403 Forbidden Access on port 443 (SSL) - linux

I am trying to set up SSL on my webpage located in local network. Firstly, I generated a certificate using openssl and modified some .conf files in apache2 directory. Unfortunately, I've got 403 forbidden access error. It concerns only 443 port (HTTPS). HTTP (80) works perfectly fine. BTW Encryption works because my browser shows Your connecton is encrypted....
httpd.conf
Only including files below
default-vhost.conf (port 80) - works
<VirtualHost 10.83.200.80:80>
DocumentRoot "/srv/www/htdocs"
<Directory "/srv/www/htdocs">
Options +FollowSymLinks
Options None
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
default-vhost-ssl.conf (443) - does not work
#<IfDefine SSL>
#<IfDefine !NOSSL>
<VirtualHost _default_:443>
ServerName 10.83.200.80:443
ServerAlias 10.83.200.80:443
DocumentRoot "/srv/www/htdocs"
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
<Directory "/srv/www/htdocs">
Options +FollowSymLinks
Options None
Order allow,deny
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt
#SSLCACertificatePath /etc/apache2/ssl.crt
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /etc/apache2/ssl.crl
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
#
# some Rewrite stuff for sharedssl
#
#RewriteEngine on
##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
##RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^webmail\..* [NC]
#RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
#RewriteRule ^/$ /roundcube [R]
</VirtualHost>
#</IfDefine>
#</IfDefine>
As you can see, for both files, configrations are almoust the same.
Greetings.

Related

Getting 404 on a specific path /pricing with Apache server [migrated]

This question was migrated from Stack Overflow because it can be answered on Server Fault.
Migrated 2 days ago.
I've set up an Apache server on Ubuntu 20.04
The site loads fine when I load the home page first (https://leadzilla.ai) and after that when I click on the pricing button and it takes me to https://leadzilla.ai/pricing and the that page loads fine as well.
But when I go directly to https://leadzilla.ai/pricing in the browser, I get a 404
Here is what I have in /etc/apache2/sites-available/leadzilla.ai.conf
<VirtualHost *:80>
DocumentRoot /var/www/leadzilla.ai
ServerName leadzilla.ai
ServerAlias www.leadzilla.ai
<Directory /var/www/leadzilla.ai>
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Allow from all
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =leadzilla.ai [OR]
RewriteCond %{SERVER_NAME} =www.leadzilla.ai
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I have this config in /etc/apache2/sites-available/leadzilla.ai-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/leadzilla.ai
ServerName leadzilla.ai
ServerAlias www.leadzilla.ai
<Directory /var/www/leadzilla.ai>
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Allow from all
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
</Directory>
<Directory /var/www/leadzilla.ai/blog>
AllowOverride All
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/leadzilla.ai/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/leadzilla.ai/privkey.pem
</VirtualHost>
</IfModule>
I have Wordpress on https://leadzilla.ai/blog so that has to be taken care of as well.
Here is what I have tried:
RewriteRule ^pricing$ pricing.html [NC]
I added it before the other rewrite rule but that doesn't seem to be working. Any ideas?
[EDIT]
This is solved now. The issue was a Next.js config, not an Apache config.
I put in exportTrailingSlash: true in my module.exports and it worked

I find this to be curious behavior. But if you have a RewriteRule in the <VirtualHost *:443>, then you should also have RewriteEngine On.
Are there any symbolic links in your directory at all. Anything like foo -> foo.html?
Are there any directories like /var/www/html/pricing/ in your directory structure?
Also, remember, that all of your traffic ends up on HTTPS, which means that only the <VirtualHost *:443> is in play. The other virtual host entry only is used long enough to redirect from HTTP to HTTPS. Any rewrite rules for the :80 VirtualHost do not apply on HTTPS.

django.urls.base.get_script_prefix returns incorrect prefix when executed by apache

