Question posted in
Some documentation to get you started can be found here.

403 forbidden : You don't have permission to access this resource. Apache/2.4.29 (Ubuntu) Server Port 443

I’m trying to run my instance on https and it is throwing this error.

It is working fine on http if I remove the SSL.

This is the message I’m getting on my error.log:

AH01630: client denied by server configuration: /home/ubuntu/readingroots/
 AH01630: client denied by server configuration: /home/ubuntu/readingroots/favicon.ico, referer: https://readingroots.in/

This is my 000-default.conf file congif:

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName readingroots.in
        ServerAlias www.readingroots.in
        DocumentRoot /home/ubuntu/readingroots
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Alias /static /home/ubuntu/readingroots/static
<Directory /home/ubuntu/readingroots/static>
        Require all granted
</Directory>
<Directory /home/ubuntu/readingroots/readbus_project>
        <Files wsgi.py>
        Require all granted
        </Files>
</Directory>
        WSGIDaemonProcess readingroots python-path=/home/ubuntu/readingroots python-home=/home/ubuntu/readingroots/myprojectenv
        WSGIProcessGroup readingroots
        WSGIScriptAlias / /home/ubuntu/readingroots/readbus_project/wsgi.py

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.readingroots.in [OR]
RewriteCond %{SERVER_NAME} =readingroots.in
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

And this is my 000-default-le-ssl.conf conf file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName readingroots.in
        ServerAlias www.readingroots.in
        DocumentRoot /home/ubuntu/readingroots
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Alias /static /home/ubuntu/readingroots/static
<Directory /home/ubuntu/readingroots/static>
        Require all granted
</Directory>
<Directory /home/ubuntu/readingroots/readbus_project>
        <Files wsgi.py>
        Require all granted
        </Files>
</Directory>


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/readingroots.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/readingroots.in/privkey.pem
</VirtualHost>
</IfModule>

I’ve tried various things but nothing seems to be working.
Please help and let me know if I can try anything.

Edit:

This is the output after running ls -l /home/ubuntu/readingroots command:

total 2164
drwxrwxr-x 5 ubuntu ubuntu      4096 Jul 26 18:23 actions
drwxrwxr-x 5 ubuntu ubuntu      4096 Jul 26 18:23 books
-rwxrwxr-x 1 ubuntu ubuntu     16384 Aug 14 05:32 celerybeat-schedule
drwxrwxr-x 5 ubuntu ubuntu      4096 Jul 26 18:23 chats
-rw-rw-r-- 1 ubuntu www-data 2120704 Aug 17 23:07 db.sqlite3
-rwxrwxr-x 1 ubuntu ubuntu     18446 Jul 15 19:21 edits.txt
-rwxrwxr-x 1 ubuntu ubuntu       656 Apr 26  2020 manage.py
drwxrwxr-x 3 ubuntu ubuntu      4096 Jul 24 03:20 media
drwxrwxr-x 5 ubuntu ubuntu      4096 Jul 24 06:05 myprojectenv
drwxrwxr-x 5 ubuntu ubuntu      4096 Jul 26 18:24 pages
drwxrwxr-x 4 ubuntu www-data    4096 Jul 26 05:22 readbus_project
drwxrwxr-x 8 ubuntu ubuntu      4096 Jul 26 18:40 static
drwxrwxr-x 7 ubuntu ubuntu      4096 Jul 26 18:38 static2
drwxrwxr-x 2 ubuntu ubuntu      4096 Jul 24 03:23 supervisor
drwxrwxr-x 4 ubuntu ubuntu      4096 Jul 24 03:23 templates
drwxrwxr-x 5 ubuntu ubuntu      4096 Jul 26 18:24 users
-rwxrwxr-x 1 root   root           0 Aug  5 05:43 vi
Tags:

2

Answers


  1. 0

    You have set the Require all granted option on directories

    /home/ubuntu/readingroots/readbus_project

    and

    /home/ubuntu/readingroots/static

    whereas you also need a directive for the /home/ubuntu/readingroots directory itself. More here.

    Login or Signup to reply.
  2. 0

    Seems you are using python wsgi and you didn’t give it the server permissions on the root node of the project

    error from comments

    [autoindex:error] [pid 27528:tid 140136830449408] [client 103.119.165.25:64522] AH01276: Cannot serve directory /home/ubuntu/readingroots/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive

    For your case:
    this error in comments means your server can’t see wsgi on port 433

    In you config there is no WSGIScriptAlias, WSGIDaemonProcess or any of that for 433 conf..

    it should be configured properly in 433 server config as well as 80

    For others who may counter this issue could help also:

    DocumentRoot /home/ubuntu/readingroots has no <Directory> mark itself so you need to make sure it exists

    some thing like this:

    <Directory /home/ubuntu/readingroots>
        Require all granted
</Directory>

    This issue could appear if the wsgi server itself tries to fetch a file that belongs to other user than the one running the worker, so you need to fix any permission issue

    • go to the apache2 config dir /etc/apache2 on ubuntu – you’ll find a file called magicvars

    • change the apache-run-user & apache-run-group to what you use in your wsgi service

    • give that user and group all permisions on your root Dir

      chown -R user:group *

    • add write premisions to the group members if you use other user than your editing one

      chmod g+x *
// or
chmod 774 *

    • add your user to that group if you aren’t

      sudo usermod -a -G group user

    I would recomend "NGNIX" as a proxy for wsgi python applications as I tried both and belive that apache2 is not a good friend of python

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search