Change the DocumentRoot folder in apache cause permission issue - apache

I installed a LAMP in my AWS EC2 instance. The DocumentRoot folder is in /var/www/html. What I did is to copy the html folder into my /home/ec2-user and rename it to www. Then the DocumentRoot is changed to /home/ec2-user/www. Of course the https.conf is changed accordingly. Here it is:
#DocumentRoot "/var/www/html"
DocumentRoot "/home/ec2-user/www"
<Directory />
#Options FollowSymLinks
#AllowOverride None
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
#<Directory "/var/www/html">
<Directory "/home/ec2-user/www">
The problem is I got the following error message after I restart the https service.
You don't have permission to access / on this server.
The owner and the permission is the same for both folder. Here are the screenshots:
I searched in stack overflow and found some similar issues. But none of them work for me. Can anybody help? Thanks

the issue is the user apache runs as, is not ec2-user.
You could change it, but putting your doc root inside of the ec2-user's home directory is probably not a good idea. More then likely everything you do on your instance is as the ec2-user (who is a sudoer and has access to pretty much everything), so if someone was to compromise a script that apache is running, they would literally have full control over your instance.

Related

httpd (apache server) on fedora, symbolic links work but unable to see/access files inside?

I'm running httpd on fedora server 35 and want to use it to serve files on my local network. It works fine for files stored under the /var/www/html directory directly (e.g. /var/www/html/videos/video.mp4 can be accessed with http://IP/videos/video.mp4 on any local device).
I want to serve files stored in other locations in the file system. My plan was to create symbolic links to those locations. When I do that, I run into forbidden errors when trying to access the files (e.g. A video file /files/videos/video.mp4 linked with a sym link /var/www/html/videos-link -> /files/videos/ so that I would (theoretically) access it with http://IP/videos-link/video.mp4
I can navigate to http://IP/videos-link fine (an Index of DIRECTORY page, but no files are listed), but trying to access the file (http://IP/videos-link/video.mp4) gives me 403 forbidden.
My config (/etc/httpd/conf/httpd.conf) looks like this (it's a bit messy since I've been trying to fix this myself):
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www">
Options +FollowSymLinks +Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
...
<Directory "/files/videos">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In attempts to make it work I've made sure the sym link and all the directories have the same owner and that their all 777 so ownership/read perms shouldn't be an issue. Would greatly appreciate some help, thanks.
My issue was with SELinux. To get it working immediately I was able to set SELinux to permissive mode with
# setenforce 0
That refreshes on boot and is probably insecure, so the permanent fix (to just let httpd through) would be:
# semanage permissive -a httpd_t
More details on SELinux in Fedora can be found here: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/

Apache2 Alias Prerequisites

I have four Web development systems, two with Windows 10 and two with Ubuntu Linux and have set up Alias folders on three without a problem but am currently traveling and having trouble with the fourth. It is running Ubuntu with Apache2. A sample of one of the VirtualHost entries is below.
<VirtualHost devsite.dev:80>
DocumentRoot /var/www/html/devsite.dev
ServerName devsite.dev
Alias /common/ /var/www/html/devsite.dev/common/
<Directory "/var/www/html/devsite.dev">
AllowOverride None
Options FollowSymLinks Indexes
Require all granted
</Directory>
Options FollowSymLinks
</VirtualHost>
The above does not work so what did I miss? All site folders including the common folder are in /var/www/html/ and I must have missed something as the alias is not working. In other words, each site has its own sitename.dev folder so http://devsite.dev/ pulls up the site but there is no physical folder within the site folder for http://devsite.dev/common/ to work so needs an Alias. Not sure if trailing slashes are needed or not and can't recall what my other systems have but either way it doesn't seem matter here.
When I say it doesn't work, I mean that the aliased folder does not show up in the PC's file manager as it does on all my other systems and the site cannot find it using the browser in order to load files from it as I showed above in the sample URLs.
Perhaps I was not too clear that common is not within /var/www/html/devsite.dev. Instead it is at /var/www/html/common and it does require an Alias to work. Also, there is already a DocumentRoot /var/www/html line in the Apache 000-default.conf file.
I was under the mistaken impression that the Alias path was telling the system where the alias should appear but I was obviously wrong so here's the answer for others to see. Still not sure of the trailing slashes but, as it is working with them, I'll leave them in.
<VirtualHost devsite.dev:80>
DocumentRoot /var/www/html/devsite.dev
ServerName devsite.dev
Alias /common/ /var/www/html/common/
<Directory "/var/www/html/devsite.dev">
AllowOverride None
Options FollowSymLinks Indexes
Require all granted
</Directory>
Options FollowSymLinks
</VirtualHost>

