Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Sun Aug 02, 2009 11:15 pm 
Offline
Senior Newbie

Joined: Sun Aug 02, 2009 10:57 pm
Posts: 5
I'm mostly coming from a FreeBSD background. After plenty of research, I chose Debian Lenny as my base when signing up for Linode a week or so ago. I've got Apache, php5 (fcgid), mysql, postfix and dovecot all set up and working great.

I've set up some VirtualHosts for a few domains I own. These are all working in Apache as well as Postfix and Dovecot. The only part that I am having trouble with is phpMyAdmin. For the life of me, I can't get this to work and I don't want to hack around at it to the point where I could be compromising my node...so thought I might ask here.

All of my virtual hosts are located under /srv/www. My phpmyadmin is located in the default /usr/share/phpmyadmin. I've tried adding Aliases to VirtualHost directives, symbolic links from virtual host directories, chowning the phpmyadmin directory to several users (including www-data), chmoding the phpmyadmin with 777, etc...all with no luck. When I load up http://www.mynewdomain.com/phpmyadmin - 403 Forbidden "You do not have permission to access /phpmyadmin/index.
php on this server". Every time. :? PHP (mod_fcgid) works great in all of my virtual hosts so I'm pretty sure PHP isn't the problem. I've tried restarting Apache as well as rebooting my server after each change. /etc/hosts is fine. Grrrrrr!

Anyone else experiencing this problem? A workaround or fix would be great...I am stumped and this is one of my last hurdles before I can fully switch to Linode from another host.

Thank you for any help you can provide!


Top
   
 Post subject:
PostPosted: Mon Aug 03, 2009 12:01 am 
Offline
Senior Member

Joined: Fri Sep 12, 2008 3:17 am
Posts: 166
Website: http://independentchaos.com
Do you have FollowSymlinks enabled for your vhosts?

_________________
If it ain't broke, you didn't tweak it enough. If it is broke, use more duct tape.
http://independentchaos.com


Top
   
 Post subject:
PostPosted: Mon Aug 03, 2009 12:12 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
You may want to look into the Order, Allow, and Deny directives in your Apache site config. The following works for me:
Code:
    Alias /pma/ "/usr/share/phpmyadmin/"
    <Directory "/usr/share/phpmyadmin/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
# Only allow access to phpMyAdmin from localhost
        Allow from 127.0.0.1
    </Directory>

(Note that I only allow connections from localhost; when I want to use phpMyAdmin I do so via an ssh tunnel. You may desire a different setup.)

I don't think anything other than read and execute permission is needed on the directory containing the phpmyadmin files (Apache runs as user www-data):
Code:
drwxr-xr-x 8 root root 12288 Jul 19 03:02 /usr/share/phpmyadmin


Top
   
 Post subject:
PostPosted: Mon Aug 03, 2009 12:15 am 
Offline
Senior Newbie

Joined: Sun Aug 02, 2009 10:57 pm
Posts: 5
freedom_is_chaos wrote:
Do you have FollowSymlinks enabled for your vhosts?


Yes, I've tried that at both the apache2.conf, the "default" site config and vhost config file levels as well as in <Directory> directives at all levels. FollowSymLinks seems to be a common fix for this but I'm fairly certain I've eliminated that as a possibility. And on Debian at least, the phpmyadmin.conf written to /etc/apache2/conf.d seems to have anticipated this and added a correction for it out-of-the-box.

I have the feeling this has something to do with permissions but I'm unsure of what to fix. Something with mod_fcgid? But the mode on /usr/share/phpmyadmin is 444 which should be sufficient for any process (?).

I'm stumped. Thank you for the suggestion! Any other ideas?


Top
   
 Post subject:
PostPosted: Mon Aug 03, 2009 12:24 am 
Offline
Senior Newbie

Joined: Sun Aug 02, 2009 10:57 pm
Posts: 5
Vance wrote:
You may want to look into the Order, Allow, and Deny directives in your Apache site config. The following works for me:
Code:
    Alias /pma/ "/usr/share/phpmyadmin/"
    <Directory "/usr/share/phpmyadmin/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
# Only allow access to phpMyAdmin from localhost
        Allow from 127.0.0.1
    </Directory>

(Note that I only allow connections from localhost; when I want to use phpMyAdmin I do so via an ssh tunnel. You may desire a different setup.)

