Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

VirtualHost is not working under Apache 2.4.6 on CentOS 7

I'm trying to setup some VH in Apache 2.4.6 on CentOS 7 but without success since it's not working. This is what I've tried til now:

  • Since in /etc/httpd/conf/httpd.conf is this line Include conf.modules.d/*.conf then I create a file under /etc/httpd/conf.d/vhost.conf and place this inside it:

    NameVirtualHost *:80
    
    <VirtualHost *:80>
         ServerName webserver
         ServerAlias localhost devserver development
         DocumentRoot /var/www/html
    </VirtualHost>
    
  • Reload/Restart Apache service (tried both):

    service httpd reload|restart
    
  • At Windows side edit the file C:\Windows\system32\drivers\etc\hosts and add this line:

    192.168.3.131  webserver localhost devserver development # this is the IP of Apache Server
    
  • Open the browser and tried: http://webserver, http://devserver and both goes to default Apache page so VH is not working.

  • Place a file under /var/www/html/index.php with this lines <?php phpinfo(); ?> just to know which modules is Apache loading, this is the result:

    core mod_so http_core mod_access_compat mod_actions mod_alias mod_allowmethods mod_auth_basic mod_auth_digest 
    mod_authn_anon mod_authn_core mod_authn_dbd mod_authn_dbm mod_authn_file mod_authn_socache mod_authz_core 
    mod_authz_dbd mod_authz_dbm mod_authz_groupfile mod_authz_host mod_authz_owner mod_authz_user mod_autoindex 
    mod_cache mod_cache_disk mod_data mod_dbd mod_deflate mod_dir mod_dumpio mod_echo mod_env mod_expires mod_ext_filter 
    mod_filter mod_headers mod_include mod_info mod_log_config mod_logio mod_mime_magic mod_mime mod_negotiation 
    mod_remoteip mod_reqtimeout mod_rewrite mod_setenvif mod_slotmem_plain mod_slotmem_shm mod_socache_dbm 
    mod_socache_memcache mod_socache_shmcb mod_status mod_substitute mod_suexec mod_unique_id mod_unixd mod_userdir 
    mod_version mod_vhost_alias mod_dav mod_dav_fs mod_dav_lock mod_lua prefork mod_proxy mod_lbmethod_bybusyness 
    mod_lbmethod_byrequests mod_lbmethod_bytraffic mod_lbmethod_heartbeat mod_proxy_ajp mod_proxy_balancer mod_proxy_connect 
    mod_proxy_express mod_proxy_fcgi mod_proxy_fdpass mod_proxy_ftp mod_proxy_http mod_proxy_scgi mod_systemd mod_cgi mod_php5 
    

And apparently mod_vhost is loaded but is not working, did I miss something? Any help or advice around this? Maybe I forgot something but I read Apache docs and doesn't found something helpful

Update: test1

I made some changes to VH definition and now this is what I have:

<VirtualHost *:80>
    DocumentRoot /var/www/html
    ServerName webserver
    #ServerAlias localhost devserver development

    <Directory "/var/www/html">
        Options FollowSymLinks Includes ExecCGI
        AllowOverride All
        Allow from all

        #Require local
        #Require 192.168.3.0/16
        #Require 192.168.1.0/16
    </Directory>
</VirtualHost>

But I'm getting a 403 Forbidden

Forbidden

You don't have permission to access /index.php on this server.

What is failing here?

like image 303
ReynierPM Avatar asked Sep 01 '14 15:09

ReynierPM


3 Answers

To elaborate on jap1968's post, CentOS 7 comes with SELinux's pain in the butt level set to enforcing. This causes all kinds of confusion when perfectly normal service configuration silently fail (Apache).

