I'm setting up a python app to monitor a cups server.
I'm using the cups wrapper pycups. The python application is in the same server as cups.
The calls to create print jobs and get the printers information and job status are working fine but when I try to reject/disable a printer or cancel jobs I'm getting the following eror: cups.IPPError: (4096, 'Unauthorized')
I've tried with multiple configs in the cupsd.conf file (and restarting the cups service of course), but none seem to be working (even tried deleting all the policies blocks).
Here's my cupsd.conf (deleted the <Policy authenticated> block)
LogLevel debug
ErrorPolicy retry-job
PageLogFormat
MaxLogSize 0
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
Browsing On
BrowseLocalProtocols none
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption Never
<Location />
Require user #SYSTEM
Satisfy any
# Allow remote administration...
Order allow,deny
Allow 127.0.0.1
Allow localhost
</Location>
<Location /admin>
AuthType Default
Require user #SYSTEM
# Allow remote administration...
Order allow,deny
Allow all
</Location>
<Location /admin/conf>
AuthType Default
Require user #SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow all
</Location>
<Location /admin/log>
AuthType Default
Require user #SYSTEM
Order allow,deny
Allow all
# Allow remote access to the log files...
Order allow,deny
Allow all
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType None
Satisfy any
Order allow,deny
Allow 127.0.0.1
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Order allow,deny
Require user #SYSTEM
Satisfy any
AuthType None
Allow localhost
Allow 127.0.0.1
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType None
Order allow,deny
Require user #SYSTEM
Satisfy any
Allow 127.0.0.1
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
Order allow,deny
Satisfy any
Allow 127.0.0.1
Allow localhost
</Limit>
<Limit CUPS-Authenticate-Job>
Require user #OWNER #SYSTEM
Order allow,deny
Satisfy any
AuthType None
Allow 127.0.0.1
</Limit>
<Limit All>
Order allow,deny
</Limit>
</Policy>
The cups error_log shows this every time I try to disable a printer or cancel jobs:
D [29/Oct/2019:18:52:47 +0000] [Client 21] Accepted from localhost:55986 (IPv6)
D [29/Oct/2019:18:52:47 +0000] [Client 21] Waiting for request.
D [29/Oct/2019:18:52:47 +0000] [Client 21] POST /admin/ HTTP/1.1
D [29/Oct/2019:18:52:47 +0000] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [29/Oct/2019:18:52:47 +0000] [Client 21] Read: status=200
D [29/Oct/2019:18:52:47 +0000] [Client 21] No authentication data provided.
D [29/Oct/2019:18:52:47 +0000] cupsdIsAuthorized: username=""
D [29/Oct/2019:18:52:47 +0000] [Client 21] cupsdSendHeader: code=401, type="text/html", auth_type=0
D [29/Oct/2019:18:52:47 +0000] [Client 21] WWW-Authenticate: , trc=\"y\"
D [29/Oct/2019:18:52:47 +0000] [Client 21] Closing connection.
D [29/Oct/2019:18:52:47 +0000] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
The cups access_log logs this every time I try to disable a printer or cancel jobs: localhost - - [29/Oct/2019:17:15:16 +0000] "POST /admin/ HTTP/1.1" 401 0 - -
Solved it, I had to configure the Location /admin also.
<Location /admin>
AuthType Default
Require user #SYSTEM
Satisfy any
Order allow,deny
Allow localhost
</Location>
Related
I have a question about the apache2 config on Linux.
can someone give me the content and location
for the apache2 config file in Ubuntu18.04?
I have problems, because the .htaccess files are not processed( routing and indexing).
Thank you for your time
:-)
the location is: /etc/apache2/sites-available/000-default.conf
And my content is:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Don't forget to restart the service:
sudo a2ensite 000-default.conf
sudo systemctl restart apache2.service
I am using mod_auth_cas to SSO into Alfresco Community 5.2 through Keycloak 4.0, with with the keycloak-cas-protocol plugin.
Alfresco sits behind a first Apache reverse proxy while Keycloak runs behind another one, on a different machine. SSL certificates are handled by a front Apache server.
