Mitleid242
asked on
Apache; problems with public_html
I'm trying to setup a web development testing server on a LAMP system and I'm having some problems. I'd like to configure the machine to be able to produce a web page if I access it via it's LAN IP, ex: 192.168.111.7 and then supply a username like so: /~user. I'm rather new to Apache, but my understanding is that supplying the /~user at the end of the URL (in this case the local IP) will instruct Apache to direct the request to the /public_html/ directory of the corresponding user. No problem. This seems to work, sorta, and this is where my problem arises.
First off, I can sucessfully bring up a web page on the SERVER using "localhost", which gives me my Default Server page, and then I can also use "localhost/~user" and I'm brought to whatever page I've placed into the public_html. THe problems begin whenever I try clicking on a link; it would appear that access to the /~user directory is not being "jailed", and so when I click a link it seems that instead of using /public_html/ as the root for the site, it's trying to go up further into the users directory, and thus I get a 404 error. I suspect that this is the problem, as I have no issues with this page on it's "live" server, but then again I am using relative linking in my code so that might be something I'll have to take a look at. However, if anyone with more expertise suspects otherwise, I'd love to hear some possible solutions.
Then, my second problem arises when trying to access my web server from another machine. I can access the "home" IP without a problem, so for example typing 192.168.111.7 brings me to whatever I have in /var/www/html just fine, but it's when I try adding a /~user to the end that I'm given a connection refused error when trying to contact 127.0.0.1. So, for some reason, when I try to access the /public_html/ resources on the local web server, I'm rerouted to the home ip address of the machine I'm trying to connect with.
So, I really have no idea what is going on. Like I said, I'm new to Apache (as well as Linux, for the most part), so please bear with me and be as "stupid friendly" as possible. Thanks in advance for all of your time.
First off, I can sucessfully bring up a web page on the SERVER using "localhost", which gives me my Default Server page, and then I can also use "localhost/~user" and I'm brought to whatever page I've placed into the public_html. THe problems begin whenever I try clicking on a link; it would appear that access to the /~user directory is not being "jailed", and so when I click a link it seems that instead of using /public_html/ as the root for the site, it's trying to go up further into the users directory, and thus I get a 404 error. I suspect that this is the problem, as I have no issues with this page on it's "live" server, but then again I am using relative linking in my code so that might be something I'll have to take a look at. However, if anyone with more expertise suspects otherwise, I'd love to hear some possible solutions.
Then, my second problem arises when trying to access my web server from another machine. I can access the "home" IP without a problem, so for example typing 192.168.111.7 brings me to whatever I have in /var/www/html just fine, but it's when I try adding a /~user to the end that I'm given a connection refused error when trying to contact 127.0.0.1. So, for some reason, when I try to access the /public_html/ resources on the local web server, I'm rerouted to the home ip address of the machine I'm trying to connect with.
So, I really have no idea what is going on. Like I said, I'm new to Apache (as well as Linux, for the most part), so please bear with me and be as "stupid friendly" as possible. Thanks in advance for all of your time.
ASKER
Agh. I didn't even realize I was still in general Linux Net. Thanks for bringing that to attention, pablourugauy.
Will the mods move it, or do I have to make a formal request? If so, consider this it. Or do I need to contact someone directly?
Will the mods move it, or do I have to make a formal request? If so, consider this it. Or do I need to contact someone directly?
put the request to move the question in the comunnity support
https://www.experts-exchange.com/Community_Support/
https://www.experts-exchange.com/Community_Support/
To use:
http://soemwhere.com/~fred
1. You need to have a public_html dir under user fred's home dir.
2. You need to make sure that your httpd.conf has something like:
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
The web browser can only view files under ~username/public_html, and whatever under
your document root, if you allow them to view them.
For access control, have a look at:
http://httpd.apache.org/docs/howto/auth.html
http://httpd.apache.org/docs/howto/htaccess.html
http://apache-server.com/tutorials/ATusing-htaccess.html
http://sniptools.com/vault/windows-apache-and-htaccess-authentication.htm
http://soemwhere.com/~fred
1. You need to have a public_html dir under user fred's home dir.
2. You need to make sure that your httpd.conf has something like:
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
The web browser can only view files under ~username/public_html, and whatever under
your document root, if you allow them to view them.
For access control, have a look at:
http://httpd.apache.org/docs/howto/auth.html
http://httpd.apache.org/docs/howto/htaccess.html
http://apache-server.com/tutorials/ATusing-htaccess.html
http://sniptools.com/vault/windows-apache-and-htaccess-authentication.htm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW, in user public_html directory, do you have any files at all. If not, try to create a file named index.html
And make sure that apache process could at least "read" the files in ~user/public_html folder.
