| View previous topic :: View next topic |
| Author |
Message |
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
 Posted: Sun Aug 17, 2008 10:05 pm Post subject: Apache SSL VHOST can't find cgi-bin [SOLVED] |
 |
|
Hi,
I'm not sure how long this has been going on, but I just noticed over the weekend that trying to access scripts in my cgi-bin through the default SSL vhost does not work. In my ssl_error_log, I see:
| Code: | | [Sun Aug 17 17:56:22 2008] [error] [client 192.168.1.1] File does not exist: /var/www/localhost/htdocs/cgi-bin |
However, accessing the same script via non-SSL works just fine. I'm pretty much using the default vhost config files:
In /etc/apache2/vhosts.d/00_default_vhost.conf (w/o comments):
| Code: | # Virtual Hosts
<IfDefine DEFAULT_VHOST>
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.etumbo.com
Include /etc/apache2/vhosts.d/default_vhost.include
<IfModule mpm_peruser_module>
ServerEnvironment apache apache
</IfModule>
</VirtualHost>
</IfDefine>
|
In /etc/apache2/vhosts.d/default_vhost.include:
| Code: |
ServerAdmin <left out on purpose>
ServerName www.etumbo.com
DocumentRoot "/var/www/localhost/htdocs"
<Directory "/var/www/localhost/htdocs">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
Alias /audio /mnt/SoundFiles
</IfModule>
<Directory "/var/www/localhost/cgi-bin">
AllowOverride AuthConfig
# Options None
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteLog "|/usr/sbin/cronolog --symlink=/var/log/apache2/ssl_rewrite.log.current /var/log/apache2/%Y/%m/ssl_rewrite.log"
RewriteLogLevel 1
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/horde/(.*) https://www.etumbo.com/horde/$1 [L]
RewriteRule ^/webmail/(.*) https://www.etumbo.com/horde/imp/$1 [L]
RewriteRule /webmail$ /webmail/ [L,R]
RewriteRule ^/gallery/(.*) http://gallery.etumbo.com/gallery/$1 [L]
RewriteRule ^/gallery$ http://gallery.etumbo.com [L]
#RewriteRule ^/audio.* http://audio.etumbo.com [L]
#RewriteRule ^/cgi-bin/citypace/(.*) https://www.etumbo.com/cgi-bin/citypace/$1 [L]
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<LocationMatch "^[^\~]*(\.shtml|\.txt|\.pl)$">
SetHandler perl-script
PerlSetVar MasonArgsMethod "CGI"
PerlHandler HTML::Mason::ApacheHandler
</LocationMatch>
## This removes djdrego portion of the web site from Mason control
<LocationMatch "djdrego\/">
SetHandler None
</LocationMatch>
<LocationMatch "robots.txt">
SetHandler None
</LocationMatch>
<LocationMatch "kernel_config_sdiff.txt">
SetHandler None
</LocationMatch>
<LocationMatch "(PhD\/Work[^\.]*$|PhD\/Work[^\.]\.(.html|txt|pl|desc))">
PerlSetVar MasonDeclineDirs 0
SetHandler perl-script
PerlHandler HTML::Mason::ApacheHandler
</LocationMatch>
<LocationMatch "(\.m(html|txt|pl)|dhandler|autohandler)$">
SetHandler perl-script
PerlInitHandler Apache::Constants::NOT_FOUND
</LocationMatch>
<Directory /var/www/localhost/htdocs/PhD>
DirectoryIndex index.html index.shtml
SetHandler perl-script
#PerlHandler PhDNotesWiki::AccessHandler
PerlOptions +GlobalRequest
Require valid-user
PerlAccessHandler PhDNotesWiki::AccessHandler
AuthType Basic
AuthName "PhD Notes"
AuthUserFile "/etc/apache2/PhDNotes.passwd"
Require valid-user
</Directory>
<Directory /var/www/localhost/htdocs/albums>
AllowOverride Options FileInfo
</Directory>
<Location /audio>
SetHandler perl-script
PerlHandler Apache::MP3::Resample
PerlSetVar AllowDownload "no"
PerlSetVar CacheDir "/var/cache/Apache::MP3"
PerlSetVar DescriptionFormat "%n - %a - %t (%l)"
PerlSetVar Fields "track, artist, title, duration, bitrate"
PerlSetVar SortFields "description"
PerlSetVar PathStyle "Arrows"
PerlSetVar ResamplePresets '16 kbps => -b16, \
56 kbps => -b56, \
128 kbps => -b128, \
160 kbps => -b160'
PerlSetVar DecompressorPresets '"audio/shorten" => "shorten -x %f -|", \
"audio/flac" => "flac -d -c -s %f|"'
AuthType Basic
AuthName "Restricted Audio Area"
AuthUserFile "/etc/apache2/audio.passwd"
Require valid-user
Order allow,deny
Allow from all
</Location>
|
And finally, /etc/apache2/vhosts.d/00_default_ssl_vhost.conf:
| Code: |
<IfDefine SSL>
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
Listen *:443
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.etumbo.com
Include /etc/apache2/vhosts.d/default_vhost.include
ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/apache2/ssl_error_log.current /var/log/apache2/%Y/%m/ssl_error_log"
<IfModule log_config_module>
TransferLog "|/usr/sbin/cronolog --symlink=/var/log/apache2/ssl_access_log.current /var/log/apache2/%Y/%m/ssl_access_log"
</IfModule>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/localhost/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<IfModule setenvif_module>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule log_config_module>
CustomLog /var/log/apache2/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>
|
Any help in resolving this will be greatly appreciated. Thanks!
