I have setup a lot of Virtual Hosts in Ubuntu but today I needed to do this on a CentOS 7 server. I installed Apache and setup the VHost config but nothing appears when I view the site.
I know that Apache is reading my Config files because if I add a fault in it and restart Apache, it complains about the error. Is there something "else" that is needed on CentOS 7?
What kind of virtualhosts are you trying to achieve? name based I guess.
If you are not running on version 2.4> then you need to enable the name virtual host directive for the IP:PORT pair
NameVirtualHost *:80
The different behavior can depend on the different versions of the Apache servers shipped with the distro.
If not, it could be depending on selinux labels not being set properly. In this case anyway, you would get a permission error. Honestly I don't believe this is the case.
This is the settings that I use on a CentOS 7.3.1611 running Apache 2.4.6 I normally use virtualmin / webmin for configuration, but I have looked at the httpd.conf The basic settings that are in my config are
<VirtualHost xxx.xxx.xxx.xxx:80>
SuexecUserGroup "#502" "#502"
ServerName grid.hosted-systems.co.uk
ServerAlias www.grid.hosted-systems.co.uk
ServerAlias webmail.grid.hosted-systems.co.uk
ServerAlias admin.grid.hosted-systems.co.uk
DocumentRoot /home/grid/public_html
ErrorLog /var/log/grid.hosted-systems.co.uk_error_log
CustomLog /var/log/grid.hosted-systems.co.uk_access_log combined
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/grid/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/grid/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/grid/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/grid/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.grid.hosted-systems.co.uk
RewriteRule ^(.*) https://grid.hosted-systems.co.uk:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.grid.hosted-systems.co.uk
RewriteRule ^(.*) https://grid.hosted-systems.co.uk:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
Alias /dav /home/grid/public_html
<Location /dav>
DAV on
AuthType Basic
AuthName "grid.hosted-systems.co.uk"
AuthUserFile /home/grid/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RewriteEngine off
</Location>
<Files awstats.pl>
AuthName "grid.hosted-systems.co.uk statistics"
AuthType Basic
AuthUserFile /home/grid/.awstats-htpasswd
require valid-user
</Files>
</VirtualHost>
<VirtualHost xxx.xxx.xxx.xxx:80>
SuexecUserGroup "#500" "#500"
ServerName mirrors.hosted-systems.co.uk
ServerAlias www.mirrors.hosted-systems.co.uk
ServerAlias webmail.mirrors.hosted-systems.co.uk
ServerAlias admin.mirrors.hosted-systems.co.uk
DocumentRoot /home/hosted-systems/domains/mirrors.hosted-systems.co.uk/public_html
ErrorLog /var/log/virtualmin/mirrors.hosted-systems.co.uk_error_log
CustomLog /var/log/virtualmin/mirrors.hosted-systems.co.uk_access_log combined
ScriptAlias /cgi-bin/ /home/hosted-systems/domains/mirrors.hosted-systems.co.uk/cgi-bin/
ScriptAlias /awstats/ /home/hosted-systems/domains/mirrors.hosted-systems.co.uk/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/hosted-systems/domains/mirrors.hosted-systems.co.uk/public_html>
Options +Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/hosted-systems/domains/mirrors.hosted-systems.co.uk/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/hosted-systems/domains/mirrors.hosted-systems.co.uk/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/hosted-systems/domains/mirrors.hosted-systems.co.uk/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
Alias "/centos" "/home/shared/CentOS"
<Directory "/home/shared/CentOS">
Options +Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
Require all granted
HeaderName HEADER.html
</Directory>
Alias "/centos/" "/home/shared/CentOS/"
<Directory "/home/shared/CentOS/">
Options +Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
IndexOptions FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=*
Require all granted
HeaderName HEADER.html
</Directory>
</VirtualHost>
The settings here set up two virtual websites using port 80 and bound to the same single IP , this is accessable by using http://servername or http://ServerAlias The DocumentRoot is the location of the files to be servers.
The second VirtualServer is basically the same set up, but it also shows how the Alias section can be used to pull documents from outside the main directory.
As a side note, if anyone spots any vunerabilities in what is posted, let me know or edit and let me know.