My issue is the following : as I login, I get redirected to the Alfresco URL with way too many CAS tickets :
http://alfresco-server-url/alfresco?ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..2fzwwcMChdFFNk49ucH56A.aHDDlnXrignL4oCAXzrSmIinjqVqaisUQtaioLTzRlLoHjPGD8k-PRrUA0U5S09Wh0Z8MV2JkK2_2CUh5efDFnVdrLqvCtFUOakAtTH9b8MK_7NLU6H_K6tM0cItB7tGAooUZmoKhHAc5DlzIx7n7QrbThk5nrwt5BBl4luIK0k9zeLUOjn5Cp6_nRyCK6uJZZu2-l0qbeMSPjTOktbGZUb2S0F4l1Af5be6sYwQO95XTLEyny8mPKhexEnFR6vx.9BDatlhtuxg17oqopjwpdw&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..SCWcwVtbK9xcZKCYm12Tpw.9h03gCwnzeC6xBNwvDojAJs1b6zIIn4AxA02jrx_CZ5m8r2enNjIiS70wJWvSx_a1bq_EekSTCAFU01b93UopZNuEPDExZ1A9S1hur6t-IWTYfDS1WfKKh9CyKRSvUTqPkug-lf3UoPR4KTXgjhrXIC_nTxX_TJX6lIXsTEKTDPA0GZXRkHAB9PGTy98X1orm10qN_q8zMefo7aCqVIcx3WRrqs4XvwBVqY3oGv8oNN4dE1jONTUonGZSWtwfHlk.s_1V8uVC7XArWHVc6ICYRA&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..T56R8c7F8tQoSnZ2uAkckw.GB7WHWpTURuSxsMITJblSNTuYf4Rd3TiDult_HBWXm7AEOIiiHC0n2Af9SvrjOjdEGxPhkfMimQzOZgigbYG2SoQ2I0xuBRVSv0to8ib-gATbBSWoKayAqaT5CdXQuAxii1bqQ1ysdOK00jQKweaQoa-NAbDr6lTtZf9hwS5bj0x05yiczD2Pzf-w57oqPOdmmr_YrbHNy8qiMXNMp8HqmFAF0Brtpu-m_PW5skSHTpWGHXr_vPKLHsFcSHeKwTz.NkCBgoCEtf4_7xevG2_04w&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..h7WkA0L-0cir8OxkNjXbRA.xnYyOrOAD8_fVXwrQ-kydcbTrVlEVLvACdmNAi-DVKbBF53HllKmFE2HBe3PSjaYcmI85y1xzVuZEd6JgzzfdCKPHkGY4AUAFICcxyFjruxvBULo-tp2BCSunGKp-0vwJ4Ty8fYRkj2l5AphnSaBdn_A6_lM4pW1Ietm6PxJkvUvvFE1J00LSB0mU35ys--V_ri7T-NOvRyc5hBTWdU_qun8464vTdEaDXpKADLEr4gn5VnKEOGp5M9KOkfOgVB8.jzb3spHhYsO8unDITNjHyw&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..HblYkRPxMSEe2_11COlOYQ.V6BNdvgAqrJfh2OW2Mm5ZnnZpvu6qjdoPofumFbMo0-prIc9x92qgPIkFQPn2JCKIA8esDS-R7X4DNNq59-KBS6pnQfBgdZDD1KviF07G4xtDjCrc0PCrpnxM6Z_OovmtuRsMeXpAlBb-eQ5FuF1-LKtZAy2h_mIACsJD0GZEaD2PNKi-xRrzi0MU1NEE9y8T73ZxBzxt30LFU9NpmPHAfmXXuhRMk97326L34ae-7Uh-TMgcEeUTukFTvn0rDi1.5ACqkhDwdBwIGcaFrYb1IA&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..1m-5uj9sJcsU4Jzu1DmDfg.H