Vhost configuration in apache

Hi
I am trying to configure 2 websites on my suse box and I am facing some problems …

I installed apache 2.2 and left my httpd.conf like this



srv:/etc/apache2/vhosts.d # cat /etc/apache2/httpd.conf 
#
# /etc/apache2/httpd.conf 
#
# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs-2.2/> for detailed information about
# the directives.

# Based upon the default apache configuration file that ships with apache,
# which is based upon the NCSA server configuration files originally by Rob
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.

# If possible, avoid changes to this file. It does mainly contain Include
# statements and global settings that can/should be overridden in the
# configuration of your virtual hosts.

# Quickstart guide:
# http://en.opensuse.org/Apache_Quickstart_HOWTO


# Overview of include files, chronologically:
#
# httpd.conf
#  | 
#  |-- uid.conf  . . . . . . . . . . . . . .  UserID/GroupID to run under
#  |-- server-tuning.conf  . . . . . . . . .  sizing of the server (how many processes to start, ...)
#  |-- sysconfig.d/loadmodule.conf . . . . .  
[li] load these modules[/li]#  |-- listen.conf . . . . . . . . . . . . .  IP adresses / ports to listen on
#  |-- mod_log_config.conf . . . . . . . . .  define logging formats
#  |-- sysconfig.d/global.conf . . . . . . .  
[li] server-wide general settings[/li]#  |-- mod_status.conf . . . . . . . . . . .  restrict access to mod_status (server monitoring)
#  |-- mod_info.conf . . . . . . . . . . . .  restrict access to mod_info
#  |-- mod_usertrack.conf  . . . . . . . . .  defaults for cookie-based user tracking
#  |-- mod_autoindex-defaults.conf . . . . .  defaults for displaying of server-generated directory listings
#  |-- mod_mime-defaults.conf  . . . . . . .  defaults for mod_mime configuration
#  |-- errors.conf . . . . . . . . . . . . .  customize error responses
#  |-- ssl-global.conf . . . . . . . . . . .  SSL conf that applies to default server _and all_ virtual hosts
#  |
#  |-- default-server.conf . . . . . . . . .  set up the default server that replies to non-virtual-host requests
#  |    |--mod_userdir.conf  . . . . . . . .  enable UserDir (if mod_userdir is loaded)
#  |    `--conf.d/apache2-manual?conf  . . .  add the docs ('?' = if installed)
#  |
#  |-- sysconfig.d/include.conf  . . . . . .  
[li] your include files [/li]#  |                                             (for each file to be included here, put its name 
#  |                                              into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
#  |
#  `-- vhosts.d/ . . . . . . . . . . . . . .  for each virtual host, place one file here
#       `-- *.conf . . . . . . . . . . . . .     (*.conf is automatically included)
#
#
# Files marked 
[li] are created from sysconfig upon server restart: instead of[/li]# these files, you edit /etc/sysconfig/apache2



#  Filesystem layout:
#
# /etc/apache2/
#  |-- charset.conv  . . . . . . . . . . . .  for mod_auth_ldap
#  |-- conf.d/
#  |   |-- apache2-manual.conf . . . . . . .  conf that comes with apache2-doc
#  |   |-- mod_php4.conf . . . . . . . . . .  (example) conf that comes with apache2-mod_php4
#  |   `-- ... . . . . . . . . . . . . . . .  other configuration added by packages
#  |-- default-server.conf
#  |-- errors.conf
#  |-- httpd.conf  . . . . . . . . . . . . .  top level configuration file
#  |-- listen.conf
#  |-- magic
#  |-- mime.types -> ../mime.types
#  |-- mod_autoindex-defaults.conf
#  |-- mod_info.conf
#  |-- mod_log_config.conf
#  |-- mod_mime-defaults.conf
#  |-- mod_perl-startup.pl
#  |-- mod_status.conf
#  |-- mod_userdir.conf
#  |-- mod_usertrack.conf
#  |-- server-tuning.conf
#  |-- ssl-global.conf
#  |-- ssl.crl/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Revocation Lists (CRL)
#  |-- ssl.crt/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificates
#  |-- ssl.csr/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Signing Requests
#  |-- ssl.key/  . . . . . . . . . . . . . .  PEM-encoded RSA Private Keys
#  |-- ssl.prm/  . . . . . . . . . . . . . .  public DSA Parameter Files
#  |-- sysconfig.d/  . . . . . . . . . . . .  files that are created from /etc/sysconfig/apache2
#  |   |-- global.conf
#  |   |-- include.conf
#  |   `-- loadmodule.conf
#  |-- uid.conf
#  `-- vhosts.d/ . . . . . . . . . . . . . .  put your virtual host configuration (*.conf) here
#      |-- vhost-ssl.template
#      `-- vhost.template



### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.

# run under this user/group id
Include /etc/apache2/uid.conf

# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a &lt;VirtualHost&gt;
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a &lt;VirtualHost&gt;
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log

# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf

# IP addresses / ports to listen on
Include /etc/apache2/listen.conf

# predefined logging formats
Include /etc/apache2/mod_log_config.conf

# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf

# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf

# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf

# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf

# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

# set up (customizable) error responses
Include /etc/apache2/errors.conf

# global (server-wide) SSL configuration, that is not specific to 
# any virtual host
Include /etc/apache2/ssl-global.conf

# forbid access to the entire filesystem by default
&lt;Directory /&gt;
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
&lt;/Directory&gt;

# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
&lt;Files ~ "^\.ht"&gt;
    Order allow,deny
    Deny from all
&lt;/Files&gt;

# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.php index.html.var

### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# &lt;VirtualHost&gt; definition.  These values also provide defaults for
# any &lt;VirtualHost&gt; containers you may define later in the file.
#
# All of these directives may appear inside &lt;VirtualHost&gt; containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Include /etc/apache2/default-server.conf


# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf


### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# &lt;URL:http://httpd.apache.org/docs-2.2/vhosts/&gt;
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
Include /etc/apache2/vhosts.d/*.conf


# Note: instead of adding your own configuration here, consider 
#       adding it in your own file (/etc/apache2/httpd.conf.local)
#       putting its name into APACHE_CONF_INCLUDE_FILES in 
#       /etc/sysconfig/apache2 -- this will make system updates 
#       easier :) 
srv:/etc/apache2/vhosts.d # 




After this one i configure the file for the vhost :



srv:/etc/apache2/vhosts.d # cat /etc/apache2/vhosts.d/teampass.conf 

# Ensure that Apache listens on port 
<VirtualHost 10.8.0.1>
    DocumentRoot "/srv/www/teampass"
    ServerName srv
    ErrorLog /var/log/apache2/teampass-error_log
    CustomLog /var/log/apache2/teampass-access_log combined


    # access here, or in any related virtual host.
    <Directory /srv/www/teampass>
    Order allow,deny
    Allow from all 
    </Directory>
    