* my apology if these had been covered by the links provided by yuzh above :)
And make sure that apache process could at least "read" the files in ~user/public_html folder.
* my apology if these had been covered by the links provided by yuzh above :)
ASKER
Ok, I got in this morning and checked out your suggestions. First off, I did a test for samri's because it was the quickest, and after putting a "/" after the user directory I was able to bring up whatever HTML I had in the corresponding user directory. I'll check out the links for the FAQs you supplied and get back to you in regards to that problem...
But that got me thinking about the problems with my links, which still exist. (BTW ,this is the first Apache system I've tried setting up, and I'm pretty ignorant when it comes to linux-based webservers, so if this is totally out of left field then feel free to tell me I don't know what the hell I'm talking about... Heh) Anyways, what I'm thinking is this: since I have /var/www/html set up to accept requests on port 80 IN ADDTION TO my /~user directories, does that simply mean that any relative links in my web code will just go up one level more, which in this case is the "home" address of the server? My understanding is that the HTML makes a request for a specific URL, and obviously has no concept or sense that it's supposed to stay within the server-side public_html directories, and since my DEFAULT Apache server is configured to accept connections as well, it's just going there. So, in a nutshell, my question is this: can an Apache server accessed via LAN only handle one type of HTML requests reliably without using literal linking in your code? So, a single Apache server cannot handle both HTML requests for the DEFAULT server as well as any user directories? I can see how this wouldn't be a problem on a domain-deployed server, as one can use subdomains to to restrict the browser to the "main" page versus the "user" pages, (ex: www.domain.com and users.domain.com, etc.), but since I'm going to be accessing these pages only via a local LAN do I have to make a choice between using the DEFAULT server OR user public_html resources? If so, how should I instruct the server to only handle /~user requests?
BTW, I'm using Webmin for all of this, so if you can give some instructions relative to that system it'd be greatly appreciated. I know it's probably in my best interest to learn the actual guts of the server and alter the .conf files manually, but that stuff is a bit overwhelming right now. Baby steps... Heh.
But that got me thinking about the problems with my links, which still exist. (BTW ,this is the first Apache system I've tried setting up, and I'm pretty ignorant when it comes to linux-based webservers, so if this is totally out of left field then feel free to tell me I don't know what the hell I'm talking about... Heh) Anyways, what I'm thinking is this: since I have /var/www/html set up to accept requests on port 80 IN ADDTION TO my /~user directories, does that simply mean that any relative links in my web code will just go up one level more, which in this case is the "home" address of the server? My understanding is that the HTML makes a request for a specific URL, and obviously has no concept or sense that it's supposed to stay within the server-side public_html directories, and since my DEFAULT Apache server is configured to accept connections as well, it's just going there. So, in a nutshell, my question is this: can an Apache server accessed via LAN only handle one type of HTML requests reliably without using literal linking in your code? So, a single Apache server cannot handle both HTML requests for the DEFAULT server as well as any user directories? I can see how this wouldn't be a problem on a domain-deployed server, as one can use subdomains to to restrict the browser to the "main" page versus the "user" pages, (ex: www.domain.com and users.domain.com, etc.), but since I'm going to be accessing these pages only via a local LAN do I have to make a choice between using the DEFAULT server OR user public_html resources? If so, how should I instruct the server to only handle /~user requests?
BTW, I'm using Webmin for all of this, so if you can give some instructions relative to that system it'd be greatly appreciated. I know it's probably in my best interest to learn the actual guts of the server and alter the .conf files manually, but that stuff is a bit overwhelming right now. Baby steps... Heh.
ASKER
Hey samri,
I got a chance to check out your suggestions/links to the FAQ a bit more in depth, and while I understnad what's going on, I'm not sure how to go about applying a ServerName directive to httpd.conf.
I'd post my actual conf file here, but the server doesn't have internet access at this location. Heh. Hopefully you could offer some insight anyways, but if not I understand...
I got a chance to check out your suggestions/links to the FAQ a bit more in depth, and while I understnad what's going on, I'm not sure how to go about applying a ServerName directive to httpd.conf.
I'd post my actual conf file here, but the server doesn't have internet access at this location. Heh. Hopefully you could offer some insight anyways, but if not I understand...
hi Mitrleid242,
I can confirm that both -- you should be able to serve both stuff from /var/www/html, and those in ~user/public_html.
