I'm experiencing some issues with containers running apache2 + passenger phusion + rails app when I deploy them on mac or linux.
I use the same image (based on ubuntu:14.04) pulled from the docker hub and the same run command
docker run -it -p 80:80 -p 443:443 -e RAILS_ENV=development --link pg my-image-name
On OSX 10.10.5, running docker 1.9.1, build a34a1d5 everything works fine.
On my production server ubuntu 14.04.3 LTS, running the same docker version, I get the following error
AH00035: access to / denied (filesystem path '/home/app/app') because search permissions are missing on a component of the path
Permissions are set with chmod 775 -R /home/app.
Here is passenger and apache version + configuration
Server version: Apache/2.4.7 (Ubuntu)
Server built: Oct 14 2015 14:20:21
Phusion Passenger 5.0.22
<VirtualHost *:80>
ServerName www.my-app.com
DocumentRoot /home/app/app/public
PassengerRuby /usr/bin/ruby
RailsEnv development
ErrorLog "/home/app/app/log/apache_error_log"
CustomLog "/home/app/app/log/apache_access_log" common
<Directory /home/app/app/public>
AllowOverride all
Options -MultiViews +FollowSymLinks +Indexes
Require all granted
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Any idea why I'm getting two different behaviours between OS X and Ubuntu running the same container?
Thanks
As commented in issue 16741:
I think I've seen a similar issue, which was related to the aufs driver.
Fixed by using "devicemapper" instead of "aufs" thanks to this post:
"Switching Docker from aufs to devicemapper"
changed /etc/default/docker to enable device mapper:
(save the images first)
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="--storage-driver=devicemapper"
The OP Alberto Sabaini confirms it works:
I thought that Ubuntu LTS would be using device mapper as default, but by typing docker info | grep Storage, I get Storage Driver: aufs in both mac and Ubuntu.
The weird part is that my image spin fine on mac with aufs and on Ubuntu on device mapper.
Related
My web server is set up like this:
AWS EC2 Linux AMI
Apache 2.4
PHP 7
MySQL
Certbot is giving me an error like this when I try to run it:
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
I've looked at other answers people posted on their blogs etc... but they were were not specifically for the EC2 Linux AMI or were made more complicated than they need be.
Most of them seem to have something to do with /sites-available or enabled... but the main .conf file already has a line in it that points to additional .conf files. No need to add a line there.
This all assumes that you have Apache 2.4 installed and are trying to install Certbot.
Make sure A record is set to your IP address in DNS.
cd /etc/httpd/conf.d
sudo nano yourDomainName.conf
Paste, edit, and save the following:
<VirtualHost *:80>
ServerName yourDomainName.com
DocumentRoot /var/www/html
ServerAlias www.yourDomainName.com
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
</VirtualHost>
.
sudo service httpd restart
And with this you should see the virtual host:
httpd -D DUMP_VHOSTS
To install certbot:
cd ~/downloads
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo certbot-auto --apache --debug
Try option 1, "spin up a temporary web server"
I had running nginx on port 80, even setup xamp on port 80, curl on port 80 worked, but it could not find server at localhost
A probable issue with certbot trying to setup and authenticate host with existing servers.
Use of temporary webserver (option 1) worked, ensure no service is running on port 80
I have no httpd service, so I have know such directory and file.
But thanks for the advice before I found the file mydomain.conf in the directory
(in your case you should replace mydomain
/etc/apache2/sites-available and I modified it as it was advised above
sudo nano /etc/apache2/sites-available/mydomain.conf
<VirtualHost *:80> DocumentRoot /var/www/mydomain ServerName mydomain </VirtualHost>
then check for correct
sudo apache2ctl configtest
then restart apache
systemctl reload apache2
and then run certbot
certbot --apache -d mydomain
I have generated my app using Jhipster. Configured it to run on amazon ec2 with Ubuntu 16.x and apache with following configuration and godaddy a record. When I hit the website url it maps and renders the site without any issues.
apache2 configuration
<VirtualHost *:80>
ServerName 111.22.33.444
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://111.22.33.444:8080/
ProxyPassReverse / http://111.22.33.444:8080/
</VirtualHost>
Nest step, trying to configure SSL. I have bought the SSL from godaddy for my domain, configured it and uploaded the *.crt files into /etc/apache2/ssl. I quickly realized just by adding another virtual host configuration for port 443 will not work because JHipster app is running on 8080. I went back and looked at https://www.jhipster.tech/production/ and they have instructions for configuring SSL with HTTPS configuration with a front-end proxy and this where I got lost and am unable to configure SSL and serve up my domain on https.
What is not clear is can I still run the app on 8080 and simply follow the instructions under HTTPS configuration with a front-end proxy? First, I configured apache using "lets encrypt" using the following command
sudo certbot --apache -d doamin.com --agree-tos -m info#domain.com --redirect
it failed saying
Failed redirect for domain.com
Unable to set enhancement redirect for domain.com
It didn't work.
What are the changes for Jhipster application that I need to do? Should it run on 443 or continue to run 8080 and update virtual host configuration? How should i configure virtual host?
I have searched high and low with no instructions. Any direction is much appreciated.
Assuming your app is available at http://127.0.0.1:8080/, you can successfully configure Apache for HTTPS with Certbot by following the below steps.
Setup server with:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache apache2
Start with the config:
<VirtualHost *:80>
ServerName example.com
ServerAlias example.com
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost On
ProxyRequests Off
</VirtualHost>
Enable plugins and restart Apache2, making the app accessible at the domain configured above:
a2enmod headers proxy proxy_http
service apache2 restart
Then run certbot with the instructions in the docs:
sudo certbot --apache -d example.com
After that, your app will be accessible at the domain you configured and served via HTTPS.
