git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Trouble-shooting Apache 2.2 Alias


No, just that you can "Include" other configurations, and if you don't do that, it won't work (duh...).  I'm assuming you did that correct, or specified them right there in the httpd.conf.  The other option is that you did include the configs, but the "<Directory /> block is after your included configurations.  In that case, you override the included configs.  The same goes for not including, but specifying in httpd.conf.  Order matters.  (As in, the order of things, not the directive (although that also matters, but that's not what I meant here)).

On Mon, Oct 29, 2018 at 11:03 AM Leam Hall <leamhall@xxxxxxxxx> wrote:
Hey Gillis, what do you mean by "not included"? Maybe I missed something.

We have two of these repositories, "updates" and "optional". Their
configs are at the end of the httpd.conf file and they just have the
"Alias" and "Directory" settings. They are also on a separate filesystem
from the server root and the DocumentRoot. Should we add something else?

Thanks!

Leam

On 10/29/18 4:14 AM, Gillis J. de Nijs wrote:
> The only other thing I can think of right now is that either the
> <Directory /opt/repository/rhel_patch_updates> config is somehow not
> included (but in that case the Alias probably wouldn't work either), or
> it is before the <Directory /> block, which then overrides the former. 
> All of this is assuming that you only have two <Directory> blocks in
> your config.  Anyway, order matters.
>
> On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamhall@xxxxxxxxx
> <mailto:leamhall@xxxxxxxxx>> wrote:
>
>     Hey Jonathon, SELinux is on permissive. Checked that early on.  :)
>
>     The biggest clue for me seems to be that if we open up the "<Directory
>     />" to Allow by default things work. Otherwise they don't.
>
>     Leam
>
>     On 10/28/18 9:26 AM, Jonathon Koyle wrote:
>      > It may be getting denied by SELinux, I suspect the label on your
>     aliased
>      > directory die not allow httpd access.  You will likely need to
>     look into
>      > semanage, something like this may do what you need, but I'm not an
>      > expert at SELinux myself... redhat provides some explanation here:
>      >
>     https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems
>
>      >
>      >
>      > # semanage fcontext -a -t httpd_sys_content_t
>     '/opt/repository/rhel_updates(.*)?'
>      > # restorecon -R -v /opt/repository/rhel_updates
>      >
>      >
>      > On Sat, Oct 27, 2018, 06:08 Leam Hall <leamhall@xxxxxxxxx
>     <mailto:leamhall@xxxxxxxxx>
>      > <mailto:leamhall@xxxxxxxxx <mailto:leamhall@xxxxxxxxx>>> wrote:
>      >
>      >     On 10/27/18 7:49 AM, Eric Covener wrote:
>      >      > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall
>     <leamhall@xxxxxxxxx <mailto:leamhall@xxxxxxxxx>
>      >     <mailto:leamhall@xxxxxxxxx <mailto:leamhall@xxxxxxxxx>>> wrote:
>      >      >>
>      >      >> The only fix seems to be making the "<Directory />" more open
>      >     than we
>      >      >> want. It seems like Apache can't handle a more open
>      >     sub-directory than
>      >      >> whatever is allowed for the root directory.
>      >      >
>      >      > Apache can handle that just fine.  Show the smallest verbatim
>      >      > configuration that demonstrates something unexpected along
>     w/ the
>      >      > logs.
>      >
>      >
>      >     Hey Eric, I appreciate the help! Here's what I have, though it is
>      >     transcribed.
>      >
>      >     Set locally required limited OS access.
>      >
>      >              <Directory />
>      >                Options None
>      >                Order deny,allow
>      >                Deny from all
>      >              </Directory>
>      >
>      >     We use Apache as a yum repo, and store the rpms outside of the
>      >     DocumentRoot.
>      >
>      >              Alias "/rhel/updates"
>     "/opt/repository/rhel_patch_updates"
>      >              <Directory "/opt/repository/rhel_patch_updates">
>      >                Options All
>      >                Order allow,deny
>      >                Allow from all
>      >              </Directory>
>      >
>      >
>      >     When we hit 'http://myserver/rhel/updates' the error_log says
>     it is
>      >     denied by server configuration. I've set the LogLevel to
>     "debug" and
>      >     that's all I get. The log is at work, sorry. I'm the one who
>     did the
>      >     server configuration so my bet is "operator error", just not sure
>      >     how to
>      >     fix it.
>      >
>      >     Appreciate any help you can provide. Thanks!
>      >
>      >     Leam


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx