How to use robots.txt with gitlab and apache + subdomain? - subdomain

I can't access my robots.txt (locally located at /home/git/gitlab/public/robots.txt)
I Followed this recipe for installation on centos + apache
I've already tried to exclude robots.txt but this wasnt enough
This is my current VirtualHost for gitlab
<VirtualHost git.domain.tld:80>
ServerName git.domain.tld
ServerSignature Off
ProxyPreserveHost On
<Location />
Order deny,allow
Allow from all
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://git.domain.tld/
</Location>
#apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/httpd/logs/gitlab_error.log
CustomLog /var/log/httpd/logs/gitlab_forwarded.log common_forwarded
CustomLog /var/log/httpd/logs/gitlab_access.log combined env=!dontlog
CustomLog /var/log/httpd/logs/gitlab.log combined
</VirtualHost>

try to change
/home/git/gitlab/config/environments/production.rb
config.serve_static_assets = true
(it's false by default)

Related

How to use SSL HTML and Websockets on Apache?

I have only used Apache HTML on my backend and implemented my app using HTML/PHP requests so far. Now I want to implement a socket connection. For this, I am currently trying to set up the socket module on my Apache web server. I tried these steps. Reverse Proxy. However, after adding ProxyPass on the VirtualHost :443, I can no longer access my HTML pages.
503 Service Unavailable - The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Is it possible to still access the HTML/PHP pages despite the socket module? Do i have to create a new VirtualHost with a different Port, e.g. the Websocket Port but how can i make the handshake?
My apache2/sites-available/conf looks like this:
<VirtualHost *:80>
ServerName ***
<IfModule mod_ssl.c>
Redirect / https://***
</IfModule>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/***
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ***
ServerAdmin webmaster#localhost
DocumentRoot /var/www/***
<Directory /var/www>
# Options -Indexes +FollowSymLinks
# AllowOverride none
# Order allow,deny
# allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond ${HTTP:Upgrade} websocket [NC]
RewriteCond ${HTTP:Connection} upgrade [NC]
RewriteRule .* "wss:/localhost:12123/$1" [P,L]
ProxyPass / https://localhost:12123/ #Here is the problem
ProxyPassReverse / https://localhost:12123/
ProxyRequests off
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/***/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/***/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/***/chain.pem
</VirtualHost>
</IfModule>

"Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working." - Nextcloud

I recognized that my nextcloud installation has following problem:
“Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.”
My apache2 config of the directory with the nextcloud installation looks like this:
<VirtualHost *:80>
ServerAdmin emailadresse#email.org
ServerName cloud.domain.yt
ServerAlias cloud.domain.yt
DocumentRoot /var/www/cloud.domain.yt
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /root/cloudflare/domain.yt.pem
SSLCertificateKeyFile /root/cloudflare/domain.yt.key
</VirtualHost>
<VirtualHost *:443>
ServerName cloud.domain.yt
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
<Directory /var/www/cloud.domain.yt/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
SetEnv HOME /var/www/cloud.domain.yt
SetEnv HTTP_HOME /var/www/cloud.domain.yt
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
My .htaccess file (in the data directory looks like this:
# Generated by Nextcloud on 2021-11-08 19:38:35
# Section for Apache 2.4 to 2.6
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Satisfy All
</IfModule>
# Section for Apache 2.2
<IfModule !mod_authz_core.c>
<IfModule !mod_access_compat.c>
<IfModule mod_authz_host.c>
Order Allow,Deny
Deny from all
</IfModule>
Satisfy All
</IfModule>
</IfModule>
# Section for Apache 2.2 to 2.6
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>
It should work perfectly fine. But it doesnt. I also installed all required apache2 addons.
I also wrote with someone on a github post. The user said it would probably be better to ask on websites like this one.
Most other informations are already on the github post (about 9 hours old right now)
https://github.com/nextcloud/server/issues/6449
How can I fix this?

