Suse10.3 - BackupPC - apache configuration
 

Hi all,

I am trying to setup a backup server using the below setup:

Suse10.3 - 2.6.22.16-0.1-default
BackupPC 3.1.0
Apache2.2

This is for home use only.

I think I have a problem with access...

Http://localhost give a 403 access denied error

/srv/www and below is set to 777

Apache error log:
[Sat Feb 02 10:07:21 2008] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Sat Feb 02 10:07:21 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Sat Feb 02 10:07:22 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_ssl/2.2.4 OpenSSL/0.9.8e configured -- resuming normal operations
[Sat Feb 02 10:36:11 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 10:36:14 2008] [error] [client 127.0.0.1] (13)Permission denied: access to /favicon.ico denied
[Sat Feb 02 10:36:51 2008] [error] [client 127.0.0.1] (13)Permission denied: access to /favicon.ico denied
[Sat Feb 02 10:37:15 2008] [error] [client 127.0.0.1] (13)Permission denied: access to /cgi-bin/BackupPC/BackupPC_Admin denied
[Sat Feb 02 11:14:25 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 11:14:26 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 11:14:53 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 11:15:35 2008] [error] [client 127.0.0.1] (13)Permission denied: access to /cgi-bin/BackupPC/BackupPC_Admin denied
[Sat Feb 02 11:21:37 2008] [error] [client 127.0.0.1] (13)Permission denied: access to /cgi-bin/BackupPC/BackupPC_Admin denied
[Sat Feb 02 11:21:43 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 11:25:56 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied



I think I may need to setup a htaccess file, but I don't know how and the documentation expects that I have a little more knowledge about apache than I do...

HTTPD.conf:

Overview of include files, chronologically:
#
# httpd.conf
# |
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
# |-- sysconfig.d/loadmodule.conf . . . . .[*] load these modules
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
# |-- mod_log_config.conf . . . . . . . . . define logging formats
# |-- sysconfig.d/global.conf . . . . . . .[*] server-wide general settings
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
# |-- errors.conf . . . . . . . . . . . . . customize error responses
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
# |
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
# |
# |-- sysconfig.d/include.conf . . . . . .[*] your include files
# | (for each file to be included here, put its name
# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
# |
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
#
#
# Files marked[*] are created from sysconfig upon server restart: instead of
# these files, you edit /etc/sysconfig/apache2



# Filesystem layout:
#
# /etc/apache2/
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap
# |-- conf.d/
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
# |-- default-server.conf
# |-- errors.conf
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file
# |-- listen.conf
# |-- magic
# |-- mime.types -> ../mime.types
# |-- mod_autoindex-defaults.conf
# |-- mod_info.conf
# |-- mod_log_config.conf
# |-- mod_mime-defaults.conf
# |-- mod_perl-startup.pl
# |-- mod_status.conf
# |-- mod_userdir.conf
# |-- mod_usertrack.conf
# |-- server-tuning.conf
# |-- ssl-global.conf
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2
# | |-- global.conf
# | |-- include.conf
# | `-- loadmodule.conf
# |-- uid.conf
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
# |-- vhost-ssl.template
# `-- vhost.template



### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.

# run under this user/group id
Include /etc/apache2/uid.conf

# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log

# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf

# IP addresses / ports to listen on
Include /etc/apache2/listen.conf

# predefined logging formats
Include /etc/apache2/mod_log_config.conf

# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf

# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf

# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf

# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf

# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

# set up (customizable) error responses
Include /etc/apache2/errors.conf

# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf

# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>

# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.html.var

### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Include /etc/apache2/default-server.conf


# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf


### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs-2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
Include /etc/apache2/vhosts.d/*.conf


# Note: instead of adding your own configuration here, consider
# adding it in your own file (/etc/apache2/httpd.conf.local)
# putting its name into APACHE_CONF_INCLUDE_FILES in
# /etc/sysconfig/apache2 -- this will make system updates
# easier :)


Any help is much appreciated!!

I see the Directory container denying access to the root file system
but none to allow the directory tree you want to be viewable.

and change /srv/www back to 755!:eek:

Changed /srv/www back to 755..

So I should remove the "# forbid access to the entire filesystem by default" Section or no?