8fgd0W_xOo4IB0AKsm27NEnNM9YP8XdZURip3aW0yqgprsrfOBSlNL0jssP_YjwuNT_-IR8O5TB4iw8_tP_kf32D6vA8YavIOEPKFks3a2s8pIqk0zfp1SXn-c2g228cBctDYVh7gHANR2UgQt_WZt2A6fg2OJveD2Lan11udD1bFojIP6ADWVbkwohhwHyAIPiuXUTELCvytT3y_q_QhPqT7JEBQrRCHawRMLAnhZjXBBTJxrJEXOTE2Qiad5C.sO7povpRpOU-G3rRsN7zcg&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..93a2rMaFy9lGj_0HN2349Q.KIkpwoYROOKglvJ5EjMkQtY2D7jacyNJ8f6viNWSj3SFOjZIXGGYwXqnOL3Wrk7M6DQAB3bGw2X4OJQ3UJY7SANYO-cUBvjgMueZ7TxtMZTE87Xl0Vo1KkFVFdP1hTwIQ1fQhRLQKOSzvOun_FXHRnWG-7rHMPBR9LX6qk1L1E5Y8Zo7edTrUEqOLIKmp719q3MUaUs5mGQimjv_MwOHbVb5c5KCnndn9jbG9CNexVxpkFt9CRpO_c4MC3WP-LlY._DCqAqUVZYJgcddeJkdVxw&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..s41OanknH97t3zX-jUOU-A.0mhgL6z_WRdSyy5nZt8JJ-JASNl93xgAB6IBEsbFs_elu84DGASNfBtYmhIktk9PTlSYQzPTD_FEveME_ThDEEGXS3ojTQ4vRDJuR5crV41kXmrcm9kjDxtlUz_nlT0HOtuSmyQdUwHyVoNcEITkvr63-jbvBD3Z5yEWD8uZGkKLHvnOwZ6tc4tJcqsb52W5AMU3Lh6sqAidwOVtObjQvSXw9Otzk0mkKpCdIksBeeHaP9sIAalVwK6vHHHN-ean.n-VJaIwSJZxvviopuJdpYQ&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..PPIdjwnNIqHFm0B-eimXEA.iiDs_2mHMt9yGzSjyNWMeg2tkNRKatK8Xd5vOmBg0zgfVhAxqPDii1J3SauIK9ujEJ_7oFLqnDiPWJjp-EFJVRq59Ihf6g3un5n1yNGaNUolXhVxqZ1kwZrLer0kulX1GxKWKi_YWiCJH6Zupc322GgmE8ZFAX_rB__vH8PbdtWvoTPcYE3GrmgVASPxzC0EDj1sf552F6BSk5XrmWDH6ipGaY_rTEWJ6NdPYrb0k1vAkuonhAc2zdfloaXEe3c3.6zYuKHuXrm-zlxMV3UW-RA&ticket=ST-eyJhbAbdOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..nGaDNtyvKsn8C0ziVB-2_Q.L9DuWHfKGNumX8cd-H0UphZfjgnhBxd8clZopkWLMQOWr6VFKjPi2IM9H9Gb9hXji31txiLJoRnCc6DG75oE6-hwvWjiF4hy2tHRbm0zmnia4l0ILS2hW_Te1Wdi9Dc2XilGBrI2mjQky1YFODC0o2B5MBjKbRuCM83hliRBxFE1PgujQpl3AGvF3H4iCDKC6aYDqvFVeyJr_Bv8tVAj2gRko0z8jH4-7mjRIoEmZOt4iqWPlrdS023ZQJxyFX7h.wErxn32g48QZOn4rLWMHYg
It looks like mod_auth_cas keeps redirecting me to Keycloak, stacking the ticket tokens on each other ; this leads to Alfresco returning a 401 Unauthorized error.
Removing all the tickets but one from the URL works and redirects to the Alfresco explorer with the authenticated user.