    # Other directives here
</VirtualHost>
srv:/etc/apache2/vhosts.d # 


then i give permission to files in /srv/www



srv:/etc/apache2/vhosts.d # ll /srv/www/teampass/
total 912
-rwxr--r-x 1 wwwrun www   3022 Oct 19 00:36 admin.php
-rwxr--r-x 1 wwwrun www  23050 Oct 19 00:36 admin.settings.load.php
-rwxr--r-x 1 wwwrun www 157529 Oct 19 00:36 admin.settings.php
-rwxr--r-x 1 wwwrun www  11334 Oct 19 00:36 admin.settings_api.php
-rwxr--r-x 1 wwwrun www   8406 Oct 19 00:36 admin.settings_categories.php
drwxr--r-x 2 wwwrun www   4096 Oct 19 00:36 api
drwxr--r-x 2 wwwrun www   4096 Oct 19 00:36 backups
-rwxr--r-x 1 wwwrun www   8654 Oct 19 00:36 changelog.md
-rwxr--r-x 1 wwwrun www  19016 Oct 19 00:36 datatable.logs.php
-rwxr--r-x 1 wwwrun www   2990 Oct 19 00:36 error.php
-rwxr--r-x 1 wwwrun www  99678 Oct 19 00:36 favico.ico
-rwxr--r-x 1 wwwrun www   2818 Oct 19 00:36 favorites.php
drwxr--r-x 2 wwwrun www   4096 Oct 19 00:36 files
-rwxr--r-x 1 wwwrun www   6140 Oct 19 00:36 find.load.php
-rwxr--r-x 1 wwwrun www   5658 Oct 19 00:36 find.php
-rwxr--r-x 1 wwwrun www   8148 Oct 19 00:36 folders.load.php
-rwxr--r-x 1 wwwrun www  12511 Oct 19 00:36 folders.php
-rwxr--r-x 1 wwwrun www  26840 Oct 19 00:36 home.load.php
-rwxr--r-x 1 wwwrun www  22204 Oct 19 00:36 home.php
drwxr--r-x 8 wwwrun www   4096 Oct 19 00:36 includes
-rwxr--r-x 1 wwwrun www  34506 Oct 19 00:36 index.php
drwxr--r-x 5 wwwrun www   4096 Oct 19 00:36 install
-rwxr--r-x 1 wwwrun www 107752 Oct 19 00:36 items.load.php
-rwxr--r-x 1 wwwrun www  52046 Oct 19 00:36 items.php
-rwxr--r-x 1 wwwrun www   7074 Oct 19 00:36 kb.load.php
-rwxr--r-x 1 wwwrun www   5805 Oct 19 00:36 kb.php
drwxr--r-x 2 wwwrun www   4096 Oct 19 00:36 keys
-rwxr--r-x 1 wwwrun www  32385 Oct 19 00:36 license.md
-rwxr--r-x 1 wwwrun www  48843 Oct 19 00:36 load.php
-rwxr--r-x 1 wwwrun www   3985 Oct 19 00:36 otv.php
-rwxr--r-x 1 wwwrun www   1725 Oct 19 00:36 readme.md
-rwxr--r-x 1 wwwrun www    137 Oct 19 00:36 robots.txt
-rwxr--r-x 1 wwwrun www   8071 Oct 19 00:36 roles.load.php
-rwxr--r-x 1 wwwrun www   4629 Oct 19 00:36 roles.php
drwxr--r-x 4 wwwrun www   4096 Oct 19 00:36 sources
-rwxr--r-x 1 wwwrun www  11718 Oct 19 00:36 suggestion.load.php
-rwxr--r-x 1 wwwrun www   8301 Oct 19 00:36 suggestion.php
drwxr--r-x 2 wwwrun www   4096 Oct 19 00:36 upload
-rwxr--r-x 1 wwwrun www  27023 Oct 19 00:36 users.load.php
-rwxr--r-x 1 wwwrun www  27175 Oct 19 00:36 users.php
-rwxr--r-x 1 wwwrun www   7957 Oct 19 00:36 views.load.php
-rwxr--r-x 1 wwwrun www   2898 Oct 19 00:36 views.php
-rwxr--r-x 1 wwwrun www   4242 Oct 19 00:36 views_database.load.php
-rwxr--r-x 1 wwwrun www   3766 Oct 19 00:36 views_database.php
-rwxr--r-x 1 wwwrun www   7912 Oct 19 00:36 views_logs.load.php
-rwxr--r-x 1 wwwrun www   7436 Oct 19 00:36 views_logs.php

srv:/etc/apache2/vhosts.d # 



then restart the service

and now every time i try to access to the website i get :

error 403 forbithen .

the log of the access for this vhost is like this :



srv:/etc/apache2/vhosts.d # tail -f /var/log/apache2/teampass-error_log
[Tue Mar 10 10:43:01 2015] [error] [client 10.8.0.62] client denied by server configuration: /srv/www/index.php
[Tue Mar 10 10:44:32 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/index.php/
[Tue Mar 10 10:44:42 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/teampass
[Tue Mar 10 10:52:13 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/teampass
[Tue Mar 10 10:52:19 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/teampass
[Tue Mar 10 10:52:39 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/teampass
[Tue Mar 10 10:52:45 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/teampass
[Tue Mar 10 10:54:17 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/teampass
[Tue Mar 10 10:54:27 2015] [error] [client 10.8.0.62] File does not exist: /srv/www/teampass/teampass
[Tue Mar 10 10:57:28 2015] [error] [client 10.8.0.62] client denied by server configuration: /srv/www/teampass/teampass


I don t understand very well this, because File does not exist: /srv/www/teampass/teampass

this file do not exist thats true “teampass/teampass” the correct one should be /srv/www/teampass/ and not /srv/www/teampass/teampass…
I recheck all my config on the vhost file and everything seems well for me, but theres something wrong i know …

I try to access the website with http://10.8.0.1/teampass/index.php

Can anyone help me here please ?