Last edited by Buddha001 on Fri Aug 22, 2008 12:44 am; edited 1 time in total |
|
| Back to top |
|
 |
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Sun Aug 17, 2008 11:14 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
Well Mr Budda001 let's start from the basics (I can't see anything obviously wrong):
What version of Apache are you running?
Incidentally the error you report seems to imply cgi-bin is a file and not a directory - any help?
Cheers
Jon |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Mon Aug 18, 2008 1:29 am Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | Well Mr Budda001 let's start from the basics (I can't see anything obviously wrong):
What version of Apache are you running?
Incidentally the error you report seems to imply cgi-bin is a file and not a directory - any help?
Cheers
Jon |
Running apache 2.2.9. cgi-bin is definitely not a file - although it would seem that the SSL host thinks it is. Just verified that it's a directory (/var/www/localhost/cgi-bin) with the same user/group and permissions as /var/www/localhost/htdocs. Plus, the non-SSL vhost is able to pick up scripts without any issues. The error I get in the browser is 404 Not Found.
I'm wondering if this may have something to do with me not updating my expired self-signed certificates...is that a possibility? Although other non-CGI things work fine with SSL... |
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Mon Aug 18, 2008 7:45 am Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| Buddha001 wrote: |
I'm wondering if this may have something to do with me not updating my expired self-signed certificates...is that a possibility? Although other non-CGI things work fine with SSL... |
Not sure to be honest but it would not harm to recreate them ( http://sial.org/howto/openssl/self-signed/ ). On the other hand why not set up a CA?
Cheers
Jon |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Mon Aug 18, 2008 7:49 am Post subject: |
|
|
what APACHE2_OPTS do you have configured in /etc/conf.d/apache2?
cheers
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Mon Aug 18, 2008 11:44 am Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | | Buddha001 wrote: |
I'm wondering if this may have something to do with me not updating my expired self-signed certificates...is that a possibility? Although other non-CGI things work fine with SSL... |
Not sure to be honest but it would not harm to recreate them ( http://sial.org/howto/openssl/self-signed/ ). On the other hand why not set up a CA?
Cheers
Jon |
I recreated them and then setup a CA using cacert.org but neither helped. As for the APACHE2_OPTS they are:
| Code: |
APACHE2_OPTS="-D DEFAULT_VHOST -D PERL -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D AUDIO_VHOST -D GALLERY_VHOST -D STORAGESERVER_VHOST -D CITYPACE_VHOST -D SUEXEC -D APREQ -D USERDIR -D PHP5 -D DAV -D DAV_FS -D AUTH_PAM -D MACRO -D PROXY -D PROXY_HTTP -D PROXY_HTML"
|
Anything look out of the ordinary? |
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Wed Aug 20, 2008 7:59 am Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
I've just picked through your first post again.
/var/www/localhost/htdocs/cgi-bin probably does not exist!
In /var/www/localhost/ htdocs and cgi-bin should be at the same level. Looking in your config, that is what it is looking for.
| Code: |
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
Alias /audio /mnt/SoundFiles
</IfModule>
<Directory "/var/www/localhost/cgi-bin">
AllowOverride AuthConfig
# Options None
Order allow,deny
Allow from all
</Directory>
|
So I would say you are using the wrong URL in your browser when you use https.
Cheers
Jon |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Wed Aug 20, 2008 11:30 am Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | I've just picked through your first post again.
/var/www/localhost/htdocs/cgi-bin probably does not exist!
In /var/www/localhost/ htdocs and cgi-bin should be at the same level. Looking in your config, that is what it is looking for.
| Code: |
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
Alias /audio /mnt/SoundFiles
</IfModule>
<Directory "/var/www/localhost/cgi-bin">
AllowOverride AuthConfig
# Options None
Order allow,deny
Allow from all
</Directory>
|
So I would say you are using the wrong URL in your browser when you use https.