Amber-Marie
So the answer to this was that the CentOS server had (by default) blocked the HTTP port 80. This really seems a bit silly but as soon as I allowed the firewall to open these ports for the web traffic, all worked fine:
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
I try firewall-cmd --add-service=http on Centos 7.5 and it work
Related
have a problem with kerberos authentication on apache php
Setup = RHEL 7
apache 2.4 from rhscl
php7 from rhscl configured with php-fpm
Kerberos is working perfectly on http://site.domain/
but not on http://site.domain/index.php
The same problem occurs for all sub directories when accessing a .php file.
There is a rewrite for php to fcgi in the vhost setup.
index.php => $_SERVER['REMOTE_USER']
vhost setup
<VirtualHost *:443 >
## Vhost docroot
DocumentRoot /opt/code70
<Directory /opt/code70>
Options Indexes MultiViews
Options FollowSymLinks
IndexOptions FancyIndexing HTMLTable VersionSort IgnoreCase
IndexOrderDefault Descending Date
IndexIgnore *.php
AuthType Kerberos
AuthName "Kerberos"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms ....
....
KrbVerifyKDC Off
KrbSaveCredentials Off
KrbLocalUserMapping On
KrbAuthoritative On
Order allow,deny
Allow from all
Require valid-user
</Directory>
## SSL directives
SSLEngine on
SSLCertificateFile ......
SSLProtocol -ALL +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLHonorCipherOrder On
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://localhost:9000/opt/code70/$1
</VirtualHost>
So, I need to run multiple php apps/sites on one server. One or many should run using apache and mod_php5, and one or many should be able to run using mod_fastcgi and php-fpm. The mod_php5 ones are currently fine, and the fastcgi ones work if i disable mod_php5, but I'm having difficulty getting them to work at the same time.
I think this can be achieved using some combination of filesmatch, if.mod_fastcgi and if.mod_actions in apache, but I cant work out what it is. We can install any apache modules required to do this if needed.
Super bonus points if there is a different version of the vhost for Apache 2.2 or less and you have that snippet too, or at least know what I should do
Im not going to post the entire vhosts i have as i know they're wrong, but the first, default, mod_php based vhosts are looking like so...
#NameVirtualHost 127.0.0.1:80 < Apache 2.2 or less
<VirtualHost 127.0.0.1:80>
ServerAdmin webmaster#localhost
ServerName some.site.tld
DocumentRoot /var/www/some/site/
<Directory /var/www/some/site/>
Options Indexes FollowSymLinks MultiViews
Require all granted
# Order deny,allow < Apache 2.2 or less
# Allow from all < Apache 2.2 or less
</Directory>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
Ideally, I'd like these to remain untouched, and that we can add more if we need more of these.
The outcome I would like, is to be able to drop in new vhosts configured for mod_php using something like the first configuration, and also drop in vhosts like the following for fast cgi.
# NameVirtualHost 0.0.0.0:80 < Apache 2.2 or Less
<VirtualHost 0.0.0.0:80>
ServerAdmin webmaster#localhost
ServerName some.application.tld
DocumentRoot /opt/some/app/dir/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
<IfModule mod_fastcgi.c>
# php_admin_flag engine off < I tried to use this to disable PHP
AddType application/x-httpd-fastphp5 .php
Action application/x-httpd-fastphp5 /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi_someapp
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi_someapp -socket /var/run/php5-fpm_ptbuild.sock -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Options Indexes FollowSymLinks MultiViews ExecCGI
Require all granted
</Directory>
<Directory /opt/some/app/dir/>
#Options Indexes FollowSymLinks MultiViews ExecCGI
Require all granted
</Directory>
</IfModule>
# I tried to use the below alongside mod_php, didnt work
# <IfModule mod_php5.c>
# php_admin_flag engine off
# AddType application/x-httpd-fastphp5 .php
# <Directory /opt/some/app/dir/>
# Options Indexes FollowSymLinks MultiViews ExecCGI
# Require all granted
# </Directory>
# </IfModule>
</VirtualHost>
If you could post the second vhost, or tell me what I'm doing wrong, thanks very much in advance.
We've got a similar setup on our servers to run 2 versions of PHP, but under the same virtual host. Essentially it's for an old version of the software while transitioning to a new version - 1 runs through the original Apache config and the other through CGI.
