Apache multiple sites, one works, other doesn't

Question

I've tried everything on similar questions but no luck.

I'm getting "You don't have permission to access X on this server." on all requests.

I have two sites on the same IP, the apache config files are identical, the file permissions are identical, however, one works and the other doesn't.

The config file:

<VirtualHost x.x.xxx.xx:80>
    ServerName site2.example.com
    ServerAlias site2.example.com
    Redirect / https://site2.example.com/

    <IfModule mod_security2.c>
            SecRuleEngine Off
        </IfModule>
</VirtualHost>

<VirtualHost x.x.xxx.xx:443>
    Protocols h2 http/1.1
    ServerName site2.example.com
    ServerAlias site2.example.com
    ServerAdmin [email protected]

    SetEnv ENVIRONMENT production

    DocumentRoot /data/www/site2.example.com
    <Directory /data/www/site2.example.com>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
        Require all granted
    </Directory>

    <IfModule mod_security2.c>
        SecRuleEngine Off
    </IfModule>

    ErrorLog /var/log/apache2/site2_error.log
    LogLevel warn

    KeepAlive On

    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/site2.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/site2.example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    Header add Strict-Transport-Security "max-age=15768000"

    # Add File Caching
    <filesMatch ".(js|css|png|jpeg|jpg|gif|ico|pdf)$">
        Header set Cache-Control "max-age=31536000, public"
    </filesMatch>

    # Disable slower encryption on older versions of IE
    SetEnvIf User-Agent ".*MSIE [1-5].*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0

    SetEnvIf User-Agent ".*MSIE [6-9].*" \
          ssl-unclean-shutdown
</VirtualHost>

What could I be missing?

The permission commands used:

• sudo chown -R www-data:www-data /data/www/site2.example.com
• sudo find /data/www/site2.example.com -type f -exec chmod 644 {} \;
• sudo find /data/www/site2.example.com -type d -exec chmod 775 {} \;

I've already restarted apache.

Answer 1

So the problem was that for SSL the config file above wasn't being used. I've found the problem by listing the sites enabled sudo apache2ctl -S which returned:

port 443 namevhost site2.example.com (/etc/apache2/sites-enabled/site2-le-ssl.conf:2)

Which is a file created when setting up letsencrypt. I fixed the issue by disabling the config file, sudo a2dissite site2-le-ssl.conf.

Answer 2

Maybe the problem is not the config. Many other modifiers (including .htaccess) impact the server response.

To isolate the problem, use the failing website config file but use the working website directory path and see if it works.