It's been a while since I hang around Webmin -- a cool web based admin tool. I *think*. Take a look at the global server configuration. There should be an option to change the ServerName --
Back on ServerName stuff. Check you httpd.conf (most likely in /etc/httpd/conf/) or /usr/local/apache/conf/ (or apache2 correspondingly if you had Apache2 running) depending on your OS and apache installation. edit the file, and locate for the following section:
--
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
#
ServerName localhost
--
Try to change to localhost (or 127.0.0.1), or whatever DNS name that you gave to the apache machine.
Another option that you could try to use mod_rewrite (http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html)
Take a look at the Apache rewriting tutorial, and locate the section on "Trailing slash".
http://httpd.apache.org/docs-2.0/misc/rewriteguide.html
I can confirm that both -- you should be able to serve both stuff from /var/www/html, and those in ~user/public_html.
It's been a while since I hang around Webmin -- a cool web based admin tool. I *think*. Take a look at the global server configuration. There should be an option to change the ServerName --
Back on ServerName stuff. Check you httpd.conf (most likely in /etc/httpd/conf/) or /usr/local/apache/conf/ (or apache2 correspondingly if you had Apache2 running) depending on your OS and apache installation. edit the file, and locate for the following section:
--
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
#
ServerName localhost
--
Try to change to localhost (or 127.0.0.1), or whatever DNS name that you gave to the apache machine.
Another option that you could try to use mod_rewrite (http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html)
Take a look at the Apache rewriting tutorial, and locate the section on "Trailing slash".
http://httpd.apache.org/docs-2.0/misc/rewriteguide.html
ASKER
Sorry for the lack of followups on your input, samri. I just finally got back to it today.
However, Friday was an incredibly hectic day, and it appears I made a ton of changes to the Linux server's configuration before I left and didn't document or record it properly, and now I've got some problems. It would seem that the user directories are no longer functional; I can bring up the Default Server just fine, but when I try to access a user page I'm given a 403 - Forbidden error.
Here's the information from httpd.conf I thougth might be pertinent. If you need anything else to further troubleshoot, please let me know.
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
...and:
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
So, if anyone can help me rectify this then hopefully I can continue with the INITIAL problem. TIA.
However, Friday was an incredibly hectic day, and it appears I made a ton of changes to the Linux server's configuration before I left and didn't document or record it properly, and now I've got some problems. It would seem that the user directories are no longer functional; I can bring up the Default Server just fine, but when I try to access a user page I'm given a 403 - Forbidden error.
Here's the information from httpd.conf I thougth might be pertinent. If you need anything else to further troubleshoot, please let me know.
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
...and:
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
So, if anyone can help me rectify this then hopefully I can continue with the INITIAL problem. TIA.
ASKER
Well, I've rectified the forbidden problem. Sort of... Turns out the permissions on the home director(ies) weren't configured properly; once I gave read and execute permissions to everyone I was finally able to bring up the pages. However, I don't remember this being a problem upon the initial configuration of the server, and to rectify this time I had to manually alter the permissions myself as root. Anyone have any insight as to what I may have changed that requires me to know manually alter the permissions of the public_html directories?
ASKER
Heh. Well, I took a look at mod_rewrite and while it probably could get the job done pretty well, it looks a bit too complicated for the time and effort right now. So, my thinking now is to shoot for the following two configurations:
1. Disable the Default Apache server so that only requests to /~user pages are accepted and served. However, it would seem that this wouldn't necessarily solve my problem, as then the relative links would still try going up another "directory" which would result in the same 404 errors I'm getting now anyway.
OR
2. I could configure the server to handle each domains "page" independantly. I have no idea if this is possible, though. For example I could configure a page at 192.168.111.10, another at 192.168.111.11, and so on.
This seems like such a fiasco for a test server, I know, but it feels necessary. I've done a lot of "pondering" in regards to whether or not the web code(PHP/HTML) I'm writing is too flimsy, but my conclusion is that as far as PHP goes, page resources aren't always going to be regarded as being in the same location anyway. So while I might be able to reference document at /inc/document.php from /index.php, if I try referencing it again from /user/ without using a "../" in my link I'm not going to make the proper reference. So, this is where the 404's are springing up in my code when I put them on the test server, and I guess it's just my question as a self-taught web developer posed to the experienced server admins/web developers out there if I'm going at this the wrong way. I'd love some more input for all facets of the questions I've asked, so if anyone has any ideas I'd love to hear them.
1. Disable the Default Apache server so that only requests to /~user pages are accepted and served. However, it would seem that this wouldn't necessarily solve my problem, as then the relative links would still try going up another "directory" which would result in the same 404 errors I'm getting now anyway.
OR
2. I could configure the server to handle each domains "page" independantly. I have no idea if this is possible, though. For example I could configure a page at 192.168.111.10, another at 192.168.111.11, and so on.
