403 following Modoboa-apache2.4 setup

Ronan

12/19/22, 9:03 PM

Machine details:

Ubuntu 20.04.3 LTS
Apache2 2.4.41
Mariadb 15.1 (don't think it's pertinent)

I recently followed a guide to install modoboa (mail server) on a fresh server. The default setup install with nginx which at the end did work (at least the page mail.mysite.com loaded).

After disabling nginx and enabling apache2, I created /etc/apache2/sites-enabled/modoboa.conf as

<VirtualHost *:80>
  ServerName mail.mysite.com
  DocumentRoot /srv/modoboa/instance/

  Alias /media/ /srv/modoboa/instance/media/
  <Directory /srv/modoboa/instance/media>
    Require all granted
  </Directory>

  Alias /sitestatic/ /srv/modoboa/instance/sitestatic/
  <Directory /srv/modoboa/instance/sitestatic>
    Require all granted
  </Directory>

  WSGIScriptAlias / /srv/modoboa/instance/instance/wsgi.py

  # Pass Authorization header to enable API usage:
  WSGIPassAuthorization On
</VirtualHost>

Following a certbot command sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.mysite.com the following was generated:

<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
  ServerName mail.mysite.com
  DocumentRoot /srv/modoboa/instance/

  Alias /media/ /srv/modoboa/instance/media/
  <Directory /srv/modoboa/instance/media>
    Require all granted
  </Directory>

  Alias /sitestatic/ /srv/modoboa/instance/sitestatic/
  <Directory /srv/modoboa/instance/sitestatic>
    Require all granted
  </Directory>

  WSGIScriptAlias / /srv/modoboa/instance/instance/wsgi.py

  # Pass Authorization header to enable API usage:
  WSGIPassAuthorization On


SSLCertificateFile /etc/letsencrypt/live/mail.mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.mysite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
</VirtualHost>
</IfModule>

Now when I try to connect to mail.mysite.com I just get a 403 forbidden error. Looking into /var/log/apache2/error.log I see:

[Thu Aug 19 20:52:04.159144 2021] [core:notice] [pid 6213] AH00094: Command line: '/usr/sbin/apache2'
[Thu Aug 19 20:52:06.296969 2021] [authz_core:error] [pid 6216] [client 74.206.137.114:49866] AH01630: client denied by server configuration: /srv/modoboa/instance/instance/wsgi.py

Looking around I saw things like this SF question. Following those I did change what I had before Order deny,allow Allow from all to the setup shown above, yet I still have the same error.

Looking with ls-ls /srv/ I see drwxr-xr-x 7 modoboa modoboa 4096 Aug 19 19:42 modoboa which I believe shows modoboa can do it's own thing fine.

Given this worked when nginx was enabled, I feel like it's something to do with my apache2 configs, but I really just can't tell what it is. If anyone has some insight on the matter I would greatly appreciate it.

229

1 + 0

email-server

web-server

apache-2.4

Score:0

Server

Alex

12/19/22, 9:15 PM

Looks like you are missing this definition inside your vhost configs

  <Directory /srv/modoboa/instance/instance>
    Require all granted
  </Directory>

I would also not count on the user permissions being modoboa:modoboa for files, which apache needs to serve. You could change them to the default ones.

chown -R www-data:www-data /srv/modoboa

0 + 3

Ronan

12/19/22, 9:24 PM

When adding this I get a 500 error on page load. In the apache error logs I get the error (in hastebin: https://hastebin.com/enobumilen.yaml). Which clearly is saying it needs django but I'm not even sure why, or where I would go abouts setting that up. I can't really see what I would do from here except maybe make a global pip3 install of django? edit: Following a `sudo pip3 install django` I then get still a 500 with `ModuleNotFoundError: No module named 'instance'` in the errors.log file. This feels like a rabit hole that may not be the good one to go down?

Alex

12/19/22, 9:33 PM

It looks like there are python modules missing. Install them globally and see where you can go from there. At least we can be sure that the wsgi.py file is being served by apache.

Ronan

12/19/22, 11:18 PM

Is there nothing for a recommended modoboa setup for this? I keep adding more modules, and then get to no module `instance.settings` which I only really see [this github issue](https://github.com/modoboa/modoboa/issues/1276) which is no longer usable since this is for python2 and also activate_this.py does not exist anymore in that path.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: 403 following Modoboa-apache2.4 setup

TH: 403 หลังการตั้งค่า Modoboa-apache2.4

RO: 403 după configurarea Modoboa-apache2.4

RU: 403 после установки Modoboa-apache2.4

VI: 403 sau khi thiết lập Modoboa-apache2.4

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.