I Installed Laravel 4 on Ubuntu 12.04, I follow these steps from -
http://www.dev-metal.com/install-laravel-4-ubuntu-12-04-lts/
www.dev-metal.com/install-laravel-4-ubuntu-12-04-lts/
Activate mod_rewrite
Install the mod_rewrite module (or extension or whatever it is) and restart the Apache:
sudo a2enmod rewrite
sudo service apache2 restart
Open the default vhost config file:
sudo nano /etc/apache2/sites-available/default
DocumentRoot /var/www
<Directory /var/www>
and change them to
DocumentRoot /var/www/public
<Directory /var/www/public>
than Install Laravel 4
cd /var/www
wget https://github.com/laravel/laravel/archive/master.zip
unzip master.zip && cd laravel-master/ && mv * ../ && cd ..
rm -r laravel-master && rm master.zip
Run the installation with Composer by
composer install
and restart the server:
sudo service apache2 restart
than successfully installed and message :
but when I'm trying to run another web project for example
http://localhost/demo
than error comes like :
Not Found
The requested URL /demo was not found on this server.
Apache/2.2.22 (Ubuntu) Server at localhost Port 80
Add the following to your apache directory configuration.
AllowOverride All
go to the httpd.conf file of the server and remove hash (comment tag) from line showing below
LoadModule rewrite_module modules/mod_rewrite.so
it may be created from server side.
That is because your DocumentRoot is now set to /var/www/public which, i think where your problem is. Try putting your demo project folder inside the public folder then, try again. If it is a route, add it to /app/routes.php
I installed Apache2 and Tomcat7 on Amazon EC2 Ubuntu12.04 using command:
sudo apt-get install apache2
sudo apt-get install tomcat7
Now for tomcat
CATALINA_HOME is /usr/share/tomcat7 (bin and lib folders of tomcat)
CATALINA_BASE is /var/lib/tomcat7 (webapps folder is in there)
For Apache
Apache modules : /etc/apache2/mods-enabled
virtual hosts : /etc/apache2/sites-enabled
configuration file : /etc/apache2/apache2.conf
Apache configuration file httpd.conf is empty.
How can I redirect all request from Apache2 to Tomcat7?
Means for Example if I enter 10.121.143.116:80 in browser, it will hit 10.121.143.116:8080
Kindly suggest as I am finding on google since last 2 months and found too many solutions all mix up and not able to understand single best working solution.
Hope this will help.
First, create sampleweb file in /etc/apache2/sites-available
sudo touch /etc/apache2/sites-available/proxy_your_sampleweb
Second, add the following in above sampleweb host file.
sudo vi /etc/apache2/sites-available/proxy_your_sampleweb
#For forwarding everything
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Third, enable sampleweb site
sudo a2ensite proxy_your_sampleweb
Forth, reload apache2 configuration
sudo service apache2 reload
Fifth, access your tomcat app using 80 port.
http://<>/
if you want to redirect only specific context like sampleweb, you can customise the above to limit only your sampleweb request to tomcat.
sudo vi /etc/apache2/sites-available/proxy_your_sampleweb
#For forwarding only required contexts
ProxyRequests Off
ProxyPass /sampleweb http://localhost:8080/sampleweb
ProxyPassReverse /sampleweb http://localhost:8080/sampleweb
These are my VM setup:
HOST: windows 7 ultimate 32bit
GUEST: CentOs 6.3 i386
Virtualization soft: Oracle virtualBox 4.1.22
Networking: NAT -> (PORT FORWARD: HOST:8080 => GUEST:80)
Shared Folder: centos
all the project files goes into shared folder and for each project file a virtualhost conf file is created in /etc/httpd/conf.d/ like /etc/httpd/conf.d/$domain
I wasn't able to see anything in my browser before disabling both windows firewall and iptables in centos after that if i type for example: http://www.$domain:8080/ all i see is:
Forbidden
You don't have permission to access / on this server.
Apache/2.2.15 (CentOS) Server at www.$domain.com Port 8080
A sample Virtual Host conf file:
<VirtualHost *:80>
#General
DocumentRoot /media/sf_centos/path/to/public_html
ServerAdmin webmaster#$domain
ServerName www.$domain
ServerAlias $domain *.$domain
#Logging
ErrorLog /var/log/httpd/$domain-error.log
CustomLog /var/log/httpd/$domain-access.log combined
#mod rewrite
RewriteEngine On
RewriteLog /var/log/httpd/$domain-rewrite.log
RewriteLogLevel 0
</VirtualHost>
centos shared folder is availabe to guest at /media/sf_centos
These are file permissons for sf_centos:
drwxrwx--- root vboxsf
vboxsf group includes: apache and root
So these are my questions:
1- How to solve Forbidden Problem?
2- How to setup both host and guest firewalls?
3- How can improve this development environment to simulate production environment as much as possible specially security improvements?
For #1/2: This is a permissions issue due to the auto-mounting method that VirtualBox uses. Instead of auto-mounting you have to mount it manually.
The post by suomynona (3rd reply) has some step-by-step instructions on resolving this issue:
https://forums.virtualbox.org/viewtopic.php?f=3&t=38891#p179152
As for #3, a standard practice is to have a staging server that mimics production as closely as possible (same OS, same updates, versions, etc). That will allow you to deploy from your local development environment for integration testing before you deploy to production. Sometimes we'll even set up our dev VM's to use the same OS as production for more complex projects where version/compatibility issues may cause headaches.