Score:0

Apache2 non-default root directory multiple websites 403 forbidden

cn flag

I have Ubuntu 20.04 servers on AWS in autoscaling group with EFS mounted at /mnt/efs/fs1

I use codedeploy for deployment of a non-default website. The bitbucket pipeline creates a zip file containing the website config and the website content. Codedeploy deployment part is as follows:

#extract content
unzip -o frontend-qa.zip
#copy site config
sudo mv /mnt/efs/fs1/sites-enabled/* /etc/apache2/sites-enabled/
#update permissions
sudo chown www-data:www-data -R /mnt/efs/fs1/www
sudo chmod 777 -R /mnt/efs/fs1/www
#reload apache
sudo systemctl reload apache2

The /etc/apache2/apache2.conf part responsible for directories and permissions

<Directory /mnt/efs/fs1/www>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

The website vhost file

<VirtualHost *:80>
      ServerAdmin admin@the_site
      ServerName the_site
      ServerAlias www.the_site
      DocumentRoot /mnt/efs/fs1/www/html/site_admin/public_html
      # Directory path where code exists
        <Directory /mnt/efs/fs1/www/html/site_admin/public_html>
                Options -Indexes +FollowSymLinks +MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/the_site.site-error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel error
        CustomLog ${APACHE_LOG_DIR}/the_site.log combined
</VirtualHost>

The permissions on the site root

ll /mnt/efs/fs1/www/html/site_admin/public_html/
total 2120
drwxrwxrwx 10 www-data www-data    6144 Nov 28 16:35  ./
drwxrwxrwx  3 www-data www-data    6144 Nov 16 13:31  ../
-rwxrwxrwx  1 www-data www-data     283 Nov 26 18:48  .gitignore*
-rwxrwxrwx  1 www-data www-data   13966 Nov 28 16:35  .htaccess*
-rwxrwxrwx  1 www-data www-data     305 Nov 26 18:48  .project*
-rwxrwxrwx  1 www-data www-data      23 Nov 26 18:48  HEAD*
-rwxrwxrwx  1 www-data www-data  343872 Nov 26 18:48 'Hi tea menu.pdf'*
drwxrwxrwx 15 www-data www-data    6144 Nov  5 23:39  application/
drwxrwxrwx 13 www-data www-data    6144 Nov  5 23:39  assets/
-rwxrwxrwx  1 www-data www-data     339 Nov 26 18:48  composer.json*
-rwxrwxrwx  1 www-data www-data   65865 Nov 26 18:48  composer.lock*
-rwxrwxrwx  1 www-data www-data 1640731 Nov 26 18:48  composer.phar*
-rwxrwxrwx  1 www-data www-data      66 Nov 26 18:48  config*
-rwxrwxrwx  1 www-data www-data      73 Nov 26 18:48  description*
-rwxrwxrwx  1 www-data www-data      66 Nov 26 18:48  desktop.ini*
-rwxrwxrwx  1 www-data www-data       0 Nov 26 18:48  error.log*
-rwxrwxrwx  1 www-data www-data       0 Nov 26 18:48  git*
drwxrwxrwx  2 www-data www-data    6144 Nov  5 23:39  hooks/
drwxrwxrwx  2 www-data www-data   14336 Nov  5 23:39  images/
-rwxrwxrwx  1 www-data www-data    6457 Nov 26 18:48  index.php*
drwxrwxrwx  2 www-data www-data    6144 Nov  5 23:39  info/
-rwxrwxrwx  1 www-data www-data    2496 Nov 26 18:48  license.txt*
drwxrwxrwx  8 www-data www-data    6144 Nov  5 23:40  system/
drwxrwxrwx  3 www-data www-data    6144 Nov  5 23:39  uploads/
drwxrwxrwx 22 www-data www-data    6144 Nov  5 23:46  vendor/

When I try to load the website, I get 403 Forbidden You don't have permission to access this resource.

/var/log/apache2/access.log is empty

/var/log/apache2/error.log has the following:

AH01630: client denied by server configuration: /var/www/html

/var/log/apache2/the_site.log is empty

/var/log/apache2/the_site-error.log is empty as well

Would appreciate your help

Thanks Igal

dexter avatar
ru flag
Are permissions on folder's set correctly? Maybe AppArmor, but not likely.
igalsc avatar
cn flag
@dexter all the folders and files are 777 and owned by www-data:www:data
Score:0
cn flag

This was resolved by re-mounting the EFS volume under /var/www

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.