Hola, estoy intentando configurar un servidor web apache con virtualhosts pero la configuración que tengo no funciona correctamente.
Estoy en arch linux por lo que el document root es /srv/http. He creado varios archivos para cada dominio/subdominios (vhost) para tener la configuración bien organizada y poder activar/desactivar facilmente cada uno desde el httpd.conf. El archivo conf/extra/httpd-vhosts.conf solo tiene un bloque * con un documentroot a /srv/http/default (por si accedes usando los name servers que se muestre la página default).
El problema es que todos los dominios/subdominios llevan al document root de apache, que es /srv/http, en lugar del document root del dominio, especificado en cada bloque <VirtualHosts> correspondiente. Por lo que cuando accedo con el dominio o subdominio, se muestra /srv/http y puedo navegar por todas las carpetas de cada dominio/subdominio e incluso las carpetas que deberían ser privadas, como framework o files (desde la barra escribiendo los nombres).
La configuración de apache importante es la siguiente:
DocumentRoot "/srv/http"
<Directory "/srv/http">
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
...
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
# Enabled Vhosts
Include conf/vhosts/domain.dom
Include conf/vhosts/sub1.domain.dom
Include conf/vhosts/sub2.domain.dom
Si comento #Require all granted o lo cambio a all denied da error 403... ¿como hago para que no sea accesible el documentroot mediante el navegador?
Asi són los bloques <VirtualHosts>, uno para el puerto 80 (http) y otro exactamente igual, incluyendo la configuración SSL, para el puerto 443 (https):
# conf/extra/httpd-vhosts.conf
<VirtualHost *>
ServerName default.localhost
DocumentRoot "/srv/http/default"
</VirtualHost>
# conf/vhosts/domain.dom
<VirtualHost domain:80>
### Igual que abajo pero sin la configuración SSL
</VirtualHost>
<VirtualHost domain.com:443>
ServerAdmin webmaster@domain.com
DocumentRoot "/srv/http/domain.com/www"
ServerName domain.com:443
ServerAlias www.domain.com:443
Protocols h2 h2c
<Directory "/srv/http/domain.com/www">
Require all granted
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^index\.php$ - [L]
RewriteRule . index.php [L]
</IfModule>
</Directory>
<IfModule dir_module>
DirectoryIndex index.php
</IfModule>
#SSLEngine on
#SSLCertificateFile "/etc/httpd/conf/apache.crt"
#SSLCertificateKeyFile "/etc/httpd/conf/apache.key"
ErrorLog "/var/log/httpd/domain.com-error_log"
CustomLog "/var/log/httpd/domain.com-access_log" common
</VirtualHost>
Gracias.
Vale, es posible que sea un problema con un servicio del sistema (systemd-resolved) que no se incia correctamente:
Citar# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/etc/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Tue 2016-08-02 23:39:01 UTC; 1h 5min ago
Docs: man:systemd-resolved.service(8)
Process: 3455 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=1/FAILURE)
Main PID: 3455 (code=exited, status=1/FAILURE)
Status: "Shutting down..."
Aug 02 23:39:01 scw-28a908 systemd[1]: Failed to start Network Name Resolution.
Aug 02 23:39:01 scw-28a908 systemd[1]: systemd-resolved.service: Unit entered failed state.
Aug 02 23:39:01 scw-28a908 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 02 23:39:01 scw-28a908 systemd[1]: systemd-resolved.service: Service has no hold-off time, scheduling restart.
Aug 02 23:39:01 scw-28a908 systemd[1]: Stopped Network Name Resolution.
Aug 02 23:39:01 scw-28a908 systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Aug 02 23:39:01 scw-28a908 systemd[1]: Failed to start Network Name Resolution.
Aug 02 23:39:01 scw-28a908 systemd[1]: systemd-resolved.service: Unit entered failed state.
Aug 02 23:39:01 scw-28a908 systemd[1]: systemd-resolved.service: Failed with result 'start-limit-hit'.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-- Subject: Unit systemd-resolved.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit systemd-resolved.service has begun starting up.
Aug 03 00:50:21 scw-28a908 systemd-resolved[3752]: Failed to increase capabilities: Operation not permitted
Aug 03 00:50:21 scw-28a908 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=1/FAILURE
Aug 03 00:50:21 scw-28a908 systemd[1]: Failed to start Network Name Resolution.
-- Subject: Unit systemd-resolved.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit systemd-resolved.service has failed.
--
-- The result is failed.
Aug 03 00:50:21 scw-28a908 systemd[1]: systemd-resolved.service: Unit entered failed state.
Aug 03 00:50:21 scw-28a908 systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Aug 03 00:50:21 scw-28a908 systemd[1]: systemd-resolved.service: Service has no hold-off time, scheduling restart.
Aug 03 00:50:21 scw-28a908 systemd[1]: Stopped Network Name Resolution.
-- Subject: Unit systemd-resolved.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit systemd-resolved.service has finished shutting down.
Aug 03 00:50:21 scw-28a908 systemd[1]: Starting Network Name Resolution...
-- Subject: Unit systemd-resolved.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit systemd-resolved.service has begun starting up.
Aug 03 00:50:21 scw-28a908 systemd-resolved[3756]: Failed to increase capabilities: Operation not permitted
Aug 03 00:50:21 scw-28a908 systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=1/FAILURE
Aug 03 00:50:21 scw-28a908 systemd[1]: Failed to start Network Name Resolution.
El problema empezó justo despues actualizar el sistema por primera vez, la imagen (iso) tiene unos 2 meses creo, y claro habian varias actualizaciones. Fue reiniciar y empezar los problemas.
¿Alguna idea por qué ocurre esto?
Gracias.
Solucionado con la ultima versión de systemd (231) https://github.com/systemd/systemd/issues/3484#issuecomment-239595447