I am trying to get suPHP working, i followed tutorials and seem to have it installed correctly.
now my issue is this
1) i set docroot in the suphp.conf file, but its set to /var/www by default. The problem I have with this is that my domains are stored under another directory as well. So for instance i have my subdomains in one directory and my regular domains in another. So I get an error thrown to my browser telling me that a domain is resolving to a directory not in the configuration.
2) I would like to know how to use suPHP_UserGroup to set the user/group of a specific domain set under my VirtualHost configuration.
This is an example VirtualHost that I have to better show my issues.
<VirtualHost *:80>
ServerAdmin admin#domain.com
ServerAlias mail.domain.com
DocumentRoot /web/users/domain.com/subdomains/mail/webmail
<IfModule mod_suphp.c>
suPHP_UserGroup mail mail
</IfModule>
<Directory "/web/users/domain.com/subdomains/mail/webmail">
AllowOverride All
Order allow,deny
Allow from All
</Directory>
</VirtualHost>
When I reload apache I get an error:
Invalid command 'suPHP_UserGroup', perhaps misspelled or defined by a module not included in the server configuration
I configured suPHP with this:
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
http://www.suphp.org/DocumentationView.html?file=apache/CONFIG
suPHP_UserGroup (expects user- and groupname)
Only supported when compiled with setid-mode "force" or "paranoid" *
Specify the user- and groupname to run PHP-scripts with. This setting
can only be used within a or context.
Example: suPHP_UserGroup foouser bargroup
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=paranoid --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
I add the following four lines to my vhost definitions. Line two is relevant to your question.
suPHP_Engine on
suPHP_UserGroup vhost_owner vhost_group
suPHP_AddHandler x-httpd-php
AddHandler x-httpd-php .php .php3 .php4 .php5
Related
I've installed vanilla at Ubuntu server with public-ip by the steps at https://www.vultr.com/docs/how-to-install-vanilla-forum-on-ubuntu-16-04
Then config /etc/apache2/sites-available/forum.example.com.conf as below
<VirtualHost *:80>
ServerName forum.example.com
DocumentRoot /var/www/vanilla
<Directory /var/www/vanilla>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Then I can access http://public-ip at browser, but the result is Apache2 Ubuntu Default Page.
How can I access the installed vanilla at the browser? Should I make any change to the forum.example.com.conf?
If the request doesn't match a virtual host, Apache will serve files from the top level (not inside a <VirtualHost> block) DocumentRoot config value.
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot /var/www/html
I don't know Ubuntu well but I'd guess this is in /etc/apache2/apache2.conf. You can change this to /var/www/vanilla to serve your forum instead of the default page.
Alternatively you could rename / delete the existing /var/www/html and make it a symlink to /var/www/vanilla: then Apache would pick up the forum files without any config change.
Or if you just want to set up access for yourself then you can add the DNS name to your hosts file (/etc/hosts on Linux, \Windows\System32\drivers\etc\hosts on Windows)
forum.example.com AAA.BBB.CCC.DDD
and then you can use forum.example.com in your browser as normal, which will send the 'Host' header so Apache will match the virtual host, even though this isn't configured as public DNS.
I have asked a similar question before
Restrict access to directories through ip address
at that time the problem was solved for apache 2.2. Recently I re-installed the OS (to Debian 8) and it comes with apache 2.4.
I want to restrict access to files - when the request comes "by" IP. Mainly if in the browser I try to open http://192.168.252.178/test/image.jpg it should show error - 403 forbidden. Directory test is in www directory of apache. However I should be able to access that image if I type http://www.example.com/image.jpg - considering that example.com points to that test directory.
With apache version 2.2 I would simply put this lines in my default site config file - and the problem was solved
<Files ~ ".+">
Order allow,deny
Deny from all
</Files>
Now, trying the same thing does not work: I am getting 403 forbidden even if I try to open any site by the domain name.
Considering the changes in 2.4 I also tried this, but again getting the the same 403 forbidden when trying to open some site.
<Files ~ ".+">
Require all denied
</Files>
My goal is to prevent any kind of access to directories and files - if they are being accessed through ip address. I have also this lines in my default site's config to prevent the directory access and this works fine.
<Directory /home/username/www>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
So, the question is - how to prevent file access through IP address. Also I need to achieve this by apache config, by htaccess is not a solution for me. And I need to achieve this for all the directories/files inside www recursively, so specifying the exact file names and/or directories is not a solution either.
