Hey Gillis, what do you mean by "not included"? Maybe I missed something.
We have two of these repositories, "updates" and "optional". Their
configs are at the end of the httpd.conf file and they just have the
"Alias" and "Directory" settings. They are also on a separate filesystem
from the server root and the DocumentRoot. Should we add something else?
Thanks!
Leam
On 10/29/18 4:14 AM, Gillis J. de Nijs wrote:
The only other thing I can think of right now is that either the
<Directory /opt/repository/rhel_patch_updates> config is somehow not
included (but in that case the Alias probably wouldn't work either), or
it is before the <Directory /> block, which then overrides the former.
All of this is assuming that you only have two <Directory> blocks in
your config. Anyway, order matters.
On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamh...@gmail.com
<mailto:leamh...@gmail.com>> wrote:
Hey Jonathon, SELinux is on permissive. Checked that early on. :)
The biggest clue for me seems to be that if we open up the "<Directory
/>" to Allow by default things work. Otherwise they don't.
Leam
On 10/28/18 9:26 AM, Jonathon Koyle wrote:
> It may be getting denied by SELinux, I suspect the label on your
aliased
> directory die not allow httpd access. You will likely need to
look into
> semanage, something like this may do what you need, but I'm not an
> expert at SELinux myself... redhat provides some explanation here:
>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems
>
>
> # semanage fcontext -a -t httpd_sys_content_t
'/opt/repository/rhel_updates(.*)?'
> # restorecon -R -v /opt/repository/rhel_updates
>
>
> On Sat, Oct 27, 2018, 06:08 Leam Hall <leamh...@gmail.com
<mailto:leamh...@gmail.com>
> <mailto:leamh...@gmail.com <mailto:leamh...@gmail.com>>> wrote:
>
> On 10/27/18 7:49 AM, Eric Covener wrote:
> > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall
<leamh...@gmail.com <mailto:leamh...@gmail.com>
> <mailto:leamh...@gmail.com <mailto:leamh...@gmail.com>>> wrote:
> >>
> >> The only fix seems to be making the "<Directory />" more open
> than we
> >> want. It seems like Apache can't handle a more open
> sub-directory than
> >> whatever is allowed for the root directory.
> >
> > Apache can handle that just fine. Show the smallest verbatim
> > configuration that demonstrates something unexpected along
w/ the
> > logs.
>
>
> Hey Eric, I appreciate the help! Here's what I have, though it is
> transcribed.
>
> Set locally required limited OS access.
>
> <Directory />
> Options None
> Order deny,allow
> Deny from all
> </Directory>
>
> We use Apache as a yum repo, and store the rpms outside of the
> DocumentRoot.
>
> Alias "/rhel/updates"
"/opt/repository/rhel_patch_updates"
> <Directory "/opt/repository/rhel_patch_updates">
> Options All
> Order allow,deny
> Allow from all
> </Directory>
>
>
> When we hit 'http://myserver/rhel/updates' the error_log says
it is
> denied by server configuration. I've set the LogLevel to
"debug" and
> that's all I get. The log is at work, sorry. I'm the one who
did the
> server configuration so my bet is "operator error", just not sure
> how to
> fix it.
>
> Appreciate any help you can provide. Thanks!
>
> Leam
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
