You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andy Canfield <an...@yandex.com> on 2014/04/30 08:41:05 UTC
[users@httpd] localhost Forbidden
I am upgrading my notebook from 32-bit Ubuntu 12.04 with Apache 2.2(?),
to 64-bit Ubuntu 14.04 with Apache 2.4.
The thing is insane. It's gotten the point that web pages which require
a user name and password work, but web pages that let anyone access them
give me a "403: Forbidden" error. This is based on configuration files
exactly retained from Apache2 2.2.
As a bare minimum test I have:
/etc/apache2/sites-enabled/default is a symbolic link to
/etc/apache2/sites-available/default which is a symbolic link to
/etc/apache2/sites-available/default-test which is a zero length file.
This gives me the 403:Forbidden error.
So apparently authorization of some kind is mandatory now.
Can you point me to any sample default (localhost) config file that I
can copy that lets ANY user access the localhost site? From there I can
figure out how to adapt it to my needs.
Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] php fpm and ProxyPass
Posted by Otis Dewitt - NOAA Affiliate <ot...@noaa.gov>.
Thanks for that update.
On Sun, May 4, 2014 at 9:36 PM, Eric Covener <co...@gmail.com> wrote:
> On Sun, May 4, 2014 at 9:03 PM, Otis Dewitt - NOAA Affiliate
> <ot...@noaa.gov> wrote:
> > Something you should know about mod_proxy_fcgi is that currently it
> doesn’t
> > support UNIX sockets,
>
> Supported since 2.4.7
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] php fpm and ProxyPass
Posted by Eric Covener <co...@gmail.com>.
On Sun, May 4, 2014 at 9:03 PM, Otis Dewitt - NOAA Affiliate
<ot...@noaa.gov> wrote:
> Something you should know about mod_proxy_fcgi is that currently it doesn’t
> support UNIX sockets,
Supported since 2.4.7
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] php fpm and ProxyPass
Posted by Otis Dewitt - NOAA Affiliate <ot...@noaa.gov>.
Greetings Lennsen,
Something you should know about mod_proxy_fcgi is that currently it doesn’t
support UNIX sockets,
so you must start your PHP-FPM process using a TCP port, which is default
when you install it.
Daniel Garajau wrote a interesting document on this subject:
http://garajau.com.br/blog/2013/12/apache-2-4-and-php-fpm-using-mod_proxy_fcgi/
Hope this helps.
Thanks,
Otis
On Sun, May 4, 2014 at 7:55 PM, <le...@chello.at> wrote:
> I would like to set up php fpm and I am experiencing some difficulties
> there.
>
> 1. is it possible to solve that issue described e.g. here?
> http://forum.nginx.org/read.php?3,246804,246804
>
> 2. assuming that the users executing scripts can not be trusted, how would
> one ensure that e.g. open_basedir is respected?
> I know that this question is more related to php itself, but maybe you
> happen to know the answer there as well.
> This is because I do not know how to bind specific settings per-vhost
> here, since the given example below does not specify custom arguments, such
> as configuration directives or own php.ini files.
>
> the configuration is e.g.
>
>
> <VirtualHost *:80>
> ...
> Options +Indexes
> DirectoryIndex index.html index.php
>
> ProxyPassMatch ^/(.*\.php(/.*)?)$
> unix:/some/path/to/php-fpm.sock|fcgi://foobar/path/to/documentroot
> ...
> </VirtualHost>
>
>
> httpd 2.4.9, php 5.5.12, all latest
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] VirtualHost core error
Posted by Andy Canfield <an...@yandex.com>.
I get an error message, apparently from Apache.
