[opensuse] allowing apache to read outside of htdocs
Hello, I don't know if it's me that modified a config file and forgot it, or if something changed in the very last apache update, but I can't anymore access files outside /srv/www/htdocs. I just try to install roundcube that installs itself in /srv/roundcubemail an idea of what I could have forgot? thanks jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 07/06/14 12:58, jdd escribió:
Hello,
I don't know if it's me that modified a config file and forgot it, or if something changed in the very last apache update, but I can't anymore access files outside /srv/www/htdocs.
I just try to install roundcube that installs itself in /srv/roundcubemail
an idea of what I could have forgot?
thanks jdd
You have to check the relevant virtualhost configuration and possible the apparmor logs, by default apache can only serve files from the document root hierarchy. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 07/06/2014 20:06, Cristian Rodríguez a écrit :
You have to check the relevant virtualhost configuration and possible the apparmor logs, by default apache can only serve files from the document root hierarchy.
sure, but for start it's not a virtual host
what is the relevant directive?
until this morning, for example, I could access sqirellmail data in
/srv/www/squirrel/data with no special virtual host
the problem come when I uinstalled roundcube (with yast) and tried to make it
work, but it may be something I did and forgot :-(.
well trying to sort things:
* I used to have squirrelmail data in /srv/www/squirrel/data. Squirrel says
now that this position is no more acceptable. I had to move data to
htdocs/squirrelmail/data
is this a new squirrel dependency? I uqse now squirrel from yast (1.5.2)
* I want to access roundcube with http://dodin.org/roundcube, is this the
right syntax?:
El 07/06/14 14:36, jdd escribió:
ServerName dodin.org/roundcubemail
That's incorrect.. ServerName takes an FQDN not a URL.
Options FollowSymLinks Includes
The PHP files are there ? or is it the data ? -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 07 Jun 2014 20:36:59 +0200
jdd
Le 07/06/2014 20:06, Cristian Rodríguez a écrit :
You have to check the relevant virtualhost configuration and possible the apparmor logs, by default apache can only serve files from the document root hierarchy.
sure, but for start it's not a virtual host
If there are no virtual hosts on your server, you don't need virtual host sections. They'll just add to the problem so remove them.
what is the relevant directive?
until this morning, for example, I could access sqirellmail data in /srv/www/squirrel/data with no special virtual host
the problem come when I uinstalled roundcube (with yast) and tried to make it work, but it may be something I did and forgot :-(.
It seems as if the uninstall went too far, removing more than just the relevant sections and the new install failed to add relevant sections back in. This is unusual, even for yast. Do you have any backups or copies of your httpd.conf or /etc/sysconfig/apache2? Is there a leftover conf file in /etc/apach2 or /etc/apache2/conf.d for squirrelmail or whatever was uninstalled? If you have those, you can cut-and-paste the relevant Alias directives into the running config. If you have no backups or copies, you'll have to rewrite the Alias directives again to access the desired direcories.
well trying to sort things:
* I used to have squirrelmail data in /srv/www/squirrel/data. Squirrel says now that this position is no more acceptable. I had to move data to htdocs/squirrelmail/data
is this a new squirrel dependency? I uqse now squirrel from yast (1.5.2)
Shouldn't be. Squirrelmail should be able to work wherever you put it.
* I want to access roundcube with http://dodin.org/roundcube, is this the right syntax?:
See below.
ServerName dodin.org/roundcubemail This is invalid. ServerName does not take an URL.
Options FollowSymLinks Includes RewriteEngine On AllowOverride All DirectoryIndex index.php </Directory>
Directory section looks OK...
This should work:
Alias /roundcubemail/ /srv/www/roundcubemail/
# If the alias path ends w/ a slash, the real path must also
</VirtualHost>
If you don't have virtual hosts, remove the entire virtual hosts sections. It can cause problems. Please check the manual. jd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 07/06/2014 22:45, jdebert a écrit :
If there are no virtual hosts on your server, you don't need virtual host sections. They'll just add to the problem so remove them.
I have lot of them, but not (yet) for webmail
Do you have any backups or copies of your httpd.conf
yes, I have basckups, but would like to understand what goes wrong
Shouldn't be. Squirrelmail should be able to work wherever you put it.
if so there is a problem, it worked perfectly yesterday. However, I don't see any new (by date) file in /etc/apache2/
This should work:
Alias /roundcubemail/ /srv/www/roundcubemail/ # If the alias path ends w/ a slash, the real path must also
# This also must end with a slash if it does in Alias
oh, yes, fine. This is probably a great deal of what I need, thanks
Alias /squirrel/ /srv/www/squirrel/
will allow apache access to squirrelmail directory
may be this is new with apache. I already noticed that some apache directives are obsolete. Probably obsolete for a long time, but now are no more accepted. That said, my conf file passed the "apache2ctl configtest" with syntax ok :-(
Examples can be found in some config files located in /etc/apache2/conf.d, such as /etc/apache2/conf.d/apache-manual.conf and it is described further in the apache manual.
