[opensuse-factory] does anyone have a sample vhosts config for apache 2.4 for general public access to a website ?
See $SUBJ. -- Per Jessen, Zürich (22.8°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
El 13/08/13 12:43, Per Jessen escribió:
See $SUBJ.
What is the problem with the included samples ? is there a bug I am not aware of ? (/etc/apache2/vhosts.d/vhost.template ) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Cristian Rodríguez wrote:
El 13/08/13 12:43, Per Jessen escribió:
See $SUBJ.
What is the problem with the included samples ? is there a bug I am not aware of ? (/etc/apache2/vhosts.d/vhost.template )
I think(!) the initial problem with vhost.template is that the required modules aren't being loaded via /etc/sysconfig/apache2. The main change seem to be auth related. I have a list of amendments I had to make to get going, when I've got a working setup, I'll post it or write a bugreport. -- Per Jessen, Zürich (19.2°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Per Jessen wrote:
See $SUBJ.
Oops, s/sample/working/. -- Per Jessen, Zürich (22.0°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
El 13/08/13 12:54, Per Jessen escribió:
Per Jessen wrote:
See $SUBJ.
Oops, s/sample/working/.
Per, what is the exact problem you are seeing ? that does not help. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Cristian Rodríguez wrote:
El 13/08/13 12:54, Per Jessen escribió:
Per Jessen wrote:
See $SUBJ.
Oops, s/sample/working/.
Per, what is the exact problem you are seeing ? that does not help.
Hi Cristian, well, I have modified the vhost sample to the point where I don't get a 500 (the require statement), but now only a 403. My config is: <VirtualHost 192.168.4.45:80> ServerAdmin webmaster@example.com ServerName host001.local.net DocumentRoot /srv/www/vhosts/host001/htdocs ErrorLog /srv/www/vhosts/host001/logs/error_log CustomLog /srv/www/vhosts/host001/logs/access_log combined HostnameLookups Off UseCanonicalName Off ServerSignature On <Directory "/srv/www/vhosts/host001/htdocs"> Options Indexes FollowSymLinks DirectoryIndex index.html AllowOverride none Require all granted </Directory> </VirtualHost> When I try to access this using http://host001.local.net/, I get a 403: Der Zugriff auf das angeforderte Verzeichnis ist nicht möglich. Entweder ist kein Index-Dokument vorhanden oder das Verzeichnis ist zugriffsgeschützt. I'm running in an LXC with openSUSE 12.3, apache 2.4 installed from factory. Slightly unorthodox perhaps :-) Permissions & ownerships: clifford417:/srv/www/vhosts/host001/htdocs # ls -la .. total 16 drwxr-xr-x 4 root root 4096 Aug 11 20:07 . drwxr-xr-x 3 root root 4096 Aug 11 20:07 .. drwxr-xr-x 2 cust01279 nogroup 4096 Aug 13 16:37 htdocs drwxr-xr-x 2 root root 4096 Aug 13 11:26 logs clifford417:/srv/www/vhosts/host001/htdocs # ls -la total 12 drwxr-xr-x 2 cust01279 nogroup 4096 Aug 13 16:37 . drwxr-xr-x 4 root root 4096 Aug 11 20:07 .. -rw-r--r-- 1 cust01279 nogroup 88 Aug 13 14:42 index.html -- Per Jessen, Zürich (19.0°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
El 13/08/13 15:13, Per Jessen escribió:
Cristian Rodríguez wrote:
El 13/08/13 12:54, Per Jessen escribió:
Per Jessen wrote:
See $SUBJ.
Oops, s/sample/working/. ccess this using http://host001.local.net/, I get a 403:
Der Zugriff auf das angeforderte Verzeichnis ist nicht möglich. Entweder ist kein Index-Dokument vorhanden oder das Verzeichnis ist zugriffsgeschützt.
Sir, I speak only Spanish and English :-P and that is not really the information required.. what the apache error log says ? I *guess* you have not loaded mod_authz_core (a2emod authz_core) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Cristian Rodríguez wrote:
El 13/08/13 15:13, Per Jessen escribió:
Cristian Rodríguez wrote:
El 13/08/13 12:54, Per Jessen escribió:
Per Jessen wrote:
See $SUBJ.
Oops, s/sample/working/. ccess this using http://host001.local.net/, I get a 403:
Der Zugriff auf das angeforderte Verzeichnis ist nicht möglich. Entweder ist kein Index-Dokument vorhanden oder das Verzeichnis ist zugriffsgeschützt.
Sir, I speak only Spanish and English :-P
Hehe, sorry, my browser preference delivers error messages in German. It is still an http 403 though.
and that is not really the information required.. what the apache error log says ? I *guess* you have not loaded mod_authz_core (a2emod authz_core)
Good guess, but I did already modify /etc/sysconfig/apache2: APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5 reqtimeout systemd authn_core authz_core" The errorlog says: [Tue Aug 13 16:39:56.036055 2013] [access_compat:error] [pid 4409] [client 192.168.2.114:39428] AH01797: client denied by server configuration: /srv/www/vhosts/host001/htdocs/ [Wed Aug 14 05:32:04.568484 2013] [access_compat:error] [pid 5365] [client 192.168.2.114:41235] AH01797: client denied by server configuration: /srv/www/vhosts/host001/htdocs/ I don't understand why it seems to be referring to "access_compat" - that module isn't loaded. I changed the 2.2-style Allow,Dney to the 2.4-style "Require". -- Per Jessen, Zürich (15.4°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Per Jessen wrote:
Cristian Rodríguez wrote:
and that is not really the information required.. what the apache error log says ? I *guess* you have not loaded mod_authz_core (a2emod authz_core)
Good guess, but I did already modify /etc/sysconfig/apache2:
APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5 reqtimeout systemd authn_core authz_core"
The errorlog says: [Tue Aug 13 16:39:56.036055 2013] [access_compat:error] [pid 4409] [client 192.168.2.114:39428] AH01797: client denied by server configuration: /srv/www/vhosts/host001/htdocs/ [Wed Aug 14 05:32:04.568484 2013] [access_compat:error] [pid 5365] [client 192.168.2.114:41235] AH01797: client denied by server configuration: /srv/www/vhosts/host001/htdocs/
I don't understand why it seems to be referring to "access_compat" - that module isn't loaded. I changed the 2.2-style Allow,Dney to the 2.4-style "Require".
"access-compat" was the hint I needed - thanks for making me look again. I changed vhost config to use "require", but I had not changed Allow,Deny in /etc/apache2/httpd.conf too. (a couple of places). Problem solved. -- Per Jessen, Zürich (15.4°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Per Jessen wrote:
Per Jessen wrote:
"access-compat" was the hint I needed - thanks for making me look again. I changed vhost config to use "require", but I had not changed Allow,Deny in /etc/apache2/httpd.conf too. (a couple of places).
Problem solved.
If anyone is fiddling with the same, here is what I did: Amend /etc/sysconfig/apache2 to load "authz_core" (APACHE_MODULES). Replace use of 2.2-style "Allow,Deny" with 2.4-style "Require" - I changed my vhost config and /etc/apache2/httpd.conf My test-page is now showing, next I need to get SSL set up so I can test PFS. -- Per Jessen, Zürich (16.4°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 08/14/2013 02:04 AM, Per Jessen wrote:
"access-compat" was the hint I needed - thanks for making me look again. I changed vhost config to use "require", but I had not changed Allow,Deny in /etc/apache2/httpd.conf too. (a couple of places).
Problem solved.
"access_compat" is builtin into the server, you do not need to load it. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Cristian Rodríguez -
Per Jessen