I am unsure if this is related, but I also get the following error in the logs as soon as the server starts :
WARN [org.alfresco.wcm.client.util.impl.GuestSessionFactoryImpl]
WQS unable to connect to repository: Unauthorized
Which is caused by the following :
127.0.0.1 - - [18/May/2018:17:24:38 +0200] "GET /alfresco/service/api/login?u=admin&pw=admin HTTP/1.1" 403 425
127.0.0.1 - - [18/May/2018:17:24:38 +0200] "GET /alfresco/cmisatom HTTP/1.1" 401 5
Here are the relevant config snippets :
alfresco-global.properties :
authentication.chain=external1:external
external.authentication.proxyUserName=
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User
### Initial admin password ###
alfresco_user_store.adminusername=admin
#alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634
share-config-custom.xml :
<config evaluator="string-compare" condition="Remote">
<remote>
<ssl-config>
<keystore-path>alfresco/web-extension/alfresco-system.p12</keystore-path>
<keystore-type>pkcs12</keystore-type>
<keystore-password>alfresco-system</keystore-password>
<truststore-path>alfresco/web-extension/ssl-truststore</truststore-path>
<truststore-type>JCEKS</truststore-type>
<truststore-password>password</truststore-password>
<verify-hostname>false</verify-hostname>
</ssl-config>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>X-Alfresco-Remote-User</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<basic-auth>false</basic-auth>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
<basic-auth>false</basic-auth>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
<basic-auth>false</basic-auth>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
Apache config :
ProxyPass /alfresco http://127.0.0.1:8080/alfresco
ProxyPassReverse /alfresco http://127.0.0.1:8080/alfresco
ProxyPassReverseCookiePath /alfresco /alfresco
ProxyPass /share http://127.0.0.1:8080/share
ProxyPassReverse /share http://127.0.0.1:8080/share
ProxyPassReverseCookiePath /share /share
ServerName my-apache-server-url
RequestHeader set Host "my-apache-server-url"
RequestHeader set X-Real-IP "my-apache-server-url"
RequestHeader set X-Forwarded-Server "my-apache-server-url"
RequestHeader set X-Forwarded-Host "my-apache-server-url"
RequestHeader set X-Forwarded-For "127.0.0.1:8080, my-apache-server-url"
mod_auth_cas config :
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASLoginURL https://my-keycloak-server-url/keycloak/realms/my-client-id/protocol/cas/login
CASValidateURL https://my-keycloak-server-url/keycloak/realms/my-client-id/protocol/cas/serviceValidate
CASProxyValidateURL https://my-keycloak-server-url/keycloak/realms/my-client-id/protocol/cas/proxyValidate
CASDebug On
<Location /share>
Authtype CAS
AuthName "CAS"
require valid-user
CASAuthNHeader X-Alfresco-Remote-User
CASScope /share
</Location>
<Location /alfresco>
Authtype CAS
AuthName "CAS"
require valid-user
CASAuthNHeader X-Alfresco-Remote-User
CASScope /alfresco
</Location>
Below is the HTTPD debug log :
[Tue May 22 18:12:37.738754 2018] [:debug] [pid 63283] mod_auth_cas.c(2058): [client XXX.XX.XXX.XXX:XXXXX] Entering cas_authenticate()
[Tue May 22 18:12:37.738817 2018] [:debug] [pid 63283] mod_auth_cas.c(580): [client XXX.XX.XXX.XXX:XXXXX] CAS Service 'http%3a%2f%2fXXX.XX.XXX.XX%2fshare%3fticket%3dST-eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..RR2EyToZ7ciuGy3XPKUVcg.oZBjcuS7OrZxk_OqU-cQDdXSzkzCq5bsKmlX3Ixt9XLAvjyPV2zoeoBjxol3zmL0hF1COsWt9QzkaF0_rWABvWPUEC9hT3QqtwMrmZMtivcdo9EDkV_3J8xSCtAjP45wPEDc0cYM50L7X6dcF76PCsgxIjEt5KUQVzDoNHwzocvdjk4_KpZEplx1l2WVJdD3UzsSoYN1YbXnPQU4kyGL33d8F1eW0VOfshrV9fz9WaKGzFG3K1ADdvADGfjSGoT3.zv7i2QPMu3AiwfXZOj3Dvw'
[Tue May 22 18:12:37.738846 2018] [:debug] [pid 63283] mod_auth_cas.c(528): [client XXX.XX.XXX.XXX:XXXXX] entering getCASLoginURL()
[Tue May 22 18:12:37.738859 2018] [:debug] [pid 63283] mod_auth_cas.c(505): [client XXX.XX.XXX.XXX:XXXXX] entering getCASGateway()
[Tue May 22 18:12:37.738865 2018] [:debug] [pid 63283] mod_auth_cas.c(595): [client XXX.XX.XXX.XXX:XXXXX] entering redirectRequest()
Why is mod_auth_cas redirecting to the SSO server while Keycloak has already returned a ticket ?
