We Keep Coding

Plesk Implement client SSL certificates for authentication

I need to configure Plesk Apache
Where users will authenticate with a .pfx digital certificate
find text within files
Server Error
403
Forbidden
You do not have permission to access this document.
I use Plesk
I just want the /login/ folder
Request client certificate
https://site.plesk.page/login/
I couldn't get it to work.
Configuration file:
/var/www/vhosts/system/site.plesk.page/conf/httpd.conf
<IfModule mod_ssl.c>
<VirtualHost 177.234.155.186:7081 >
ServerName "site.plesk.page"
ServerAlias "www.site.plesk.page"
ServerAlias "ipv4.site.plesk.page"
UseCanonicalName Off
CustomLog /var/www/vhosts/system/site.plesk.page/logs/access_ssl_log plesklog
ErrorLog "/var/www/vhosts/system/site.plesk.page/logs/error_log"
DocumentRoot "/var/www/vhosts/site.plesk.page/httpdocs"
<IfModule mod_suexec.c>
SuexecUserGroup "cert_a1a3" "psacln"
</IfModule>
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/site.plesk.page/web_users/*"
</IfModule>
<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID "446fa1b6-1832-4b2b-ae5d-aab42b94bd29"
</IfModule>
Alias "/plesk-stat" "/var/www/vhosts/system/site.plesk.page/statistics"
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat /var/www/vhosts/system/site.plesk.page/statistics/webstat
Alias /webstat-ssl /var/www/vhosts/system/site.plesk.page/statistics/webstat-ssl
Alias /ftpstat /var/www/vhosts/system/site.plesk.page/statistics/ftpstat
Alias /anon_ftpstat /var/www/vhosts/system/site.plesk.page/statistics/anon_ftpstat
Alias /awstats-icon /usr/share/awstats/wwwroot/icon
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/scf6sEW8u
SSLCACertificateFile /usr/local/psa/var/certificates/ca-bundle.crt
SSLCACertificatePath /usr/local/psa/var/certificates/
SSLSessionCacheTimeout 1
<Directory /var/www/vhosts/site.plesk.page/httpdocs>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_proxy_fcgi.c>
<Files ~ (\.php$)>
SetHandler proxy:unix:/var/www/vhosts/system/site.plesk.page/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
</IfModule>
SSLRequireSSL
Options -Includes -ExecCGI
</Directory>
<Location /login/>
SSLRequireSSL
ServerSignature On
SSLUserName SSL_CLIENT_S_DN_CN
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient require
SSLVerifyDepth 1
Options +ExecCGI -Indexes -MultiViews
AddHandler cgi-script .cgi .pl .php
SetHandler login
AllowOverride All
Order allow,deny
Allow from all
</Location>
<Directory "/var/www/vhosts/system/site.plesk.page/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile "/var/www/vhosts/system/site.plesk.page/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
Alias /error_docs /var/www/vhosts/site.plesk.page/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407 /error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
DirectoryIndex "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml"
Include "/var/www/vhosts/system/site.plesk.page/conf/vhost_ssl.conf"
<Directory /var/www/vhosts/site.plesk.page>
Options -FollowSymLinks
AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,SymLinksIfOwnerMatch,MultiViews,ExecCGI,Includes,IncludesNOEXEC
</Directory>
#extension sslit begin
#extension sslit end
#extension letsencrypt begin
Alias /.well-known/acme-challenge "/var/www/vhosts/default/htdocs/.well-known/acme-challenge"
<Location /.well-known/acme-challenge/>
# Require all granted
Order Deny,Allow
Allow from all
Satisfy any
</Location>
<LocationMatch "^/.well-known/acme-challenge/(.*/|)\.">
# Require all denied
Order Allow,Deny
Deny from all
</LocationMatch>
#extension letsencrypt end
</VirtualHost>