Cheers
Jon |
I'm not sure what you mean...I use the same URL when using both http and https. For example, the script I'm trying to access is: http://www.etumbo.com/cgi-bin/citypace/contacts.cgi. When I type that in exactly it works. When I do https://www.etumbo.com/cgi-bin/citypace/contacts.cgi it does not work and I get a 404 Not Found Error. Feel free to try it yourself. Both htdocs and cgi-bin are at the same level within /var/www/localhost - that's how gentoo apache config set it up originally and I've never mucked with that. |
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Wed Aug 20, 2008 12:33 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
Fair enough but something is causing an attempt to access the file to cause the error:
| Code: |
[Sun Aug 17 17:56:22 2008] [error] [client 192.168.1.1] File does not exist: /var/www/localhost/htdocs/cgi-bin
|
Perhaps a stray symlink? #ls -l /var/www/localhost (also check cgi-bin and htdocs themselves)
Another thing to try is to disable the ordinary VHOST (ie remove -D DEFAULT_VHOST) and see if just the SSL one works OK on its own.
Cheers
Jon |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Wed Aug 20, 2008 1:34 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | Fair enough but something is causing an attempt to access the file to cause the error:
| Code: |
[Sun Aug 17 17:56:22 2008] [error] [client 192.168.1.1] File does not exist: /var/www/localhost/htdocs/cgi-bin
|
Perhaps a stray symlink? #ls -l /var/www/localhost (also check cgi-bin and htdocs themselves)
Another thing to try is to disable the ordinary VHOST (ie remove -D DEFAULT_VHOST) and see if just the SSL one works OK on its own.
Cheers
Jon |
No stray symlinks, and SSL works just fine when accessing things directly within /var/www/localhost/htdocs. I have horde-imp installed in that directory and it is accessible via SSL w/o any problems. It just seems like the SSL VHOST is not understanding the ScriptAlias directive and so it's directly translating the cgi-bin directory to be within htdocs, which it is not.
I also tried aliasing other directories outside of /var/www/localhost/htdocs and those also do not work in the SSL VHOST, but do work with default non-SSL VHOST, so it definitely seems to be an issue with SSL and Alias/ScriptAlias directories. |
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Wed Aug 20, 2008 2:25 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
I am running several 2.2.9 Apaches with SSL and various scriptalias with no problems.
Now I always USE=vhost but I think you are not. Your 00_default_ssl is very different to mine, so I suspect that it is quite an old one. However, if you run etc-update you will have quite a lot of unpicking to do.
Could I recommend switching to USE=vhost. It will require a bit of work but at least you can then update with fewer problems. You can also do things like test web-apps out in another vhost before deploying to your live one.
Since I made the switch, it has made life a lot easier.
Cheers
Jon |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Wed Aug 20, 2008 2:28 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | I am running several 2.2.9 Apaches with SSL and various scriptalias with no problems.
Now I always USE=vhost but I think you are not. Your 00_default_ssl is very different to mine, so I suspect that it is quite an old one. However, if you run etc-update you will have quite a lot of unpicking to do.
Could I recommend switching to USE=vhost. It will require a bit of work but at least you can then update with fewer problems. You can also do things like test web-apps out in another vhost before deploying to your live one.
Since I made the switch, it has made life a lot easier.
Cheers
Jon |
Yeah, I'm kind of in the middle of going through this process, but I needed to figure out how to get SSL working for multiple vhosts on the same IP. It seems like I can with SNI, which I've only recently enabled. Once I get that working I'll completely switch over to USE=vhost. Right now I have it enabled only for certain web-apps. Could you post how your 00_default_ssl is different than mine? I've run etc-update everytime I do an apache upgrade, so I shouldn't really be behind on configuration file updates.
Thanks! |
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Wed Aug 20, 2008 2:55 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
I even double checked! I've just dismembered the ebuild palava that is Apache and eventually found this file:
| Code: |
/usr/portage/distfiles/gentoo-apache-2.2.9-20080615.tar.bz2
|
which contains the Gentoo specific bits to Apache. In there is the current 00_default_ssl_vhost.conf. It is quite different to the one you posted above.
Cheers
Jon |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Wed Aug 20, 2008 3:00 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | I even double checked! I've just dismembered the ebuild palava that is Apache and eventually found this file:
| Code: |
/usr/portage/distfiles/gentoo-apache-2.2.9-20080615.tar.bz2
|
which contains the Gentoo specific bits to Apache. In there is the current 00_default_ssl_vhost.conf. It is quite different to the one you posted above.
