In PHP 7.2 on a Centos 7 machine, I'm trying to access an Apache Jena Fuseki 3.6 SPARQL endpoint.
Fuseki runs on port 3030, the name of the dataset is ds and I can successfully run curl http://localhost:3030/ds - while being logged in on that system even with a user without any rights.
Everything seems fine so far.
However, when I try in a PHP script to do fopen("http://127.0.0.1:3030/ds","r"); or fopen("http://localhost:3030/ds","r"); I always end up with PHP Warning: fopen(http://localhost:3030/ds): failed to open stream: Permission denied.
Fetching a file from the WWW or even from the very same Apache server like fopen("http://localhost/mytest.html","r"); works though.
Are there any special permissions necessary for accessing a different localhost port? firewalld is deactivated, btw.
It turned out that SELinux is the cause of the problem, preventing Apache from doing outbound connections on other ports.
See here: http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/
Related
My dilemma is that I have two domains running on localhost, domain_a and domain_b. They're both running nginx, apache, and php-fpm. domain_a is running CodeIgniter 3.0.0, and domain_b is running CodeIgniter 4. In another VM, I had domain_a in a Docker container, and was able to hit the API endpoints in domain_b without any issues. Development work made it a requirement to have them both be on the same server, as it's close to how it will be in other environments.
For specifics, we're using the PHP oAuth module, and it throws an error that "making the request failed (dunno why)", which is extremely helpful. After some digging, I found that I could hit other endpoints without issue (such as google.com and a known endpoint outside these domains). I attempted to use cURL in place of oAuth (just a simple test to hit the endpoint), and I consistently get the same error.
tls_process_server_certificate:certificate verify failed
The certs I use are all self-signed for both domains, and I'm able to reach both domains from within the browser without issue. If it matters, both domains have user certs when logging in, but the users aren't the same, as each domain has their own self-signed CA.
My current code is this:
$conn = new OAuth($consumer_key, $consumer_secret, $oauth_sig_method);
$conn->enableDebug();
/*
if (is_on_local()) {
$conn->setCAPath('path/to/cert.cert');
}*/
$conn->disableSSLChecks();
$token = $conn->getRequestToken($auth_url);
I left the commented out part in to show what I've tried - I've tried pointing that to the system cert, domain_a CA, and domain_b CA, none of which worked. It looks like (for some reason) $conn->disableSSLChecks() isn't working, but I'm not sure of that. The error thrown is in the call to getRequestToken().
My etc/hosts file:
127.0.0.1 domain_a.tld
127.0.0.1 domain_b.tld
The actual TLD isn't tld, but again, they work in the browser and it worked before when domain_a was in Docker.
I've already tweaked domain_a enough so CI 3 works with PHP 8, so I'm convinced the problem is talking from one domain to the other. I'm running RHEL 8, and I've already got SELinux set to Permissive (actually disabled, I think, for development). There's nothing in httpd, nginx, php-fpm, or firewall logs. The only indicator I have is what I get from CI 3 logs in domain_a:
Severity: Warning --> OAuth::getRequestToken(): SSL operation failed with code 1.
OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /path/to/file
Severity: Warning --> OAuth::getRequestToken(): Failed to enable crypto in /path/to/file
Severity: Warning --> OAuth::getRequestToken(domain_b/oauth/access): Failed to open stream: operation failed in /path/to/file
I feel like the answer is right there, I'm just not seeing it.
As usual, shortly after explaining my issue I found the fix.
Currently, I have the endpoint as https://domain_b.tld/oauth/access. After some tinkering, I got a different error about SSL version. That put me on the track to the correct answer:
http://domain_b.tld:port/oauth/access. I'm able to hit the endpoint now without issue. I've got a virtual hosts file that, even though both domains are on the same port, I had to specify it or the call fails.
If anyone else runs into this issue, check the base URL. I never would have thought about hitting http rather than https as a solution.
I am new to cakephp, and following the 'Bookmarkers Tutorial'. I get to know that I can access the project using two kind of urls(I am using apache and the folder is located at /var/www/html/bookmarker):
localhost:8765
and
localhost/bookmarker
Now, when I use the first url, I get the following warning message on top:
warning(2) : file_put_contents(/var/www/html/bookmarker/logs/error.log): failed to
open stream: Permission denied [CORE/src/Log/Engine/FileLog.php, line
133]
But is not the case with the second url !
Why is there such a difference b/w these two urls? Which one should be used? And how to resolve that message appearance? Any help is greatly appreciated!
