I was doing the basic authentication to access the web pages via dispatcher. I have gone through some blog and was able to achieve it, but only for one directory. Below is the virtual host that i configured.
<VirtualHost *:80>
ServerAdmin admin#aemcorner.com
ServerName aemcorner.com
ServerAlias www.aemcorner.com
#DocumentRoot /var/www/example.com/public_html
DocumentRoot /opt/communique/dispatcher/cache
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /content/practice/en/hello/secure-pages>
# <Directory /var/www/example.com/public_html>
AuthType Basic
AuthName "Secure Content"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords
Require all granted
</Directory>
</VirtualHost>
Here i want to work with the commented lines, this snippet work fine but when i
replace it with /content/practice/en/Secure-Pages and use the commented DocumentRoot it give me an error as below :
**Forbidden
You don't have permission to access /content/practice/en/hello/secure-pages/sp1.html on this server.**
I want to access the page /opt/communique/dispatcher/cache/content/practice/en/Secure-Pages/SP1.html
Also i am getting the below error :
[Mon Sep 07 20:57:39.500158 2015] [authz_core:error] [pid 9483:tid 140017092585216] [client 127.0.0.1:49543] AH01630: client denied by server configuration: /opt/communique/dispatcher/cache/favicon.ico, referer: http://aemcorner.com/content/practice/en/hello/secure-pages/sp1.html
I was able to solve this problem via below configuration :
<VirtualHost *:80>
ServerAdmin admin#aemcorner.com
ServerName aemcorner.com
ServerAlias www.aemcorner.com
#DocumentRoot /var/www/example.com/public_html
DocumentRoot /opt/communique/dispatcher/cache
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /content/practice/en/hello/secure-pages>
# <Directory /var/www/example.com/public_html>
AuthType Basic
AuthName "Secure Content"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
</Location>
</VirtualHost>
I have use Location instead of Directory and Require valid-user
Related
I have a web application in node js, which is running on port 3000. I can't get it to work with the ssl certificates, I get the following:
/etc/apache2/domain.conf configuration is:
<VirtualHost *:443>
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPreserveHost on
ProxyPass / https://***.es:3000/
ProxyPassReverse / https://***.es:3000/
SSLEngine on
SSLCertificateFile /certs/certificateSSL.crt
SSLCertificateKeyFile /certs/keySSL.key
SSLCertificateChainFile /certs/DigiCertCA.crt
ServerAdmin webmaster#localhost
ServerName ***.es
ProxyRequests Off
ServerAlias www.***.es
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
It looks like the ssl is correct, but I can't fix the proxy error:
And I get the following error when I tail /var/log/apache2/error.log:
[Mon Jan 16 17:47:29.698548 2023] [proxy_http:error] [pid 22330:tid 140606592464640] [client ****:54470] AH01097: pass request body failed to *****:3000 (****.es) from **** ()
What can i do?
Thank you so much!!!
Given that you ProxyPass to something at port 3000 and it is a common setup to have some backend at this port which is not by itself https enabled you likely have your ProxyPass (and ProxyPassReverse) directive wrong. Try to use it with http://..., not https://... - the method should reflect what protocol the internal server actually speaks and not what protocol you want to use for the reverse proxy.
I have secured a website using Apache2 HTTPD with LDAP mod with the following config. It works great for almost everyone, however for 2 users it returns an "<user> not found" error.
Our security team has indicated that we should try changing from checking the UID to instead check the ANR.
I have googled, but can't find much information on ANR. What is ANR? How do I switch to use ANR?
<VirtualHost *:80>
ServerName mydomain
Redirect permanent / https://mydomain/
</VirtualHost>
<VirtualHost *:443>
SSLProxyEngine on
SSLCertificateFile /etc/apache2/ssl/mydomain.pem
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.key
ProxyPreserveHost on
ProxyRequests off
ServerName mydomain
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
<Proxy *>
AuthType Basic
Authname "Password Required"
AuthBasicProvider ldap
AuthLDAPURL ldaps://realm.domain.local:3269
#AuthLDAPCompareAsUser on
#LDAPReferrals off
AuthLDAPBindDN "CN=SVC-Auth,OU=ServiceAccounts,DC=<domain>,DC=local"
AuthLDAPBindPassword "<password>"
Require valid-user
</Proxy>
</VirtualHost>
How is it possible for this to work great for the majority of users, but for the user to be missing for a small subset of users? These users can login fine to all other AD services.
