This was originally posted in "Linux - Server" but I haven't gotten any response there so I'm hoping someone who reads this forum can help out. Here's the post:
Hello,
Let me start by saying that I'm not new at all to Linux or Apache. I've been administering and coding for *nix professionally for over 10 years. I used Apache a lot at the 1.x version, and a couple of years ago I adjusted to the 2.0.x way of doing things. I recently loaded a server with CentOS 5 (A RHEL5 clone) and with it came apache 2.2.3. I fired it up and verified that the default server worked. I quickly tossed in the standard set of directives to add a couple of VirtualHosts (I've got at least 30 running on a CentOS 4 server with apache 2.0.52). I tried to verify that the new Virtuals worked... and they didn't. Much to my surprise, neither did the default server that was working just moments before. All of these servers now gave a 403 error, saying that I did not have permission to access / on that server.
This error is fairly generic; it could point to filesystem permissions or some other access control issue. I decided to start digging. Through some research on google (and this site
), I found out that as of 2.2, there must be a VirtualHost defined that is identical to the default server. After I set that up, the default server was once again working properly... but still no luck on the other VirtualHosts. I still got the same 403 error... which still wasn't very descriptive.
After several hours of googling and trying many different configurations with the <Files> and <Directory> directives, I believe I have it narrowed down to some very odd filesystem permissions issue. Basically, any virtual servers that exist within /var/www work beautifully. Any that exist elsewhere do not. Every directory that I tried to use, I gave permissions identical to /var/www - 0755 root:root. Possibly by coincidence, /var/www is configured as the "apache" user's home directory (by default). I think this may be a coincidence, because I tried running the server as the "nobody" user and the symptoms were identical. The "nobody" user has a home directory of simply /, so my logic told me that if the issue were truly related to the home directory, "nobody" would have been able to serve VirtualHosts from anywhere on the filesystem.
Here's a breakdown of my current configuration:
(default)
DocumentRoot /var/www/html
(Virt1)
DocumentRoot /var/www/html
ServerName `hostname`
(Virt2)
DocumentRoot /var/www/html2
ServerName virtual.example.com
With this configuration, the default server and the VirtualHost work as expected. I have no <Directory> or <Files> directives in there to make it work, it just happens as expected, out of the box. httpd -S returns an OK status, with expected output.
Here's an example of what does *not* work. The changes are very subtle.
(default)
DocumentRoot /var/www/html
(Virt1)
DocumentRoot /var/www/html
ServerName `hostname`
(Virt2)
DocumentRoot /var/www2/html <-- changed
ServerName virtual.example.com
Of course, the directory I'm pointing it at in this example does exist. I simply copied /var/www to /var/www2, retaining all permissions and copying all contents and subdirectories. As far as the OS is concerned, these two directories are pretty much identical.
Interestingly, I tried to symlink test.php to /home/blah/test.php from within the working default server. "Options FollowSymLinks" does exist for this server, and the permissions on /home/blah are identical to those of /var/www. The apache documentation also says that following symbolic links, when enabled, bypasses the <Directory> directive for access control.
example:
/var/www/html/test1.php <-- existing php script, produces expected output
/var/www/html/test2.php <-- linked to test1.php, produces expected output
/home/blah/test3.php <-- existing php script, identical to test1.php
/var/www/html/test4.php <-- linked to test3.php, produces a 403 error
basically, as long as the file exists within /var/www, everything is a-ok. Symlinks, actual documents, everything works. If I try to serve a virtualhost from another directory, or if I try to link to a file in another directory, I get a 403 error.
Sorry for the long-winded post... but I tried to provide as much information as I could. Most likely, someone here will recognize the problem and provide a 30-second, 1-line fix and I will look somewhat silly... but hey, that's why I'm here
Thanks in advance,
-J
P.S. - it should be noted that the default "It Works!" page does in fact work with a DocumentRoot outside of /var/www but everything within the DocumentRoot generates the 403.
