I recognized that my nextcloud installation has following problem:
“Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.”
My apache2 config of the directory with the nextcloud installation looks like this:
<VirtualHost *:80>
ServerAdmin emailadresse#email.org
ServerName cloud.domain.yt
ServerAlias cloud.domain.yt
DocumentRoot /var/www/cloud.domain.yt
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /root/cloudflare/domain.yt.pem
SSLCertificateKeyFile /root/cloudflare/domain.yt.key
</VirtualHost>
<VirtualHost *:443>
ServerName cloud.domain.yt
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
<Directory /var/www/cloud.domain.yt/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
SetEnv HOME /var/www/cloud.domain.yt
SetEnv HTTP_HOME /var/www/cloud.domain.yt
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
My .htaccess file (in the data directory looks like this:
# Generated by Nextcloud on 2021-11-08 19:38:35
# Section for Apache 2.4 to 2.6
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Satisfy All
</IfModule>
# Section for Apache 2.2
<IfModule !mod_authz_core.c>
<IfModule !mod_access_compat.c>
<IfModule mod_authz_host.c>
Order Allow,Deny
Deny from all
</IfModule>
Satisfy All
</IfModule>
</IfModule>
# Section for Apache 2.2 to 2.6
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>
It should work perfectly fine. But it doesnt. I also installed all required apache2 addons.
I also wrote with someone on a github post. The user said it would probably be better to ask on websites like this one.
Most other informations are already on the github post (about 9 hours old right now)
https://github.com/nextcloud/server/issues/6449
How can I fix this?
Related
I have only used Apache HTML on my backend and implemented my app using HTML/PHP requests so far. Now I want to implement a socket connection. For this, I am currently trying to set up the socket module on my Apache web server. I tried these steps. Reverse Proxy. However, after adding ProxyPass on the VirtualHost :443, I can no longer access my HTML pages.
503 Service Unavailable - The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Is it possible to still access the HTML/PHP pages despite the socket module? Do i have to create a new VirtualHost with a different Port, e.g. the Websocket Port but how can i make the handshake?
My apache2/sites-available/conf looks like this:
<VirtualHost *:80>
ServerName ***
<IfModule mod_ssl.c>
Redirect / https://***
</IfModule>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/***
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ***
ServerAdmin webmaster#localhost
DocumentRoot /var/www/***
<Directory /var/www>
# Options -Indexes +FollowSymLinks
# AllowOverride none
# Order allow,deny
# allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond ${HTTP:Upgrade} websocket [NC]
RewriteCond ${HTTP:Connection} upgrade [NC]
RewriteRule .* "wss:/localhost:12123/$1" [P,L]
ProxyPass / https://localhost:12123/ #Here is the problem
ProxyPassReverse / https://localhost:12123/
ProxyRequests off
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/***/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/***/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/***/chain.pem
</VirtualHost>
</IfModule>
I have been working on this for a while, and I am trying to use .htaccess and .htpasswd. Here is what I have done:
Performed with Apache using Raspberry Pi 3B+ with DietPi installed.
I created a new .htpasswd file and proceeded to enter password that I wanted.
Next, I redirected to /etc/apache2/sites-enabled/ where I edited 000-default.conf and changed the line of code:
<VirtualHost *80>
ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/etc/"
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^https://%{SERVER_NAME%{REQUEST_URI} [END,Ne,R=permanent]
</VirtualHost>
Everything here is the same, except replace "example" with my domain.
This did not affect my site, so I redirected to /etc/apache2/ where I edited apache2.conf and added the line of code:
<Directory /var/www/etc/>
DirectoryIndex index.php index.html
Options Indexes FollowSymLinks
AllowOverride None
Require all denied
</Directory>
Once again, everything here is the same. etc is the file that I want to password-protect. This made the page that I wanted to protect completely inaccessible, and when I changed AllowOverride and Require all it just made the page completely open. How can I make it so that a password is prompted when you try to access the directory?