VPS Nginx/ Apache | multi website doesn't work

I've moved 2 domains on the VPS and they work fine, just one at a time.
If I disable one, then the other one works - not both.
dom1.com , dom2.com
have the same DNS records, except the A records with their domain-name pointing to the same IP on the VPS, their DNS records are both on CloudFlare, and they're both configured the same way on the VPS (with aaPanel).
The only difference is their site directory.
Do you know what could trigger this issue?
CentOS 8
aaPanel 6.8.21
Apache 2.4 (same issue on Nginx 1.19)
DNS manager: CloudFlare
Many Thanks
dom1.com | config
DocumentRoot "/www/wwwroot/dom1.com"
ServerName 745e5c8e.dom1.com
ServerAlias dom1.com mail.dom1.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom1.com-error_log"
CustomLog "/www/wwwlogs/dom1.com-access_log" combined
#HTTP_TO_HTTPS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]
</IfModule>
#HTTP_TO_HTTPS_END
#referenced redirect rule, if commented, the configured redirect rule will be invalid
IncludeOptional /www/server/panel/vhost/apache/redirect/dom1.com/*.conf
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#PATH
<Directory "/www/wwwroot/dom1.com">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
DocumentRoot "/www/wwwroot/dom1.com/"
ServerName SSL.dom1.com
ServerAlias dom1.com mail.dom1.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom1.com-error_log"
CustomLog "/www/wwwlogs/dom1.com-access_log" combined
#SSL
SSLEngine On
SSLCertificateFile /www/server/panel/vhost/cert/dom1.com/fullchain.pem
SSLCertificateKeyFile /www/server/panel/vhost/cert/dom1.com/privkey.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PATH
<Directory "/www/wwwroot/dom1.com/">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
dom2.com | config
ServerAdmin webmaster#example.com
DocumentRoot "/www/wwwroot/dom2.com"
ServerName 218ac146.dom2.com
ServerAlias dom2.com mail.dom2.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom2.com-error_log"
CustomLog "/www/wwwlogs/dom2.com-access_log" combined
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#PATH
<Directory "/www/wwwroot/dom2.com">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>

I found the problem.
aaPanel added a wrong sub-domain in their config file.
So fixing that resolved the issue.

Simple 301 redirect using mod_alias not working

I tried to redirect a page '/page-one' to '/page/one/' just using Redirect directives but it doesn't work. I tried several options but none of them make it works:
Redirect 301 /page-one /page/one/
Redirect permanent /page-one /page/one/
Redirect 301 /page-one https://www.example.com/page/one/
Please find below the whole apache2.conf file I am using in my project:
<VirtualHost xx.xxx.xx.xx:8080>
ServerName example.com
ServerAlias www.example.com
redirect / https://www.example.com/
Redirect 301 /page-one /page/one/
DocumentRoot /home/admin/web/example.com/public_html
<Directory /home/admin/web/example.com/public_html>
AllowOverride All
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir /home/admin/web/example.com/public_html:/home/admin/tmp
php_admin_value upload_tmp_dir /home/admin/tmp
php_admin_value session.save_path /home/admin/tmp
<Files *.php>
SetHandler fcgid-script
</Files>
FCGIWrapper /home/admin/web/example.com/cgi-bin/fcgi-starter .php
</Directory>
<Directory /home/admin/web/example.com/stats>
AllowOverride All
</Directory>
<Directory "/home/user1/public_html">
AllowOverride All
</Directory>
IncludeOptional /home/admin/conf/web/apache2.example.com.conf*
</VirtualHost>
Any suggestions are welcome!
Thanks!

Installing/configurate Symfony3.2 on a Vhost Ubuntu subdomain folder --> Error 403 Forbidden and Error 500