Python-3.8/Django-3.2/Mezzanine-6.0 application tries to access incorrect pages when executed by apache. In standalone mode (python manage.py runserver) it creates correct address /admin/page_types/basicpage/2677/change/ whereas in apache mode it creates address /admin/page_types/basi/admin/pages/page/2677/change/ in the same place.
Edit:
It seems to be the get_script_prefix() function in django/urls/base.py that returns incorrect prefix when accessing page 2677 in apache mod_wsgi daemon mode. In embedded mode the fault does not happen.
I don't even uderstand how this fuction call return getattr(_prefixes, "value", '/') can work as the _prefixes object does not have attribute named "value".
The _prefixes object comes from asgiref:
from asgiref.local import Local
_prefixes = Local()
Furthermore: why does django use asgiref also when not not excuted using ASGI https://asgi.readthedocs.io/en/latest/ ?
Apache configuration:
[django#tkpika03p ~]$ cat /etc/httpd/conf.d/pika.conf
#
# VirtualHost template
# Files must have the .conf suffix to be loaded.
#
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
ServerAdmin palvelin.hallinta#<myDomain>
ServerName pikaappm.<myDomain>
ServerAlias tkpika03p.ad.<myDomain>
DocumentRoot /srv/www/htdocs
ErrorLog /var/log/httpd/pika-error_log
CustomLog /var/log/httpd/pika-access_log combined
LogLevel warn
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature Off
Alias /static/ /srv/django/pika/pika/static/
Alias /site/ /srv/django/pika/pika/static/site/
<IfModule wsgi_module>
WSGIDaemonProcess pika_wsgi user=django group=django home=/srv/django python-home=/srv/django/pika-env python-path=/srv/django/pika
WSGIProcessGroup pika_wsgi
WSGIScriptAlias / /srv/django/pika/pika/wsgi.py
WSGIApplicationGroup %{GLOBAL}
</IfModule>
<Directory "/">
require all granted
</Directory>
<Directory "/srv/www/htdocs">
Options Includes FollowSymLinks
AllowOverride FileInfo
<Limit GET OPTIONS>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Limit>
</Directory>
<Directory /srv/django/pika/pika>
<Files wsgi.py>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Files>
</Directory>
<Directory /srv/django/pika/pika/static>
# Options Indexes Includes FollowSymLinks
# AllowOverride FileInfo
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Directory>
<Directory /srv/django/pika/pika/static/site>
# Options Indexes Includes FollowSymLinks
# AllowOverride FileInfo
<Limit GET OPTIONS>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Limit>
</Directory>
<Directory /srv/django/pika/pika/media>
# Options Indexes Includes FollowSymLinks
# AllowOverride FileInfo
<Limit GET OPTIONS>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Limit>
</Directory>
<Location />
Options Indexes Includes FollowSymLinks
SetOutputFilter INCLUDES
AddOutputFilter INCLUDES .html .ssi .css
# Order deny,allow
# Require all granted
</Location>
</VirtualHost>

How to configure subdomains in bitnami ruby stack

I am using Bitnami ruby stack on Google Cloud which supports php and nodejs at the same time. I have want my express js app which I want to run on main domain. eg www.example.com and I have two other codeigniter app (PHP) which I want them to run on subdomains like one.example.com and the other on domain like two.example.com.
I have followed different Bitnami articles such these 1 2 3 but still I can't have both apps run well together.
I placed all apps inside /opt/bitnami/apps and every app folder has 2 sub folders which are conf and htdocs just as described in article.
Here are contents of conf folder of codeigniter app which I want it to run on subdomain.
/opt/bitnami/apps/one/conf/httpd-app.conf
<Directory /opt/bitnami/apps/one/htdocs/>
Options +FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
</Directory>
/opt/bitnami/apps/one/conf/httpd-vhosts.conf
<VirtualHost *:8080>
ServerName one.example.com
ServerAlias www.one.example.com
DocumentRoot "/opt/bitnami/apps/one/htdocs"
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]
Include "/opt/bitnami/apps/one/conf/httpd-app.conf"
</VirtualHost>
<VirtualHost *:8444>
ServerName one.example.com
ServerAlias www.one.example.com
DocumentRoot "/opt/bitnami/apps/one/htdocs"
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]
Include "/opt/bitnami/apps/one/conf/httpd-app.conf"
</VirtualHost>
And conf of nodejs app which I want to run on main domain.
/opt/bitnami/apps/main/conf/httpd-app.conf
ProxyPass / http://127.0.0.1:2000/
ProxyPassReverse / http://127.0.0.1:2000/
/opt/bitnami/apps/nyererefy/conf/httpd-vhosts.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
# redirect www and non-www http routes to https-non-www:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
Include "/opt/bitnami/apps/main/conf/httpd-app.conf"
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
#redirect https-wwww to https-non-www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
Include "/opt/bitnami/apps/main/conf/httpd-app.conf"
</VirtualHost>
/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf
# Bitnami applications installed in a prefix URL
Include "/opt/bitnami/apps/phpmyadmin/conf/httpd-prefix.conf"
Include "/opt/bitnami/apps/phppgadmin/conf/httpd-prefix.conf"
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf
# Bitnami applications installed in a Virtual Host
Include "/opt/bitnami/apps/one/conf/httpd-vhosts.conf"
Include "/opt/bitnami/apps/main/conf/httpd-vhosts.conf"
/opt/bitnami/apache2/conf/bitnami/bitnami.conf
# Default Virtual Host configuration.
<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
</IfVersion>
<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"
# Status
ExtendedStatus on
<VirtualHost _default_:80>
ServerName local-stackdriver-agent.stackdriver.com
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
</VirtualHost>
How to configure them to run together?