To disable SELinux you'll need to:

0) [optional] Crack open a shell and become root... or enjoy a shiny new, super fun, configuring sudo to let you do "root stuffs" project. Probably.

su -l

1) Get the current status of SELinux. Run sestatus:

sestatus

2) If SELinux is causing hair loss and premature aging you'll get something like this:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

3) Edit the /etc/selinux/config file. Change SELINUX=enforcing to SELINUX=permissive. Doing this will set you up for endless joy next time you reboot. You'll end up with something like this:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUX=enforcing
# ===> VOODOO HERE <===
SELINUX=permissive
# ===> END VOODOO  <===
#
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4) Disable SELinux. You can reboot at this point but it's easier to tell SELinux to take time off from tormenting you. Run setenforce to reset SELinux's enforcement level to match the /etc/selinux/config file:

setenforce 0

5) Check sestatus again:

sestatus

If everything went as expected sestatus will return something like this:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

6) Restart Apache. If your vhost's domain name is resolving to the server you're working on you'll see your shiny new virtual host:

# Restart apache:
systemctl restart httpd.service

# Be lazy by checking your virtual host from the command line:
curl www.example.com/new-file-that-only-exists-in-your-new-vhost.txt

6.5) Stop reading here. Or don't. I'm a message board post, not your Mom.

Everything below is beyond the scope of the original question and only included because you really should be running with SELinux enabled.

7) Work towards re-enabling selinux. Start by watching the selinux logs to see some awesome alphabet soup:

tail -f /var/log/audit/audit.log

8) Be amazed at the depth of features, crazy number of poorly named utilities, and ugly UX mess that constitutes SELinux. You should probably put on your big boy pants and drink a whole pot of coffee before you dive in. Here's some Info:

  • CentoOS HowTo: https://wiki.centos.org/HowTos/SELinux
  • Project: http://selinuxproject.org/page/Main_Page
like image 146
perfectcu.be Avatar answered Oct 18 '22 03:10

perfectcu.be


A couple of thing that may be causing you problems :-

NameVirtualHost *:80

Is no longer a valid syntax for Apache 2.4.x you should remove it completely.

On the Windows side once you have changed the HOSTS file, you need to reload the DNS Client service, so either reboot or better still, launch a command window using "Run as Administrator" and do this :-

net stop dnscache
net start dnscache

Lastly, within your virtual hosts definition, it will help to tell apache from where it is allowed to accept connections to this Virtual Host like so :-

<VirtualHost *:80>
     ServerName webserver
     ServerAlias localhost devserver development
     DocumentRoot /var/www/html
    <Directory  "/var/www/html">
        AllowOverride All

        Require local
        Require ip 192.168.3

    </Directory>
</VirtualHost>

This will allow access from the machine running apache Require local and from any ip address on the local network Require ip 192.168.3

Also I am not sure where Apache on unix puts its default document root but it might be an idea to differentiate your 3 domain names to different directories like so

<VirtualHost *:80>
     ServerName localhost
     ServerAlias localhost
     DocumentRoot /var/www/html
    <Directory  "/var/www/html">
        AllowOverride All

        Require local
        Require ip 192.168.3

    </Directory>
</VirtualHost>


<VirtualHost *:80>
     ServerName webserver
     ServerAlias webserver
     DocumentRoot /var/www/html/webserver
    <Directory  "/var/www/html/webserver">
        AllowOverride All

        Require local
        Require ip 192.168.3

    </Directory>
</VirtualHost>

<VirtualHost *:80>
     ServerName development
     ServerAlias development
     DocumentRoot /var/www/html/development
    <Directory  "/var/www/html/development">
        AllowOverride All

        Require local
        Require ip 192.168.3

    </Directory>
</VirtualHost>


<VirtualHost *:80>
     ServerName devserver
     ServerAlias devserver
     DocumentRoot /var/www/html/devserver
    <Directory  "/var/www/html/devserver">
        AllowOverride All

        Require local
        Require ip 192.168.3

    </Directory>
</VirtualHost>

Then put a simple html file in each directory saying 'Hello from Servername' and change servername in each file so you know you have got to the correct server.

RE: Update test1.php

Allow from all

Is not valid Apache 2.4 syntax either, unless you have loaded LoadModule access_compat_module modules/mod_access_compat.so

Even then it should be

Order Allow,Deny
Allow from all

So USE Apache 2.4 syntax

Require all granted

If you want to take the lazy route and allow access from the universe.

like image 24
RiggsFolly Avatar answered Oct 18 '22 04:10

RiggsFolly


Be careful also with SELinux. The default configuration will prevent your virtual hosts directories from being accessed by httpd. You will need to set the appropriate context:

# chcon -R -u system_u -r object_r -t httpd_sys_content_t <DocumentRoot>

Another option is just to disable SELinux.

like image 34
jap1968 Avatar answered Oct 18 '22 04:10

jap1968