How do I add virtual hosts the right way while running WHM? - apache

I'm running a dedicated server separating accounts for my clients with WHM and CentOS 5. One of my clients has asked me to install subversion, and have the repository stored beneath the webroot.
repo's true folder will be in "/home/theirfolder/svn"
repo will be accessed through a subdomain on "svn.theirdomain.com"
I know that the regular way to do this is to set up a virtual host in Apache that handles the redirect. The problem is that WHM seems to overtake the whole virtual hosting process, forcing me to bake changes into external files that don't even seem to work for me. When retaining the folder beneath the webroot, I could not get virtual hosting to recognize the path to this folder at all.
The closest I've gotten was instead moving the subversion folder onto the webroot, but even then, my instructions for using Authentication are not followed, so that's not a good solution, security-wise. It also appeared that in this setting pages were being generated by Apache and not by Subversion.
Can anyone here point me in the direction of a tutorial that can guide me through this type of setup, or give me a clear, step-by-step guide on what I need to do? I've tried a lot of things but nothing has really gotten me there. I already have Subversion and all of its dependencies downloaded and installed correctly.
Thanks in advance!

One way to accomplish this is to use one of WHM's custom include files, and add your custom <virtualhost> directives there the "regular way". Changes made in these files will survive an automatic rebuild of the Apache configuration files by WHM, while any changes made directly to /etc/httpd/conf/httpd.conf might not.
There are three custom include files that are included by the main httpd.conf at different points. These files (if running Apache 2.x) are located at:
/usr/local/apache/conf/includes/pre_virtualhost_2.conf, included before the automatically generated <virtualhost> directives
/usr/local/apache/conf/includes/post_virtualhost_2.conf, included after the automatically generated <virtualhost> directives
/usr/local/apache/conf/includes/pre_main_2.conf, included at the top of httpd.conf
You can edit these files directly, or via the WHM admin panel (Service Configuration -> Apache Configuration, Include Editor, on WHM 11.30).
I've used post_virtualhost_2.conf to setup additional vhosts for client accounts when WHM/cpanel won't do what I want it to via other configuration methods. Any valid Apache configuration directives can go in the file - it's simply included in its entirety in the main httpd.conf.

The instructions above are not what you would use on a per account basis. Anything placed in the apache includes are server wide.
You would want to use the apache includes to include the mod dav and mod authz shared object. You probably already have it set but here are instructions just in case.
In WHM go to Service Configuration->Apache Configuration->Include Editor
Place this in the Pre Main Include:
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
Next you want to make a .conf file and place it in
/usr/local/apache/conf/userdata/std/2/<user account name>/svn.conf
If you want SSL do the same in
/usr/local/apache/conf/userdata/ssl/2/<user account name>/svn.conf
If the directories above are not already present then you will need to create them.
file would contain:
<IfModule mod_dav_svn.c>
<Location /svn>
DAV svn
SVNPath /home/<user account>/svn
AuthType Basic
AuthName "My Repo"
AuthUserFile /etc/svn-auth-conf
Require valid-user
</Location>
</IfModule>
Username and password can be set with:
htpasswd -cm /etc/svn-auth-conf myusername
Then to commit file changes execute:
/scripts/ensure_vhost_includes --user=<user account>
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
You should be able to browse to
yourdomain.com/svn
and it will be pulling from
/home/<user account>/svn

Related

PHPmyadmin and Wordpress directories access denied

Running wordpress locally on a centOS 7 server running the latest apache, PHPmyadmin and mariadb-server.
IP/wordpress and IP/phpmyadmin on systems within the local network yields "403 forbidden" "you dont have permission to access (directory) on this server."
How can I fix this to allow the website to be seen on the public internet?
Could be a lot of things.
In your main Apache configuration file (e.g. /etc/httpd/conf/httpd.conf on Arch Linux), confirm your DocumentRoot path. The files you want to serve must reside there, or in sub-directories from there (If not, you might want to use an Alias to specify another path). Since you call IP/wordpress and IP/phpmyadmin, then you probably have directories called wordpress and phpmyadmin under your DocumentRoot path.
You also want to check the Directory groups in your Apache configuration file. Under those, the main culprit would be the Require directive set to all denied or something else too much restrictive like ip your_ip.
Finally, PHP can restrict path access with the open_basedir directive. Look for it in your php configuration file (e.g. /etc/php/php.ini on Arch Linux). If the line is commented, you're fine. But if a path is specified, your wordpress and phpmyadmin files must reside there.
Depending on your setup, any directive mentioned above could be in another Apache configuration file (e.g. /etc/httpd/conf/extra/* on Arch Linux).
Take a look at Apache and PHP online documentation for information about those directives.
Probably there is an issue with your directory privileges.
Use the follwing command to check it:
cd your_site_directory
ls -l
You can have a look to have a better understanding on directory privileges here.
As mentioned here apache runs under "apache" user.
Have a look at this post here to fix the issue.
All files should belong at least to apache group. To do it you can use
cd your_site_directory
chgrp -R apache ./*