I have problems making difference between vhosts.d and conf.d :-(
</VirtualHost>
If you don't have virtual hosts, remove the entire virtual hosts sections. It can cause problems. Please check the manual.
I host a lot of different web sites, but until now most had personal domain names and the others did not need them. thanks, I will try tomorrow (nearly midnight, here :-) jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 07/06/2014 23:27, jdd a écrit :
thanks, I will try tomorrow (nearly midnight, here :-)
well, it's not the problem. roundcube wrote a file in conf.d that should take care of this problem (alias are there) and mod_alias is present. I can make roundcube work, but only if inside htdocs (and changing accordingly the roundcube.conf file) still do not understand why. It's probably some little config flag, but which? restoring /etc/apache2 did not change anything thanks jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Le 07/06/2014 23:27, jdd a écrit :
thanks, I will try tomorrow (nearly midnight, here :-)
well, it's not the problem. roundcube wrote a file in conf.d that should take care of this problem (alias are there) and mod_alias is present.
I can make roundcube work, but only if inside htdocs (and changing accordingly the roundcube.conf file)
still do not understand why. It's probably some little config flag, but which?
If you have roundcube in /srv/roundcubemail, and you access that with an alias from e.g. <docroot>/roundcube = /srv/roundcubemail, what is the problem you see? permission issue, file not found or something else? -- Per Jessen, Zürich (28.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 08/06/2014 14:30, Per Jessen a écrit :
If you have roundcube in /srv/roundcubemail, and you access that with an alias from e.g. <docroot>/roundcube = /srv/roundcubemail, what is the problem you see? permission issue, file not found or something else?
no 403, access denied jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/08/2014 02:54 PM, jdd wrote:
Le 08/06/2014 14:30, Per Jessen a écrit :
If you have roundcube in /srv/roundcubemail, and you access that with an alias from e.g. <docroot>/roundcube = /srv/roundcubemail, what is the problem you see? permission issue, file not found or something else?
no 403, access denied
apache config problems? ... it's always a good idea to consult the apache logs (plural!) first. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 08/06/2014 15:02, Bernhard Voelker a écrit :
On 06/08/2014 02:54 PM, jdd wrote:
no 403, access denied
apache config problems? ... it's always a good idea to consult the apache logs (plural!) first.
shure. nothing at all there (I even removed all the log file to see bare new ones)
I now, to make things simpler, create a test system:
Alias /essai/ /srv/www/essai/
On 06/08/2014 03:19 PM, jdd wrote:
I now, to make things simpler, create a test system:
Alias /essai/ /srv/www/essai/
Options FollowSymLinks Includes RewriteEngine On AllowOverride All </Directory> and writing a test.html file in there (with a dummy sentence)
http://dodin.org/essai/test.html
should open the file?
of course not, because you didn't tell apache which clients are allowed to access the resources. In apache-2.2: http://httpd.apache.org/docs/2.2/howto/access.html Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 08/06/2014 21:29, Bernhard Voelker a écrit :
of course not, because you didn't tell apache which clients are allowed to access the resources. In apache-2.2: http://httpd.apache.org/docs/2.2/howto/access.html
Alias /essai/ /srv/www/essai/
On 06/09/2014 12:04 PM, jdd wrote:
Le 08/06/2014 21:29, Bernhard Voelker a écrit :
of course not, because you didn't tell apache which clients are allowed to access the resources. In apache-2.2: http://httpd.apache.org/docs/2.2/howto/access.html
Alias /essai/ /srv/www/essai/
Require all granted </Directory> I tested many variants (specially with or without final /), same result
(Require is the new syntax and works perfectly inside htdocs)
maybe - I got it easily to work with the old Order/Allow combination:
$ zypper in apache
$ cat < /etc/apache2/conf.d/essai.conf
Alias /essai/ /srv/www/essai/
Le 09/06/2014 21:09, Bernhard Voelker a écrit :
maybe - I got it easily to work with the old Order/Allow combination:
just tested, you are right. So part of the explanation found, great! I juts have to get why the require directive do not work as expected :-( http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require Allow from is deprecated: http://httpd.apache.org/docs/current/en/mod/mod_access_compat.html "The directives provided by mod_access_compat have been deprecated by the new authz refactoring. Please see mod_authz_host" reading this page: http://httpd.apache.org/docs/trunk/en/upgrading.html I was understanding than Order allow,deny Allow from all was the exact equivalent of Require all granted Things get complicated :-( jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Le 09/06/2014 21:09, Bernhard Voelker a écrit :
maybe - I got it easily to work with the old Order/Allow combination:
just tested, you are right. So part of the explanation found, great!
I juts have to get why the require directive do not work as expected :-(
FYI, I have a webserver with "require all granted" working for months.
reading this page:
http://httpd.apache.org/docs/trunk/en/upgrading.html
I was understanding than
Order allow,deny Allow from all
was the exact equivalent of
Require all granted
It should be the exact equivalent - maybe there's something with the aliased location and "require" ? It shouldn't be too difficult to test. -- Per Jessen, Zürich (25.8°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Bernhard Voelker -
Cristian Rodríguez -
jdd -
jdebert -
Per Jessen