Where from? Current openSUSE versions only come with 2.4.
Or are you using an older, unsupported, openSUSE? :wink:

I don t understand very well this, because File does not exist: /srv/www/teampass/teampass

this file do not exist thats true “teampass/teampass” the correct one should be /srv/www/teampass/ and not /srv/www/teampass/teampass…
I recheck all my config on the vhost file and everything seems well for me, but theres something wrong i know …

I try to access the website with http://10.8.0.1/teampass/index.php

Can anyone help me here please ?

Well, you set the document root to be /srv/www/teampass in your vhost config (which is ok by itself). And then you access /teampass/index.php, which Apache translates to $DOCUMENT_ROOT/teampass/index.php, i.e. /srv/www/teampass/teampass/index.php, of course.

If you just use http://10.8.0.1/index.php (you can omit the index.php though), it should work.

Where from? Current openSUSE versions only come with 2.4.
Or are you using an older, unsupported, openSUSE? :wink:

I don t understand very well this, because File does not exist: /srv/www/teampass/teampass

this file do not exist thats true “teampass/teampass” the correct one should be /srv/www/teampass/ and not /srv/www/teampass/teampass…
I recheck all my config on the vhost file and everything seems well for me, but theres something wrong i know …

I try to access the website with http://10.8.0.1/teampass/index.php

Can anyone help me here please ?

Well, you set the document root to be /srv/www/teampass in your vhost config (which is ok by itself). And then you access /teampass/index.php, which Apache translates to $DOCUMENT_ROOT/teampass/index.php, i.e. /srv/www/teampass/teampass/index.php, of course.

If you just use http://10.8.0.1/index.php (you can omit the index.php though), it should work.
The document root for your vhost (10.8.0.1), i.e. where Apache looks for the files, is /srv/www/teampass/, not /srv/www/.

Hi
Thank s

yes is an old suse release.->11.3

if i use http://10.8.0.1/index.php i get 403 .

I have try that already

for example : if i type http://10.8.0.1/index.php i get this in the log :

[Tue Mar 10 11:42:38 2015] [error] [client 10.8.0.62] client denied by server configuration: /srv/www/teampass/teampass
[Tue Mar 10 11:42:41 2015] [error] [client 10.8.0.62] client denied by server configuration: /srv/www/teampass/teampass
[Tue Mar 10 11:53:19 2015] [error] [client 10.8.0.62] client denied by server configuration: /srv/www/teampass/index.php
[Tue Mar 10 11:54:26 2015] [error] [client 10.8.0.62] client denied by server configuration: /srv/www/teampass/index.php

Well, you might consider upgrading, to 11.4, the current Evergreen version at least, but not even that is really supported any more.

if i use http://10.8.0.1/index.php i get 403 .

Are you really using Apache 2.2?

I do get an error 403 here as well when copying your vhost config verbatim, because Apache 2.4 doesn’t support “Allow from all” any more (although there is a compatibility module).
Adding “Require all granted” instead to your <Directory> block fixes it for me.
But it should work as-is with Apache 2.2 I think.

