Score:0

Server

Apache can't serve directory or locate files even though they all exist with the correct permissions

brinchter

2/6/23, 1:42 AM

I'm using CentOS8, with a bog-standard (yum install httpd php) installation of apache and php.

I've got a configuration (/etc/httpd/conf.d/trip.mydomain.mytld.conf) that looks like the following:

<VirtualHost *:80>
    ServerName trip.mydomain.mytld

    DocumentRoot /var/www/trip/public
    <Directory "/var/www/trip/public">
        Require all granted
    </Directory>

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =trip.mydomain.mytld
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

As a sanity check:

$ ls -la /var/www/
...
drwxr-xr-x. 10 apache         root 4096 Oct  5 23:01 trip
...

$ ls -la /var/www/trip
...
drwxr-xr-x.  7 apache root   4096 Oct  6 01:07 public
...

$ ls -la /var/www/trip/public
...
-rwxr-xr-x.  1 apache root   532 Oct  5 22:04 index.php
...

To be sure it wasn't SELinux, I've disabled that and restarted the server to no avail...

No matter what I've tried, when I load trip.mydomain.mytld, I get a 403 Forbidden, and my logs are populated with:

AH01276: Cannot serve directory /var/www/tripwire/public: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

I have another service running with a similar configuration that works, and I'm baffled as to what's wrong with this -- but I assume it's because the first configuration is the "default", though I'm not sure what issues that might be causing.

In case it's relevant, the result of running httpd -S is as follows:

VirtualHost configuration:
*:443                  is a NameVirtualHost
    default server auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld-le-ssl.conf:2)
    port 443 namevhost auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld-le-ssl.conf:2)
    port 443 namevhost tripwire.mydomain.mytld (/etc/httpd/conf.d/tripwire.mydomain.mytld-le-ssl.conf:2)
*:80                   is a NameVirtualHost
    default server auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld.conf:1)
    port 80 namevhost auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld.conf:1)
    port 80 namevhost tripwire.mydomain.mytld (/etc/httpd/conf.d/tripwire.mydomain.mytld.conf:1)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

564

0 + 0

php

centos

apache-2.4

Jose Fernando Lopez Fernandez

2/6/23, 2:04 AM

Can you try putting the `Directory` block outside the `VirtualHost` block and see what happens?

brinchter

2/6/23, 2:12 AM

No observed change in behavior. :(

Jose Fernando Lopez Fernandez

2/6/23, 2:19 AM

Sorry, I missed the error message; here's your problem: `No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive` So it's not a permissions issue. Since you have an `index.php` file, did you check if PHP was properly configured?

brinchter

2/6/23, 2:23 AM

As far as I can tell, it's properly configured, but it's certainly possible I missed a check... `$ sudo php-fpm -t` yields `[06-Oct-2021 02:22:38] NOTICE: configuration file /etc/php-fpm.conf test is successful`, and `php-fpm` is running as user `apache`

Jose Fernando Lopez Fernandez

2/6/23, 2:29 AM

I think that Apache might not know it needs to pass of the requests to the fast process manager. Can you create a `test.php` file in your server's public directory with only `<?php phpinfo();` as its content? Try going to it directly at `trip.mydomain.mytld/test.php`. That will tell us whether your server is actually processing PHP properly, and we can go from there

Jose Fernando Lopez Fernandez

2/6/23, 2:31 AM

It's odd though, because the error message specifically includes `index.php`, so it may not be that, but it'll at least eliminate a possibility.

brinchter

2/6/23, 2:32 AM

That yielded a different error at the very least... `[proxy_fcgi:error] [pid dddd:tid tttt] [client aa.bb.cc.dd:ffff] AH01071: Got error 'Primary script unknown\n'`

Jose Fernando Lopez Fernandez

2/6/23, 2:34 AM

I've never had that problem, but other questions suggest a reboot might work? Can you try that?

brinchter

2/6/23, 2:39 AM

A reboot (of everything, php-fpm, apache... and then the whole machine) didn't fix anything.

Jose Fernando Lopez Fernandez

2/6/23, 2:44 AM

Yikes, okay. Well, let's see. Can you post the versions of apache and httpd? And can you post your PHP handler and DirectoryIndex settings from your apache configuration as well?

Jose Fernando Lopez Fernandez

2/6/23, 2:45 AM

[This is the answer](https://serverfault.com/questions/960558/mod-rewrite-on-debian-stretch-breaks-php7-0-fpm-with-ah01071-got-error-primary?rq=1) I'm referencing for the PHP-FPM and Apache versions, btw

brinchter

2/6/23, 2:54 AM

`apache` is known as `httpd` on `CentOS` so for apache / httpd versions: `$ sudo httpd -V` yielded (among other notes) `Server version: Apache/2.4.37 (centos)`. By php handler do you mean `/etc/httpd/conf.d/php.conf` (which is unmodified from default install, and just denies all on `.user.ini` and does misc php-fpm configuration alongside adding to the DirectoryIndex ) or something else? My DirectoryIndex (after all conf preprocessing) is `index.html, index.php` according to the error logs (and a `grep -RiP of /etc/httpd` agrees).

Jose Fernando Lopez Fernandez

2/6/23, 3:00 AM

Yea, sorry, I meant apache and php-fpm. The `DirectoryIndex` directive doesn't use commas to separate files, all you need is `DirectoryIndex index.html index.php` (I don't know whether this is actually the cause of the problem, but I doubt it). And yea, I'm just wondering whether your `SetHandler` directive for PHP files is actually getting processed

brinchter

2/6/23, 3:05 AM

Gotcha. `$ sudo php-fpm -v` yielded `7.2.24`. My SetHandler is `SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"` in my `/etc/httpd/conf.d/php.conf`. (As an aside, setting `ProxyFCGIBackendType GENERIC` didn't fix it, though I didn't quite expect it to...)

brinchter

2/7/23, 3:37 AM

I gave up and went with nginx, which worked. Oh well.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Apache can't serve directory or locate files even though they all exist with the correct permissions

TH: Apache ไม่สามารถให้บริการไดเร็กทอรีหรือค้นหาไฟล์ แม้ว่าไฟล์ทั้งหมดจะได้รับอนุญาตถูกต้องก็ตาม

RO: Apache nu poate servi directorul sau localiza fișierele, chiar dacă toate există cu permisiunile corecte

RU: Apache не может обслуживать каталог или находить файлы, хотя все они существуют с правильными разрешениями.

VI: Apache không thể phục vụ thư mục hoặc định vị tệp mặc dù tất cả chúng đều tồn tại với quyền chính xác

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.