The error message appears briefly on the screen, and then disappears due
to the login prompt. It does NOT appear in any log file. IMHO this is
VERY bad form. I captured it by the crude technique of rebooting ten
times and using a camera to photograph the actual screen each time. What
I photographed was this error message:
/[Fri May 09 16:44:20.639207 2014] [core error] [pid 1152] (EAI 2) Name
or service not known: AH00547: Could not resolve host name
andycanfield.com -- ignoring!/
It appears to refer to these lines in one of my sites-available
configuration files:
<VirtualHost andycanfield.com:80>
DocumentRoot /www/andycanfield/Site
</VirtualHost>
I do not see what is wrong with these lines. What they mean to me is "If
you ever receive a request for web site "andycanfield.com", look at the
web pages located in /www/andycanfield/Site. Of course
"andycanfield.com" is not in /etc/hosts, why should it be? Why should
apache2 look for it during startup?
I added "ServerName andycanfield.com" in front of the DocumentRoot
statement and it still gies me that error.
There is another statement like this:
<VirtualHost www.andycanfield.com:80>
DocumentRoot /www/andycanfield/Site
</VirtualHost>
And I get another error message about "www.andycanfield.com" also.
Indeed there is another statement like this:
<VirtualHost andycanfield:80>
DocumentRoot /www/andycanfield/Site
</VirtualHost>
But this name "andycanfield" is defined as "127.0.0.1" in /etc/hosts,
and apache2 does not complain about it.
What am I doing? I am writing a config file that can be used either on
my personal computer or on the Internet server. "andycanfield" is for my
personal computer; "andycanfield.com" is for the server. Do I need two
configuration files, one for my notebook and one for the server on the
Internet?
By the way I am having frequent problems with configurations that worked
fine under apache 2.2 but fail under 2.4. This is but one example. The
entire "403: Forbidden" problem was another.
Re: [users@httpd] localhost Forbidden
Posted by Andy Canfield <an...@yandex.com>.
I think I've fixed it.
My /etc/apache2/apache2.conf still contains these lines as installed:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
My /etc/apache2/sites-enabled/00_default.conf contains these lines:
<VirtualHost *:80>
DocumentRoot /www/default/Site
</VirtualHost>
followed by these lines:
<Directory /www/default/Site>
AuthType None
Require all granted
Options FollowSymLinks
</Directory>
My subsite http://localhost/pix contains these lines:
Alias /pix /www/pix/Site
<Directory /www/pix/Site>
AuthType None
Require all granted
Options FollowSymLinks
</Directory>
Note that there is no VirtualHost statement here, like there used to be
in my apache 2.2 configuration statements. In all my conf files there is
now only one <VirtualHost *:80> statement. Every one of my subsites has
those same six lines - Alias + Directory, with "pix" changed to whatever
the name of that subsite is.
It appears as though apache2 was getting very upset with having multiple
VirtualHost statements for the same virtual host. That worked OK in 2.2,
but not in 2.4. And there was no error when restarting apache, only when
accessing one of the sites. And the "403:Forbidden" seemed to arise
regardless of which sub-site I was trying to look at.
Thank you all; your help was invaluable.
Andy Canfield
- www.andycanfield.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] localhost Forbidden
Posted by Otis Dewitt - NOAA Affiliate <ot...@noaa.gov>.
Greetings Eric,
Try this:
<VirtualHost *:80>
DocumentRoot /www/default/Site
<Directory /www/default/Site>
AuthType None
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
Thanks,
Otis
On Sun, May 4, 2014 at 9:58 AM, Eric Covener <co...@gmail.com> wrote:
> On Sun, May 4, 2014 at 9:48 AM, Andy Canfield <an...@yandex.com>
> wrote:
> > What am I missing?
>
>
> Maybe you're not getting into that virtualhost? Review the output of
> apache2ctl -S, and/or add a custom access log for that virtual host.
>
> <Directory> is always a directory on disk. You should also be sure to
> review the errorlog for each 403.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
[users@httpd] php fpm and ProxyPass
Posted by le...@chello.at.
I would like to set up php fpm and I am experiencing some difficulties there.
