-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2019-12-29 at 16:43 +0100, Per Jessen wrote:
Carlos E. R. wrote:
On 29/12/2019 14.57, Per Jessen wrote:
Carlos E. R. wrote:
I have done a test:
I copied /etc/apache2/vhosts.d/isengard.valinor.conf to isengard.valinor.bis.conf, listening on port 81. Works instantly.
So the error is not in that file!
For starters you could just put the apache2 apparmor profile in complain mode.
I tried stopping it, no difference.
systemctl stop apparmor
I get:
Error loading http://isengard.valinor:80/: Connection refused
Much better result - so clearly nothing is listening on that port.
/var/log/apache2/isengard.valinor-error_log:
[Sun Dec 29 14:11:14.779263 2019] [apparmor:warn] [pid 23178]
I thought you wrote you had disabled apparmor?
I did. But there is a mod_apparmor apache module who refuses to give up and it is who produces this error. There is no corresponding audit entry when aa is off.
http://isengard.valinor:81/: works fine.
I think there is something interfering with your config, but I can't think of what. Excep for one, all of our customewr webservers are running 15.1, I don't recall any such issues.
Yeah. The situation is: 01) I had a working webserver, for the local LAN and localhost only. 02) I create a vhost for outside, which finally is working (just says "hey guys" in Spanish) 02b) The LAN view of the webserver stops working as soon as I create a vhost. I don't remember testing on localhost. I'll do (on 4) 03) I create another vhost for the port 80 and yet another on 81. It apparently works from localhost, but not from LAN.
aa-complain /etc/apparmor.d/usr.sbin.apache2
You can continue working on your apache setup and investigate the apparmor issue later.
Same result.
But now we know it is probably not a problem in apparmor.
There is that. 4) I now move /etc/apache2/vhosts.d/isengard.valinor to /etc/apache2.quitado/isengard.valinor. Same for isengard.valinor.bis, which holds the port 81 vhost. This should remove the LAN vhosts, and restablist the "default" view. I restart apache, and yet, localhost views with "links" continue working on ports 80 and 81! [...] (trimming the long thinking) How can it display the page? There is no configuration for port 81... Oh, ok, the default configuration is indeed working on localhost. /etc/apache2/listen.conf: Listen 80 Listen 81 Listen 50000 That's it. I comment out the 81, and now: cer@Isengard:~> w3m http://localhost:81 w3m: Can't load http://localhost:81. cer@Isengard:~> So, this is working as it should - with two exceptions. 11) I have a vhost, or view from internet, separate. It works. 12) I have the previous configuration, that works on localhost, but not from the LAN: links: Error reading from socket w3m: blank page. 13) Idea: while I created the LAN vhost, I renamed httpd.conf.local to httpd.conf.local.no - let's undo. [...] Nope, issue remains. 14) Second issue: The localhost view produces the correct web page, but none of the links work: +++.... Welcome to Isengard Letras: \ | @ # € [ficheros] [Mirrors] ....++- The links produce: +++.... Access forbidden! You don't have permission to access the requested object. It is either read-protected or not readable by the server. If you think this is a server error, please contact the webmaster. Error 403 localhost Apache ....++- The "default" configuration I have not touched, and it worked days ago. What to do? I don't know if I should try to restore the "default" configuration to listen on localhost and LAN (how?), or disable it (how?) and instead create another vhost that listens on both LAN and localhost. I think I should go for the second option, but how to disable the default view? - -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgkCJRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVy/wAn3+EYt182Po4cjfw0azy bLSdacG1AJ4g6px951FTyU4wSpkscw9JhYFfLQ== =/xjS -----END PGP SIGNATURE-----