Fresh install of Saucy. Apache2 configs from Raring are epic failure

Kevin O'Gorman kogorman at gmail.com
Thu Dec 26 04:26:51 UTC 2013 

Thanks for this.  There was enough that happened during installation
that warned me of these changes.  As near as I can tell, all necessary
changes have been made.  All the config files are in conf-available,
and links are managed using the apache tools.

The example with Oggie shows that my configuration is being read.  The
permissions look right.  It just doesn't work.

On Wed, Dec 25, 2013 at 7:57 PM, Tom H <tomh0665 at gmail.com> wrote:
> On Thu, Dec 26, 2013 at 2:28 AM, Kevin O'Gorman <kogorman at gmail.com> wrote:
>> Due to a GUI meltdown, I found it expedient to do a fresh install so I
>> chose Xubuntu Saucy.
>>
>> All but one thing went well.  My web server is really down.
>>
>> Now mind, the basics work.  I can access things in /var/www it seems,
>> but I usually keep only one file there.  I configure aliases to get to
>> everything else.
>>
>> None of these are working.  Home directory pages are not working.  My
>> specialized code is not working.
>>
>> And by not working I mean a pretty uniform 403 with an occasional 404.
>>  The error log points the finger at my configuration, saying "client
>> denied by server configuration"
>>
>> For example, I have a directory devoted to a dear departed canine
>> companion named Ogden Gnash.  His stuff is stored in /www/Dogs/Oggie.
>> I have an alias thus:
>>
>> Alias /Oggie /www/Dogs/Oggie
>> <Directory /www/Dogs/Oggie>
>>     Order allow,deny
>>     Allow from all
>> </Directory>
>>
>> And when I try to go to http://kosmanor.com/Oggie the browser tells me
>> "You don't have permission to access /Oggie on this server." while the
>> error log contains "
>>
>> [Wed Dec 25 18:22:22.504423 2013] [authz_core:error] [pid 6022:tid
>> 140127561000704] [client 71.80.244.253:43755] AH01630: client denied
>> by server configuration: /www/Dogs/Oggie
>>
>> What could be clearer?  It sees the Alias, but does not give access,
>> and it's not file permission (which I've checked anyway) but it's the
>> server configuration.
>
> From the README:
>
> apache2 (2.4.1-1) unstable; urgency=low
>
>   This package introduces a new major release of the Apache HTTP server. It is
>   likely the site configuration needs changes to work with this release.
>   Notable changes which need special care are:
>
>   The module interface (ABI) has changed. If you have any locally compiled
>   modules, you have to re-compile them for apache2 2.4.
>
>   The authorization and authentication system has changed. Existing
>   configurations using deprecated Order/Allow/Deny directives should be
>   upgraded to the new system. Please review upstream's "Authentication,
>   Authorization and Access Control Howto" [1]. However, "mod_access_compat" is
>   loaded by default to provide backward compatibility.
>
>   Furthermore, MPMs are simple modules now. Thus, the MPM can be changed
>   at any time by (un-)loading a specific module. Be careful when upgrading. An
>   example of changing the MPM is given below:
>
>   a2dismod mpm_worker
>   a2enmod mpm_prefork
>
>   We did change the security model for Apache in our default configuration. We
>   do not allow access to the file system outside /var/www and /usr/share.
>   If you are running virtual hosts or scripts outside these directories, you
>   need to whitelist them in your configuration to grant access through HTTP.
>   Special care must be taken if you are using a sub-directory in /srv to serve
>   your content as recommended by the File Hierarchy Standard (FHS). You must
>   allow access to your served directory explicity in the corresponding virtual
>   host, or by allowing access in apache2.conf as proposed.
>
>   Moreover, the configuration mechanism in Debian has changed. All
>   configurations in sites-enabled and conf-enabled need a ".conf" suffix now.
>   The latter replaces the deprecated /etc/apache2/conf.d/ directory (which is
>   not supported any more) and works just like {sites,mods}-{available,enabled}
>   via the "a2enconf" tool. The upgrade tries to migrate known configuration
>   files from /etc/apache2/conf.d/ to /etc/apache2/conf-available/ - please
>   review these changes.
>
>   Note this means all existing sites are ignored until they get a ".conf"
>   suffix and are re-enabled by the use of a2ensite. The script in [3] can
>   automate that for simple cases. This change also includes Debian default
>   sites, so the default site has been renamed to 000-default to avoid naming
>   confusions. The rename of the config files to *.conf makes the special
>   handling inside apache2 to ignore *.dpkg-* backup files obsolete. This
>   special handling has been removed.
>
>   Users of mod_authn_dbm should switch to htdbm to manage their DBM user
>   databases. The pure-perl management utility "dbmmanage" was removed as it was
>   outdated and orphaned upstream.
>
>   Packagers are advised to review whether their packages comply with this
>   new version. Please see [2] for detailed documentation and instructions.
>
>   [1] http://httpd.apache.org/docs/2.4/howto/auth.html
>   [2] </usr/share/doc/apache2/PACKAGING>
>   [3] </usr/share/doc/apache2/migrate-sites.pl>
>
>  -- Arno Töll <arno at debian.org>  Fri, 23 July 2012 23:50:13 +0200
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



-- 
Kevin O'Gorman

programmer, n. an organism that transmutes caffeine into software.
Please consider the environment before printing this email.

More information about the ubuntu-users mailing list