1

I have a simple file server (apache 2.4 on centos 7) with following structure: /index.html - a page to make sure there is no directory listing here /upload - php scripts for upload /storage - base dir for files /storage/upload - files uploaded by php /storage/public - files that are not password protected

I can't make directory listing work. For example in /storage/public I see the /index.html page. There is no index.html in /storage/public. If I delete this page I see default apache "testing 123" page in / page and directory listing works in /storage/public (and all other places that have +Indexes). Why /index.html is showing in /storage/public/

<IfModule mod_ssl.c>
<VirtualHost *:443>
  DocumentRoot "/home/webroot/www"
  ServerName subdomain.example.com

  ErrorLog "/home/rootdir/log/subdomain.error.log"
  CustomLog "/home/rootdir/log/subdomain.access.log" common

  SuexecUserGroup user apache

#Set caching on image files for 11 months
<filesMatch "\.(ico|gif|jpg|png|js|css)$">
  #ExpiresActive On
  #ExpiresDefault "access plus 11 month"
  Header append Cache-Control "public"
</filesMatch>

  <Directory "/home/webroot/www" >
    AllowOverride None
    Options -ExecCGI -Indexes +Includes +SymLinksIfOwnerMatch +MultiViews

    Require all granted
  </Directory>
  <Directory "/home/webroot/www/storage/upload" >
    AllowOverride None
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /home/rootdir/.htpasswd
    Require valid-user
    <FilesMatch "\.php$">
      SetHandler "proxy:unix:/usr/local/php73/var/run/php-fpm.sock|fcgi://localhost/"
    </FilesMatch>

  </Directory>
  <Directory "/home/webroot/www/storage/" >
    AllowOverride None
    Options +Indexes +SymLinksIfOwnerMatch +MultiViews

    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /home/rootdir/.htpasswd
    Require valid-user
    #Require all granted
    RemoveType .php

    Order allow,deny
    Allow from all
  </Directory>

  <Directory "/home/webroot/www/storage/public" >
    Options +Indexes +SymLinksIfOwnerMatch +MultiViews
    AuthType None
    Require all granted
    Satisfy Any
  </Directory>

  <Directory "/home/webroot/www/.well-known" >
    AuthType None
    Require all granted
    Satisfy Any
    Allow from all
  </Directory>

  <Directory "/home/webroot/www/storage/upload" >
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /home/rootdir/.htpasswd
    Require valid-user
  </Directory>

  <IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
  </IfModule>


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/subdomain.example.com/chain.pem

</VirtualHost>
</IfModule>

Update:

# apachectl -M|grep autoindex
 autoindex_module (shared)

Another vhost have the following problem: there is index.html in root folder for the vhost I use

Options -ExecCGI -Indexes

So I have a subdirectory /test and I put another index.html, but when I open /test/ in my browser I see the /index.html instead of /test/index.html

No php in this vhost at all.

NickSoft
  • 248
  • 6
  • 22

3 Answers3

1

The listed problem gives the impression that there is issues with permissions in the folders involved.

There are several kinds of permissions to be checked:

  • process user/group of httpd:

    • use ps axo pid,user,group,comm

  • file system permissions:

    • users, groups, read-, write-, execute-flags (use ls -l and or ls -lR, ls -ld)

  • SELinux permissions:

    • in case it is active, which is likely on CentOS (use sestatus to verify status and mode)
    • File Permission contexts (use ls -lZ and or ls -lRZ ls -ldZ)
    • httpd SELinux context (use ps -axZ | grep httpd)
    • SELinux booleans (use getsebool -a | grep httpd)
    • check audit logs while trying to generate a directory listing (use tail -f /var/log/audit/audit.log)
hargut
  • 3,848
  • 6
  • 10
  • Usually when there is a problem with permissions I get an error. Instead the effect is that I get a index.html from the parent directory. SELinux is disabled (doule checked sestatus shows disabled). I run `chown :apache . -R` in the webroot - everything has the same permissions (both /index.html and /test/index.html). It more looks like rewrite to me. How do I debug modrewrite. – NickSoft Jan 05 '20 at 16:18
  • 1
    Try setting `LogLevel warn rewrite:trace3` in case you suspect rewriting to cause the issue. Also commands like `httpd -t -D DUMP_VHOSTS|DUMP_RUN_CFG|DUMP_MODULES|DUMP_INCLUDES` can be very helpful to understand the full configuration of the webserver. – hargut Jan 05 '20 at 16:54
  • I did solve the problem. But I've had problem with mod_rewrite before and I couldn't easily debug it. This could prove useful. Where do I look for the rewrite trace - in access log or error log? – NickSoft Jan 05 '20 at 16:59
  • Seen that after adding the comment. I'm glad you could solve the issue. I think it is to be found in `CustomLog` after enabling. – hargut Jan 05 '20 at 17:10
  • Hmm. it is apache 2.4 only. does not work on apache 2.2 – NickSoft Jan 05 '20 at 17:22
  • 1
    For 2.2 the following should work: `RewriteLogLevel 3` `RewriteLog "/usr/local/var/apache/logs/rewrite.log` – hargut Jan 05 '20 at 17:49
  • 1
    Well both answers did not help with finding the solution, but you were more supportive. I won't let the bounty go to waste so I have to award someone so here you are. – NickSoft Jan 06 '20 at 23:38
  • Thank you! I'm happy you could solve your issue. – hargut Jan 07 '20 at 07:01
1

The problem was that I had changed the global setting from:

DirectoryIndex index.php index.html

to:

DirectoryIndex /index.php index.php /index.html index.html

in an effort to fix another problem - I use php fpm server with ProxyPassMatch directive like this:

ProxyPassMatch ^/(.*.php(/.*)?)$ unix:/path/to/php-fpm.sock|fcgi://localhost/home/userdir/www/$1

As I read on apache.org. The problem with that when using ProxyPassMatch and index.php is missing apache does not load index.html (another similar problem)

Restoring global directive to:

DirectoryIndex index.php index.html

fixed the problem, but I still have the problem when having ProxyPassMatch in the vhost apache does not fall back to index.html when index.php is missing.

Now I have to award the bounty to someone. If I can't split it between the two answers I'll award it to little_dog because I think he's a bit closer to my issue.

NickSoft
  • 248
  • 6
  • 22
0

check if you have enalbed autoindex module, by: apachectl -M should be:

Loaded Modules:
...
autoindex_module (shared)
...

if its not, you need to to enabled it, in Centos refer to: https://unix.stackexchange.com/questions/258854/disable-and-enable-modules-in-apache-centos7

update #1

for directory listing works, you can't have index.html in your directory, check: https://cwiki.apache.org/confluence/display/httpd/DirectoryListings

If no file from the DirectoryIndex directive can be located in the directory, then mod_autoindex can generate a listing of the directory contents.

little_dog
  • 146
  • 4
  • autoindex is there, but directory listing is not the main problem. /index.html is shown in subdirectories even if there are different index.html files - see update – NickSoft Dec 31 '19 at 09:18