Apache always get 403 permisson after changing DocumentRoot

I'm just a newbie for Apache. I just installed apache 2.2 on the FreeBSD box at my home office. The instruction on FreeBSD documentation is that I can change the DocumentRoot directive in order to use the customized directory data. Therefore, I replaced...
/usr/local/www/apache22/data
with
/usr/home/some_user/public_html
but something is not right. There's index.html file inside the directory, but it seems that apache could not read the directory/file.
Forbidden
You don't have permission to access / on this server.
The permission of
public_html
is
drwxr-xr-x
I wonder what could be wrong here. Also, in my case, I am not going to host more than one website for this FreeBSD box, so I didn't look at using VirtualHost at all. Is this a good practice just to change the DirectoryRoot directive?
Somewhere in the apache config is a line like:
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/www/apache22/data">
You must change this path too, to make it work. This directive contains for example:
Order allow,deny
Allow from all
Which give initial user access to the directory.
one possibility that comes to mind is SELinux blocking web process from accessing that folder. If this is the case, you would see it in selinux log. You would have to check the context for your original web root with:
ls -Zl
and then apply it to your new web folder:
chcon whatevercontextyousaw public_html
Or, instead, if its not a production server that requires security (like a development machine behind a firewall), you might want to just turn selinux off.
Just one idea. Could be a number of other things.

My httpd.conf is empty

I recently installed apache2 on ubuntu but I have a problem, my httpd.conf is empty. Can someone give me a clean copy of httpd.conf for apache2 on ubuntu?
Thanks!
Edit: I saw your answers but on wampserver httpd.conf is not empty and as you mentioned it is for user options. SO what should I do?
Edit2 : That's what I got on my apache2.conf, how I add modules, enable gzip and all of that?
[Deleted the contents, as they render the question unreadable and are useless, because that were the default Apache2 configuration under Ubuntu.]
The /etc/apache2/httpd.conf is empty in Ubuntu, because the Apache configuration resides in /etc/apache2/apache2.conf!
“httpd.conf is for user options.” No it isn't, it's there for historic reasons.
Using Apache server, all user options should go into a new *.conf-file inside /etc/apache2/conf.d/. This method should be "update-safe", as httpd.conf or apache2.conf may get overwritten on the next server update.
Inside /etc/apache2/apache2.conf, you will find the following line, which includes those files:
# Include generic snippets of statements
Include conf.d/
As of Apache 2.4+ the user configuration directory is /etc/apache2/conf-available/. Use a2enconf FILENAME_WITHOUT_SUFFIX to enable the new configuration file or manually create a symlink in /etc/apache2/conf-enabled/. Be aware that as of Apache 2.4 the configuration files must have the suffix .conf (e.g. conf-available/my-settings.conf);
It's empty by default. You'll find a bunch of settings in /etc/apache2/apache2.conf.
In there it does this:
# Include all the user configurations:
Include httpd.conf
OK - what you're missing is that its designed to be more industrial and serve many sites, so the config you want is probably:
/etc/apache2/sites-available/default
which on my system is linked to from /etc/apache2/sites-enabled/
if you want to have different sites with different options, copy the file and then change those...
It seems to me, that it is by design that this file is empty.
A similar question has been asked here:
https://stackoverflow.com/questions/2567432/ubuntu-apache-httpd-conf-or-apache2-conf
So, you should have a look for /etc/apache2/apache2.conf

Apache .htaccess - applying basic authentication conditionally based on environment or hostname

