0

Got some trouble using this configurations :

<VirtualHost *:80>
    ServerAdmin **************
    ServerName nagios.vdb.local
    ServerAlias nagios

    DocumentRoot /usr/local/nagios/share

    ErrorLog /var/www/vhosts/nagios/logs/error.log

    LogLevel warn

    CustomLog /var/www/vhosts/nagios/logs/access.log combined

    ServerSignature Off

    ###################
    ###  CONFIG NAGIOS  ###
    ##################

    ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

    <Directory "/usr/local/nagios/sbin">
       Options ExecCGI
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from 10.1.1.0/24

       AuthBasicProvider ldap
       AuthzLDAPAuthoritative off
       AuthLDAPURL ldap://10.1.1.*****************?sAMAccountName?sub?(memberOf=**************)
       AuthLDAPBindDN cn=A***********
       AuthLDAPBindPassword ***********
       AuthType Basic
       AuthName "Nagios Access LDAP"
       Require valid-user
    </Directory>

    Alias /nagios "/usr/local/nagios/share"
    Alias /massAck "/usr/local/nagios/share/NagiosPlus/massAckTool/massAck.php"

    <Directory "/usr/local/nagios/share">
       Options None
       DirectoryIndex index.php
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from 10.1.1.0/24

       AuthBasicProvider ldap
       AuthzLDAPAuthoritative off
       AuthLDAPURL ldap://10.1.1.**************?sAMAccountName?sub?(memberOf=************)
       AuthLDAPBindDN cn=A*************
       AuthLDAPBindPassword ************
       AuthType Basic
       AuthName "Nagios Access LDAP"
       Require valid-user
    </Directory>

    ###################
    ###    CONFIG NRDP    ###
    ##################

    Alias /nrdp "/usr/local/nrdp"

    <Directory "/usr/local/nrdp">
    #  SSLRequireSSL
       Options None
       AllowOverride None
       Order deny,allow
       Allow from 10.1.1.0/24

       AuthBasicProvider ldap
       AuthzLDAPAuthoritative off
       AuthLDAPURL ldap://10.1.1.************?sAMAccountName?sub?(memberOf=***********)
       AuthLDAPBindDN cn=A************
       AuthLDAPBindPassword *********
       AuthType Basic
       AuthName "Nagios Access LDAP"
       Require valid-user
    </Directory>

    #####################
    ### CONFIG Nagiosgraph ###
    ###################

    # enable nagiosgraph CSS and JavaScript
    Alias /nagiosgraph "/usr/local/nagiosgraph/share"

    ScriptAlias /nagiosgraph/cgi-bin "/usr/local/nagiosgraph/cgi"
    <Directory "/usr/local/nagiosgraph/cgi">
       Options ExecCGI
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from 10.1.1.0/24
       AuthBasicProvider ldap
       AuthzLDAPAuthoritative off
       AuthLDAPURL ldap://10.1.1.**********?sAMAccountName?sub?(memberOf=**********)
       AuthLDAPBindDN cn=A*******
       AuthLDAPBindPassword **********
       AuthType Basic
       AuthName "Nagios Access LDAP"
       Require valid-user
    </Directory>

    <Directory "/usr/local/nagiosgraph/share">
       Options None
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from 10.1.1.0/24
    </Directory>

    ##################
    ###    CONFIG Cacti   ###
    #################

    Alias /cacti /usr/local/cacti/

    <Directory "/usr/local/cacti/">
        Options Indexes
        AllowOverride AuthConfig Options
        Order deny,allow
        Deny from all
        Allow from 10.1.1.0/24
    </Directory>

    <Directory /usr/local/cacti/plugins/weathermap>
        <Files editor.php>
            Order Deny,Allow
            Deny from all
            Allow from 10.1.1.232
        </Files>
    </Directory>

    ##################
    ###    CONFIG GLPI   ###
    #################

    Alias /glpi /usr/local/glpi/
    <Directory "/usr/local/glpi">
        Options None
        AllowOverride AuthConfig Options
        Order deny,allow
        Deny from all
        Allow from 10.1.1.0/24
    </Directory>

    ####################
    ###    CONFIG VSHELL   ###
    ##################

    Alias /vshell2 "/usr/local/vshell2"

    <Directory "/usr/local/vshell2">
       Options None
       Options FollowSymLinks
       AllowOverride All
       Order deny,allow
       Deny from all
       Allow from 10.1.1.0/24

       AuthBasicProvider ldap
       AuthzLDAPAuthoritative off
       AuthLDAPURL ldap://10.1.1.******?sAMAccountName?sub?(memberOf=*************)
       AuthLDAPBindDN cn=Ap***********
       AuthLDAPBindPassword *******
       AuthType Basic
       AuthName "Nagios Access LDAP"
       Require valid-user
    </Directory>

</VirtualHost>

My ip is 10.1.1.132 so normally, i have to got acces to anything in this virtualhost. I've deactivated too other configuration, so insted the main httpd.conf, nothing have to mismatch. But i got these trouble:

  • When restarting apache, got a message :

Starting httpd: [Wed Jun 01 10:35:40 2016] [warn] The ScriptAlias directive in /etc/httpd/vhosts.d/nagios.vdb.local.conf at line 104 will probably never match because it overlaps an earlier Alias.

It's this line :

ScriptAlias /nagiosgraph/cgi-bin "/usr/local/nagiosgraph/cgi"

It's the first time i've loaded it, because i used it in the conf.d directory, that i've disabled by commenting the line Include conf.d/*.conf in the httpd.conf...

-Accessing nagios.vdb.local, got a DNS Error --> So i'll use the server IP instead, for prod purpose

  • Accessing /nagios : Everything seems to be good, even if CGI nedd a page reload to be accepted the first time, and i don't understand why...

  • Accessing /massAck : got the code of the main page (it's .php), it will not be executed, so i probably missed a directive

  • Accessing /nrdp : forbidden access

  • Accessing /nagiosgraph : forbidden access

  • Accessing /cacti : got an index of the directory.

  • Accessing /glpi : forbidden access

  • Accessing /vshell2 : i have the main page but it will not appear connected. Note that using alias without virtualhost, everything is good.

Is there a directive first to execute php in virtualhost ? And how to solve my forbidden access in virtualhost (who work using alias when not using virtualhost) ?

Nicolas Frbezar
  • 131
  • 6

1 Answers1

0

My apache2 skills aren't excellent but maybe this will help:

https://httpd.apache.org/docs/current/mod/mod_alias.html

First, all Redirects are processed before Aliases are processed, and therefore a request that matches a Redirect or RedirectMatch will never have Aliases applied. Second, the Aliases and Redirects are processed in the order they appear in the configuration files, with the first match taking precedence.

For this reason, when two or more of these directives apply to the same sub-path, you must list the most specific path first in order for all the directives to have an effect. For example, the following configuration will work as expected:

Alias "/foo/bar" "/baz"
Alias "/foo" "/gaq"

But if the above two directives were reversed in order, the /foo Alias would always match before the /foo/bar Alias, so the latter directive would be ignored.

Maybe you should try to swap the positions of

Alias /nagiosgraph "/usr/local/nagiosgraph/share"
ScriptAlias /nagiosgraph/cgi-bin "/usr/local/nagiosgraph/cgi"

to

ScriptAlias /nagiosgraph/cgi-bin "/usr/local/nagiosgraph/cgi"
Alias /nagiosgraph "/usr/local/nagiosgraph/share"

Hope this helps

Community
  • 1
pat1
  • 11
  • 1