VirtualHost redirect loop after applying SSL from COMODO

After I applied the configuration it loops until I get an "ERR_TOO_MANY_REDIRECTS"
This is my VirtualHost configuration:
NameVirtualHost *
<VirtualHost *:80>
ServerName my-domain.com
ServerAlias my-site.my-domain.com
DocumentRoot /var/www/my-site
ErrorLog /home/my-site/logs/my-site/error.log
CustomLog /home/my-site/logs/my-site/access.log combined
Redirect permanent / https://my-site.my-domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#my-domain.com
ServerName my-domain.com
ServerAlias my-site.my-domain.com
DirectoryIndex index.php
DocumentRoot /var/www/my-site
ErrorLog /home/my-site/logs/my-site/ssl/error.log
CustomLog /home/my-site/logs/my-site/ssl/access.log combined
SSLEngine on
SSLCertificateFile /home/my-site/SSL/site_com_ar.crt
SSLCertificateKeyFile /home/my-site/SSL/HSSL-5dceb81ff3d10.key
SSLCertificateChainFile /home/my-site/SSL/USERTrustRSAAddTrustCA.crt
</VirtualHost>
How can I track down this issue?
I've solved it just in case anyone needs it:
i've added or modified a ".htaccess" file in each subdomain's root directory with the following:
First be sure you've got "mod_rewrite" enabled:
sudo a2enmod rewrite
Then reset apache:
sudo systemctl restart apache2
Now create or modify (in case it already exists) ".htaccess" in your subdomain root directory:
<IfModule mod_rewrite.c>
RewriteEngine On
# Redirect to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
</IfModule>
Hope this helps you too!

Site loading on port 443 and not on 80

I have site which isn't really working properly on SSL certificate.
The website works properly on 443 port with SSLEngine off directive in my configuration file, with SSLEngine on is responsing with 503 Error.
It also connects on port 80 by default and I don't really know where to change that because everywhere I have set port 443.
.htaccess file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ https://www.antoszbk.xyz/$1 [R,L]
configuration file (while working properly):
<VirtualHost *:443>
ServerAdmin xxx#xxx.com
DocumentRoot /var/www/html/index.html
ServerName antoszbk.xyz
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine off
SSLCertificateFile /etc/ssl/certs/www.antoszbk.xyz.csr
SSLCertificateKeyFile /etc/ssl/private/www.antoszbk.xyz.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
The solution was in DNS Server Configuration.
Certificate given to me by provider was set to antoszbk.xyz alias but in my SSL configuration I set it up to www.antoszbk.xyz. Still receive an error if trying to connect by IPv6 (AAAA record) redirection but it is a matter of time for the DNS to process it.

Mediawiki .../wiki/Special:Version and other pages redirecting

Ok, super novice messing with Mediawiki for the first time from a fresh set-up perspective. I've installed version 1.25.2 and am running pretty barebones right now. I'm trying to access my local install's .../wiki/Special:Version page to just get the details and see the list of extensions via GUI.
My wiki is served up fine. I can get to mediawiki itself, what I'm trying to access are the "admin" type pages that are typically served up via .../wiki/... like this: mediawiki.org/wiki/Special:Version I can get to my localhost:port/ just fine and hit media wiki. when I try to hit localhost:port/wiki/... that is what redirects me back to the index page of the wiki
Every time I try to hit this page (or any other page under .../wiki/..) it redirects me back to the home page.
My user has the sysops and bureaucrat roles.
Am I completely missing something here?
Here are the details of my Apache2.conf:
# see http://sources.debian.net/src/apache2/2.4.10-1/debian/config-
dir/apache2.conf
Mutex file:/var/lock/apache2 default
PidFile /var/run/apache2/apache2.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User www-data
Group www-data
HostnameLookups Off
ErrorLog /proc/self/fd/2
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# ports.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /var/www/>
AllowOverride All
Require all granted
</Directory>
DocumentRoot /var/www/html
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /proc/self/fd/1 combined
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
# Multiple DirectoryIndex directives within the same context will add
# to the list of resources to look for rather than replace
# https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
DirectoryIndex disabled
DirectoryIndex index.php index.html
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
Include /etc/apache2/mediawiki.conf
And here is the mediawiki.conf file:
<Directory /var/www/html>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
<Directory /var/www/html/images>
# Ignore .htaccess files
AllowOverride None
# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php
# Don't run arbitrary PHP code.
php_admin_flag engine off
</Directory>
Ok, this was all on me. I was trying to access these pages via localhost:port/wiki/Special:Version when I need to actually hit localhost:port/index.php/Special:Version.
So yes, leo was correct, thanks.