Problems with apache2.4 virtual host configuration in Debian

0x01 prerequisites for configuring apache2 in Ubuntu

The apache2 installed with APT-Get is slightly different from the directly compiled and installed version. Its configuration file is not httpd. conf, but/etc/apache2/apache2.conf.

The configuration file for the location of its VM is not like vhost, but sites-avilable/xxx. conf. The default localhost is 000-default.conf. According to this configuration file, configure a demo. conf file to complete the configuration of the virtual host.

For more information about the configuration, see http://wiki.ubuntu.org.cn/apache. The recommended configuration is as follows:

 

<VirtualHost *:80>ServerName edunuke.example.comServerAdmin [email protected]DocumentRoot "/var/www/edunuke/"ErrorLog "/var/log/apache2/edunuke_errors.log"CustomLog "/var/log/apache2/edunuke_accesses.log" common    </VirtualHost>

We can see that the recommended configuration is the/var/www/subdirectory.

According to the configuration of 000-default.conf, complete configuration is as follows:

<VirtualHost *:80>        ServerName demo          ServerAdmin [email protected]163.com        DocumentRoot /home/user/webroot        <Directory /home/user/webroot>                Options Indexes FollowSymLinks MultiViews                AllowOverride All                Order allow,deny                Allow from all        </Directory>          ErrorLog ${APACHE_LOG_DIR}/demo_error.log        CustomLog ${APACHE_LOG_DIR}/demo_access.log combined</VirtualHost>

In many cases, the error 403 is that the <directory> label is not configured with allow from all, because the default value is deny from all.

(Note that the configuration items of allow from all are available in 2.2.x and earlier versions, and are no longer required in 2.4.x)

Then use the command a2ensite demo to enable the demo, and then use service apache2 reload to make the configuration take effect.

Do not forget to modify the/etc/hosts file to point the demo to 127.0.0.1.

In principle, the configuration has been completed, so you can access it directly. However, a large wave of 403 is approaching .....

0x02 Problem

If you select the/var/www/directory or sub-directory according to the Wikipedia configuration, you can run it without any pressure. However, a 403 error occurs when you change to a location such as/home/user/webroot.

Check the error log. The specific information is:

AH00035: access to / denied (filesystem path ‘/home/user/webroot‘) because search permissions are missing on a component of the path

This indicates that there is a directory permission setting problem in the path of/home/user/webroot, resulting in Access denied.

1. Modify the/home/user/permission.

Because the directory is 700 by default, apache2 cannot be accessed.

Modify it to 711.

2. Modify the/home/user/webroot permission.

Chmod 755-r/home/user/webroot/

Grant the webroot and Its subdirectories 755 permissions, and set some special directories to 777, such as the Assets Directory and runtime Directory, which are modified according to the program.

After the permission is modified, the request is still 403.

H01630: client denied by server configuration: /home/user/webroot/

It seems that it is a server configuration problem. However, I searched many articles on the Internet and did not mention this.

The tragedy has been tossing for two days. reinstalling and changing directories won't work, even if you switch to/var/webroot, I have compared the permission settings of/var/WWW and/home/user/webroot one by one. It's no problem.

At this time, I called Scrat. After a piece of tossing, I was able to modify a configuration in the/etc/apache2/apache2.conf file.

<Directory/> # options followsymlinks # AllowOverride none # require all denied # I also forgot what he changed at the time, probably the demo. <directory> copied in conf </directory>

(PS this is not the correct method. For the correct method, see the following)

After commenting out the items here, I wrote a few lines of configuration that I didn't know where to find, and the access was successful.

To be honest, I think Apache uses commands such as a2ensite/a2dissite to control virtual hosts, which is an advanced embodiment of the architecture. I didn't expect to have to modify the apache2 file When configuring virtual hosts .... Depressed ..

In the evening I went back and looked at the configuration file carefully. I found myself dumb.

# Sets the default security model of the Apache2 HTTPD server. It does# not allow access to the root filesystem outside of /usr/share and /var/www.# The former is used by web applications packaged in Debian,# the latter may be used for local directories served by the web server. If# your system is serving content from a sub-directory in /srv you must allow# access here, or in any related virtual host.<Directory />        Options FollowSymLinks        AllowOverride None        Require all denied</Directory>  <Directory /usr/share>        AllowOverride None        Require all granted</Directory>

This is a special security setting that prevents access to directories other than the root directory. By default, except/usr/share and/var/WWW, other directories cannot be accessed by the Apache server. To make/home/user/webroot accessible, you need to add a similar access request project:

<Directory /home/user/webroot>        AllowOverride None        Require all granted</Directory>

OK. Now we have achieved our original goal.

But this is not complete yet. Do you have to modify the apache2.conf file once you add a virtual host? Cannot I add a virtual host seamlessly through a2enssite?

The answer is yes, but it is still a demo. conf configuration problem. You need to add a configuration item: require all granted.

The complete configuration is as follows:

<VirtualHost *:80>        ServerName demo          ServerAdmin xbzbing#163.com        DocumentRoot /home/user/webroot        <Directory /home/user/webroot>                Options Indexes FollowSymLinks MultiViews                AllowOverride All                Require all granted        </Directory>          ErrorLog ${APACHE_LOG_DIR}/demo_error.log        CustomLog ${APACHE_LOG_DIR}/demo_access.log combined</VirtualHost>

 

Problems with apache2.4 virtual host configuration in Debian