0
Apache/2.4.18 (Ubuntu)
Ubuntu 16.04

Here's my 000-default.conf file:

<VirtualHost *:80>
   ServerAdmin myanme@myserver.net
   ServerName myserver.net
   DocumentRoot /home/utils/rails/public
   <Directory /home/utils/rails/public>
      AllowOverride all
      Options -MultiViews
      Require all granted
   </Directory>
   LogLevel warn
   ErrorLog ${APACHE_LOG_DIR}/myserver.net_error.log
   CustomLog ${APACHE_LOG_DIR}/myserver.net_access.log combined
</VirtualHost>

File settings for the /home/utils/rails/public directory are set to 0755

I am getting:

Forbidden

You don't have permission to access / on this server.

This is the first time I run into this. Any ideas?

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
EastsideDev
  • 301
  • 3
  • 13
  • *"Forbidden. You don't have permission to access / on this server."* - That looks like the error you will see as a site visitor. As a server administrator the next step would be to take a look at the (error) log file on the server, typically you get a more useful error message there... - Frequently the problem is a missing Index file (i.e. you don't have an index.html or you want to use index.php and have not defined it with the [`DirectoryIndex`](https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex) directive) or the permissions at a higher level directory are incorrect. – HBruijn Oct 11 '17 at 07:58
  • Don't edit your solution into the question. Instead, post it as an answer and accept it. – Gerald Schneider Oct 11 '17 at 08:54

2 Answers2

1
  • he fixed Directory / in the answer already * Your own solution is the worst advice possible. Directory directive represents the directory of the filesystem. What actually solved your issue is setting "AllowOverride none" in which probable a rogue .htaccess file was changing your permissions at first.

Set directory in your virtualhost to your documentroot and if you are the admin, don't use .htaccess, since as you can see, if you don't perfectly know what you are doing it will lead you to confusion and mistakes, so the real answer is, set directory to the documentroot and set allowoverride none, control the access within the virtualhost, all in one place for easy checking.

<VirtualHost *:80>
   ServerAdmin myanme@myserver.net
   ServerName myserver.net
    DocumentRoot "/home/utils/rails/public"
    <Directory "/home/utils/rails/public">
        AllowOverride None
        Require all granted
   </Directory>
   LogLevel warn
   ErrorLog ${APACHE_LOG_DIR}/myserver.net_error.log
   CustomLog ${APACHE_LOG_DIR}/myserver.net_access.log combined
</VirtualHost>

If you wonder where <Directory /> belongs, it belongs in server config (or global config, outside of virtualhost) and should be set to Require all denied. Otherwise you are actually giving access to everyone to your whole filesystem.

I also removed your IfModule for mod_negotation since to disable multiviews is the same as not having it so an Ifmodule mod_negotiation to disable multiviews makes little sense.

ezra-s
  • 2,215
  • 1
  • 7
  • 13
  • This is a clean install. There were no .htaccess files around. – EastsideDev Oct 11 '17 at 10:09
  • @EastsideDeveloper if that's really true the first example would have worked for you from the start. I don't mean you are lying, but there was something else not in that example changing the behaviour in the config you showed. AllowOverride all is the only thing that points to that in that example. – ezra-s Oct 11 '17 at 10:18
  • No. This is a clean install. Spun an new instance on ubuntu 16.04 from AWS, created the utils user/home directory, installed mysql server/client I deleted the instance and restarted one more time. The same results. The only thing that's different, is "Require all granted" – EastsideDev Oct 11 '17 at 10:20
  • I tested AlloweOverride both ways (None and All), and it makes no difference. – EastsideDev Oct 11 '17 at 10:24
  • @EastsideDeveloper Require all granted was already specified in the first example! – ezra-s Oct 11 '17 at 10:48
0

The following solved the problem:

<VirtualHost *:80>
   ServerAdmin myanme@myserver.net
   ServerName myserver.net
    DocumentRoot "/home/utils/rails/public"
    <Directory "/home/utils/rails/public">
        <IfModule mod_negotiation.c>
            Options -MultiViews
        </IfModule>
        AllowOverride None
        Require all granted
   </Directory>
   LogLevel warn
   ErrorLog ${APACHE_LOG_DIR}/myserver.net_error.log
   CustomLog ${APACHE_LOG_DIR}/myserver.net_access.log combined
</VirtualHost>

The key is:

Require all granted

This is used since Apache 2.4. The other directives are not key to the access issue, but I have them to disallow .htaccess directives (ALlowOverride) and deal with Multiviews

Setting permissions to 0755 works and did not need to be changed

*Fixed typo where the directory path did not copy

EastsideDev
  • 301
  • 3
  • 13