Apache2 - virtual hosts - 403 Forbidden
I am trying to set up virtual hosts.
Apache2.4.7
Ubuntu 14.04
000-default.conf:
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /home/ronskiy/public_html/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>test.local.conf:
<VirtualHost *:80>
ServerName test.local
ServerAlias test.local
DocumentRoot /home/ronskiy/public_html/
LogLevel warn
ErrorLog /var/log/test-error.log
CustomLog /var/log/test-access.log combined
<Directory "/home/ronskiy/public_html/"> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Require all granted
</Directory>hosts:
127.0.0.1 localhost test.local
127.0.1.1 ronskiy-K55VM
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allroutersls -l:
drwxrwxr-x 3 ronskiy ronskiy 4096 січ 19 23:26 public_htmland if I trying to open I have 403 Forbidden error. What I'm doing wrong?
1 Answer
You should check the permissions of the folders used as Document Root in your configuration. Usually, apache uses the user www-data and you should ensure that this user has the required permissions.
There is a very nice post about this topic here:
Assuming you are the only one managing the server, this should be a good starting point.
Maintained by a single user If only one user is responsible for maintaining the site, set them as the user owner on the website directory and give the user full rwx permissions. Apache still needs access so that it can serve the files, so set www-data as the group owner and give the group r-x permissions.
chown -R eve contoso.com
chgrp -R www-data contoso.com
chmod -R 750 contoso.com
chmod g+s contoso.com
ls -l
drwxr-s--- 2 eve www-data 4096 Feb 5 22:52 contoso.comif you have folders that need to be writable by Apache, you can just modify the permission values for the group owner so that www-data has write access.
chmod g+w uploads
ls -l
drwxrws--- 2 eve www-data 4096 Feb 5 22:52 uploadsThe benefit of this configuration is that it becomes harder (but not impossible*) for other users on the system to snoop around, since only the user and group owners can browse your website directory. This is useful if you have secret data in your configuration files. Be careful about your umask! If you create a new file here, the permission values will probably default to 755. You can run umask 027 so that new files default to 640 (rw- r-- ---).
