Now, a stackoverflow question, how best should I indicate this is the solution with the limited reputation that I have? And give credit properly?
See edit above for solution
Console output with example.com:
$ ./newvhost
New Server Name with Top Level Domain: example.com
Validating: example.com
New DocumentRoot created: /var/www/example
Copying template structure
Creating: example-com-80.conf
-rw-r--r-- 1 root root 811 Feb 17 15:11 example-com-80.conf
Enabling site
ERROR: Site /etc/apache2/sites-available/example-com-80 does not exist!
newvhost script:
OLDIFS=$IFS
IFS="."
printf "New Server Name with Top Level Domain: "
read NEW_SUBDOMAIN NEW_TLD
IFS=$OLDIFS
NEW_FULL_NAME="$NEW_SUBDOMAIN.$NEW_TLD"
echo "Validating: $NEW_FULL_NAME"
if [[ "$NEW_TLD" != "com" && "$NEW_TLD" != "dev" ]] ; then
echo -e "\E[31;1mTLD must be com or dev! \033[0m"
exit 1
fi
if [ -d "/var/www/$NEW_SUBDOMAIN" ]; then
echo -e "\E[31;1mRoot directory /var/www/$NEW_SUBDOMAIN already exists!\033[0m"
exit 1
fi
mkdir /var/www/$NEW_SUBDOMAIN
if [ -d "/var/www/$NEW_SUBDOMAIN" ]; then
echo "New DocumentRoot created: /var/www/$NEW_SUBDOMAIN"
else
echo -e "\E[31;1mUnable to make directory\033[0m"
exit 1
fi
echo "Copying template structure"
cp /var/www/templates/structure/. /var/www/$NEW_SUBDOMAIN/ -R
sed -i "s/TEMPLATE/$NEW_FULL_NAME/g" /var/www/$NEW_SUBDOMAIN/index.html
CONFFILE="$NEW_SUBDOMAIN-$NEW_TLD-80.conf"
echo "Creating: $CONFFILE"
sudo cp /var/www/templates/vhost_template.conf /etc/apache2/sites-available/$CONFFILE
sudo sed -i "s/FULLNAME/$NEW_FULL_NAME/g" /etc/apache2/sites-available/$CONFFILE
sudo sed -i "s/DOMAINNAME/$NEW_SUBDOMAIN/g" /etc/apache2/sites-available/$CONFFILE
if [ -e "/etc/apache2/sites-available/$CONFFILE" ]; then
ls -al /etc/apache2/sites-available/ | grep $CONFFILE # DEGBUG Listing to doubly confirm $CONFFILE exists
echo "Enabling site"
sudo a2ensite /etc/apache2/sites-available/$CONFFILE
sudo apache2ctl graceful
fi
Thanks,
Any other suggestions for improving the script are very welcome as long as that doesn't run afoul with the terms of StackOverflow.
The answer, in short, is that a2ensite just wants the name of the site.conf and not the whole path to the file.
So sudo a2ensite example-com-80.conf
I found this in an earlier answer by #raina77ow.
I am on someone else's linux server (shared hosting). I do not have root access. I have determined that it's a Redhat 4.1.2-46 running as Centos Release 5.9(Final).
I have the database dump for the site and the .php files from public_html as well. What I'm TRYING TO DO is locate the httpd.conf file and get the config for that site.
when I type in
httpd - v
I get -bas: httpd: command not found - even in like the /user/sbin directory - and it's clearly running and there.
Bottom line I can't find the sitedef/conf file for www.thisparticularsite.com - and can't even figure out what version of apache I'm running...
For Apache 2 try apache2ctl -v (or sudo apache2ctl -v if root access is available). I'm on a Raspberry Pi 4B running Debian, just for reference.
The init files of apache are usually located in /etc/init.d the httpd path are found in it. However, You can find out where the httpd.conf file and httpd command directory by doing a ps aux|grep -i http. For example:
ps aux|grep -i http
510 2594 0.0 0.0 77256 1516 ? S Jul02 0:00 **/usr/sbin/httpd-0.0.0.0_80** -k start -f **/etc/httpd/conf/instances/httpd-0.0.0.0_80/httpd.conf**
root 5470 0.0 0.0 77120 872 ? Ss 2013 22:13 **/usr/sbin/httpd-0.0.0.0_80** -k start -f **/etc/httpd/conf/instances/httpd-0.0.0.0_80/httpd.conf**
Conclusion:
httpd.conf file path: **/etc/httpd/conf/instances/httpd-0.0.0.0_80/httpd.conf**
httpd command directory: **/usr/sbin/httpd-0.0.0.0_80**
As mentionned by apache.org, httpd command should not be invoked directly.
see source
If you're trying to find loaded modules, earlier the command was httpd -l. But it'll give you the same error, Command 'httpd' not found,
Nowadays, you can use apache2 -l (tested on Apache/2.4.29).