I don't think anything other than read and execute permission is needed on the directory containing the phpmyadmin files (Apache runs as user www-data):
Code:
drwxr-xr-x 8 root root 12288 Jul 19 03:02 /usr/share/phpmyadmin


I did try adding the above to /etc/apache2/conf.d/phpmyadmin.conf (which is included from /etc/apache2/apache2.conf) but it still wants to 403 on me.

For the 777 on /usr/share/phpmyadmin, yes I did remove that after it didn't make a difference...just a test. It's 444 and root:root as it was after initial install.

For the directives above...can you tell me where you added those? Perhaps I haven't tried those in the right place? I've tried them in my "default" site, the virtual host site configs and the phpmyadmin.conf so far.


Top
   
 Post subject:
PostPosted: Mon Aug 03, 2009 12:31 am 
Offline
Senior Newbie

Joined: Sun Aug 02, 2009 10:57 pm
Posts: 5
pjh wrote:
Vance wrote:
You may want to look into the Order, Allow, and Deny directives in your Apache site config. The following works for me:
Code:
    Alias /pma/ "/usr/share/phpmyadmin/"
    <Directory "/usr/share/phpmyadmin/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
# Only allow access to phpMyAdmin from localhost
        Allow from 127.0.0.1
    </Directory>

(Note that I only allow connections from localhost; when I want to use phpMyAdmin I do so via an ssh tunnel. You may desire a different setup.)

I don't think anything other than read and execute permission is needed on the directory containing the phpmyadmin files (Apache runs as user www-data):
Code:
drwxr-xr-x 8 root root 12288 Jul 19 03:02 /usr/share/phpmyadmin


I did try adding the above to /etc/apache2/conf.d/phpmyadmin.conf (which is included from /etc/apache2/apache2.conf) but it still wants to 403 on me.

For the 777 on /usr/share/phpmyadmin, yes I did remove that after it didn't make a difference...just a test. It's 444 and root:root as it was after initial install.

For the directives above...can you tell me where you added those? Perhaps I haven't tried those in the right place? I've tried them in my "default" site, the virtual host site configs and the phpmyadmin.conf so far.


Vance: I noted the trailing "/" in the line "Alias /pma/ [...]" from your post. My phpmyadmin.conf file (installed by the phpmyadmin package) did not have this trailing slash, it just had "Alias /phpmyadmin [...]". When I added that trailing slash, it now gives me a directory listing of /usr/share/phpmyadmin (no 403). If I add "index.php" on the end, now it gives me a 404.

So it's not permissions...? Perhaps a path problem??


Top
   
 Post subject:
PostPosted: Mon Aug 03, 2009 1:03 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 18, 2009 2:41 pm
Posts: 830
What I posted is within a VirtualHost directive in a file included by the main Apache conf. (On Ubuntu, which I'm using, the main conf is /etc/apache2/apache2.conf which includes everything in /etc/apache2/sites-enabled/, which in turn are symlinks to files in /etc/apache2/sites-available/.)

Sounds like you've implemented this properly and got the permissions problem licked, but for some reason it's not picking up index.php. Not sure what the cause might be, it just worked for me (I'm using php5_module, not any CGI method).

Hmm, looks like the DirectoryIndex directive may be one to look for. The following appears in /etc/apache2/mods-enabled/dir.conf (included by the main conf in a way similar to the description above) on my Linode:
Code:
<IfModule mod_dir.c>
          DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>


Top
   
 Post subject:
PostPosted: Mon Aug 03, 2009 1:26 pm 
Offline
Senior Newbie

Joined: Sun Aug 02, 2009 10:57 pm
Posts: 5
Finally got this figured out. The Alias /phpmyadmin/ /usr/share/phpmyadmin/ in /etc/apache2/conf.d/phpmyadmin.conf is more or less meaningless. I'm not sure if that is a product of filesystem security or virtual path collisions or a combination of both. However, adding a symbolic link of ln -s /usr/share/phpmyadmin /srv/www/<domain_name>/html (which is my virtual host directory structure) works. I'd tried this before but perhaps was too impatient as it seems it took an apache2 restart (for a file system change??) and several browser refreshes for this to "take effect" (and, yep, I've always had "FollowSymLinks" in my configs). Lord. So now it works. Any vhost with this link can use the phpmyadmin.

