Document root and Apache2

15 posts / 0 new
Last post
#1 Sat, 12/15/2007 - 15:23
cyrus

Document root and Apache2

CentOS 5 Virtualmin Pro

Hi there,

Tried to activate .cgi extensions as per the instructions but kept getting an error 500.

From the virtual server in question the log showed: Options ExecCGI is off in this directory

From error log of suexec: command not in docroot

After a search for 'command not in docroot' I noticed reference to Apache2

Did a search from webmin for 'Packages matching apache' and got:

Packages matching apache

apr 1.2.7-11 System Environment/Libraries Apache Portable Runtime library

apr-util 1.2.7-6 System Environment/Libraries Apache Portable Runtime Utility library

httpd 2.2.3-11.el5.centos System Environment/Daemons Apache HTTP Server

httpd-devel 2.2.3-11.el5.centos Development/Libraries Development tools for the Apache HTTP server.

mod_dav_svn 1.4.4-0.1.el5.rf System Environment/Daemons Apache server module for Subversion server.

mod_perl 2.0.2-6.3.el5 System Environment/Daemons An embedded Perl interpreter for the Apache Web server

mod_ssl 2.2.3-11.el5.centos System Environment/Daemons SSL/TLS module for the Apache HTTP server

vzdummy-apache 1.0-1.swsoft Applications/System Dummy package to tune apache MaxClients

Also, in Apache webserver >> Default server >> Document options:

Document root directory shows as: /var/www/html

Another thread mentions that the document root should be /home and that this should have been processed on the upgrade to Virtualmin Pro

Appreciate advice as to what to do.

Regards,

Cyrus

Sun, 12/16/2007 - 22:00
cyrus

Based on trying to understand what's wrong, from other threads I gather that the install for some reason didn't replace my apache after upgrading to Virtualmin Pro:

[code:1]# suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/httpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="public_html"
# suexec2 -V
-bash: suexec2: command not found[/code:1]

Joe, is it safe to:

[code:1]yum install apache2[/code:1]

If so, anything needs to be done after that? and just wondering why the upgrade didn't do this?

Regards,

Cyrus

Sat, 12/22/2007 - 17:50 (Reply to #2)
spazzwig

<b>cyrus wrote:</b>
<div class='quote'>Joe, is it safe to:

[code:1]yum install apache2[/code:1]

If so, anything needs to be done after that? and just wondering why the upgrade didn't do this?</div>
From what I can tell this should be fine... it's the equivalent of what I did (except apt/debian in my case) to address the issue when I had it. After doing so everything was fine, no additional steps were necessary.

Cheers,
Gabe

Sun, 01/27/2008 - 22:27 (Reply to #3)
cyrus

<b>Joe wrote:</b>
<div class='quote'>If it fails, let me know the error. It sounds like the upgrade from GPL isn't working correctly, as it should have fixed both of these things automatically.</div>

Didn't have time to pursue this thread, but now have some time to get this right.

Request guidance to resolve this.

Regards,

Cyrus

Sat, 02/02/2008 - 17:52 (Reply to #4)
cyrus

<b>Joe wrote:</b>
<div class='quote'>If it fails, let me know the error. It sounds like the upgrade from GPL isn't working correctly, as it should have fixed both of these things automatically.
</div>

Is there another method to request for support? Mail sent to support [at] virtualmin.com does not respond.

The compare page states:-
<div class='quote'>Unlimited premium support via email and issue tracker for all Virtualmin Professional customers, with usual response time under 24 hours.</div>

Anyone knows which email address is being refered to above?