I found the issue after some time.
mod_auth_cas seems to use a CAS version above 5.2.2 which prevents tickets from having underscores.
This is a problem because the Keycloak CAS add-on generates tickets with underscores.
I worked around the issue by modifying the validCASTicketFormat function in mod_auth_cas.c and recompiling the Apache module, thus allowing tokens to contain underscores.
In the latest mod_auth_cas version, only dots, dashes and alphanumeric characters are allowed.
I deployed an loadbalanced infrustructure. I am using haproxy as the loadbalancer and cpanel as backend webservers. I created a test host on the cpanel, and I can see the site in browser when I configure the website in my /etc/host with the cpanel server ip address. But when I change the ip to the loadbalancer it forwards the requests to /usr/local/apache/htdocs/ and I get the default cpanel server page. What configurations should I use in haproxy to redirects requests correctly?
Any help is appreciated.
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2 #Log configuration
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy #Haproxy running under user and group "haproxy"
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen haproxy2-monitoring *:8080 #Haproxy Monitoring run on port 8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats #URL for HAProxy monitoring
stats realm Haproxy\ Statistics
stats auth lb2:F6khdTrt9g #User and Password for login to the monitoring dashboard
stats admin if TRUE
default_backend app-main #This is optionally for monitoring backend
#---------------------------------------------------------------------
# FrontEnd Configuration
#---------------------------------------------------------------------
frontend main
bind *:80
default_backend app-main
#---------------------------------------------------------------------
# BackEnd roundrobin as balance algorithm
#---------------------------------------------------------------------
backend app-main
balance roundrobin #Balance algorithm
application is up and healty - 200 status code
server cpanel1 192.168.1.110:80 check
server cpanel2 192.168.1.111:80 check
Cpanel apache config:
Listen 0.0.0.0:80
# BEGIN: HTTP vhosts list
<VirtualHost 88.99.219.13:80>
ServerName wiki.serversetup.ir
ServerAlias mail.wiki.serversetup.ir www.wiki.serversetup.ir
DocumentRoot /home/wiki/public_html
ServerAdmin webmaster#wiki.serversetup.ir
UseCanonicalName Off
CustomLog /etc/apache2/logs/domlogs/wiki.serversetup.ir combined
<IfModule log_config_module>
<IfModule logio_module>
CustomLog /etc/apache2/logs/domlogs/wiki.serversetup.ir-bytes_log "%{%s}t %I .\n%{%s}t %O ."
</IfModule>
</IfModule>
## User wiki # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
UserDir disabled
UserDir enabled wiki
</IfModule>
</IfModule>
</IfModule>
# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
<IfModule include_module>
<Directory "/home/wiki/public_html">
SSILegacyExprParser On
</Directory>
</IfModule>
<IfModule suphp_module>
suPHP_UserGroup wiki wiki
</IfModule>
<IfModule suexec_module>
<IfModule !mod_ruid2.c>
SuexecUserGroup wiki wiki
</IfModule>
</IfModule>
<IfModule ruid2_module>
RMode config
RUidGid wiki wiki
</IfModule>
<IfModule mpm_itk.c>
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID wiki wiki
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ /home/wiki/public_html/cgi-bin/
</IfModule>
# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/std/2_4/wiki/wiki.serversetup.ir/*.conf"
</VirtualHost>
# END: HTTP vhosts list
In both the sites-available and sites-enabled folders, I have a conf file called "zend-framework.conf". This is what I have contained in the file.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName zendlocalhost
ServerAlias zendlocalhost
ServerAdmin root#localhost
DocumentRoot /var/www/zend-framework/public
SetEnv APPLICATION_ENV "development"
<Directory /var/www/zend-framework/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from All
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
This is what I have in my etc/hosts file
127.0.0.1 localhost
#127.0.1.1 lazerorca-iMac
127.0.0.1 zendlocalhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
This is what I have in my ports.conf file. I get a message saying that NameVirtualHost *:80 is going to be deprecated in a later version. I tried adding that only because I saw it in another question
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
NameVirtualHost *:80
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
This is the error I get when I go to http://zendlocalhost
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator at root#localhost to inform
them of the time this error occurred, and the actions you performed
just before this error.
