OpenVZ Forum


Home » General » Support » *SOLVED* apache2: access denied
*SOLVED* apache2: access denied [message #16402] Tue, 04 September 2007 19:31 Go to next message
ggonzalez is currently offline  ggonzalez
Messages: 18
Registered: July 2007
Junior Member
Hi,

I have been struggling with the following problem for a couple of days. I have run out of ideas to solve it.

Here is the situation:

I have a VE configured with veth interface, with apache2 freshly installed. infrahn01 is the HN and infravs01 is the VE.


root@infravs01:~# uname -a
Linux infravs01.integra.com.py 2.6.18-ovz028stab039.1-enterprise #1 SMP Tue Jul 24 12:28:02 MSD 2007 i686 GNU/Linux


root@infravs01:~# dpkg -l|grep apache
ii apache2-mpm-prefork 2.2.3-4+etch1 Traditional model for Apache HTTPD 2.1
ii apache2-utils 2.2.3-4+etch1 utility programs for webservers
ii apache2.2-common 2.2.3-4+etch1 Next generation, scalable, extendable web se
ii libapache2-mod-php4 4.4.4-8+etch3 server-side, HTML-embedded scripting languag


root@infravs01:~# ip a l
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: venet0: <BROADCAST,POINTOPOINT,NOARP> mtu 1500 qdisc noop
link/void
5: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:0c:29:19:45:6d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.241/32 scope global eth0


root@infravs01:~# ip r l
default dev eth0 scope link


root@infravs01:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@infravs01:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



infrahn01:~# ip a l
2: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:8d:83:09:35 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.231/24 brd 10.0.0.255 scope global eth0
inet6 fe80::250:8dff:fe83:935/64 scope link
valid_lft forever preferred_lft forever
8: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:06:4f:4a:37:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.254.1/24 brd 192.168.254.255 scope global eth1
inet6 fe80::206:4fff:fe4a:37e8/64 scope link
valid_lft forever preferred_lft forever
7: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,10000> mtu 1500 qdisc noqueue
link/void
9: veth101.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:0c:29:19:45:6c brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe19:456c/64 scope link
valid_lft forever preferred_lft forever



infrahn01:~# ip r l
10.0.0.241 dev veth101.0 scope link
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.231
192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.1
default via 10.0.0.203 dev eth0



infrahn01:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



infrahn01:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



I can successfully ping and resolve names to my network's hosts, both way.



root@infravs01:~# netstat -a|grep www
tcp6 0 0 *:www *:* LISTEN



My apache2 configurations are the standard one after installation, plus the following:

root@infravs01:~# more /etc/apache2/conf.d/gosa.conf
# Configuration for GOsa using php4.

# Set alias to gosa
Alias /gosa /usr/share/gosa/html
<Directory /usr/share/gosa/html>
Order Deny,Allow
Deny from all
Allow from all
</Directory>

All directories and files pointed to by these configurations are owned by root:root, and have these permissions:
root@infravs01:~# ls -al /var/www
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 .
drwxr-xr-x 14 root root 1024 2007-08-31 15:35 ..
drwxr-xr-x 2 root root 1024 2007-08-31 15:35 apache2-default
root@infravs01:~# ls -al /var/www/apache2-default/
drwxr-xr-x 2 root root 1024 2007-08-31 15:35 .
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 ..
-rw-r--r-- 1 root root 2205 2005-12-14 13:25 apache_pb22_ani.gif
-rw-r--r-- 1 root root 2410 2005-12-14 13:25 apache_pb22.gif
-rw-r--r-- 1 root root 1502 2005-12-14 13:25 apache_pb22.png
-rw-r--r-- 1 root root 2326 2004-11-20 17:16 apache_pb.gif
-rw-r--r-- 1 root root 1385 2004-11-20 17:16 apache_pb.png
-rw-r--r-- 1 root root 44 2004-11-20 17:16 index.html
root@infravs01:~# l /usr/share/gosa/
drwxr-xr-x 2 root root 1024 2007-08-31 15:35 bin
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 doc
drwxr-xr-x 5 root root 1024 2007-08-31 15:35 html
drwxr-xr-x 3 root root 1024 2007-08-31 15:35 ihtml
drwxr-xr-x 3 root root 3072 2007-08-31 15:35 include
drwxr-xr-x 9 root root 1024 2007-08-31 15:35 locale
drwxr-xr-x 8 root root 1024 2007-08-31 15:35 plugins


From another machine in the network, I point my mozilla browser to:

http://infravs01.integra.com.py/

and i get:

Forbidden

You don't have permission to access / on this server.
Apache/2.2.3 (Debian) PHP/4.4.4-8+etch3 mod_ssl/2.2.3 OpenSSL/0.9.8c Server at infravs01.integra.com.py Port 80

The /var/log/apache2/error.log shows:
[Tue Sep 04 15:05:21 2007] [error] [client 10.0.0.220] (13)Permission denied: access to /doc/ denied
[Tue Sep 04 15:12:35 2007] [error] [client 10.0.0.220] (13)Permission denied: access to / denied


I installed this same version of apache2 in a VMware virtual server. The same apache2.conf and others .conf. Same permissions, etc. And it works. So my guess is that there is something in VZ or my VZ configuration precluding apache2 from working.

I would greatly appreciate any help.

Best regards,
Gustavo.


[Updated on: Fri, 07 September 2007 13:28]

Report message to a moderator

Re: apache2: access denied [message #16415 is a reply to message #16402] Wed, 05 September 2007 13:15 Go to previous messageGo to next message
ggonzalez is currently offline  ggonzalez
Messages: 18
Registered: July 2007
Junior Member
I have looked and looked, and can't find a good reason why apache2 is not willing to serve the pages. Although it says that it is forbidden to access these pages, it is not. It is the standard configuration, where the root of the site (/var/www) has Allow from all. And, when tried this same installation procedure on another machine (either real or VMware), apache2 serves those pages correctly.

I have even created a new VE, with venet (not veth), and the results are the same.

Is somebody in this forum using apache2 within a VE?
What special tricks are needed for this to work?

Thanks a lot for any help.

Best regards,
Gustavo.
Re: apache2: access denied [message #16416 is a reply to message #16402] Wed, 05 September 2007 16:32 Go to previous message
ggonzalez is currently offline  ggonzalez
Messages: 18
Registered: July 2007
Junior Member
I finally found the source of the problem!

Inside the VE, the root directory of the server (/) had 700 as its permissions. I don't know why.

I opened this (chmod 755 /), and everything worked as it should.

I don't recall having set this in the template.

Is this something that vzctl is doing when creating a new VE?

Regards,
Gustavo.
Previous Topic: *SOLVED* Shorewall
Next Topic: *SOLVED* apt-proxy/approx does not work under VE
Goto Forum:
  


Current Time: Sat Nov 09 18:04:00 GMT 2024

Total time taken to generate the page: 0.03298 seconds