I was surfing on the internet and I don't know what's going on anymore.
I flipped across Google ;)
How to setting my VPS for all user's accounts? Could you help me?
Example:
Server "top" domain: srv1.myserver.com
Customer domain: ubuntu001.com (now it's OK: www.myserver.com/~ubuntu001)
Customer domain: garfield.net (now it's OK: www.myserver.com/~garfield)
I need this "format":
ubuntu001.myserver.com OR ubuntu001.com.myserver.com
garfield.myserver.com OR garfield.net.myserver.com
How to config my CWP VPS (apache vhosts)?
Thank you for all the guidelines.
UPDATE:
Edit this conf file:
/usr/local/apache/conf.d/vhosts/myserver.com.conf
Add "ServerAlias" for VirtualHost block
Restart Apache service on server
<VirtualHost 1.2.3.4:80>
ServerName ubuntu001.com
ServerAlias www.ubuntu001.com
ServerAlias ubuntu001.myserver.com
ServerAlias www.ubuntu001.myserver.com
ServerAdmin webmaster#ubuntu001.com
DocumentRoot /home/ubu001/public_html
[...]
<IfModule mod_setenvif.c>
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
</IfModule>
<Directory "/home/ubu001/public_html">
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
[...]
</VirtualHost>
I's OK: http://ubuntu001.myserver.com
I's not working: httpS://ubuntu001.myserver.com
(the myserver.com is an example domain)
I am trying to setup vHost on my QNAP web server (Running Apache). I seem to be stuck at the point where I can't load the subdomains. I have included a custom conf file in the apache.conf file like so:
include /share/Web/customapache.conf
In the customapache file, I have the following:
NameVirtualHost *:80
ServerName 127.0.0.1
DocumentRoot "/share/Web/site1-home"
<Directory />
Order deny,allow
Deny from all
</Directory>
ServerSignature Off
ServerTokens Prod
NameVirtualHost *:80
<VirtualHost *:80>
ServerName localhost
# ServerAlias www.localhost
DocumentRoot "/share/Web/site1-home"
<Directory "/share/Web/site1-home">
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName pods.localhost
# ServerAlias www.pods.localhost
DocumentRoot "/share/Web/site2-pods"
<Directory "/share/Web/site2-pods">
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
It's probably a bit of a mess as I have been trying multiple different examples trying to fix whatever issues I have. I am fairly new to linux, and apache to be honest. I was able to get it all working fine in NGINX, however I ran into some compatability issues with QNAP.
Essentially, the main redirect is working, so that the base directory is now /share/Web/site1-home, but the subdomain is not working (pods.localhost). I am sure its something simple I am missing, or even something I have added that I do not need. But any assistance, or even a point in the right direction would be much appreciated.
Regards
Kirt
I'm trying to get an SVN server up and running. CentOS 6.4, apache 2.2.15. More importantly, I need to have it running on https only. So I figure that I'll get ssl running first, as I've already tested it on port 80, and SVN works the way I want it to.
In /etc/httpd/ssl, I have ..
intermediate.crt wildcard.mycompany.com.crt wildcard.mycompany.com.key
We bought a wildcard certificate from GeoTrust, and I downloaded the intermediate.crt from their website. In /etc/httpd/httpd.conf, I have..
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin my.email#mycompany.com
ServerName hostname.mycompany.com
ErrorLog logs/error_log
CustomLog logs/access_log common
Redirect permanent / https://hostname.mycompany.com
</VirtualHost>
<VirtualHost hostname.mycompany.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/wildcard.mycompany.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/wildcard.mycompany.com.key
SSLCertificateChainFile /etc/httpd/ssl/intermediate.crt
ServerName hostname.mycompany.com
ServerAdmin my.email#mycompany.com
ErrorLog logs/subversion-error_log
CustomLog logs/subversion-access_log common
</VirtualHost>
I can connect to the server, but my browser tells me that the certificate is untrusted. So I'm guessing that there's an error in the permissions, or perhaps in the format of the file?
I can't see anything in the logs.
I set this up at home on my own server, but wasn't using a wildcard certificate.
Anyone care to advise as to what's gone wrong?
Thanks.