Re: [OpenXPKI-users] Missing index.html

Wed, 21 Feb 2024 12:35:07 -0800 

On Wed, February 21, 2024 13:10, Oliver Welter wrote:
> Hi James,
>
> the package should install default.html - just make a copy or a symlink
> to index.html and you should be good to go.
>

I found an index.html file in /usr/local/www/openxpki/htdocs.  This file has
the same contents as /usr/local/share/examples/openxpki/htdocs/default.html,
which I presume is the default.html file that you wrote of.  However, I cannot
find any reference in the documentation that this file should be in
/usr/local/www/openxpki/ as well as or instead of ./htdocs/.  So, I am
concerned that I have misconfigured something and that the Apache configuration
file root directory should be pointing at /usr/local/www/openxpki/htdocs/.

Installing default.html as index.html in /usr/local/www/openxpki/ removes the
Forbidden warning and the logged error.  However, now what is see instead is:

 OpenXPKI is loading...

And in the access log I see this:

192.168.216.89 - - [21/Feb/2024:14:24:14 -0500] "OPTIONS * HTTP/1.0" 200 - "-"
"Apache/2.4.58 (FreeBSD) OpenSSL/1.1.1t-freebsd
mod_fastcgi/mod_fastcgi-SNAP-0910052141 (internal dummy connection)"

Top reveals this:

77740 openxpki      1  20    0   229M   189M nanslp   0   4:55   0.12% perl



This is the relevant excerpt from my Apache configuration file:

. . .
Define __HOST_IPV4      '192.168.216.89'
Define __HTTP_ROOT      '/usr/local/www'
Define __PREFIX_PATH    '/usr/local'
. . .
Listen ${__HOST_IPV4}:443
<VirtualHost ${__HOST_IPV4}:443>
  ServerName        openxpki.hamilton.harte-lyne.ca
  ServerAlias       *
  ServerAdmin       [email protected]
  DocumentRoot      ${__HTTP_ROOT}
. . .

There is no /usr/lib//cgi-bin/ on FreeBSD-13.2.  This is all I can find:

find /usr/local/ -type d -name cgi-bin
/usr/local/www/openxpki/cgi-bin
/usr/local/www/apache24/cgi-bin
/usr/local/libexec/cups/cgi-bin
/usr/local/share/examples/openxpki/cgi-bin

The contents of the last are:

ll /usr/local/www/openxpki/cgi-bin/
total 69
-rwxr-xr-x  1 root  wheel   4690 Jan  8 08:05 download.fcgi
-rwxr-xr-x  1 root  wheel   3677 Jan  8 08:05 est.fcgi
-rwxr-xr-x  1 root  wheel   2248 Jan  8 08:05 healthcheck.fcgi
-rwxr-xr-x  1 root  wheel  28770 Jan  8 08:05 rpc.fcgi
-rwxr-xr-x  1 root  wheel   7378 Jan  8 08:05 scep.fcgi
-rwxr-xr-x  1 root  wheel   6339 Jan  8 08:05 scepv3.fcgi
-rwxr-xr-x  1 root  wheel    750 Jan  8 08:05 soap.fcgi
-rwxr-xr-x  1 root  wheel  10717 Jan  8 08:05 webui.fcgi



As far as ScriptAlias directives I see this in my localized configuration:

:g/ScriptAlias/
  66     ScriptAlias /scep ${__HTTP_ROOT}/openxpki/cgi-bin/scepv3.fcgi$
  81     ScriptAlias /healthcheck ${__HTTP_ROOT}/openxpki/healthcheck.fcgi$
 151     ScriptAlias /rpc  ${__HTTP_ROOT}/openxpki/cgi-bin/rpc.fcgi$
 154     ScriptAlias /healthcheck
${__HTTP_ROOT}/openxpki/cgi-bin/healthcheck.fcgi$
 157     ScriptAlias /certep  ${__HTTP_ROOT}/openxpki/cgi-bin/certep.fcgi$
 160     ScriptAlias /.well-known/est  ${__HTTP_ROOT}/openxpki/cgi-bin/est.fcgi$
 163     ScriptAlias /cmc  ${__HTTP_ROOT}/openxpki/cgi-bin/cmc.fcgi$
 165     ScriptAliasMatch ^/(([a-z0-9-]+)/)?cgi-bin/webui.fcgi
${__HTTP_ROOT}/openxpki/cgi-bin/webui.fcgi$


And these in the provided example configuration:

:g/ScriptAlias/
  28     ScriptAlias /scep /usr/lib/cgi-bin/scepv3.fcgi$
  43     ScriptAlias /healthcheck /usr/lib/cgi-bin/healthcheck.fcgi$
  81     ScriptAlias /rpc  /usr/lib/cgi-bin/rpc.fcgi$
  84     ScriptAlias /healthcheck /usr/lib/cgi-bin/healthcheck.fcgi$
  87     ScriptAlias /certep  /usr/lib/cgi-bin/certep.fcgi$
  90     ScriptAlias /.well-known/est  /usr/lib/cgi-bin/est.fcgi$
  93     ScriptAlias /cmc  /usr/lib/cgi-bin/cmc.fcgi$
  95     ScriptAliasMatch ^/(([a-z0-9-]+)/)?cgi-bin/webui.fcgi
/usr/lib/cgi-bin/webui.fcgi$

The Directory directives in my localized configuration are:

<Directory "${__HTTP_ROOT}/openxpki/cgi-bin/">
    AllowOverride None
    Options +ExecCGI
    Order allow,deny
    Allow from all
    Require all granted
</Directory>

<Directory ${__HTTP_ROOT}/>
#    Options FollowSymLinks
#    AllowOverride FileInfo
    Require all granted
</Directory>

Thank you for the help.

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:[email protected]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to