If anyone is curious or has this problem, here is how I set up my Apache topology (Debian Lenny) with Virtual Hosts, PHP5, fcgid and phpMyAdmin (assuming you have already installed mysql-server successfully):

Software installation:
Code:
apt-get install apache2 libapache2-mod-fcgid php5-cgi php5-common php5-gd php5-mysql phpmyadmin


Post-install Virtual Hosts setup:
Create filesystem topology
Code:
mkdir -p /srv/www/default/html
mkdir -p /srv/www/default/logs
mkdir -p /srv/www/<domain_name1>/html
mkdir -p /srv/www/<domain_name1>/logs
mkdir -p /srv/www/<domain_name2>/html
mkdir -p /srv/www/<domain_name2>/logs

etc...for each domain you want to host as a virtual host

fcgid setup:
Configure fcgid (a faster alternative to mod_php5)
Code:
rm /etc/apache2/mods-available/fcgid.conf
vi /etc/apache2/mods-available/fcgid.conf

<IfModule mod_fcgid.c>
    MaxRequestsPerProcess 500
    AddHandler fcgid-script .php .fcgi
    AddHandler cgi-script .cgi .pl
    FCGIWrapper "/usr/bin/php-cgi" .php
</IfModule>


Virtual Hosts configuration setup:
Configure the "default" Virtual Host (http://<your_linode_ip_address>)
Code:
rm /etc/apache2/sites-available/default
vi /etc/apache2/sites-availabe/default

<VirtualHost *:80>
        ServerAdmin <you>@<yourdomain.tld>

        DocumentRoot /srv/www/default/html/
        <Directory />
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride None
        </Directory>

        ErrorLog /srv/www/default/logs/error.log
        LogLevel warn
        CustomLog /srv/www/default/logs/access.log combined
</VirtualHost>


Configure other Virtual Hosts (http://www.) - add one of these for each domain you want to host; I will put both <domain_name1> and <domain_name2> here for illustrative purposes as they are referenced above.
Code:
vi /etc/apache2/sites-availabe/<domain_name1>

<VirtualHost *:80>
        ServerAdmin <you>@<yourdomain>
        ServerName <domain_name1>
        ServerAlias www.<domain_name1>

        DocumentRoot /srv/www/<domain_name1>/html/
        <Directory />
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride None
        </Directory>

        ErrorLog /srv/www/<domain_name1>/logs/error.log
        LogLevel warn
        CustomLog /srv/www/<domain_name1>/logs/access.log combined
</VirtualHost>

a2ensite <domain_name1>


Code:
vi /etc/apache2/sites-availabe/<domain_name2>

<VirtualHost *:80>
        ServerAdmin <you>@<yourdomain>
        ServerName <domain_name2>
        ServerAlias www.<domain_name2>

        DocumentRoot /srv/www/<domain_name2>/html/
        <Directory />
                Options Indexes FollowSymLinks ExecCGI
                AllowOverride None
        </Directory>

        ErrorLog /srv/www/<domain_name2>/logs/error.log
        LogLevel warn
        CustomLog /srv/www/<domain_name2>/logs/access.log combined
</VirtualHost>

a2ensite <domain_name2>


phpMyAdmin post-configure setup:
Code:
ln -s /usr/share/phpmyadmin /srv/www/default/html

(I set up my default as the only site with access to phpMyAdmin)

Restart Apache:
Code:
/etc/init.d/apache2 restart


I'm glad this is fixed and hope this helps others.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group