Thanks
When you use name based virtual hosts, the main server goes away. Apache will choose which virtual host to use according to IP address (you may have more than one) and port first, and only after this first selection it will search for a corresponding ServerName or ServerAlias in this subset of candidates, in the order in which the virtual hosts appear in the configuration.
If no virtual host is found, then the first VHost in this subset (also in order of configuration) will be choosen. More.
I mention this because it will be important you have only one type of VirtualHost directive:
<VirutalHost *:80>
or
<VirtualHost 123.45.67.89:80>
I'll use the wildcard in the example.
You need a directory like /var/www/catchall with a file index.html or similar, as you prefer.
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
# It will be used as the catchall.
ServerName 123.45.67.89
# Giving this DocRoot will avoid any request based on IP or any other
# wrong request to get to the other users directories.
DocumentRoot "/var/www/catchall"
<Directory /var/www/catchall>
...
</Directory>
</VirtualHost>
# Now you can add as usuall the configuration for any other VHost you need.
<VirtualHost *:80>
ServerName site1.com
ServerAlias www.site2.com
DocumentRoot "/home/username1/www"
<Directory /home/username1/www>
...
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName site2.com
ServerAlias www.site2.com
DocumentRoot "/home/username2/www"
<Directory /home/username2/www>
...
</Directory>
</VirtualHost>
Debian specific :
For Debian, you ideally put one VHost configuration per file, and put the file in the /etc/apache2/sites-available directory.
Name the files as you like, only the file containing the catchall vhost should be named something like 000-catchall, because they will be read in alphabetic order from the /etc/apache2/sites-enabled directory.
Then you disable Debian's usual default site :
a2dissite 000-default
and you enable the new catchall site and the other VHosts if needed :
a2ensite 000-catchall
An ls /etc/apache2/sites-enabled command should show the catchall as the first of list, if not change its file name so that it will always be the first. Restart Apache: service apache2 restart
Of course you could do all this changes in the original default VHost config file, but I usually prefer keep an original model.
I'm trying to get a simple Rails 4 app deployed on my server which already has Apache2 and is hosting several other sites and services (ie there are several vhost configs under sites-enabled). I've had some problems doing this on my local machine as well as my test server so I'm trying first to get it working on an AWS t1.micro instance with only one vhost config. I've written a script to do most of the heavy lifting for me which is on my github at rails-apache-passenger.
I have two vhost config files in the repo and have tried to get one or the other working. The script just copies over and enables one at a time.
Using the my-ruby-app-basic or the my-ruby-app vhost config I navigate to http://54.xxx.xxx.xxx/my-ruby-app/ but all I see is "The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved." When I go to ttp://54.xxx.xxx.xxx/ I just get the default apache2 page ("It works!").
My /var/www/my-ruby-app/log/production.log shows
I, [2014-01-24T10:47:36.900542 #9612] INFO -- : Started GET "/my-ruby-app" for 80.81.17.94 at 2014-01-24 10:47:36 +0000
F, [2014-01-24T10:47:36.902169 #9612] FATAL -- :
ActionController::RoutingError (No route matches [GET] "/my-ruby-app"):
So clearly I need to modify my routes.rb file, but what am I supposed to change? As you can see from the script in the git repo, it's just the default routes.rb from rails new. I just want to see the default rails app landing page at this point so I'm not sure what to do to the routes.rb file.
Here are the vhost configs
my-ruby-app-basic
#This is the config suggested by the passenger module after it finishes compiling, modified for 'my-ruby-app'
<VirtualHost *:80>
ServerName www.my-ruby-app-host.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /var/www/my-ruby-app/public
<Directory /var/www/my-ruby-app/public>
# This relaxes Apache security settings.
AllowOverride all
# MultiViews must be turned off.
Options -MultiViews
</Directory>
</VirtualHost>
my-ruby-app
#Based on Apache section of Passenger documents
<VirtualHost *:80>
ServerName www.my-ruby-app-host.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /var/www/
<Directory /var/www/>
Allow from all
</Directory>
Alias /my-ruby-app /var/www/my-ruby-app/public
<Location /my-ruby-app>
PassengerBaseURI /my-ruby-app
PassengerAppRoot /var/www/my-ruby-app
</Location>
<Directory /var/www/my-ruby-app/public>
# This relaxes Apache security settings.
AllowOverride all
# MultiViews must be turned off.
Options -MultiViews
</Directory>
</VirtualHost>
Using Apache and Passenger is a short term solution but I want to know how to do it in any case (The long term view is that I want to maintain compatibility with Jruby and just run our app through Tomcat or Glassfish, which will no doubt be another Apache config debacle ;-) )
I want to use a subdirectory for a chiliproject instance. Using apache passenger, I was thinking of using rewrites + alias, but then it gives me a 404. Adding a RailsBaseURI i get connection reset.