This seems like such a fiasco for a test server, I know, but it feels necessary. I've done a lot of "pondering" in regards to whether or not the web code(PHP/HTML) I'm writing is too flimsy, but my conclusion is that as far as PHP goes, page resources aren't always going to be regarded as being in the same location anyway. So while I might be able to reference document at /inc/document.php from /index.php, if I try referencing it again from /user/ without using a "../" in my link I'm not going to make the proper reference. So, this is where the 404's are springing up in my code when I put them on the test server, and I guess it's just my question as a self-taught web developer posed to the experienced server admins/web developers out there if I'm going at this the wrong way. I'd love some more input for all facets of the questions I've asked, so if anyone has any ideas I'd love to hear them.
hi Mitleidd242,
Not a problem at all.
First the user_dir stuff. I thought it would be best to post the link to apache docs here : http://httpd.apache.org/docs-2.0/howto/public_html.html
You are basically looking at VirtualHosting concept (http://httpd.apache.org/docs-2.0/vhosts/). I would recommend that you use named-based virtualhosting (http://httpd.apache.org/docs-2.0/vhosts/name-based.html) rather than IP based (http://httpd.apache.org/docs-2.0/vhosts/ip-based.html). The Virtual Hosting page on Apache website did have some discussion on both - pro and cons.
One way or another, Apache needs to have read permission to the user public_html, regardless of plain UserDir approach, mod_rewrite, or VirtualHosting method.
cheers.
Not a problem at all.
First the user_dir stuff. I thought it would be best to post the link to apache docs here : http://httpd.apache.org/docs-2.0/howto/public_html.html
You are basically looking at VirtualHosting concept (http://httpd.apache.org/docs-2.0/vhosts/). I would recommend that you use named-based virtualhosting (http://httpd.apache.org/docs-2.0/vhosts/name-based.html) rather than IP based (http://httpd.apache.org/docs-2.0/vhosts/ip-based.html). The Virtual Hosting page on Apache website did have some discussion on both - pro and cons.
One way or another, Apache needs to have read permission to the user public_html, regardless of plain UserDir approach, mod_rewrite, or VirtualHosting method.
cheers.
ASKER
Hey samri,
Thanks for the information. That's helped explain a lot, and I think I'm starting to get a better grasp on how Apache works (as well as Linux filesystems and permissions, for that matter.) But I'm not done yet. I have a question regarding name-based virtual hosting; what's the most effective way to set up a name-based Apache server amoung a small network of computers? Just to play around, I made a few "test" virtual hosts with some nonsense names according to the information/tutorials supplied in your links, and when I restarted Apache I got some errors regarding the resolution of the virual host names I had supplied. So, my question is twofold I guess: what type of "naming scheme" is valid in regards to naming my virtual hosts, and is it going to be necessary for me to configure a DNS server on the Linux machine to be used by any computers that will require any LOCAL web server resources?
Thanks for the information. That's helped explain a lot, and I think I'm starting to get a better grasp on how Apache works (as well as Linux filesystems and permissions, for that matter.) But I'm not done yet. I have a question regarding name-based virtual hosting; what's the most effective way to set up a name-based Apache server amoung a small network of computers? Just to play around, I made a few "test" virtual hosts with some nonsense names according to the information/tutorials supplied in your links, and when I restarted Apache I got some errors regarding the resolution of the virual host names I had supplied. So, my question is twofold I guess: what type of "naming scheme" is valid in regards to naming my virtual hosts, and is it going to be necessary for me to configure a DNS server on the Linux machine to be used by any computers that will require any LOCAL web server resources?
ASKER
Just to recap for future reference:
In response to the server returning a connection error: the solution samri suggested for specifying a ServerName rectified that problem.
As far as the second portion of my problem, I had some inefficiencies in my web code that I had to re-evaluate. I wasn't seeing them until playing with Apache for a while, but now I see how some certain relative links were going up "too far".
In response to the server returning a connection error: the solution samri suggested for specifying a ServerName rectified that problem.
As far as the second portion of my problem, I had some inefficiencies in my web code that I had to re-evaluate. I wasn't seeing them until playing with Apache for a while, but now I see how some certain relative links were going up "too far".
sorry to but in, but i noticed that these question hasn't gotten an answer yet.
it's been 24 days or so
is the problem resolved.
i can't offer any advice to you, i was just following along to learn about the nature of apache
_sorry if this posting isn't considered proper
_mike
it's been 24 days or so
is the problem resolved.
i can't offer any advice to you, i was just following along to learn about the nature of apache
_sorry if this posting isn't considered proper
_mike
https://www.experts-exchange.com/Web/Web_Servers/Apache/