I try to install Symfony3.2 on my vhost, running Plesk under ubuntu.
My goal is to create a production-server-status to test my Symfony-projects online.
I want to get to this project using the URL subexample.example.tld or subexample.example.tld/matchGen.
On my journey through the cavern of tears and everlasting self-doubt, I saw a lot of different errors and even achieved to break the whole vhost down including my email system... great job.
Well.. now I got the error 403 Forbidden.
The good news (at least for me): I see the favicon of symfony and if I try to open the app_dev.php (subexample.example.tld/matchGen/web/app_dev.php) it will say You are not allowed to access this file. Check app_dev.php for more information..
Opening the app.php with subexample.example.tld/matchGen/web/app.phpresult in a redirect to subexample.example.tld/matchGen/web/ and The server returned a "500 Internal Server Error"..
subexample.example.tld runs into Forbidden, too.
I already tried/did the following:
New Install at a different location
PHP matchGen/bin/symfony_requirements --> [OK] Your system is ready to run Symfony projects
Using this as Guide http://symfony.com/doc/current/setup/web_server_configuration.html#web-server-apache-mod-php (Apache 2.4 - FastCGI)--> created my subexample.example.tld.conf in /etc/apache2/sites-available, used a2ensite subexample.example.tld.conf and service apache2 reload --> * Reloading web server apache2, apparently no problems.
I tried to use a different directory for the web folder and all the other stuff --> changed nothing
Changing the rights with chmod and chown --> well... now I know how to apply a backup... long story short --> I was way too naive and learned a valuable lesson with Ubuntu and the change of rights.
https://www.liquidweb.com/kb/apache-error-no-matching-directoryindex-index-html-found-solved/ --> No effect.
Now for the error.logs:
/var/www/vhosts/system/subexample.example.tld/logs/error_logs
[Mon Apr 10 20:41:45.361150 2017] [autoindex:error] [pid 15012] [client 87.147.219.10:5188] AH01276: Cannot serve directory /var/www/vhosts/example.tld/subexample.example.tld/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive
[Mon Apr 10 20:41:47.707623 2017] [autoindex:error] [pid 15012] [client 87.147.219.10:5188] AH01276: Cannot serve directory /var/www/vhosts/example.tld/subexample.example.tld/matchGen/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive
/var/log/apache2/matchGen_error.log and /var/log/apache2/matchGen_access.log are empty.
My configfiles:
/etc/apache2/sites-available/subexample.example.tld.conf
<VirtualHost *:80>
ServerName subexample.example.tld
ServerAlias www.subexample.example.tld
DocumentRoot /var/www/vhosts/example.tld/subexample.example.tld/matchGen/web
<Directory /var/www/vhosts/example.tld/subexample.example.tld/matchGen/web>
AllowOverride None
Require all granted
Allow from All
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app.php [QSA,L]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
</Directory>
# uncomment the following lines if you install assets as symlinks
# or run into problems when compiling LESS/Sass/CoffeeScript assets
# <Directory /var/www/project>
# Options FollowSymlinks
# </Directory>
# optionally disable the RewriteEngine for the asset directories
# which will allow apache to simply reply with a 404 when files are
# not found instead of passing the request into the full symfony stack
<Directory /var/www/vhosts/example.tld/subexample.example.tld/matchGen/web/bundles>
<IfModule mod_rewrite.c>
RewriteEngine Off
</IfModule>
</Directory>
ErrorLog /var/log/apache2/matchGen_error.log
CustomLog /var/log/apache2/matchGen_access.log combined
</VirtualHost>
/var/www/vhosts/system/subexample.example.tld/conf/httpd.conf
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
#IF YOU REQUIRE TO APPLY CUSTOM MODIFICATIONS, PERFORM THEM IN THE FOLLOWING FILES:
#/var/www/vhosts/system/subexample.example.tld/conf/vhost.conf
#/var/www/vhosts/system/subexample.example.tld/conf/vhost_ssl.conf
<IfModule mod_ssl.c>
<VirtualHost xx.xx.xxx.xxx:443 >
ServerName "subexample.example.tld:443"
ServerAlias "www.subexample.example.tld"
ServerAlias "ipv4.subexample.example.tld"
ServerAdmin "root#example.tld"
UseCanonicalName Off
DocumentRoot "/var/www/vhosts/example.tld/subexample.example.tld"
CustomLog /var/www/vhosts/system/subexample.example.tld/logs/access_ssl_log plesklog
ErrorLog "/var/www/vhosts/system/subexample.example.tld/logs/error_log"
<IfModule mod_suexec.c>
SuexecUserGroup "xxxx" "xxxx"
</IfModule>
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/example.tld/web_users"
</IfModule>
<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID "6a66d04f-d22f-4a30-bb80-ca47f117886a"
</IfModule>
ScriptAlias "/cgi-bin/" "/var/www/vhosts/example.tld/subexample.example.tld/cgi-bin/"
Alias "/plesk-stat" "/var/www/vhosts/system/subexample.example.tld/statistics"
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat /var/www/vhosts/system/subexample.example.tld/statistics/webstat
Alias /webstat-ssl /var/www/vhosts/system/subexample.example.tld/statistics/webstat-ssl
Alias /ftpstat /var/www/vhosts/system/subexample.example.tld/statistics/ftpstat
Alias /anon_ftpstat /var/www/vhosts/system/subexample.example.tld/statistics/anon_ftpstat
Alias /awstats-icon /usr/share/awstats/icon
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /opt/psa/var/certificates/certyKQzXqX
SetEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/subexample.example.tld/etc/php.ini
SetEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/subexample.example.tld/etc/php.ini
FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
FcgidMaxRequestLen 134217728
FcgidIOTimeout 600
</IfModule>
TimeOut 600
<Directory /var/www/vhosts/example.tld/subexample.example.tld>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php$)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
</Files>
</IfModule>
SSLRequireSSL
Options -Includes +ExecCGI
</Directory>
<Directory /var/www/vhosts/example.tld/web_users>
<IfModule mod_php4.c>
php_admin_flag engine off
</IfModule>
<IfModule mod_php5.c>
php_admin_flag engine off
</IfModule>
</Directory>
<Directory /var/www/vhosts/subexample.example.tld>
Options +FollowSymLinks
</Directory>
<Directory "/var/www/vhosts/system/subexample.example.tld/statistics">
AuthType Basic
AuthName "Domainstatistiken"
AuthUserFile "/var/www/vhosts/system/subexample.example.tld/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
<IfModule mod_security2.c>
</IfModule>
</VirtualHost>
</IfModule>
<VirtualHost xx.xx.xxx.xxx:80 >
ServerName "subexample.example.tld:80"
ServerAlias "www.subexample.example.tld"
ServerAlias "ipv4.subexample.example.tld"
ServerAdmin "root#example.tld"
UseCanonicalName Off
DocumentRoot "/var/www/vhosts/example.tld/subexample.example.tld"
CustomLog /var/www/vhosts/system/subexample.example.tld/logs/access_log plesklog
ErrorLog "/var/www/vhosts/system/subexample.example.tld/logs/error_log"
<IfModule mod_suexec.c>
SuexecUserGroup "xxxx" "xxxx"
</IfModule>
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/example.tld/web_users"
</IfModule>
<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID "6a66d04f-d22f-4a30-bb80-ca47f117886a"
</IfModule>
ScriptAlias "/cgi-bin/" "/var/www/vhosts/example.tld/subexample.example.tld/cgi-bin/"
Redirect permanent /plesk-stat https://subexample.example.tld/plesk-stat
Redirect permanent /webstat https://subexample.example.tld/webstat
Redirect permanent /webstat-ssl https://subexample.example.tld/webstat-ssl
Redirect permanent /ftpstat https://subexample.example.tld/ftpstat
Redirect permanent /anon_ftpstat https://subexample.example.tld/anon_ftpstat
Redirect permanent /awstats-icon https://subexample.example.tld/awstats-icon
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
SetEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/subexample.example.tld/etc/php.ini
SetEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/subexample.example.tld/etc/php.ini
FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
FcgidMaxRequestLen 134217728
FcgidIOTimeout 600
</IfModule>
TimeOut 600
<Directory /var/www/vhosts/example.tld/subexample.example.tld>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php$)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
</Files>
</IfModule>
Options -Includes +ExecCGI
</Directory>
<Directory /var/www/vhosts/example.tld/web_users>
<IfModule mod_php4.c>
php_admin_flag engine off
</IfModule>
<IfModule mod_php5.c>
php_admin_flag engine off
</IfModule>
</Directory>
<Directory /var/www/vhosts/subexample.example.tld>
Options +FollowSymLinks
</Directory>
<Directory "/var/www/vhosts/system/subexample.example.tld/statistics">
AuthType Basic
AuthName "Domainstatistiken"
AuthUserFile "/var/www/vhosts/system/subexample.example.tld/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
<IfModule mod_security2.c>
</IfModule>
</VirtualHost>
Well, I think that should give you the idea of my problem.
Thank you in advance!
Ah... please explain it for dummies... I know some things... but apparently not enough.
Edit 1:
I tried again to change the rights...
This time I created a new group, put my matchGen folder in it and tried to allow everything in this group.
sudo addgroup Symfony --force-badname
Allowing use of questionable username.
Adding group `Symfony' (GID 1009) ...
Done.
sudo chown root.Symfony /var/www/vhosts/example.tld/subexample.example.tld/matchGen -R
chmod g+rwx /var/www/vhosts/example.tld/subexample.example.tld/matchGen
No change.
Oh.. and I added the user www-data to the group Symfony.
Edit 2:
I tried to work with http://symfony.com/doc/current/setup/web_server_configuration.html#web-server-apache-fpm, but nothing changed.
After the reset I tried to open subexample.example.tld/matchGen/web/ again.
Well it did not work, but this time the error seemed to be different HTTP ERROR 500.
So... after looking in the Looks again --> mod_fcgid: stderr: PHP Fatal error: Uncaught exception 'UnexpectedValueException' with message 'The stream or file "/var/www/vhosts/example.tld/subexample.example.tld/matchGen/var/logs/prod.log" could not be opened: failed to open stream: Permission denied' in /var/www/vhosts/example.tld/subexample.example.tld/matchGen/var/cache/prod/classes.php:8203
It is definitely a problem with the rights. But why will it not work?
...
I tried to setup the www-data-user with acl, using this guide --> http://symfony.com/doc/current/setup/file_permissions.html#using-acl-on-a-system-that-supports-setfacl-linux-bsd
Instead of using var or /var at the end of the setfacl-command I used matchGen as a folder.
No change.
Edit 3:
I did it!
This here helped me after i reached the point after Edit 2.
'Failed to open stream: Permission denied' error - Laravel
Go in your project folder and use php bin/console cache:clear --env=prod
Follow up with chmod -R 777 var
Finish with composer dump-autoload
Finally...

