recentpopularlog in

kme : httpd   14

Apache Redirect Root URL to Subfolder – JamesCoyle.net Limited | https://www.jamescoyle.net/
I had this bit of configuration in my /etc/httpd/conf.d/something.conf, but I'm not sure if it ever did anything other than "pass through" (if you look at the logs).

Anyways, for posterity:
<code class="language-apache">
# Make all requests to the root go to /wiki. A 'Redirect' (mod_alias)$
# isn't appropriate here because that *also* passes the "path" part of$
# the request, which would lead to a recursive redirect.$
# Source: http://www.jamescoyle.net/how-to/1424-apache-redirect-root-url-to-subfolder
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /wiki/ [R=301]
</code>
webmaster  apache  httpd  rewrite  mediawiki  maybesolution 
yesterday by kme
apache 2.2 - Difference between mod_authn_ldap and mod_authz_ldap - Server Fault | https://serverfault.com/
mod_authz_ldap seems to be a third-party module that *only* does authorization (not authentication)--whatever that means.
apache  apache22  httpd  ldap  modules  webmaster  maybesolution 
2 days ago by kme
mod_authnz_ldap - Apache HTTP Server Version 2.2 | https://httpd.apache.org/
<code class="language-apache">
<Directory "/var/www/html/someresource">
Order deny,allow
Deny from All
Require valid-user
Satisfy any

AuthName "Some Resource"
AuthType Basic
AuthBasicProvider ldap
# pass bad users/passwords off onto the "file" provider
AuthzLDAPAuthoritative off
AuthBasicProvider file
AuthUserFile /var/www/htpasswd

Require ldap-group CN=group1,OU=DP,OU=dept,DC=subdomain,DC=domain,DC=org
Require ldap-group CN=group2,OU=DP,OU=dept,DC=subdomain,DC=domain,DC=org
Require ldap-group CN=group3,OU=DP,OU=dept,DC=subdomain,DC=domain,DC=org
AuthLDAPGroupAttribute memberOf

AuthLDAPUrl "ldap://ldap1.subdomain.domain.org/OU=Research,OU=Managed,DC=chmcres,DC=cchmc,DC=org?uid?sub?(objectclass=organizationalPerson)"
# 2.4.x should allow multiple URLs

# not supported until 2.3.x
#AuthLDAPInitialBindAsUser
AuthLDAPBindDN "CN=ldapuser,OU=ServiceAccounts,DC=subdomain,DC=domain,DC=org"
AuthLDAPBindPassword "ThisIsThePasswordForThat"
</Directory>
# vim: ft=apache
</code>
webmaster  apache  httpd  authorization  ldap  configfile  solution 
2 days ago by kme
cortesi/devd: A local webserver for developers | https://github.com/
A local webserver for developers. Contribute to cortesi/devd development by creating an account on GitHub.
webdevel  http  httpd  server  webserver  cli  golang 
january 2019 by kme
http headers - How do I force files to open in the browser instead of downloading (PDF)? - Stack Overflow | https://stackoverflow.com/
To indicate to the browser that the file should be viewed in the browser:
<code>
Content-Type: application/pdf
Content-Disposition: inline; filename="filename.pdf"
</code>

To have the file downloaded rather than viewed:
<code>
Content-Type: application/pdf
Content-Disposition: attachment; filename="filename.pdf"
</code>

The quotes around the filename are required if the filename contains special characters such as filename[1].pdf which may otherwise break the browser's ability to handle the response.
httpd  apache  webmaster  headers  contentdisposition  sortof  solution 
november 2018 by kme
Change Apache httpd "Server:" HTTP header - Unix & Linux Stack Exchange | https://unix.stackexchange.com/
I simply changed the directives in security.conf and Apache started working as I wanted.
<code class="language-apache">
ServerTokens Prod
ServerSignature Off
</code>
webmaster  apache  httpd  config  configfile  security  configuration  solution  dammitbrain 
may 2018 by kme
how do I allow mysql connections through selinux - Server Fault | https://serverfault.com/

To check SELinux
<code class="language-bash">sestatus</code>

To see what flags are set on httpd processes
<code class="language-bash">getsebool -a | grep httpd</code>

To allow Apache to connect to remote database through SELinux
<code class="language-bash">setsebool httpd_can_network_connect_db 1</code>

Use -P option makes the change permanent. Without this option, the boolean would be reset to 0 at reboot.
<code class="language-bash">
setsebool -P httpd_can_network_connect_db 1
</code>

See also https://codedump.io/share/HBJCXpCN1VLr/1/permission-denied-when-trying-to-connect-to-mysql-installing-mediawiki, because I got that exact error message:

<code>
/var/www/html/Wiki/includes/limit.sh: line 61: ulimit: cpu time: cannot modify limit: Permission denied

/var/www/html/Wiki/includes/limit.sh: line 90: ulimit: file size: cannot modify limit: Permission denied</code>

If you want to create a policy file that allows whatever was failing to not fail, try this:

<code class="language-bash">grep httpd /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp</code>
selinux  centos  apache  httpd  mysql  security  sysadmin  webmaster  solution  errormessage 
may 2018 by kme
linux - You don't have permission error in Apache in CentOS - Stack Overflow - https://stackoverflow.com/
This is a common problem, and this is a good tip:
ps axo user,group,comm | grep apache


Also, check "getenforce" to see if SELinux is the problem.
centos  apache  httpd  annoyance  webmaster  syadmin  permissions  solution 
october 2017 by kme
linux - What are the recommended runlevels for httpd? - Super User
Don't believe everything you read on Wikipedia.

Taken from a live, recently installed CentOS 6 system: The network is started in runlevels 2, 3, 4 and 5.

# chkconfig --list network
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off

As a practial matter, only runlevels 3 and 5 ever really get used. Runlevel 3 is the usual "no-graphical-desktop" runlevel, while runlevel 5 is used to start a graphical desktop.


Still dunno why Apache doesn't just configure itself to run by default after you install it (Amazon AMI).
apache  httpd  centos  amazonami  dammitbrain  runlevels  startup 
february 2017 by kme
TipsAndTricks/SelinuxBooleans - CentOS Wiki
httpd_enable_homedirs (HTTPD Service)
Allow HTTPD to read home directories


So you need to:

setsebool httpd_enable_homedirs true

in order to stop getting that "403 Forbidden" error when you turn on mod_userdir.
webmaster  linux  security  httpd  centos  rhel  selinux  apache  solution 
june 2014 by kme
public_html: 403 forbidden - FedoraForum.org
Re: public_html: 403 forbidden
Checklist:

httpd.conf?
semanage fcontext?
setsebool home dirs?
chmod 711 ~username ?
chmod 711 ~username/public_html ?
chmod -R 755 ~username/public_html/* ?

#And don't forget:
chcon -R -t httpd_user_content_t ~username/public_html/*


The 'setsebool' that they're referring to is:

setsebool httpd_enable_homedirs true

This then works. The page at http://www.acm.uiuc.edu/webmonkeys/html_workshop/unix.html, suggests that the 711 on the user home isn't actually required, which doesn't make a whole lot of sense to me, but actually seems to be a false statement in practice.

Permissions of o=x on ~username and ~username/public_html are *definitely* required, at a minimum.
centos  rhel  apache  httpd  public_html  webmaster  annoyance  solution 
june 2014 by kme

Copy this bookmark:





to read