Ours is directory based, so slightly different but I think it should work for your situation still.
First, we have the fastCGI config in a separate file /etc/apache2/mods-enabled/fastcgi.conf:
<IfModule mod_fastcgi.c>
# AddHandler fastcgi-script .fcgi
FastCgiWrapper /usr/lib/apache2/suexec
FastCgiIpcDir /var/lib/apache2/fastcgi
FastCgiConfig -idle-timeout 110 -killInterval 120 -pass-header HTTP_AUTHORIZATION -autoUpdate
ScriptAlias /php-fcgi/ /var/www/cgi-bin/
</IfModule>
Then, in the virtual host config itself we have this:
<VirtualHost *:80>
ServerName sitename
...
# Original non-CGI site
<Directory "/sites/webroot/site1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
# FastCGI version
<Directory "/sites/webroot/site2/">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
AddHandler php-cgi .php
Action php-cgi /php-fcgi/php562.fcgi
<FilesMatch "\.php$">
SetHandler php-cgi
</FilesMatch>
</Directory>
</VirtualHost>
I think the key thing that is required for you is the AddHandler and SetHandler directives which make it work. Then you should be able to add as many separate sites either with different directories or individual virtual hosts.
I'm running virtualmin with apache2 on debian wheezy and standard PHP 5.3 and fastcgi
I have a website that calls a symlink pointing to a php file in another user's home directory
so /home/user1/public_html/adserving/ is symlinked to /home/user2/public_html/
The problem is that if I access user2's php file directly, it works, but if I access it through symlink it just spits out "No input file specified" (i guess fastcgi does not find the file's path?)
This is my php5.fcgi for user2:
#!/bin/bash
PHPRC=$PWD/../etc/php5
export PHPRC
umask 022
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=99999
export PHP_FCGI_MAX_REQUESTS
SCRIPT_FILENAME=$PATH_TRANSLATED
export SCRIPT_FILENAME
exec /usr/bin/php5-cgi
This is my apache conf for that virtualserver:
<
VirtualHost XXXXXXXXXXX:80>
SuexecUserGroup "#1012" "#1012"
ServerName adserve.com
ServerAlias www.adserve.com
ServerAlias webmail.adserve.com
ServerAlias admin.adserve.com
DocumentRoot /home/adserve/public_html
ErrorLog /var/log/virtualmin/adserve.com_error_log
CustomLog /var/log/virtualmin/adserve.com_access_log combined
ScriptAlias /cgi-bin/ /home/adserve/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/adserve/public_html>
Options -Indexes +IncludesNOEXEC +FollowSymLinks +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/adserve/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/adserve/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/adserve/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.adserve.com
RewriteRule ^(.*) https://adserve.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.adserve.com
RewriteRule ^(.*) https://adserve.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
</VirtualHost>
(the domain adserve.com is just a placeholder)
Any advice on how to solve the fcgi path resolution problem (if that is indeed the problem) ?
Thanks
I was finally able to solve the problem by relaxing the permissions on the whole traversal path to the file I was trying to symlink to. It needs full read and execute access on the whole path to work as intended
Thanks to all that helped
I am hosting my application on AWS server. I configured Virtualmin on it and created a new virtual server - mydomain.td.lr, and it created a user - mydomain.
I configured a virtual host for it too from the virtualmin interface.
<VirtualHost *:80>
SuexecUserGroup "#500" "#500"
ServerName mydomain.td.lr
ServerAlias www.mydomain.td.lr
ServerAlias webmail.mydomain.td.lr
DocumentRoot /var/www/public_html/mydomain
ErrorLog /var/log/virtualmin/mydomain.td.lr_error_log
CustomLog /var/log/virtualmin/mydomain.td.lr_access_log combined
ScriptAlias /cgi-bin/ /home/mydomain/cgi-bin/
ScriptAlias /awstats/ /home/mydomain/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /var/www/public_html/mydomain>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/mydomain/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/mydomain/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/mydomain/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.mydomain.td.lr
RewriteRule ^(.*) https://mydomain.td.lr:20000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
Alias /dav /home/mydomain/public_html
Alias /pipermail /var/lib/mailman/archives/public
<Location /dav>
DAV on
AuthType Basic
AuthName "mydomain.td.lr"
AuthUserFile /home/mydomain/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RewriteEngine off
</Location>
<Files awstats.pl>
AuthName "mydomain.td.lr statistics"
AuthType Basic
AuthUserFile /home/mydomain/.awstats-htpasswd
require valid-user
</Files>
RedirectMatch /cgi-bin/mailman/([^/\.]*)(.cgi)?(.*) https://mydomain.td.lr:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
RedirectMatch /mailman/([^/\.]*)(.cgi)?(.*) https://mydomain.td.lr:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
</VirtualHost>
This got appended to the httpd.conf.