It's two servers here.
"localhost:8765" is the server built-in by CakePHP when you run the command: "bin/cake server" but you already have Apache web server at "localhost", so you don't need it.
And 2 servers being ran by 2 users:
localhost:8765 is you
localhost is apache
That's why you don't have permission to write log file (owned by apache)
Just stop the server built-in (bin/cake server), and use Apache server (2nd URL)
In case you want to use the server built-in, stop Apache server and remove everything inside "/var/www/html/bookmarker/logs/", the error message will gone.
I'm trying to read a file on a mapped network drive(shared folder on a Windows XP machine) through a PHP code & using IIS 7 (and it is set up on a windows 7 machine). When I run my code I get an Access denied error, "failed to open stream: Permission denied". I'm using below code to access the file:
$handle = fopen('\\\\servername\\sharedfolder\\test.txt', "r");
I checked permissions on the host machine(running XP). Under the sharing tab, it is only showing share this folder on the network check box , and Allow network users to change my files check boxes and both are checked. Windows firewall is off for the time being.
Any help to fix this issue is very much appreciated.
Solved the problem SOLUTION: Created a new user account with password. In IIS Manager, changed IIS Anonymous Authentication from IUSR to the new user account and gave the same password. Windows XP sharing has been set to 'Everyone' with Read permission
I am running phpMyAdmin on an amazon EC2 ubuntu lamp stack, configured to use a remote RDS server.
I have run the sudo dpkg-reconfigure phpmyadmin configuration script, accessed RDS using the master username and master password (not rdsadmin but that set on initialisation), and can log into the phpMyAdmin console.
However, every refresh of the phpMyAdmin interface creates a new failed connection. In the logs I see:
2014-01-14 23:42:20 12879 [Warning] Access denied for user
'phpmyadmin'#'[IP address]' (using password: YES)
What is the best way to try and debug this?
SOLVED
For reference, when using EC2 with RDS and the phpmyadmin installation wizard above, the control user is set to use an unresolvable host, such as ip-[EC2 IP ADDRESS].eu-west-1.compute.internal. Simply changing the host to your actual EC2 IP address allows the connection to become valid and failed connections no longer occur.
This may be because you've configured a controluser in your config.inc.php file (naming the controluser 'phpmyadmin'), but that isn't actually a valid user on the server. If that's the case, you could resolve it by either removing that line from the configuration or creating the user using the script provided (normally in the "examples" folder, but who knows where it is in the Ubuntu file system).
Try grep phpmyadmin config.inc.php on the configuration file and see if anything interesting is found.
Though, come to think of it, normally Ubuntu handles that sort of thing for you, so it's possible you've got a larger misconfiguration going on here. I'd also try reconfiguring it (dpkg-reconfigure --plow phpmyadmin) and see if you can get any further.
Are there any error or warning messages displayed within phpMyAdmin?
Did you add the EC2 ip address to the RDS security group ?
Check this a similar link Using PHPMyAdmin to administer Amazon RDS
Thanks
I have a LAMP application that uses LDAP binds (to Active Directory) to validate user credentials. This works on the production server running RHEL 6.2. I'm trying to set up my own test environment in a VM using CentOS 6.2 and similar versions of packages.
On my VM, calls to ldap_start_tls fail for the application when run inside Apache. I get:
PHP Warning: ldap_start_tls(): Unable to start TLS: Can't contact LDAP server in...
But on the same system, I installed phpsh. If I use phpsh to execute the PHP code file, it works.
The code is a basic sequence of ldap_connect, ldap_set_option (to set LDAPv3), ldap_start_tls, and ldap_bind.
The LDAP server is using an internal Active Directory-generated certificate authority, so it isn't automatically trusted. In /etc/openldap/ldap.conf, I have:
TLS_REQCERT allow
The setting seems to be working. If I change the value to always, ldap_start_tls fails in phpsh too. This is the same setting as in the production environment.
I tried installing what should be the AD root CA certificates by saving a .pem file (with 2 certificates) and adding this line to /etc/openldap/ldap.conf:
TLS_CACERT /etc/openldap/certs/ad_roots.pem
I didn't see any change, but perhaps I needed to do more. And I'm not 100% sure those were the right certificates.
I think using phpsh is a valid test for the PHP setup, but it is running as a different user (root) so the environment is different. SELinux is on (enforcing), but I do not see any messages about access denials for Apache in audit.log.
Why doesn't this work for Apache?