Bitnami developer here!
You need to configure all your applications to use Apache virtual hosts.
First, you need to change the default root application to be configured with virtual host instead of using the Apache prefix.
This is done through the files /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf and /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf.
Second, you need to configure your codeigniter applications as virtual hosts too. This guide may be helpful.
https://docs.bitnami.com/general/infrastructure/lapp/configuration/configure-custom-application/
Also, if you have any issues feel free to open a case in the Bitnami community forum.

Issue with loadbalancing on apache

Please help with my task.
I'm must to install apache which will be balance connections by nodes (P.S. there is JIRA app nodes, if this is important).
I find how to do this, and once i have do this, and all works correctly. But in this time i put the same part of code in the httpd.conf
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
NameVirtualHost *:443
<VirtualHost *:443>
ProxyRequests off
ServerName jira-host
SSLEngine on
SSLCertificateFile "/etc/httpd/certs/jira-host.crt"
SSLCertificateKeyFile "/etc/httpd/certs/jira-host.key"
ProxyTimeout 900
Timeout 900
SSLSessionCacheTimeout 1800
<Proxy balancer://jiracluster>
BalancerMember http://jira-host1:8080 route=node1
BalancerMember http://jira-host2:8080 route=node2
Order Deny,Allow
Deny from none
Allow from all
ProxySet stickysession=ROUTEID
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order deny,allow
Allow from all
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://jiracluster/
ProxyPreserveHost on
</VirtualHost>
<VirtualHost *:80>
ServerName jira-host
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://jira-host [R,L]
</VirtualHost>
And after restart apache get the standart apache hello page, instead balancing.
What i do wrong? please help.
Thx.

Please ensure that you check all your configuration files.
It would seem that another file is still routing traffic to the default apache file.
Please check all your port 80/443 config files.

Redmine on CentOS 7 phpmyadmin : error page not found

I have installed Redmine 2.5 on centos 7 with phpmyadmin and it is intalled in localhost.
but when i try 127.0.0.1/phpmyadmin or localhost/phpmyadmin i get a 404 error:
Page not found
The page you were trying to access doesn't exist or has been removed.
but phpmyadmin loads on http://127.0.0.1/phpmyadmin/index.php
when i disable virtual host localhost/phpmyadmin works.
also everything works when i assign redmine to different ipaddress.
My virtual hosts is :
<VirtualHost *:80>
ServerName www.rdmine.com
ServerAlias rdmine.com
#ServerAdmin 127.0.0.1#domain.com
DocumentRoot /var/www/redmine/public/
ErrorLog logs/redmine_error_log
<Directory "/var/www/redmine/public/">
# Options Indexes ExecCGI FollowSymLinks
# Order allow,deny
Allow from all
Options -MultiViews
# AllowOverride none
</Directory>
# These have been added:
Alias /redmine /var/www/redmine/public
<Location /redmine>
PassengerBaseURI /redmine
PassengerAppRoot /var/www/redmine
</Location>
<Directory /var/www/redmine/public>
Allow from all
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
#Require all granted
</Directory>
</VirtualHost>
and my phpmyadmin conf is:
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
Allow from all
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>
I want to load redmine on 127.0.0.1/redmine which it loads but it also loads on 127.0.0.0.1 and phpmyadmin on 127.0.0.1/phpmyadmin which throws an error and works only for 127.0.0.0.1/phpmyadmin/index.php
Any ideas what might be wrong?
Thank you

When you disable virtual host, there is a line in the Apache configuration such as:
DirectoryIndex index.php index.html
that takes effect. So add that line in the virtual host definition.

Resources