When I open my application at mydomain.td.lr, the application shows up; but when I open phpmhyadmin, I see a php code there.
Also, when I see source code of phpmyadmin page, all the php code is commented out and code inside html which is php is being shown
I reinstalled phpmyadmin on the server, but still no success.
What went wrong with the configuration???
Removing these two lines does the job for me.
RemoveHandler .php
RemoveHandler .php5
Have you made modification in apache.conf which exists in /etc/phpmyadmin folder?
I think you have to also make entry in phpmyadmin apache.conf and make sure that short tag is not commented in php.ini file.
Hope this will help.
In my case it was
php_admin_value engine Off
in httpd.config Virtual host section.
Once disabled,
# php_admin_value engine Off
everything (virtual sites, phpMyAdmin) worked just fine.
Consider security issue, but mod_php could be enabled either in custom or default template > Apache_website under Virtualmin Server Template
Im using Virtualmin on top of Webmin to configure my websites on a VPS.
Everything worked fine, but now I try to create a new domain, but when I put files in its public_html it gives the php-files to download instead of executing it. How to solve this
These is my apache config (can't find anything strange):
/etc/apache2/sites-available/testbyc.--.nu.conf
SuexecUserGroup "#1009" "#1011"
ServerName testbyc.--.nu
ServerAlias www.testbyc.--.nu
ServerAlias webmail.--.--.nu
ServerAlias admin.testbyc.--.nu
DocumentRoot /home/byc/domains/testbyc.--.nu/public_html
ErrorLog /var/log/virtualmin/testbyc.--.nu_error_log
CustomLog /var/log/virtualmin/testbyc.--.nu_access_log combined
ScriptAlias /cgi-bin/ /home/byc/domains/testbyc.--.nu/cgi-bin/
ScriptAlias /awstats/ /home/byc/domains/testbyc.--.nu/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/byc/domains/testbyc.--.nu/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/byc/domains/testbyc.--.nu/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/byc/domains/testbyc.--.nu/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/byc/domains/testbyc.--.nu/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.testbyc.--.nu
RewriteRule ^(.*) https://testbyc.--.nu:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.testbyc.--.nu
RewriteRule ^(.*) https://testbyc.--.nu:10000/ [R]
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
<Files awstats.pl>
AuthName "testbyc.--.nu statistics"
AuthType Basic
AuthUserFile /home/byc/domains/testbyc.--.nu/.awstats-htpasswd
require valid-user
</Files>
RedirectMatch /cgi-bin/mailman/([^/\.]*)(.cgi)?(.*) https://testbyc.--.nu:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
RedirectMatch /mailman/([^/\.]*)(.cgi)?(.*) https://testbyc.--.nu:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
Alias /pipermail /var/lib/mailman/archives/public
Try commenting out the line
php_admin_value engine Off
It's related to a larger issue that I'm still researching, but a recent update to Virtualmin added that line to some FCGI-related config files, breaking some things for some users.
As the accepted answer has said comment out
php_admin_value engine Off
We had this issue moving a site from one Virtualmin Install with PHP 5.X to a new server with PHP 7.1.
What had happened is that the default configuration for PHP7.1 had the following
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
php_admin_flag engine Off
</Directory>
</IfModule>
This stopped virtualmin from running PHP scripts in users directories by adding that flag to all the local .conf files.
The php7.conf file /etc/apache2/mods-available/php7.conf also had the following
SetHandler application/x-httpd-php
This was causing all child sites to run with the process www-data and not the virtualmin user. Causing write access errors. So comment that out also.