I have site which isn't really working properly on SSL certificate.
The website works properly on 443 port with SSLEngine off directive in my configuration file, with SSLEngine on is responsing with 503 Error.
It also connects on port 80 by default and I don't really know where to change that because everywhere I have set port 443.
.htaccess file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ https://www.antoszbk.xyz/$1 [R,L]
configuration file (while working properly):
<VirtualHost *:443>
ServerAdmin xxx#xxx.com
DocumentRoot /var/www/html/index.html
ServerName antoszbk.xyz
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine off
SSLCertificateFile /etc/ssl/certs/www.antoszbk.xyz.csr
SSLCertificateKeyFile /etc/ssl/private/www.antoszbk.xyz.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
The solution was in DNS Server Configuration.
Certificate given to me by provider was set to antoszbk.xyz alias but in my SSL configuration I set it up to www.antoszbk.xyz. Still receive an error if trying to connect by IPv6 (AAAA record) redirection but it is a matter of time for the DNS to process it.
I'm aware this has been asked many times before but all of the answers seem the same and none of them work for me.
I want to access the phpmyadmin GUI from something other than the localhost.
I'm getting the error "Forbidden - You don't have permission to access /phpmyadmin/ on this server." in the browser.
I'm using CentOS7, Apache 2.4.6 and phpMyAdmin-4.4.15.10-1.el7.
I've tried this:
<Directory /usr/share/phpMyAdmin/>
Order Allow,deny
Allow from all
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Allow,deny
Allow from all
</Directory>
Most people seem to suggest I can just do:
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
Or:
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 192.168.1.6
</RequireAny>
</IfModule>
But none of that works.
This is the current state:
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 192.168.1.6
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Allow,Deny
Allow from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Still getting:
Forbidden
You don't have permission to access /phpmyadmin/ on this server.
EDIT-
Just as additional information, I have disabled SELinux and made sure permissions on /usr/share/phpMyAdmin are correct.
EDIT AGAIN-
I've now tried this...
<Directory /usr/share/phpMyAdmin/>
Require all granted
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Require all granted
</Directory>
Which is surely as basic as you can get and yet I still get the error?
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Allow,Deny
Allow from All
</IfModule>
</Directory>
Got this working eventually. There were a few problems at once, which was getting in the way of troubleshooting the main problem...
First, edit phpMyAdmin.conf...
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 192.168.1.6
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
OR
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
You also need to make sure that/usr/share/phpMyAdmin is not only readable but also executable for the Apache user. I just recursively chmodded it to 777.
You also need to add the following to /etc/httpd/conf/httpd.conf:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
Check /var/log/httpd/error_log to see what your particular error is at each step.
I got the following error message in the Apache log:
unable to include potential exec "header.html" in parsed file /Users/sikusiku/Sites/ss-git/homepage.shtml
I basically tried to include header.html from homepage.shtml. I used the very basic directive in homepage.html (both header.html and homepage.shtml are located in the document root):
<!--#include virtual="header.html" -->
I think I have properly turned on the SSI in my httpd.conf:
Options Indexes FollowSymLinks ExecCGI Includes
...
AddType text/html .shtml
...
# XBitHack doesn't have anything to do with this, but I added it anyway.
XBitHack on
Did I miss anything? Does the included file i.e. header.html need to be configured differently?
I just fixed this problem myself on ubuntu sever 11.10 with apache2.
my /etc/apache2/sites-available/default file:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
I changed AllowOverride None to All in /var/www directory directive.
my .htaccess file in /var/www/.htaccess:
Options +Includes
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
finally i made sure that include.load was in the mods-enabled folder this is to load the mod_includes.so module.
sudo ln -s /etc/apache2/mods-available/include.load /etc/apache2/mods-enabled/include.load
That creates a symbolic link to the include.load in mods-available.
finally restart apache
sudo service apache2 restart
That made it work for me, hope you get it working as well.
--
Thomas