HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   Apache config (http://www.howtoforge.com/forums/showthread.php?t=62373)

ramons 26th June 2013 11:19

Apache config
 
Dear all, I have a Debian Apache VPS where I run 2 sites (OTRS and Owncloud) both use SSL.
Now I want to install ISP, but run into issues. Mainly related I guess to the apache conf files. I run the ispconfig install process through SSH but after that my apache webserver didn't start so I changed a few things so that at least my 2 sites are running again.

When I acces the ISPadmin panel url I get a 403 error in my browser.

This is the error is from the apache error log:
[Wed Jun 26 10:49:16 2013] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /usr/local/ispconfig/interface/web/
[Wed Jun 26 10:49:16 2013] [debug] mod_deflate.c(615): [client xxx.xxx.xxx.xxx] Zlib: Compressed 202 to 161 : URL /


See the conf files below.

httpd.conf
==========
include /etc/apache2/ssl/httpd-ssl-new.conf

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
==========


apache2.conf
==========
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.2/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "foo.log"
# with ServerRoot set to "/etc/apache2" will be interpreted by the
# server as "/etc/apache2/foo.log".
#

### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile ${APACHE_LOCK_DIR}/accept.lock

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
TimeOut 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive on

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

##
## Server-Pool Size Regulation (MPM specific)
##

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
# graceful restart. ThreadLimit can only be changed by stopping
# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
</IfModule>

# event MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/apache2/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel debug
#LogLevel debug

# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf

# Include all the user configurations:
Include httpd.conf

# Include ports listing
Include ports.conf

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
Include conf.d/

# Include the virtual host configurations:
# Include sites-enabled/

include sites-available
==========



ports.conf
==========
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost xx.xx.xx.xxx
NameVirtualHost *:80
Listen *:80
NameVirtualHost *:8080
Listen *:8080


<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
# Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>
==========




conf.d / OTRS.conf
==========
# --
# added for OTRS (http://otrs.org/)
# $Id: apache2-httpd.include.conf,v 1.25 2011/11/05 17:39:09 mb Exp $
# --

# agent, admin and customer frontend
ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"

# activate this if you are using an Oracle database
#SetEnv ORACLE_HOME /path/to/your/oracle/
#SetEnv ORACLE_SID YOUR_SID
#SetEnv NLS_LANG AMERICAN_AMERICA.UTF8
#SetEnv NLS_DATE_FORMAT 'YYYY-MM-DD HH24:MI:SS'

# if mod_perl is used
<IfModule mod_perl.c>

# load all otrs modules
Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

# Apache::Reload - Reload Perl Modules when Changed on Disk
PerlModule Apache2::Reload
PerlInitHandler Apache2::Reload
PerlModule Apache2::RequestRec

# set mod_perl2 options
<Location /otrs>
# ErrorDocument 403 /otrs/customer.pl
ErrorDocument 403 /otrs/index.pl
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
PerlOptions +ParseHeaders
PerlOptions +SetupEnv
Order allow,deny
Allow from all
</Location>

# set mod_perl2 option for generic interface
<Location /otrs/nph-genericinterface.pl>
PerlOptions -ParseHeaders
</Location>

</IfModule>

# directory settings
<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
<Directory "/opt/otrs/var/httpd/htdocs/">
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<IfModule mod_headers.c>
<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache">
<FilesMatch "\.(css|CSS)$">
Header set Cache-Control "max-age=2592000 must-revalidate"
</FilesMatch>
</Directory>

<Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">
<FilesMatch "\.(js|JS)$">
Header set Cache-Control "max-age=2592000 must-revalidate"
</FilesMatch>
</Directory>
</IfModule>

# MaxRequestsPerChild (so no apache child will be to big!)
MaxRequestsPerChild 4000
==========



conf.d / Owncloud
==========
<IfModule mod_alias.c>
Alias /owncloud /var/www/owncloud/
</IfModule>
<Directory /var/www/owncloud/>
Options None
Order allow,deny
allow from all
AllowOverride All
AllowOverride All
</Directory>
==========




Sites-available/default
==========
<VirtualHost _default_:80>
DocumentRoot /var/www/owncloud
ServerName cloud.example.com
ServerAlias cloud.example.com
Redirect permanent / https://cloud.example.com/owncloud
</VirtualHost>

<VirtualHost *:80>
Servername otrs.example.com
ServerAlias www.otrs.example.com

Redirect permanent / https://otrs.example.com/
</VirtualHost>


################################################## ####
# This virtual host contains the configuration
# for the ISPConfig controlpanel
################################################## ####

NameVirtualHost *:8080

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost

<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>

<IfModule mod_fcgid.c>
DocumentRoot /var/www/ispconfig/
SuexecUserGroup ispconfig ispconfig
<Directory /var/www/ispconfig/>
Options Indexes FollowSymLinks MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
AddHandler fcgid-script .php
FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
Order allow,deny
Allow from all
</Directory>
IPCCommTimeout 7200
MaxRequestLen 15728640
</IfModule>

<IfModule mpm_itk_module>
DocumentRoot /usr/local/ispconfig/interface/web/
AssignUserId ispconfig ispconfig
AddType application/x-httpd-php .php
<Directory /usr/local/ispconfig/interface/web>
# php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
php_value magic_quotes_gpc 0
</Directory>
</IfModule>

# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off
ServerName ispconfig.example.com
ServerAlias ispconfig.example.com
DocumentRoot /usr/local/ispconfig/interface/web
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

# SSL Configuration
#SSLEngine On
#SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
#SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
#SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

</VirtualHost>

<Directory /var/www/php-cgi-scripts>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

<Directory /var/www/php-fcgi-scripts>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

==========


Sites-available/ispconfig.conf
==========
################################################
# ISPConfig Logfile configuration for vlogger
################################################

LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig

<Directory /var/www/clients>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

# Do not allow access to the root file system of the server for security reasons
<Directory />
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

<Directory /var/www/conf>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

# Except of the following directories that contain website scripts
<Directory /usr/share/phpmyadmin>
Order allow,deny
Allow from all
</Directory>

<Directory /usr/share/phpMyAdmin>
Order allow,deny
Allow from all
</Directory>

<Directory /usr/share/squirrelmail>
Order allow,deny
Allow from all
</Directory>

# allow path to awstats and alias for awstats icons
<Directory /usr/share/awstats>
Order allow,deny
Allow from all
</Directory>

Alias /awstats-icon "/usr/share/awstats/icon"

#NameVirtualHost *:80
#NameVirtualHost *:443

==========

ramons 26th June 2013 15:05

It is fixed, the actual issue was related to FCGI

in the SSH client I entered this :
apt-get install apache2 libapache2-mod-fcgid php5-cgi


And the issue was resolved :)

For more background info I used this:
http://www.howtoforge.com/forums/arc...p/t-60798.html
and
http://www.howtoforge.com/how-to-set...on-debian-etch


All times are GMT +2. The time now is 14:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.