What permissions does /srv/www/teampass itself have?

ls -ld /srv/www/teampass

yes it should work like it is according with the documentation on apache web page …

yes the apache version i have is 2.2



srv:~ # apache2ctl -v
Server version: Apache/2.2.15 (Linux/SUSE)
Server built:   2011-11-29 15:51:01.000000000 +0000
srv:~ # 


now if i use that directive “Required from all” i get the same 403

Log apache …


.....
[Tue Mar 10 11:54:26 2015] [error] [client 10.8.0.62] client denied by server configuration: /srv/www/teampass/index.php


virtual host file


# Ensure that Apache listens on port 
<VirtualHost 10.8.0.1>
    DocumentRoot "/srv/www/teampass"
    ServerName srv
    ErrorLog /var/log/apache2/teampass-error_log
    CustomLog /var/log/apache2/teampass-access_log combined


    # access here, or in any related virtual host.
    <Directory /srv/www/teampass>
        Order allow,deny
#       Allow from all 
        Require all granted 
    </Directory>

    # Other directives here
</VirtualHost>
~                                                                                                                
~                                                                                                                
~               

According with apache documentation :

http://httpd.apache.org/docs/2.4/upgrading.html

In this example, all requests are allowed.

2.2 configuration:
Order allow,deny
Allow from all

   **2.4 configuration**:

Require all granted

and the permission of that folder is ok i think ?



srv:~ # ls -ld /srv/www/teampass
drwxr--r-x 10 wwwrun www 4096 Oct 19 00:36 /srv/www/teampass


Did you remember to install apache2-mod_php5 and enable it with a2enmod php5 ?

If you just install Apache, it won’t automatically pull php.

yes it was installed since de beginning…



srv:~ # zypper search apache2-mod_php5
Loading repository data...
Warning: Repository 'Updates for openSUSE 11.3 11.3-1.82' appears to outdated. Consider using a different mirror or server.
Reading installed packages...

S | Name                       | Summary                                        | Type   
--+----------------------------+------------------------------------------------+--------
i | apache2-mod_php5           | PHP5 Module for Apache 2.0                     | package
i | apache2-mod_php5           | php5 security update                           | patch  
i | apache2-mod_php5-debuginfo | Debug information for package apache2-mod_php5 | package


srv:~ # 



The problem here seems permission problem … or am I wrong ?

Yes, this only applies to 2.4.

and the permission of that folder is ok i think ?



srv:~ # ls -ld /srv/www/teampass
drwxr--r-x 10 wwwrun www 4096 Oct 19 00:36 /srv/www/teampass

Basically yes.
Just one thing, but I’m not sure whether this could possibly cause the problem: your folder (and all files within, but that shouldn’t matter) doesn’t have the ‘x’ bit set for the group. So nobody from group “www” can access the contents of the folder. Apache itself should be able to though as it runs as user “wwwrun” which is the owner.

Still, try to change that:

sudo chmod g+x /srv/www/teampass

And check that you don’t have another file in /etc/apache2/vhosts.d/ that might be applied for your vhost.

True, but I don’t think he would get an error 403 in that case…
Still, php5 should be enabled in any case, so try that.

Just having it installed is not enough.

You have to enable it, with “a2enmod php5” as Miuku wrote.

I don’t remember whether it was enabled by default in 11.3 or not, though…

I think you are right …
After i answer the last post i run “a2enmod php5”

I managed to get the webpage open but everything is not configured …
no colors, the login is in the top … is like if no recognize the css of the page …

If you did the whole pattern lamp_server I think it was. Manually just installing Apache and php5 didn’t activate it.

Now, I might be wrong about this since it has been a few years.

Hi
Mate yesterday the tip that you told help me put the vhost working but not fully…
When I digit http://10.8.0.1/index.php i get in return the webpage in my browser but the webpage, is not projected correctly .

And even when i try to make login on the web or press something i get no answer … it seems that i only show the HTML …

in this link you can find a picture of this webpage _MEGA

for example when the web page is displayed i have no colours the div from the html is not in the correct place …
I have recheck the modules from apache2 and i have this ones :

/etc/sysconfig/apache2


# your settings
APACHE_MODULES="authz_host actions alias auth_basic authn_file authz_user authz_groupfile authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif status userdir asis auth_digest cache charset_lite dav dav_fs deflate disk_cache echo ext_filter file_cache headers imagemap info logio mem_cache mime_magic rewrite speling ssl unique_id usertrack vhost_alias php5 python apparmor authz_default php5-mcrypt php5-mbstring"

The log gives me no error

The web page files are ok because i was this ones working on other computer …
Can you tell me any more tip

So this problem is solved.

Tanks