My dev setup: Mac OSX 10.7.4 / Apache 2.2.21 / PHP 5.3.10
I wish to add conditional logic to my .htaccess files depending on dev vs live environment. for example i want to have authentication on the live server but not on the dev server. i have in my httpd.conf
SetEnv DEV 1
I have confirmed that this var is set by checking the output from phpinfo(). then in my .htaccess file
<IfDefine !DEV>
AuthType Basic
AuthName "password protected"
AuthUserFile /path/to/.htpasswd
Require valid-user
</IfDefine>
...but I am still prompted for password on my local dev. it appears that the DEV variable is not available to .htaccess. I do have AllowOverride All set in my httpd.conf for my doc root. Any ideas?
I am fresh off of about 4 hours into this problem, and I believe I have the final answer and can summarize for everyone how to solve this particularly painfull problem.
I am using Windows 7 Home Premium with Apache 2.2x and Php 5.3 as my dev machine.
I too want to have a DEV environment variable, which I can use in my .htaccess files to turn off Rewriting and other directives which are not valid on my develpment environment but are critical to my production environment.
My .htaccess file looks like this;
<IfDefine !__DEV__>
AddType application/x-httpd-php53 .php
</IfDefine>
HostGator informed me that in order to have php 5.3 I needed to modify my htaccess file like this to enable it or I'd only have php 5.2. But I already have it on my dev machine so, this directive was causing my customer website to crash when I viewed it locally. Everything I'm about to explain has allowed me to keep ONE .htaccess file in my Git Repository, which works in both locations.
First, let me clear/sum up all the things I learned while scouring the internet for the way to use IfDefine and SetEnv to solve this issue;
The IfDefine directive in Apache, Only , ONLY and when I say only i mean ONLY, responds to parameters passed at the command line. Let me emphasize that a little. ONLY COMMAND LINE!
SetEnv and SetEnvIf, are two entirely different things. One (SetEnv) is for use in the conf files, setting environment variables (specific to apache) which are set at SERVER START TIME. SetEnfIf is used at REQUEST TIME and is only used to determine what to set based on REQUEST variables.
The IfDefine directive does not read variables set by SetEnv or SetEnvIf. Period. There's no argument, there's no question, there's no "but i thought..." NO. It doesn't, so get over it.
The short answer is NO, you can't just use "SetEnv DEV 1" in httpd.conf and then use IfDefine to detect it in your .htaccess file, which would seem intuitive and reasonable based on the syntax and nature of programming logic any of us are used to. Recall that we are not in fact programming anything, that these are config files and of course they don't conform to this expectation simply because it seems like they should.
The Answer
So this means that I have to figure out how to add a startup parameter to Apache, well for the Linux Guys, that answer is readily available, you just have to add the right stuff to the envvars file, but what about us poor windows junkies?
Well for windows users it gets more fun for the following reasons:
Windows does not allow you to permanently add startup parameters in the services configuration for Apache2.2 (it doesn't work, don't try it, I've done it a million times, trust me). This is true, if you go in there and try to put in your own parameters, it will only work one time and then the parameter field is empty the next time you open the dialog. I don't know why this is the case, but it seems that those parameters are intended for testing, not a permanent modification.
When Apache is installed it creates "Start", "Stop" and "Restart" shortcuts in the start menu, as well as installs the Apache Services Monitor. BUT the shortcuts in the start menu use different startup parameters than those used by apache services monitor. So if you start/stop apache using a combination of these methods you will get different results depending on what method you used. However, you can put the -D "__DEV__" in the start menu shortcut and it will work!
Steps to Solve It
To permanently and universally setup a __DEV__ environment variable which you can reference using IfDefine in .htaccess files, on a Windows Development environment which will work whether you start Apache using a service or the shortcuts in the start menu or using NET START/STOP on the command line, do the following:
Open the properties for the start menu shortcut and extract the command you find for starting Apache there. Mine was; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -w -n "Apache2.2" -k start
Modify it to include the new -D __DEV__ variable, which MUST go at the start immediately following httpd.exe; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -D "__DEV__" -w -n "Apache2.2" -k start
Your start menu shortcut will now start apache with your dev variable in place.
Go to a command line (as administrator)
Type: net stop apache2.2 (or whatever your service name is for apache)
Now type in (or copy-paste) the same command as is used in the start menu shortcut above into the command line but make the following change to it; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -D "__DEV__" -w -n "Apache2.2" -k config
Note the change of the word start to config. What this magical command does is saves the settings you are seeing on the screen to the settings stored with the service in Windows. Hit Enter. From this point forward your variable will be passed whenever you start the service, the Apache Services Monitor starts the service, or windows starts the service.
Sorry for the novel everyone, I hope it helps some other weary soul out there to have all this info summarized and explained, I know it would have helped me! :D
Another option to my first answer is use the Allow directive.
Look at: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
Order deny,allow
Deny from all
AuthType Basic
AuthName "password protected"
AuthUserFile /path/to/.htpasswd
Require valid-user
Allow from env=DEV
Satisfy Any
This will only check if DEV exists not the value, thats how apache works. Replace (or add) "Allow" with "Allow from 127.0.0.1" to have your localhost always be in dev mode.
This states that any of the conditions are acceptable, where the conditions are: password or from 127.0.0.1. If you develop on your localhost you can use 127.0.0.1, or just replace that with any ip you develop with. This don't need to be wrapped in anything, just placed in your htaccess file. I use virtual hosts, so I would place it there.
Source (I changed it to look your your original code):
http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html#allow-conditional
2 years on and I'm having similar issues. Specifically, we are auto-deploying to an AWS OpsWorks stack and have no control over the placement of a .htpasswd file (used to obscure work during development).
Our final working solution was along the lines of this (Apache 2.2.25):
# check the host against a regex, defining env=DEV if it matches
# this guy matches localhost, dev.project and 10.1.X.X
SetEnvIfNoCase Host "^(localhost|dev\.project|10\.1(\.\d+){2})$" DEV
AuthType Basic
AuthName "Restricted"
# auth file location, in our case defined by an AWS OpsWorks auto-deployment
# this only gets loaded if the regex above doesn't match, which is handy
AuthUserFile /srv/www/project/current/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=DEV
This solution is flexible enough to allow multiple development environments access while auth checking any number of others. No need for ignoring or editing the htaccess before a git commit. An environment variable might seem overkill but it allows for a regular expression and could be used elsewhere as well.
See: http://httpd.apache.org/docs/2.2/howto/access.html
Solution for Debian/Ubuntu:
In /etc/apache2/envars one has to change:
## If you would like to pass arguments to the web server, add them below
## to the APACHE_ARGUMENTS environment.
#export APACHE_ARGUMENTS=''
to
## If you would like to pass arguments to the web server, add them below
## to the APACHE_ARGUMENTS environment.
export APACHE_ARGUMENTS='-D __DEV__'
Now one can use
<IfDefine !__DEV__>
...
</IfDefine>
I do love answering questions, but a quick google search gave me your answer. Check out the apache documentation:
http://httpd.apache.org/docs/2.0/mod/core.html#ifdefine
The IfDefine directive can only test a "parameter-name", and a "parameter-name" is a variable set by httpd on startup.
Also check out this site, and scroll down to the table:
http://turboflash.wordpress.com/2010/05/27/apache-environment-variables-visibility-with-setenv-setenvif-and-rewriterule-directives/
What you are asking is still possible if you just start your dev webserver like this:
$ httpd -DDEV
This will define the variable DEV. Note that you don't need to set it to anything, being defined is basically setting it to 1/true. If it doesn't exist it's like being set to false/0/null/etc...
I've solved this problem using a different approach based on AccessFileName directive.
In my MAMP environment, I've added the following to <VirtualHost> configuration:
AccessFileName .htaccess_dev
Then, I've scanned the application directory for .htaccess files and created corresponding symlinks to the .htaccess_dev version so to have identical versions for all of them and have the application to work on my development environment.
Then, I've located the only .htaccess file containing the path to the .htpasswd file and removed the symlink and created instead a modified copy of it.
I've this in .htaccess file:
## production
AuthType Basic
AuthName "Admin"
AuthUserFile /srv/users/prod/apps/appname/public/sys-admin/.htpasswd
require valid-user
And this in .htaccess_dev
## development
AuthType Basic
AuthName "Admin"
AuthUserFile /Users/fregini/Work/MAMP/appname/sys-admin/.htpasswd
require valid-user