Cheers
Jon |
Here's a diff of the one in the distfile and mine. Doesn't seem all that different to me...
| Code: |
9c9
< Listen 443
---
> Listen *:443
11,12c11,14
< <VirtualHost _default_:443>
< ServerName localhost
---
> NameVirtualHost *:443
> <VirtualHost *:443>
> ServerName www.etumbo.com
>
14c16
< ErrorLog /var/log/apache2/ssl_error_log
---
> ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/apache2/ssl_error_log.current /var/log/apache2/%Y/%m/ssl_error_log"
17c19
< TransferLog /var/log/apache2/ssl_access_log
---
> TransferLog "|/usr/sbin/cronolog --symlink=/var/log/apache2/ssl_access_log.current /var/log/apache2/%Y/%m/ssl_access_log"
35c37,38
< SSLCertificateFile /etc/apache2/ssl/server.crt
---
> SSLCertificateFile /etc/apache2/ssl/etumbo.com_cert.pem
> #SSLCertificateFile /etc/apache2/ssl/server.crt
43c46,47
< SSLCertificateKeyFile /etc/apache2/ssl/server.key
---
> SSLCertificateKeyFile /etc/apache2/ssl/etumbo.com_privatekey.pem
> #SSLCertificateKeyFile /etc/apache2/ssl/server.key
175a180
>
|
|
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Wed Aug 20, 2008 3:26 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
Worth a try though.
Still, where on earth is that error coming from with the extra /htdocs/ in the request?
I'm now really clutching at straws: what sort of script are you trying to run? Could you try print-env (default supplied script - need to chmod it +x though)
Cheers
Jon |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Wed Aug 20, 2008 5:51 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | Worth a try though.
Still, where on earth is that error coming from with the extra /htdocs/ in the request?
I'm now really clutching at straws: what sort of script are you trying to run? Could you try print-env (default supplied script - need to chmod it +x though)
Cheers
Jon |
Yup, did try that - same thing.  I'm a bit puzzled as well. I've tried every google search possible trying to find anyone else that's had a such an issue and can't find anything. |
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Wed Aug 20, 2008 10:42 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
Could you just double check your ssl_sccess or error logs for the result of trying to access https://<your site>/cgi-bin/printenv please?
Cheers
Jon |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Thu Aug 21, 2008 12:08 am Post subject: Re: Apache SSL VHOST can't find cgi-bin |
|
|
| gerdesj wrote: | Could you just double check your ssl_sccess or error logs for the result of trying to access https://<your site>/cgi-bin/printenv please?
Cheers
Jon |
From ssl_access_log:
| Code: | | 92.168.1.1 - - [20/Aug/2008:20:06:40 -0400] "GET /cgi-bin/print-env HTTP/1.1" 404 280 |
and from ssl_error_log:
| Code: | | [Wed Aug 20 20:06:40 2008] [error] [client 192.168.1.1] File does not exist: /var/www/localhost/htdocs/cgi-bin |
Stumped... |
|
| Back to top |
|
|
Buddha001
Tux's lil' helper
Joined: 24 Nov 2005
Posts: 76
|
| Posted: Fri Aug 22, 2008 12:43 am Post subject: Re: Apache SSL VHOST can't find cgi-bin [SOLVED] |
|
|
| Buddha001 wrote: | | gerdesj wrote: | Could you just double check your ssl_sccess or error logs for the result of trying to access https://<your site>/cgi-bin/printenv please?
Cheers
Jon |
From ssl_access_log:
| Code: | | 92.168.1.1 - - [20/Aug/2008:20:06:40 -0400] "GET /cgi-bin/print-env HTTP/1.1" 404 280 |
and from ssl_error_log:
| Code: | | [Wed Aug 20 20:06:40 2008] [error] [client 192.168.1.1] File does not exist: /var/www/localhost/htdocs/cgi-bin |
Stumped... |
Well, I do believe I finally got it working. It looks like I had an old default_ssl_vhost.conf file stuck in my /etc/apache2/modules.d/ directory that was mucking stuff up. After moving that out of the way, it seems to have done the trick. And I've managed to move everything to a USE=vhosts setup, so it should be far easier to maintain now - hopefully. 
Thanks for all the help and suggestions. |
|
| Back to top |
|
|
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Fri Aug 22, 2008 8:40 pm Post subject: Re: Apache SSL VHOST can't find cgi-bin [SOLVED] |
|
|
| Quote: |
Well, I do believe I finally got it working. It looks like I had an old default_ssl_vhost.conf file stuck in my /etc/apache2/modules.d/ directory that was mucking stuff up. After moving that out of the way, it seems to have done the trick. And I've managed to move everything to a USE=vhosts setup, so it should be far easier to maintain now - hopefully.
Thanks for all the help and suggestions. |
Hooray! USE=vhost is a lot easier to maintain and great for QC. You can test a package in a test vhost and then only when you have got the upgrade procedure sorted out do you mess with the live one. Also you are not messing about with the real one so the point where you find you can't exactly remember what you did and wish you'd taken a backup - well I'm sure you know this one.
Glad its sorted.
Cheers
Jon |
|
| Back to top |
|
|
|
Networking & Security
