httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leam Hall <leamh...@gmail.com>
Subject Re: [users@httpd] Trouble-shooting Apache 2.2 Alias
Date Mon, 29 Oct 2018 11:43:49 GMT
Didn't include any other configs. The *only* things I changed on the
repositories was to add the Alias and Directory stanza.

On Mon, Oct 29, 2018 at 7:17 AM Gillis J. de Nijs <gillis@jink.net.invalid>
wrote:

> No, just that you can "Include" other configurations, and if you don't do
> that, it won't work (duh...).  I'm assuming you did that correct, or
> specified them right there in the httpd.conf.  The other option is that you
> did include the configs, but the "<Directory /> block is after your
> included configurations.  In that case, you override the included configs.
> The same goes for not including, but specifying in httpd.conf.  Order
> matters.  (As in, the order of things, not the directive (although that
> also matters, but that's not what I meant here)).
>
> On Mon, Oct 29, 2018 at 11:03 AM Leam Hall <leamhall@gmail.com> wrote:
>
>> Hey Gillis, what do you mean by "not included"? Maybe I missed something.
>>
>> We have two of these repositories, "updates" and "optional". Their
>> configs are at the end of the httpd.conf file and they just have the
>> "Alias" and "Directory" settings. They are also on a separate filesystem
>> from the server root and the DocumentRoot. Should we add something else?
>>
>> Thanks!
>>
>> Leam
>>
>> On 10/29/18 4:14 AM, Gillis J. de Nijs wrote:
>> > The only other thing I can think of right now is that either the
>> > <Directory /opt/repository/rhel_patch_updates> config is somehow not
>> > included (but in that case the Alias probably wouldn't work either), or
>> > it is before the <Directory /> block, which then overrides the former.
>> > All of this is assuming that you only have two <Directory> blocks in
>> > your config.  Anyway, order matters.
>> >
>> > On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamhall@gmail.com
>> > <mailto:leamhall@gmail.com>> wrote:
>> >
>> >     Hey Jonathon, SELinux is on permissive. Checked that early on.  :)
>> >
>> >     The biggest clue for me seems to be that if we open up the
>> "<Directory
>> >     />" to Allow by default things work. Otherwise they don't.
>> >
>> >     Leam
>> >
>> >     On 10/28/18 9:26 AM, Jonathon Koyle wrote:
>> >      > It may be getting denied by SELinux, I suspect the label on your
>> >     aliased
>> >      > directory die not allow httpd access.  You will likely need to
>> >     look into
>> >      > semanage, something like this may do what you need, but I'm not
>> an
>> >      > expert at SELinux myself... redhat provides some explanation
>> here:
>> >      >
>> >
>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems
>> >
>> >      >
>> >      >
>> >      > # semanage fcontext -a -t httpd_sys_content_t
>> >     '/opt/repository/rhel_updates(.*)?'
>> >      > # restorecon -R -v /opt/repository/rhel_updates
>> >      >
>> >      >
>> >      > On Sat, Oct 27, 2018, 06:08 Leam Hall <leamhall@gmail.com
>> >     <mailto:leamhall@gmail.com>
>> >      > <mailto:leamhall@gmail.com <mailto:leamhall@gmail.com>>>
wrote:
>> >      >
>> >      >     On 10/27/18 7:49 AM, Eric Covener wrote:
>> >      >      > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall
>> >     <leamhall@gmail.com <mailto:leamhall@gmail.com>
>> >      >     <mailto:leamhall@gmail.com <mailto:leamhall@gmail.com>>>
>> wrote:
>> >      >      >>
>> >      >      >> The only fix seems to be making the "<Directory />"
more
>> open
>> >      >     than we
>> >      >      >> want. It seems like Apache can't handle a more open
>> >      >     sub-directory than
>> >      >      >> whatever is allowed for the root directory.
>> >      >      >
>> >      >      > Apache can handle that just fine.  Show the smallest
>> verbatim
>> >      >      > configuration that demonstrates something unexpected along
>> >     w/ the
>> >      >      > logs.
>> >      >
>> >      >
>> >      >     Hey Eric, I appreciate the help! Here's what I have, though
>> it is
>> >      >     transcribed.
>> >      >
>> >      >     Set locally required limited OS access.
>> >      >
>> >      >              <Directory />
>> >      >                Options None
>> >      >                Order deny,allow
>> >      >                Deny from all
>> >      >              </Directory>
>> >      >
>> >      >     We use Apache as a yum repo, and store the rpms outside of
>> the
>> >      >     DocumentRoot.
>> >      >
>> >      >              Alias "/rhel/updates"
>> >     "/opt/repository/rhel_patch_updates"
>> >      >              <Directory "/opt/repository/rhel_patch_updates">
>> >      >                Options All
>> >      >                Order allow,deny
>> >      >                Allow from all
>> >      >              </Directory>
>> >      >
>> >      >
>> >      >     When we hit 'http://myserver/rhel/updates' the error_log
>> says
>> >     it is
>> >      >     denied by server configuration. I've set the LogLevel to
>> >     "debug" and
>> >      >     that's all I get. The log is at work, sorry. I'm the one who
>> >     did the
>> >      >     server configuration so my bet is "operator error", just not
>> sure
>> >      >     how to
>> >      >     fix it.
>> >      >
>> >      >     Appreciate any help you can provide. Thanks!
>> >      >
>> >      >     Leam
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>

Mime
View raw message