I’ve tried everything on similar questions but no luck.
I’m getting “You don’t have permission to access X on this server.” on all requests.
I have two sites on the same IP, the apache config files are identical, the file permissions are identical, however, one works and the other doesn’t.
The config file:
<VirtualHost x.x.xxx.xx:80>
ServerName site2.example.com
ServerAlias site2.example.com
Redirect / https://site2.example.com/
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</VirtualHost>
<VirtualHost x.x.xxx.xx:443>
Protocols h2 http/1.1
ServerName site2.example.com
ServerAlias site2.example.com
ServerAdmin [email protected]
SetEnv ENVIRONMENT production
DocumentRoot /data/www/site2.example.com
<Directory /data/www/site2.example.com>
Options -Indexes +FollowSymLinks
AllowOverride All
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
Require all granted
</Directory>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
ErrorLog /var/log/apache2/site2_error.log
LogLevel warn
KeepAlive On
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/site2.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site2.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header add Strict-Transport-Security "max-age=15768000"
# Add File Caching
<filesMatch ".(js|css|png|jpeg|jpg|gif|ico|pdf)$">
Header set Cache-Control "max-age=31536000, public"
</filesMatch>
# Disable slower encryption on older versions of IE
SetEnvIf User-Agent ".*MSIE [1-5].*"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
SetEnvIf User-Agent ".*MSIE [6-9].*"
ssl-unclean-shutdown
</VirtualHost>
What could I be missing?
The permission commands used:
sudo chown -R www-data:www-data /data/www/site2.example.com
sudo find /data/www/site2.example.com -type f -exec chmod 644 {} ;
sudo find /data/www/site2.example.com -type d -exec chmod 775 {} ;
I’ve already restarted apache.
2
Answers
So the problem was that for SSL the config file above wasn't being used. I've found the problem by listing the sites enabled
sudo apache2ctl -S
which returned:Which is a file created when setting up letsencrypt. I fixed the issue by disabling the config file,
sudo a2dissite site2-le-ssl.conf
.Maybe the problem is not the config. Many other modifiers (including .htaccess) impact the server response.
To isolate the problem, use the failing website config file but use the working website directory path and see if it works.