If you google it, I am sure you will find a solution to include /web/apps into <Directory> directive and you will be asked to set +x permissions on /web & /web/apps folder (using chmod 755)
And your Apache vhost will look similar to it
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /web/apps
<Directory "/web/apps" >
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>After doing it if you restart Apache and try you will still get "403 forbidden error"
If you further google, you will find out this is because of SE Linux and steps to disable that.
Basically "sudo setenforce 0", and you can call it a day since everything start to work.
However with "sudo setenforce 0" you are disabling the entire SE Linux security. There is a better way to do that and that is what all this Blog is about.
And here you go.
sudo semanage fcontext -a -t httpd_sys_content_t "/web/apps(/.*)?"sudo restorecon -R -v /web/appsThat's it folks. If you want to see what magic it does, use the special flag -Z with ls
[ec2-user@ip-10-0-0-1 ~]$ ls -Z /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[ec2-user@ip-10-0-0-1 ~]$ ls -Z /web
drwxrwxr-x. rxds rxds unconfined_u:object_r:httpd_sys_content_t:s0 apps
drwxrwxr-x. rxds rxds unconfined_u:object_r:default_t:s0 another_directory
More info at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html
No comments:
Post a Comment