1. is it possible to solve that issue described e.g. here?
http://forum.nginx.org/read.php?3,246804,246804
2. assuming that the users executing scripts can not be trusted, how would one ensure that e.g. open_basedir is respected?
I know that this question is more related to php itself, but maybe you happen to know the answer there as well.
This is because I do not know how to bind specific settings per-vhost here, since the given example below does not specify custom arguments, such as configuration directives or own php.ini files.
the configuration is e.g.
<VirtualHost *:80>
...
Options +Indexes
DirectoryIndex index.html index.php
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/some/path/to/php-fpm.sock|fcgi://foobar/path/to/documentroot
...
</VirtualHost>
httpd 2.4.9, php 5.5.12, all latest
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] localhost Forbidden
Posted by Eric Covener <co...@gmail.com>.
On Sun, May 4, 2014 at 9:48 AM, Andy Canfield <an...@yandex.com> wrote:
> What am I missing?
Maybe you're not getting into that virtualhost? Review the output of
apache2ctl -S, and/or add a custom access log for that virtual host.
<Directory> is always a directory on disk. You should also be sure to
review the errorlog for each 403.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] localhost Forbidden
Posted by Andy Canfield <an...@yandex.com>.
I am not sure what you mean by "Then your document root has a stanza
that allows access to everyone."
I removed the disabling comment marks in /etc/apache2/apache2.conf =
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
Then I have this as /etc/apache2/sites-enabled/default =
<VirtualHost *:80>
DocumentRoot /www/default/Site
<Directory /www/default/Site>
AuthType None
Require all granted
Options FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
The result is a 403:Forbidden error. The same error comes up if the
'Directory' line reads
<Directory />
(I am never quite sure whether the Directory name is disk-absolute or
DocumentRoot-relative).
What am I missing?
On 05/04/2014 07:31 PM, Eric Covener wrote:
> On Sun, May 4, 2014 at 4:42 AM, Andy Canfield <an...@yandex.com> wrote:
>> This was NOT present under Apache 2.2. Since this file is read before
> That's usually present in every default configuration. Then your
> document root has a stanza that allows access to everyone.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] localhost Forbidden
Posted by Eric Covener <co...@gmail.com>.
On Sun, May 4, 2014 at 4:42 AM, Andy Canfield <an...@yandex.com> wrote:
> This was NOT present under Apache 2.2. Since this file is read before
That's usually present in every default configuration. Then your
document root has a stanza that allows access to everyone.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] localhost Forbidden
Posted by Andy Canfield <an...@yandex.com>.
If any of you are following this thread (I have seen no replies), I
think I found the monster:
In the file /etc/apache2/apache2.conf, under Apache 2.4, there is this
chunk of code:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
This was NOT present under Apache 2.2. Since this file is read before
Apache reads any of the site-specific configuration files, the result
seems to be that no virtual host can allow users to access it's document
root. The above lines, being in the global config file, apparently apply
to all hosts everywhere.
If I am wrong please correct me; maybe there is a more proper way to do it.
On 04/30/2014 01:41 PM, Andy Canfield wrote:
> I am upgrading my notebook from 32-bit Ubuntu 12.04 with Apache 2.2(?),
> to 64-bit Ubuntu 14.04 with Apache 2.4.
>
> The thing is insane. It's gotten the point that web pages which require
> a user name and password work, but web pages that let anyone access them
> give me a "403: Forbidden" error. This is based on configuration files
> exactly retained from Apache2 2.2.
>
> As a bare minimum test I have:
> /etc/apache2/sites-enabled/default is a symbolic link to
> /etc/apache2/sites-available/default which is a symbolic link to
> /etc/apache2/sites-available/default-test which is a zero length file.
> This gives me the 403:Forbidden error.
> So apparently authorization of some kind is mandatory now.
>
> Can you point me to any sample default (localhost) config file that I
> can copy that lets ANY user access the localhost site? From there I can
> figure out how to adapt it to my needs.
>
> Thank you.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> .
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org