More information about this error may be available in the server error
log.
This is what access.log says
127.0.0.1 - - [16/Dec/2014:15:05:22 -0500] "GET / HTTP/1.1" 500 798 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101
Firefox/35.0"
This is what the error.log says
[Tue Dec 16 15:25:20.271792 2014] [core:alert] [pid 4825] [client
127.0.0.1:60826] /var/www/zend-framework/public/.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not
included in the server configuration
I check the .htaccess file and it looks ok to me, but evidently it isn't. here is what is in the .htaccess file
RewriteEngine On
# The following rule tells Apache that if the requested filename
# exists, simply serve it.
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
# The following rewrites all other queries to index.php. The
# condition ensures that if you are using Apache aliases to do
# mass virtual hosting, the base path will be prepended to
# allow proper resolution of the index.php file; it will work
# in non-aliased environments as well, providing a safe, one-size
# fits all solution.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)(.+)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]
Interestingly enough if I go to http://zendlocalhost/phpmyadmin it pulls up
If I go to 127.0.0.1, it pulls up the generic Ubuntu apache index.html file
I am very new to Zend as in this is my first time trying it out. i know there are some crazy URL rewriting and such. I would have thought going to the root address would have pulled up the index.php file.
Thanks in advance for your help
Apache doesn't understand RewriteEngine, the very first directive in your .htaccess. This means mod_rewrite is not enabled. If you're on Ubuntu, run sudo a2enmod rewrite, and then restart Apache and try again.
first time poster, long time lurker here.
Im using a tiny PSGI application in plackup, but id like to switch to Apache2 for subdomains. I run the application with 'plackup /home/ath88/work/kolle/script/dir.psgi -port 80'. It runs perfectly on plackup. The application is quite simple and can be found at https://github.com/ath88/Kolletilmelding/blob/master/script/dir.psgi
But, i would like to run Apache2 instead of plackup for obvious reasons. For this i want to use Plack::Handler::Apache2. My VirtualHost looks as follows:
<VirtualHost *:80>
ServerName aths.dk
ServerAdmin asbjoern#gmail.com
<Location />
SetHandler perl-script
PerlResponseHandler Plack::Handler::Apache2
PerlSetVar psgi_app /home/ath88/work/kolle/script/dir.psgi
</Location>
</VirtualHost>
Apache2 restarts fine. But when i attempt to visit aths.dk i mere get a 404 not found. The directory for the application is correct, since it results in a 500 Internal Error. Looking in the apache2/error.log i get this: [Irrelevant, see edit]
[Wed Oct 05 21:32:16 2011] [notice] caught SIGTERM, shutting down
[Wed Oct 05 21:32:17 2011] [notice] Apache/2.2.12 (Ubuntu) mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
This happens every time i restart Apache2.
I have spent 4 hours trying to debug this. I am totally mindboggled.
Edit: Turns out the SIGTERM was from stopping Apache2 for restarting. It doesn't happen when i start it. Silly me.
Maybe your setup will benefit from a reverse HTTP proxy setup.
You can start your Plack application manually, and you can bind it to 127.0.0.1:9001 instead of 127.0.0.1:80, in which case you need a privileged user ( TCP port below 1024 ).
Then a reverse HTTP proxy config that should work could be like this one:
<VirtualHost *:80>
ServerName aths.dk
ServerAdmin asbjoern#gmail.com
ErrorLog /var/log/apache2/aths.dk-error.log
TransferLog /var/log/apache2/aths.dk.log
DocumentRoot /var/www/aths.dk
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:9001/
ProxyPassReverse / http://127.0.0.1:9001/
</VirtualHost>