Difference between ServerRoot, DocumentRoot, and Directory

While playing with Apache, I messed up the paths without making a backup httpd.config file.
The file is located at C:\xampp\apache\conf\httpd.config
I want to keep my web project on the D: drive as a virtual folder. This is the current non-working state. How can I fix this or revert to the xampp defaults?
ServerRoot "C:\xampp\apache"
DocumentRoot "D:\workspace"
<Directory "D:\workspace\AutionWebSite">
ServerRoot = path to the webserver executable/dir
DocumentRoot = path to your files that are delivered by the server
The <Directory> directive is used to configure settings for a specific directory. However, the <Directory> command in your question is not complete.
The default values for DocumentRoot and Directory for XAMPP is "C:\xampp\htdocs"
I would say that the most easiest way for you would be to check your xampp version, make a back up of your document root, which is probably "www" or "htdocs", your configuration files and eventually dump your database. Now install the same version of xammp again and there it is.
And at least the first rule is by playing with "config files", make backups before. The second rule is, make a backup of the whole configuration directory anyway, just for the case. And the last one is, if you are a xammp user, means you are a windows user, so you probably don't have unixoid server administration knowledges, so there is a long way for you to starting to "play" with the apache server.
The only think that you should know is, that you need to set the direction "AllowOverride All", which is necessary, if you use some content management system or other systems, which brings there own .htaccess file. So long you work on windows with xammp and not on a linux or other unixoid operating systems, you cannot understand the complete world of web servers like apache or database servers like postgresql and the sensibility of configuration files.
I understand the necessity of it for understanding of whole web applications respect. to be an full stack web programmer, but before that, i wouldn't change in the future the default server configurations, just check the row "AllowOverride All". Hope this will help your.
Server Root "/Local"
-specifies the default directory hierarchy for the Apache installation.
Document Root"/Local/WWW/apache22/data"
- the directory out of which you will serve your documents.