Local website not working

I'm having a lot of trouble setting up a local website that I need to do some work on.
I have 2 local sites: "first_training" and "resus_skills"
The former, first_training, works. I have it set up that first_training.loc/ takes me to the local site. resus_skills is set up in the exact same way, but when I try to access resus_skills.loc/ all I get is:
Here are the details of my setup, as well as some screenshots of it:
/etc/apache2/sites-available/resus_skills.conf :
<VirtualHost *:80>
ServerName resus_skills.loc
ServerAlias www.resus_skills.loc
DocumentRoot "/var/www/resus_skills"
<Directory "/var/www/resus_skills">
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I made sure to enable it with sudo a2ensite resus_skills.conf and have confirmed that it's symlink is present in ``/etc/apache2/sites-enabled`
I've made sure my apache server is running:
and I've run apachectl -S to get this result:
I am able to reach first_training.loc/ with no issues, but cannot reach resus_skills.loc/.
I'm unsure how to troubleshoot this - the apache error.log isn't showing me anything.
Before anyone points out what an idiot I've been - I never updated the /etc/hosts file, which was the only missing step.

Stop Wampserver allowing folder indexes

Just a simple question but I can't seem to find an answer.
I want to have Wampserver hosting a site (I am aware of the security implications of home hosting, don't worry), and I want to stop people accessing the index of folders and viewing all the files. For example, I want mysite/images not to be browsable, but I'd like for the files to be accessible, for example, mysite/images/image1.jpg.
My current virtual host for said website:
<VirtualHost *:25567>
DocumentRoot "C:\Users\Tom\OFFICIAL_WEBSERVERwamp\www\25567"
<Directory "C:\Users\Tom\OFFICIAL_WEBSERVERwamp\www\25567">
AllowOverride All
Require all granted
Options Indexes FollowSymLinks
</Directory>
</VirtualHost>

Apache Stopped Following Symlinks

Yesterday, I had a fistful of sites running locally with no problem. Today, nothing opens and I have a log full of this:
Symbolic link not allowed or link target not accessible: /var/www
I have no idea what I did (I didn't open/change my httpd.conf file in any way), but clearly it was something bad. I run virtual hosts and the root directories are located in ~/Developer/www. In order to share the config files across multiple Macs with different home directories, I've created a symlink, /var/www which points to ~/Developer/www.
All of the virtualhost config files point their DocumentRoot to /var/www/project_directory and its own root directory has the FollowSymLinks option:
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost.local localhost.dev
DocumentRoot /var/www/_localhost
<Directory /var/www/_localhost>
Options FollowSymLinks Indexes
AllowOverride None
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
My main httpd.conf file, similarly, has the FollowSymLinks option enabled for /:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Any idea what I could have done to stop Apache from understanding symlinks or, better yet, what I can do to get it back on track?
Thanks.
UPDATE:
I should add that all of the directories in the "stack" are executable by all users and that this is the native Apache install on OS X Lion.
I guess I made an assumption that I shouldn't have. I had verified every relevant permission except the one that evidently mattered. Apache didn't have execute permissions on my top level home directory. I checked, re-checked and triple checked everything under that, but having never changed anything in that directory itself, I just didn't anticipate it being the issue.