Here is a list of things you should check if you got the same problem:
run php bin/symfony_requirements in your project folder. You may need to set up the timezone in your php.ini
create and activate a config/site for your subdomain in /etc/apache2/site-available and use a2ensite subexample.example.tld.conf. Be sure to end the name with .conf when creating the file.
Before you create/change the rights use php bin/console cache:clear --env=prod in your project folder, then set them for your var folder with chmod -R 777 var. Finish it in your project folder with composer dump-autoload.

Plesk WWW prefix

I'm having trouble with the WWW prefix for my domain. Whenever I goto the domain http://mydomain.com I get the correct index page. However, using the www prefix, I get the plesk default index page.
I have a subdomain called *.mydomain.com that points to it's parent httpdocs directory which is required for a url rewrite to our salespeople's profile pages (see below). There is also an alias for a completely different domain for mydomain.com (as you will see in last_httpd.include)
I can't seem to narrow it down. Commenting out the url rewrites in .htaccess didn't seem to work, neither did removing the *.mydomain.com subdomain.
I've provided what I can to perhaps give some insight to how things are setup. Thanks in advance for the help.
The www record in DNS is set as an A(host) record.
Here is the contents of my .htaccess file for the main domain. The domain name edited for obvious reasons...
#Gzip
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x- javascript application/javascript
</ifmodule>
#End Gzip
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.mydomain.com
RewriteCond %{HTTP_HOST} ^(.+).mydomain.com
RewriteRule ^(.*)$ http://mydomain.com/agents/agent.php?agent=%1 [P,L]
My last_http.include file for the main domain in /var/vhosts/www/mydomain.com/conf/
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
#
#IF YOU REQUIRE TO APPLY CUSTOM MODIFICATIONS, PERFORM THEM IN THE FOLLOWING FILES:
#/var/www/vhosts/mydomain.com/conf/vhost.conf
#/var/www/vhosts/mydomain.com/conf/vhost_ssl.conf
<IfModule mod_ssl.c>
<VirtualHost 10.10.10.10:443 >
ServerName "mydomain.com"
ServerAlias "www.mydomain.com"
ServerAlias "ipv4.mydomain.com"
UseCanonicalName Off
ServerAlias "mydomainalias.com"
ServerAlias "www.mydomainalias.com"
ServerAlias "ipv4.mydomainalias.com"
<IfModule mod_suexec.c>
SuexecUserGroup "mydomain" "psacln"
</IfModule>
ServerAdmin "admin#mydomain.com"
DocumentRoot "/var/www/vhosts/mydomain.com/httpdocs"
CustomLog /var/www/vhosts/mydomain.com/statistics/logs/access_ssl_log plesklog
ErrorLog "/var/www/vhosts/mydomain.com/statistics/logs/error_log"
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/mydomain.com/web_users"
</IfModule>
ScriptAlias "/cgi-bin/" "/var/www/vhosts/mydomain.com/cgi-bin/"
Alias "/plesk-stat" "/var/www/vhosts/mydomain.com/statistics"
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat /var/www/vhosts/mydomain.com/statistics/webstat
Alias /webstat-ssl /var/www/vhosts/mydomain.com/statistics/webstat-ssl
Alias /ftpstat /var/www/vhosts/mydomain.com/statistics/ftpstat
Alias /anon_ftpstat /var/www/vhosts/mydomain.com/statistics/anon_ftpstat
Alias /awstats-icon /var/www/html/awstats/icon
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/certQ69DPXb
SetEnv PP_CUSTOM_PHP_INI /var/www/vhosts/mydomain.com/etc/php.ini
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/mydomain.com/etc/php.ini
FcgidMaxRequestLen 16777216
</IfModule>
<Directory /var/www/vhosts/mydomain.com/httpdocs>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule sapi_apache2.c>
php_admin_flag engine on
# General settings
php_admin_flag safe_mode off
php_admin_value open_basedir "/var/www/vhosts/mydomain.com/:/tmp/"
php_admin_flag display_errors off
php_admin_flag log_errors on
php_admin_flag magic_quotes_gpc off
# Performance settings
php_admin_value memory_limit 64M
php_admin_value upload_max_filesize 256M