Is it routes.rb I should adapt or am I looking at the wrong place? It is working right now on https://mydomain.com but I'd like to have it on https://mydomain.com/tracker
You can use passenger directly without having to use an alias or redirection. However, Passenger requires some special configuration for that. Please see one of our guides for a complete installation example.
Generally you need to configure similar to this (cited from the linked guide):
At first, we assume you have installed ChiliProject to /srv/www/chiliproject. This is not your DocumentRoot.
You need to hint Passenger a bit here so that it correctly finds your ChiliProject. So we create a symlink from the existing DocumentRoot directory to out ChiliProject installation.
ln -s /srv/www/chiliproject/public DOCUMENTROOT/chiliproject
Now add the following directives into your existing virtual host:
# TODO: Remember to replace DOCUMENTROOT with your actual path
<Directory DOCUMENTROOT>
Options +SymLinksIfOwnerMatch
</Directory>
RailsBaseURI /chiliproject
# TODO: Remember to replace DOCUMENTROOT with your actual path
<Directory DOCUMENTROOT/chiliproject>
Options -MultiViews
Order deny,allow
Allow from all
</Directory>
I want to set up a single virtual host that can dynamically handle all requests based on the hostname used to access it. If %{HTTP_HOST} could be used in a DocumentRoot, this is probably exactly what I want:
<VirtualHost *:80>
ServerAdmin me#example.com
DocumentRoot /var/www/live/%{HTTP_HOST}/public
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/live/%{HTTP_HOST}/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
ErrorLog /var/www/live/%{HTTP_HOST}/logs/error.log
CustomLog /var/www/live/%{HTTP_HOST}/logs/access.log combined
</VirtualHost>
...unfortunately, %{HTTP_HOST} is not allowed in the DocumentRoot (Warning: DocumentRoot [/var/www/live/%{HTTP_HOST}/public] does not exist). How else can I achieve my goal?
Update: I thought of pointing a catch-all vhost to a single directory and having a .htaccess use mod_rewrite to dynamically select the path but (honestly) I'm exhausted. I'll try at it again in the morning, but in the meantime, if anyone has good ideas, I'd love to hear them! Thank you!
Maybe you can try the following solution from this article: Apache: Dynamic Virtual Hosts
A few months back I looked for a solution to overcome the problem of
creating individual Virtual Hosts in Apache every time I wanted to
configure a new site on a development machine (something that is a big
issue in work where we have a lot of websites). Apache is able to
support this functionality relatively easy using a module and a few
lines in the configuration file. I set this up on Fedora 14, so
results may be slightly different for other OS's (different paths,
configuration file setup, etc)
Open up the main Apache conf (/etc/httpd/conf/httpd.conf), and ensure
the module mod_vhost_alias is enabled. There should be a line in the
configuration like
LoadModule vhost_alias_module modules/mod_vhost_alias.so
Next, add the
following lines to the bottom of this file. You'll need to edit the
file with sudo privileges.
NameVirtualHost *:80
UseCanonicalName Off
<VirtualHost *:80>
VirtualDocumentRoot /var/www/html/domains/%0
</VirtualHost>
This sets up a catch all for any domain coming in over port 80 (the
default port for http traffic, if your using https you will need to
use 443 - alternatively you could remove the port restriction). The
important line here is the VirtualDocumentRoot. The tells Apache where
your files will reside on disk. The %0 part takes the whole domain
name and inserts it into the path. To illustrate this if we went to a
domain testing.com.dev the VirtualDocumentRoot would be:
/var/www/html/domains/testing.com.dev
This type of configuration might
be suitable for most situations, however I didn't want to have the
.dev part of the domain in my folders on disk. I was able to achieve
this by setting the VirtualDocumentRoot to:
VirtualDocumentRoot /var/www/html/domains/%-2+
The above example of testing.com.dev would now point to:
/var/www/html/domains/testing.com
Remember to add the domain to your
hosts file (/etc/hosts)
For a full list of options see the mod_vhost_alias documentation.
Additional documentation can be found here.
The official methods for achieving dynamic virtual hosts are explained in the Apache documentation:
http://httpd.apache.org/docs/2.0/vhosts/mass.html