Apache can't serve directory or locate files even though they all exist with the correct permissions

Question

I'm using CentOS8, with a bog-standard (yum install httpd php) installation of apache and php.

I've got a configuration (/etc/httpd/conf.d/trip.mydomain.mytld.conf) that looks like the following:

<VirtualHost *:80>
    ServerName trip.mydomain.mytld

    DocumentRoot /var/www/trip/public
    <Directory "/var/www/trip/public">
        Require all granted
    </Directory>

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =trip.mydomain.mytld
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

As a sanity check:

$ ls -la /var/www/
...
drwxr-xr-x. 10 apache         root 4096 Oct  5 23:01 trip
...

$ ls -la /var/www/trip
...
drwxr-xr-x.  7 apache root   4096 Oct  6 01:07 public
...

$ ls -la /var/www/trip/public
...
-rwxr-xr-x.  1 apache root   532 Oct  5 22:04 index.php
...

To be sure it wasn't SELinux, I've disabled that and restarted the server to no avail...

No matter what I've tried, when I load trip.mydomain.mytld, I get a 403 Forbidden, and my logs are populated with:

AH01276: Cannot serve directory /var/www/tripwire/public: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

I have another service running with a similar configuration that works, and I'm baffled as to what's wrong with this -- but I assume it's because the first configuration is the "default", though I'm not sure what issues that might be causing.

In case it's relevant, the result of running httpd -S is as follows:

VirtualHost configuration:
*:443                  is a NameVirtualHost
    default server auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld-le-ssl.conf:2)
    port 443 namevhost auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld-le-ssl.conf:2)
    port 443 namevhost tripwire.mydomain.mytld (/etc/httpd/conf.d/tripwire.mydomain.mytld-le-ssl.conf:2)
*:80                   is a NameVirtualHost
    default server auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld.conf:1)
    port 80 namevhost auth.mydomain.mytld (/etc/httpd/conf.d/auth.mydomain.mytld.conf:1)
    port 80 namevhost tripwire.mydomain.mytld (/etc/httpd/conf.d/tripwire.mydomain.mytld.conf:1)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

Can you try putting the `Directory` block outside the `VirtualHost` block and see what happens? — Jose Fernando Lopez Fernandez, Oct 06 '21 at 02:04
Sorry, I missed the error message; here's your problem: `No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive` So it's not a permissions issue. Since you have an `index.php` file, did you check if PHP was properly configured? — Jose Fernando Lopez Fernandez, Oct 06 '21 at 02:19
As far as I can tell, it's properly configured, but it's certainly possible I missed a check... `$ sudo php-fpm -t` yields `[06-Oct-2021 02:22:38] NOTICE: configuration file /etc/php-fpm.conf test is successful`, and `php-fpm` is running as user `apache` — brinchter, Oct 06 '21 at 02:23
I think that Apache might not know it needs to pass of the requests to the fast process manager. Can you create a `test.php` file in your server's public directory with only ` — Jose Fernando Lopez Fernandez, Oct 06 '21 at 02:29
It's odd though, because the error message specifically includes `index.php`, so it may not be that, but it'll at least eliminate a possibility. — Jose Fernando Lopez Fernandez, Oct 06 '21 at 02:31
That yielded a different error at the very least... `[proxy_fcgi:error] [pid dddd:tid tttt] [client aa.bb.cc.dd:ffff] AH01071: Got error 'Primary script unknown\n'` — brinchter, Oct 06 '21 at 02:32
I've never had that problem, but other questions suggest a reboot might work? Can you try that? — Jose Fernando Lopez Fernandez, Oct 06 '21 at 02:34
A reboot (of everything, php-fpm, apache... and then the whole machine) didn't fix anything. — brinchter, Oct 06 '21 at 02:39
Yikes, okay. Well, let's see. Can you post the versions of apache and httpd? And can you post your PHP handler and DirectoryIndex settings from your apache configuration as well? — Jose Fernando Lopez Fernandez, Oct 06 '21 at 02:44
[This is the answer](https://serverfault.com/questions/960558/mod-rewrite-on-debian-stretch-breaks-php7-0-fpm-with-ah01071-got-error-primary?rq=1) I'm referencing for the PHP-FPM and Apache versions, btw — Jose Fernando Lopez Fernandez, Oct 06 '21 at 02:45
`apache` is known as `httpd` on `CentOS` so for apache / httpd versions: `$ sudo httpd -V` yielded (among other notes) `Server version: Apache/2.4.37 (centos)`. By php handler do you mean `/etc/httpd/conf.d/php.conf` (which is unmodified from default install, and just denies all on `.user.ini` and does misc php-fpm configuration alongside adding to the DirectoryIndex ) or something else? My DirectoryIndex (after all conf preprocessing) is `index.html, index.php` according to the error logs (and a `grep -RiP of /etc/httpd` agrees). — brinchter, Oct 06 '21 at 02:54
Yea, sorry, I meant apache and php-fpm. The `DirectoryIndex` directive doesn't use commas to separate files, all you need is `DirectoryIndex index.html index.php` (I don't know whether this is actually the cause of the problem, but I doubt it). And yea, I'm just wondering whether your `SetHandler` directive for PHP files is actually getting processed — Jose Fernando Lopez Fernandez, Oct 06 '21 at 03:00
Gotcha. `$ sudo php-fpm -v` yielded `7.2.24`. My SetHandler is `SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"` in my `/etc/httpd/conf.d/php.conf`. (As an aside, setting `ProxyFCGIBackendType GENERIC` didn't fix it, though I didn't quite expect it to...) — brinchter, Oct 06 '21 at 03:05

Apache can't serve directory or locate files even though they all exist with the correct permissions

0 Answers0