Regards,

Cyrus

Sun, 02/03/2008 - 16:41 (Reply to #5)
Joe
Joe's picture

<div class='quote'>Is there another method to request for support? Mail sent to support [at] virtualmin.com does not respond.</div>

I meant here in this thread. But, I managed to miss the message where you actually posted the results. ;-)

The ticket tracker is always the better method. Email is just for folks are aren't comfortable with the ticket tracker for some reason...but I've removed it as a suggestion, as it's become impossible for me to keep up with all of the support email I get now. With the ticket tracker, it'll be seen by both me and Jamie, and we'll be hiring an extra support person in the next month or two to help out. Tickets will always be the most likely to get some sort of response quickly. Email gets further and further backed up, as our customer base grows and Joe fails to scale (support@ is just me, in case I hadn't made that clear--without dumping those messages into a ticket tracker, there'd be no way to keep up with which ones had been answered and by whom, so it's a one man operation).

--

Check out the forum guidelines!

Sat, 12/22/2007 - 16:50
cyrus

Still wondering how to set the docroot to <b>/home</b> in an existing Virtualmin Pro setup....shouldn't this have already happened during installation?

Could this also be the reason for cgiemail not being able to automatically install with 'Install Scripts'?

[code:1]Install Script
In domain virtualdomain.com
Downloading http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar (153600 bytes) ..
Received 1024 bytes (0 %)
Received 15360 bytes (10 %)
Received 30720 bytes (20 %)
Received 46080 bytes (30 %)
Received 61440 bytes (40 %)
Received 76800 bytes (50 %)
Received 92160 bytes (60 %)
Received 107520 bytes (70 %)
Received 122880 bytes (80 %)
Received 138240 bytes (90 %)
Received 153600 bytes (100 %)
.. download complete.

Now installing cgiemail version 1.6 ..

Failed to compile cgiemail source :

More information on using this script can be found at

http://web.mit.edu/wwwdev/cgiemail/webmaster.html.

.. failed! See the error message above for the reason why.

&lt;- Return to list of scripts [/code:1]

Regards,

Cyrus

Sun, 12/23/2007 - 00:55
cyrus

Thanks <b>spazzwig</b>

however...apache is already there I guess, so got the response 'nothing to do'.

what I did was change the document root in the httpd.conf file in two places from /var/www/html to /home and restarted apache

Got the following response:

[code:1]Failed to apply changes :

[Sun Dec 23 02:45:39 2007] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Sun Dec 23 05:09:21 2007] [notice] caught SIGTERM, shutting down
[Sun Dec 23 05:09:23 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Dec 23 05:09:23 2007] [notice] Digest: generating secret for digest authentication ...
[Sun Dec 23 05:09:23 2007] [notice] Digest: done[/code:1]

suexec -V still shows -D AP_DOC_ROOT=&quot;/var/www&quot; and asking a .cgi to execute in a virtual domain still reflects from error log of suexec: command not in docroot

The document root in 'Apache webserver' is showing as /home under the default server and when I restarted apache again, there were no errors.

Now...how do I change the document root to reflect as /home in suexec

Mon, 12/24/2007 - 17:27
cyrus

Seemed to have goofed up a bit in my endeavour.

1. Changed docroot by opening /usr/sbin/suexec with pico and changed /var/www to /home and saved.

2. [code:1]# suexec -V
Segmentation fault[/code:1]
(after I changed the doc root in /etc/sbin/suexec to /home)

3. Went back to /usr/sbin/suexec and changed the docroot back to /var/www (thought I'd backtrack)

4. OK
[code:1]# suexec -V
-D AP_DOC_ROOT=&quot;/var/www&quot;
-D AP_GID_MIN=100
-D AP_HTTPD_USER=&quot;apache&quot;
-D AP_LOG_EXEC=&quot;/var/log/httpd/suexec.log&quot;
-D AP_SAFE_PATH=&quot;/usr/local/bin:/usr/bin:/bin&quot;
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX=&quot;public_html&quot;[/code:1]

5. I get no visible errors anywhere BUT:

Software Packages &gt;&gt; Search for httpd &gt;&gt; httpd 2.2.3-11.el5.centos &gt;&gt; Package details &gt;&gt; List files - Everything is listed as OK EXCEPT
[code:1]/usr/sbin/suexec (View) root apache Regular File 11.24 kB Failed file size check Failed MD5 check Failed modification time check[/code:1]

