Didn't include any other configs. The *only* things I changed on the repositories was to add the Alias and Directory stanza.
On Mon, Oct 29, 2018 at 7:17 AM Gillis J. de Nijs <gil...@jink.net.invalid> wrote: > No, just that you can "Include" other configurations, and if you don't do > that, it won't work (duh...). I'm assuming you did that correct, or > specified them right there in the httpd.conf. The other option is that you > did include the configs, but the "<Directory /> block is after your > included configurations. In that case, you override the included configs. > The same goes for not including, but specifying in httpd.conf. Order > matters. (As in, the order of things, not the directive (although that > also matters, but that's not what I meant here)). > > On Mon, Oct 29, 2018 at 11:03 AM Leam Hall <leamh...@gmail.com> wrote: > >> Hey Gillis, what do you mean by "not included"? Maybe I missed something. >> >> We have two of these repositories, "updates" and "optional". Their >> configs are at the end of the httpd.conf file and they just have the >> "Alias" and "Directory" settings. They are also on a separate filesystem >> from the server root and the DocumentRoot. Should we add something else? >> >> Thanks! >> >> Leam >> >> On 10/29/18 4:14 AM, Gillis J. de Nijs wrote: >> > The only other thing I can think of right now is that either the >> > <Directory /opt/repository/rhel_patch_updates> config is somehow not >> > included (but in that case the Alias probably wouldn't work either), or >> > it is before the <Directory /> block, which then overrides the former. >> > All of this is assuming that you only have two <Directory> blocks in >> > your config. Anyway, order matters. >> > >> > On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamh...@gmail.com >> > <mailto:leamh...@gmail.com>> wrote: >> > >> > Hey Jonathon, SELinux is on permissive. Checked that early on. :) >> > >> > The biggest clue for me seems to be that if we open up the >> "<Directory >> > />" to Allow by default things work. Otherwise they don't. >> > >> > Leam >> > >> > On 10/28/18 9:26 AM, Jonathon Koyle wrote: >> > > It may be getting denied by SELinux, I suspect the label on your >> > aliased >> > > directory die not allow httpd access. You will likely need to >> > look into >> > > semanage, something like this may do what you need, but I'm not >> an >> > > expert at SELinux myself... redhat provides some explanation >> here: >> > > >> > >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems >> > >> > > >> > > >> > > # semanage fcontext -a -t httpd_sys_content_t >> > '/opt/repository/rhel_updates(.*)?' >> > > # restorecon -R -v /opt/repository/rhel_updates >> > > >> > > >> > > On Sat, Oct 27, 2018, 06:08 Leam Hall <leamh...@gmail.com >> > <mailto:leamh...@gmail.com> >> > > <mailto:leamh...@gmail.com <mailto:leamh...@gmail.com>>> wrote: >> > > >> > > On 10/27/18 7:49 AM, Eric Covener wrote: >> > > > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall >> > <leamh...@gmail.com <mailto:leamh...@gmail.com> >> > > <mailto:leamh...@gmail.com <mailto:leamh...@gmail.com>>> >> wrote: >> > > >> >> > > >> The only fix seems to be making the "<Directory />" more >> open >> > > than we >> > > >> want. It seems like Apache can't handle a more open >> > > sub-directory than >> > > >> whatever is allowed for the root directory. >> > > > >> > > > Apache can handle that just fine. Show the smallest >> verbatim >> > > > configuration that demonstrates something unexpected along >> > w/ the >> > > > logs. >> > > >> > > >> > > Hey Eric, I appreciate the help! Here's what I have, though >> it is >> > > transcribed. >> > > >> > > Set locally required limited OS access. >> > > >> > > <Directory /> >> > > Options None >> > > Order deny,allow >> > > Deny from all >> > > </Directory> >> > > >> > > We use Apache as a yum repo, and store the rpms outside of >> the >> > > DocumentRoot. >> > > >> > > Alias "/rhel/updates" >> > "/opt/repository/rhel_patch_updates" >> > > <Directory "/opt/repository/rhel_patch_updates"> >> > > Options All >> > > Order allow,deny >> > > Allow from all >> > > </Directory> >> > > >> > > >> > > When we hit 'http://myserver/rhel/updates' the error_log >> says >> > it is >> > > denied by server configuration. I've set the LogLevel to >> > "debug" and >> > > that's all I get. The log is at work, sorry. I'm the one who >> > did the >> > > server configuration so my bet is "operator error", just not >> sure >> > > how to >> > > fix it. >> > > >> > > Appreciate any help you can provide. Thanks! >> > > >> > > Leam >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >>