I added this:

# allow access to the default filesystem
<Directory /srv/www>
Options None
AllowOverride ALL
Order allow,deny
allow from all
</Directory>


Restarted httpd...

same error?

No, It belongs.

According to your httpd.conf it looks like you should have a file at /etc/apache2/default-server.conf that should contain something like this:

Then make sure there is an index.html file in /srv/www/

default server config file:

# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.

#DocumentRoot "/srv/www"
<Directory /srv/www>
Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>

# Aliases: aliases can be added as needed (with no limit). The format is
# Alias fakename realname

Alias /icons/ "/usr/share/apache2/icons/"

<Directory "/usr/share/apache2/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

# ScriptAlias: This controls which directories contain server scripts.

ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"

# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased

<Directory "/srv/www/cgi-bin">
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>

# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES
# in /etc/sysconfig/apache2.
#
<IfModule mod_userdir.c>
# Note that the name of the user directory ("public_html") cannot simply be
# changed here, since it is a compile time setting. The apache package
# would have to be rebuilt. You could work around by deleting
# /usr/sbin/suexec, but then all scripts from the directories would be
# executed with the UID of the webserver.
UserDir public_html
# The actual configuration of the directory is in
# /etc/apache2/mod_userdir.conf.
Include /etc/apache2/mod_userdir.conf
</IfModule>


# Include all *.conf files from /etc/apache2/conf.d/.
#
# This is mostly meant as a place for other RPM packages to drop in their
# configuration snippet.
#
# You can comment this out here if you want those bits include only in a
# certain virtual host, but not here.
#
Include /etc/apache2/conf.d/*.conf

# The manual... if it is installed ('?' means it won't complain)
Include /etc/apache2/conf.d/apache2-manual?conf
ServerName csrbakup01
ServerAdmin

Remove the "#" from the line...
on second thought it would be better to create a directory called html or htdocs at /srv/www/htdocs so that your cgi-bin is not a subdirectory in your DocumentRoot.
Then change those lines in the default server config file to:

Nope same error.... I really thought you had it there.... I love linux but this is pissing me off...

Any other ideas... what about the htaccess file? anything i should need to do?

webpage error - there is an index doc there...

Access forbidden!

You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.

If you think this is a server error, please contact the webmaster.
Error 403
localhost
Sat Feb 2 20:56:30 2008
Apache/2.2.4 (Linux/SUSE)

latest log file entries:

[Sat Feb 02 17:00:57 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 17:01:03 2008] [error] [client 127.0.0.1] (13)Permission denied: access to /cgi-bin/BackupPC/BackupPC_Admin denied
[Sat Feb 02 17:01:07 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 17:02:04 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 17:02:43 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 17:02:45 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 17:02:49 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 17:06:00 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 17:06:01 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 17:06:05 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 17:15:47 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 17:16:12 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 17:16:14 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 17:16:23 2008] [error] [client 172.18.10.100] (13)Permission denied: access to / denied
[Sat Feb 02 17:18:10 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 20:48:49 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 20:49:03 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 20:51:09 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 20:51:10 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 20:51:18 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 20:52:41 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 20:52:42 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 20:52:46 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 20:52:48 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 20:54:50 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 20:54:51 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 20:55:00 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied
[Sat Feb 02 20:56:23 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 20:56:24 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 20:56:30 2008] [error] [client 127.0.0.1] (13)Permission denied: access to / denied

So I removed the section about denying access to "/" and I get this in the error log:

[Sat Feb 02 21:07:59 2008] [crit] [client 127.0.0.1] (13)Permission denied: /srv/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Feb 02 21:08:01 2008] [crit] [client 127.0.0.1] (13)Permission denied: /srv/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Feb 02 21:08:38 2008] [notice] caught SIGTERM, shutting down
[Sat Feb 02 21:08:39 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Feb 02 21:08:44 2008] [crit] [client 127.0.0.1] (13)Permission denied: /srv/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Feb 02 21:08:46 2008] [crit] [client 127.0.0.1] (13)Permission denied: /srv/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable




And I do not see a .htaccess file anywhere in /srv/www and below...

there is a /srv/www/htdocs/index.html? (or whatever path you decided to go with)
Are you running SELinux?
if so run
I have never seen a server where the .htaccess file was not optional or more accurately "required".