Failed file size check Failed MD5 check Failed modification time check

is in [color=#FF0000]RED[/color]

Regards,

Cyrus

Wed, 12/26/2007 - 12:04
cyrus

OK...reverted back to square one from a backup, so everything is back to where it was, that is: -D AP_DOC_ROOT=&quot;/var/www&quot;

In the meantime, had also tried to load mod_fcgid without any success. Got to the stage of correcting the MAKEFILE to the correct top_dir path but when I asked to make I got:
Makefile:13: /etc/httpd/build/special.mk: No such file or directory
make: *** No rule to make target `/etc/httpd/build/special.mk'. Stop.

So...obviously my upgrade to Pro didn't pick up certain aspects that it had to. Once again if I may...

<b>1.</b> How do I change the suexec docroot to /home in a centos-release-5-1.0.el5.centos.1 httpd-2.2.3-11.el5.centos environment that I understand is required, and should have been so by default with an upgrade.

<b>2.</b> How do I load mod_fcgid module that I understand is required, and should have been so by default with an upgrade.

Regards,

Cyrus

Wed, 12/26/2007 - 19:34 (Reply to #10)
Joe
Joe's picture

Whoah! That's some serious effort!

It's actually much easier than that.

yum update httpd

Should replace your Apache with a righteous build. We hope. If it doesn't, let me know why it refuses and I try to help you resolgve it.

SuExec is the one binary you cannot screw around with--it is a security package with extreme prejudice about anything out of the ordinary. Modifying it is effectively saying, &quot;someone has done something nasty and intends to use suexec for evil rather than good&quot;.

mod_fcgid is also easy to get:

yum install mod_fcgid

If it fails, let me know the error. It sounds like the upgrade from GPL isn't working correctly, as it should have fixed both of these things automatically.

--

Check out the forum guidelines!

Wed, 12/26/2007 - 19:56
cyrus

Hi there Joe,

Yeah...having fun..good learning process!! Appreciate your guidance.

[code:1][root@host ~]# yum update httpd
Loading &quot;installonlyn&quot; plugin
Setting up Update Process
Setting up repositories
rpmforge 100% |=========================| 1.1 kB 00:00
base 100% |=========================| 1.1 kB 00:00
updates 100% |=========================| 951 B 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Could not find update match for httpd
No Packages marked for Update/Obsoletion
[root@host ~]# yum install mod_fcgid
Loading &quot;installonlyn&quot; plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do[/code:1]

Had actually tried that sometime before with the same results.

Regards,

Cyrus

Fri, 12/28/2007 - 12:10 (Reply to #12)
kato

Is there a 'force' option in yum? In apt/emerge, you can force a recompile...

Even though the installer has noted that you have the right version, you probably need it to ./configure with the correct options.

Sun, 02/03/2008 - 16:37 (Reply to #13)
Joe
Joe's picture

Hey Cyrus,

You don't have Virtualmin repositories there at all. Howd'd that happen? (You've also got a non-OS repository &quot;rpmforge&quot; that is almost certainly going to cause problems.)

So, you upgraded to Pro via the &quot;Upgrade&quot; option within Virtualmin, right? Were there any errors during the upgrade? This doesn't look like anything actually happened with the upgrade, as everything ought to be coming in from our yum repository. How about sending me server details via email, and I'll drop in on this box and see if I can figure out what went wrong.

--

Check out the forum guidelines!

Mon, 02/04/2008 - 12:27
cyrus

Thanks for the response Joe, ...have sent an email to joe [at] virtualmin.com with details required by you.

I noticed that the ticket tracker states:
<div class='quote'>If your issue description includes sensitive information, such as passwords and user names, please mark the issue private.</div>
however, couldn't find the area to actually mark the ticket as private...as such, the email to you as requested.

No major rush,....at your convenience.

Regards,

Cyrus

Topic locked