# Additional directives
</IfModule>
<IfModule mod_php5.c>
php_admin_flag engine on
# General settings
php_admin_flag safe_mode off
php_admin_value open_basedir "/var/www/vhosts/mydomain.com/:/tmp/"
php_admin_flag display_errors off
php_admin_flag log_errors on
php_admin_flag magic_quotes_gpc off
# Performance settings
php_admin_value memory_limit 64M
php_admin_value upload_max_filesize 256M
# Additional directives
</IfModule>
<IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files>
</IfModule>
SSLRequireSSL
Options -Includes +ExecCGI
</Directory>
<Directory "/var/www/vhosts/mydomain.com/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile "/var/www/vhosts/mydomain.com/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
Alias /error_docs /var/www/vhosts/mydomain.com/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407 /error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
Include "/usr/local/psa/admin/conf/file_sharing.conf*"
</VirtualHost>
</IfModule>
<VirtualHost 10.10.10.10:80 >
ServerName "mydomain.com"
ServerAlias "www.mydomain.com"
ServerAlias "ipv4.mydomain.com"
UseCanonicalName Off
ServerAlias "mydomainalias.com"
ServerAlias "www.mydomainalias.com"
ServerAlias "ipv4.mydomainalias.com"
<IfModule mod_suexec.c>
SuexecUserGroup "mydomain" "psacln"
</IfModule>
ServerAdmin "admin#mydomain.com"
DocumentRoot "/var/www/vhosts/mydomain.com/httpdocs"
CustomLog /var/www/vhosts/mydomain.com/statistics/logs/access_log plesklog
ErrorLog "/var/www/vhosts/mydomain.com/statistics/logs/error_log"
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/mydomain.com/web_users"
</IfModule>
ScriptAlias "/cgi-bin/" "/var/www/vhosts/mydomain.com/cgi-bin/"
Redirect permanent /plesk-stat https://mydomain.com/plesk-stat
Redirect permanent /webstat https://mydomain.com/webstat
Redirect permanent /webstat-ssl https://mydomain.com/webstat-ssl
Redirect permanent /ftpstat https://mydomain.com/ftpstat
Redirect permanent /anon_ftpstat https://mydomain.com/anon_ftpstat
Redirect permanent /awstats-icon https://mydomain.com/awstats-icon
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
SetEnv PP_CUSTOM_PHP_INI /var/www/vhosts/mydomain.com/etc/php.ini
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/mydomain.com/etc/php.ini
FcgidMaxRequestLen 16777216
</IfModule>
<Directory /var/www/vhosts/mydomain.com/httpdocs>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule sapi_apache2.c>
php_admin_flag engine on
# General settings
php_admin_flag safe_mode off
php_admin_value open_basedir "/var/www/vhosts/mydomain.com/:/tmp/"
php_admin_flag display_errors off
php_admin_flag log_errors on
php_admin_flag magic_quotes_gpc off
# Performance settings
php_admin_value memory_limit 64M
php_admin_value upload_max_filesize 256M
# Additional directives
</IfModule>
<IfModule mod_php5.c>
php_admin_flag engine on
# General settings
php_admin_flag safe_mode off
php_admin_value open_basedir "/var/www/vhosts/mydomain.com/:/tmp/"
php_admin_flag display_errors off
php_admin_flag log_errors on
php_admin_flag magic_quotes_gpc off
# Performance settings
php_admin_value memory_limit 64M
php_admin_value upload_max_filesize 256M
# Additional directives
</IfModule>
<IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files>
</IfModule>
Options -Includes +ExecCGI
</Directory>
<Directory "/var/www/vhosts/mydomain.com/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile "/var/www/vhosts/mydomain.com/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
Alias /error_docs /var/www/vhosts/mydomain.com/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407 /error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
Include "/usr/local/psa/admin/conf/file_sharing.conf*"
</VirtualHost>

What is the http code response from server? You can check it in Firebug on "Net" tab.
Check that www.mydomain.com resolves to same IP as mydomain.com (nslookup www.mydomain.com)
check that apache's config is applied: apachectl -S / apache2ctl -S | grep www.mydomain.com