Fresh install of Saucy. Apache2 configs from Raring are epic failure

Tom H tomh0665 at gmail.com
Thu Dec 26 03:57:59 UTC 2013 

On Thu, Dec 26, 2013 at 2:28 AM, Kevin O'Gorman <kogorman at gmail.com> wrote:
> Due to a GUI meltdown, I found it expedient to do a fresh install so I
> chose Xubuntu Saucy.
>
> All but one thing went well.  My web server is really down.
>
> Now mind, the basics work.  I can access things in /var/www it seems,
> but I usually keep only one file there.  I configure aliases to get to
> everything else.
>
> None of these are working.  Home directory pages are not working.  My
> specialized code is not working.
>
> And by not working I mean a pretty uniform 403 with an occasional 404.
>  The error log points the finger at my configuration, saying "client
> denied by server configuration"
>
> For example, I have a directory devoted to a dear departed canine
> companion named Ogden Gnash.  His stuff is stored in /www/Dogs/Oggie.
> I have an alias thus:
>
> Alias /Oggie /www/Dogs/Oggie
> <Directory /www/Dogs/Oggie>
>     Order allow,deny
>     Allow from all
> </Directory>
>
> And when I try to go to http://kosmanor.com/Oggie the browser tells me
> "You don't have permission to access /Oggie on this server." while the
> error log contains "
>
> [Wed Dec 25 18:22:22.504423 2013] [authz_core:error] [pid 6022:tid
> 140127561000704] [client 71.80.244.253:43755] AH01630: client denied
> by server configuration: /www/Dogs/Oggie
>
> What could be clearer?  It sees the Alias, but does not give access,
> and it's not file permission (which I've checked anyway) but it's the
> server configuration.

>From the README:

apache2 (2.4.1-1) unstable; urgency=low

  This package introduces a new major release of the Apache HTTP server. It is
  likely the site configuration needs changes to work with this release.
  Notable changes which need special care are:

  The module interface (ABI) has changed. If you have any locally compiled
  modules, you have to re-compile them for apache2 2.4.

  The authorization and authentication system has changed. Existing
  configurations using deprecated Order/Allow/Deny directives should be
  upgraded to the new system. Please review upstream's "Authentication,
  Authorization and Access Control Howto" [1]. However, "mod_access_compat" is
  loaded by default to provide backward compatibility.

  Furthermore, MPMs are simple modules now. Thus, the MPM can be changed
  at any time by (un-)loading a specific module. Be careful when upgrading. An
  example of changing the MPM is given below:

  a2dismod mpm_worker
  a2enmod mpm_prefork

  We did change the security model for Apache in our default configuration. We
  do not allow access to the file system outside /var/www and /usr/share.
  If you are running virtual hosts or scripts outside these directories, you
  need to whitelist them in your configuration to grant access through HTTP.
  Special care must be taken if you are using a sub-directory in /srv to serve
  your content as recommended by the File Hierarchy Standard (FHS). You must
  allow access to your served directory explicity in the corresponding virtual
  host, or by allowing access in apache2.conf as proposed.

  Moreover, the configuration mechanism in Debian has changed. All
  configurations in sites-enabled and conf-enabled need a ".conf" suffix now.
  The latter replaces the deprecated /etc/apache2/conf.d/ directory (which is
  not supported any more) and works just like {sites,mods}-{available,enabled}
  via the "a2enconf" tool. The upgrade tries to migrate known configuration
  files from /etc/apache2/conf.d/ to /etc/apache2/conf-available/ - please
  review these changes.

  Note this means all existing sites are ignored until they get a ".conf"
  suffix and are re-enabled by the use of a2ensite. The script in [3] can
  automate that for simple cases. This change also includes Debian default
  sites, so the default site has been renamed to 000-default to avoid naming
  confusions. The rename of the config files to *.conf makes the special
  handling inside apache2 to ignore *.dpkg-* backup files obsolete. This
  special handling has been removed.

  Users of mod_authn_dbm should switch to htdbm to manage their DBM user
  databases. The pure-perl management utility "dbmmanage" was removed as it was
  outdated and orphaned upstream.

  Packagers are advised to review whether their packages comply with this
  new version. Please see [2] for detailed documentation and instructions.

  [1] http://httpd.apache.org/docs/2.4/howto/auth.html
  [2] </usr/share/doc/apache2/PACKAGING>
  [3] </usr/share/doc/apache2/migrate-sites.pl>

 -- Arno Töll <arno at debian.org>  Fri, 23 July 2012 23:50:13 +0200

More information about the ubuntu-users mailing list