Join Log in
Score:0
avatar Server

No permission to access web site

ca flag
EastsideDev

My setup:

ubuntu 22.04
Apache/2.4.52 (Ubuntu) Server 

I created /etc/apache2/sites-available/test.mysite.conf:

<VirtualHost *:80>
   ServerAdmin [email protected]
   ServerName test.xxxxxxxx.com
   DocumentRoot /home/test/deploy/current
   <Directory /home/test/deploy/current>
      AllowOverride all
      Options -MultiViews
      Require all granted
   </Directory>
   ErrorLog ${APACHE_LOG_DIR}/test/error.log
   CustomLog ${APACHE_LOG_DIR}/test/access.log combined
</VirtualHost>

I disabled the built-in 000-default.conf as follows:

sudo a2dissite 000-default.conf

And verified that it was no longer in /etc/apache2/sites-enabled

And enabled the virtual host:

sudo a2ensite test.mysite.conf

And verified that it was now in /etc/apache2/sites-enabled

I verified that the configuration is fine:

sudo apache2ctl configtest

And restarted the apache server:

sudo systemctl restart apache2

Here is a list of the permissions

drwxr-xr-x root root  /
drwxr-xr-x root root  home
drwxr-x--- test test  test
drwxr-xr-x test test  deploy
drwxrwxr-x test test  current
-rw-rw-r-- test test  index.html

This is hosted on AWS, so I also went to AWS, and verified that the security group's inbound rules, allowing connecting from my home IP address (I have a fixed IP address). I also don't have the firewall enabled on the server.

But when I do http://test.xxxxxxxx.com

I get the following message in my browser:

Forbidden
You don't have permission to access this resource.
Apache/2.4.52 (Ubuntu) Server at test.xxxxxxxx.com Port 80

Any ideas?

416
1 + 4
vidarlo avatar
ar flag
vidarlo
What's the permissions for `/home`, `/home/test`, `/home/test/deploy` and `/home/test/deploy/current`?
0
Reply
ca flag
EastsideDev
@vidarlo Isn't the only folder that matters /home/test/deploy/current? I have the permissions listed in my question.
0
Reply
in flag
Gerald Schneider
No, all parent folder permissions also matter. Please show the output of `namei -l /home/test/deploy/current`.
0
Reply
ca flag
EastsideDev
@GeraldSchneider I edited the question, to add all the permissions
0
Reply
Score:0
avatar Server
in flag
Gerald Schneider

The permissions in /home/test/ are too restricted.

drwxr-x--- test test  test

Nobody but test is allowed to enter this directory, so Apache can't read it.

/home/ is not the right place to place a webroot anyway. Use /var/www instead.

+ 7
ca flag
EastsideDev
Adding a read permission solved it. drwxr-xr-x test test test. Organizing in folders, allows me to have multiple vhosts, and disabling /var/www might provide more security.
0
Reply
in flag
Gerald Schneider
No, it doesn't.
1
Reply
vidarlo avatar
ar flag
vidarlo
Organize in folders all you want, but not in `/home`. Use `/var/www/`, `/srv/`, `/opt/www` or whatever, but `/home` is generally not a good idea.
0
Reply
ca flag
EastsideDev
I still don't see an explanation why organizing under /home is a bad idea.
0
Reply
vidarlo avatar
ar flag
vidarlo
Basically because that means a security problem will give Apache access to your users home directories.
0
Reply
ca flag
EastsideDev
@vidarlo If a security problem, allows a hacker to access the /home folder, wouldn't the /var/www folder also be exposed?
0
Reply
vidarlo avatar
ar flag
vidarlo
Yes, `/var/www` would obviously be. But not your home directory. Thats kinda the point.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.