nope, no SElinux

CSRBAKUP01:/ # ls -lZ /srv/www
ls: invalid option -- Z
Try `ls --help' for more information.
CSRBAKUP01:/ # ls -lz /srv/www
ls: invalid option -- z
Try `ls --help' for more information.
CSRBAKUP01:/ # ls -l /srv/www
total 16
drwxr-xr-x 2 fuentej users 4096 2008-02-02 10:01 cgi-bin
drwxr-xr-x 3 fuentej users 4096 2008-02-02 21:34 htdocs
-rw-r--r-- 1 fuentej users 44 2008-02-02 17:01 index.html
drwxr-xr-x 2 fuentej users 4096 2007-09-23 10:03 perl-lib
CSRBAKUP01:/ #

could the file ownership be it?

that 3rd 'r' means that everyone can read them so that shouldn't be an issue.
Is there an index.html inside your htdocs directory?

This is assuming that your main server config file has

default server config:

# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.

DocumentRoot "/srv/www/htdocs"
<Directory /srv/www/htdocs>
Options Indexes FollowSymLinks
AllowOverride ALL
Order allow,deny
Allow from all
</Directory>

--------------------------------------------

CSRBAKUP01:/srv/www # pwd
/srv/www
CSRBAKUP01:/srv/www # ll
total 16
drwxr-xr-x 2 fuentej users 4096 2008-02-02 10:01 cgi-bin
drwxr-xr-x 3 fuentej users 4096 2008-02-02 22:13 htdocs
-rw-r--r-- 1 fuentej users 44 2008-02-02 17:01 index.html
drwxr-xr-x 2 fuentej users 4096 2007-09-23 10:03 perl-lib
CSRBAKUP01:/srv/www # cd htdocs
CSRBAKUP01:/srv/www/htdocs # ll
total 92
-rw-r--r-- 1 fuentej users 2205 2005-12-14 11:25 apache_pb22_ani.gif
-rw-r--r-- 1 fuentej users 2410 2005-12-14 11:25 apache_pb22.gif
-rw-r--r-- 1 fuentej users 1502 2005-12-14 11:25 apache_pb22.png
-rw-r--r-- 1 fuentej users 2326 2004-11-20 15:16 apache_pb.gif
-rw-r--r-- 1 fuentej users 1385 2004-11-20 15:16 apache_pb.png
-rwxr-xr-x 1 fuentej users 4016 2008-02-02 10:01 BackupPC_stnd.css
-rwxr-xr-x 1 fuentej users 3358 2008-02-02 10:01 BackupPC_stnd_orig.css
-rw-r--r-- 1 fuentej users 302 2006-04-28 11:00 favicon.ico
drwxr-xr-x 2 fuentej users 4096 2008-02-02 11:00 gif
-rwxrwxrwx 1 fuentej users 23324 2008-02-02 21:34 htprotector.php
-rwxr-xr-x 1 fuentej users 420 2008-02-02 10:01 icon-dir.png
-rwxr-xr-x 1 fuentej users 441 2008-02-02 10:01 icon-file.png
-rwxr-xr-x 1 fuentej users 710 2008-02-02 10:01 icon-hardlink.png
-rwxr-xr-x 1 fuentej users 659 2008-02-02 10:01 icon-symlink.png
-rw-r--r-- 1 fuentej users 44 2004-11-20 15:16 index.html
-rw-r--r-- 1 fuentej users 26 2007-11-09 09:10 robots.txt
-rwxr-xr-x 1 fuentej users 6463 2008-02-02 10:01 sorttable.js
CSRBAKUP01:/srv/www/htdocs #

--------------------------------------------------------------------------------

httpd.conf:

# forbid access to the entire filesystem by default

#<Directory />
# Options None
# AllowOverride None
# Order deny,allow
# Deny from all
#</Directory>

<Directory /srv/www/htdocs>
Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
allow from all
</Directory>



# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>


# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.html.var

if you do a 'ls -la' in any of those directories do you see anything interesting? like a .htaccess file?

Nope...

From what i have read, i think I'd rather not use the .htaccess feature.

But at the same time, the ultimate goal if this to work with backupPC... And there DOCS mention setting up a .htaccess, but does not go into any detail.

pullin my hair out here...