top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Why VirtualHost serving 403's for Aliased directories?

+2 votes
318 views

I am attempting to set a VirtualHost to Alias two directories, and proxy everything else to a Gunicorn server (adding SSL in passing). The VirtualHost is:

 ServerName abc.xyz.com 
 Alias /media/ "/home/xxx/media/"
 ErrorLog /var/log/apache2/error.log
 Options Indexes MultiViews FollowSymLinks 
 AllowOverride None
 Order deny,allow
 Deny from all
 Allow from 127.0.0.0/255.0.0.0::1/128
 Alias /admin/static/ "/usr/lib/python2.7/dist-packages/django/contrib/admin/static/"
 Options Indexes MultiViews FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
 Deny from none
 ProxyPass /media/ !
 ProxyPass /admin/static/ ! 
 ProxyPass / http://localhost:8080/
 ProxyPassReverse / http://localhost:8080/

 SSLEngine On
 SSLCertificateFile /etc/apache2/ssl/ssl.crt
 SSLCertificateKeyFile /etc/apache2/ssl/ssl.key

Any ideas as to what here is causing trouble?

posted Jan 27, 2014 by Bob Wise

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button
Usually there'd be a hint in the error.log. Likely /home/xxx/ not world-executable.

Similar Questions
0 votes

I am using Apache 2.2 on LE for several years now and I use intensively the virtual host mechanism (300 virtual hosts per http instance).

As soon as you start sharing resources between applications, you want to protect your platform and prevent an application from taking all the threads and cause a resource starvation for the others.

To do so i used the third party mod_qos module to limit the number of simultaneous connections per virtual hosts. Now that i intend to migrate to Apache 2.4, my first tests reveal that this module is not compatible with this version of Apache, thats also the warning that developer raised for his module.

It appears that I don't find any real alternative to substitute the mod_qos module with something else. Here are my questions :
- Can you confirm that Apache does not provide any mechanism allowing to limit the number of connection per virtual host, just to be sure that I am not missing something ?
- Why Apache doesn't provide such a functionality ? :) From my very humble user perspective, I am surprised that this is not a native functionality as it seems to me that my need is probably shared by many users. Moreover Apache provides many other complex functionalities, the one I am describing would be probably something simple to implement compared to other functionalities already available.

+2 votes

I want to run three virtual hosts on separate IP addresses for notification messages (the reason is due to how the network kit does the redirection of traffic)

On each of these virtual hosts I want a request for any URI to be sent to the document root default (/index.html or just /)

What the best way to achieve this per virtual host?

+1 vote

I try to configure apache virtual hosts after NAT. There are two name (like abc.dom.com and cde.dom.com) which refer to the same external address. This address is given to wan-port of a gateway and assigned to
be NAT to internal address where apache is up with ports 80 to 80.

Does it possible to configure the apache so it distinguishes name abc.* and cde.* (used by clients externally) and returns different pages (provided two s are configured)?

Which Directives are implemented in the case? Or, maybe, the example of such httpd.conf?

+1 vote

I have 3 virtual hosts that for all I can see are configured identically other the the obviously needed differences. The same is true of the 3 crt files.

 ServerName public.mydomain.com
 DocumentRoot /var/www/html
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/public.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

 ServerName distrib.mydomain.com
 DocumentRoot /var/www/html/distrib
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/distrib.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

 ServerName mail.mydomain.com
 DocumentRoot /usr/local/squirrelmail/www
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/mail.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

The problem is that 2 of them work perfectly and the lock shows up in the browser. With the third (public), I get a gray globe indicating partial encryption which does not prevent eavesdropping. I have no clue
how to debug this or even where to look. Can someone point me in the right direction?

...