Forums

Resolved
0 votes
Hi All,

The Alternative url : [share].server.sufix
is no longer working while the base url : server.sufix/flexshare/[share]/
is working

The appache error is :
Cannot serve directory /var/flexshare/shares/xxx/: No matching DirectoryIndex (index.html,default.html,index.php) found, and server-generated directory index forbidden by Options directive

Because the appache configuration is generated by flexshare webconfig in /etc/httpd/conf.d/flex-443.conf
I can't fix it.
The generated configation is :
Alias /flexshare/[share] /var/flexshare/shares/[share]

<VirtualHost *:443>
ServerName [share].server.sufix
DocumentRoot /var/flexshare/shares/[share]
ErrorLog /var/log/httpd/server.sufix_error_log
CustomLog /var/log/httpd/server.sufix_access_log common
SSLEngine on
# No weak export crypto allowed
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+A$
SetEnvIf User-Agent ".*MSIE.*"nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/server.sufix/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.sufix/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server.sufix/chain.pem
</VirtualHost>

<Directory /var/flexshare/shares/[share]>
Options +Indexes +FollowSymLinks -IncludesNOExec
AuthName "my share"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
<RequireAll>
Require unix-group moi
</RequireAll>
<FilesMatch \.php$>
SetHandler None
ForceType text/plain
SetHandler application/x-httpd-php-source
</FilesMatch>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>

I also do not understand why the configuration is different as they both target the same folder and so the same configuration directives ?!?
What did I miss ?

Why this working feature is now down ?

As the user get a 403 error :
92.184.105.74 - - [17/Jun/2022:10:06:46 +0200] "GET / HTTP/1.1" 403 4897
Friday, June 17 2022, 08:25 AM
Share this post:

Accepted Answer

Friday, June 17 2022, 08:43 AM - #Permalink
Resolved
0 votes
Hi All,

I've google a little and find this post :
https://serverfault.com/questions/786371/apache-2-4-options-indexes-inside-virtualhost

However, placing the Options +Indexes directive inside the <Location /> container will fix it and the auto-generated index will be served.


So I've fixed this issue with adding this at the end :

<Location />
Options +Indexes +FollowSymLinks -IncludesNOExec
</Location>
</VirtualHost>


So now the question is how could we fix the flexshare apps ?

Server version: Apache/2.4.6 (CentOS)
Server built: Mar 24 2022 14:57:57


Any help will be apreciated
The reply is currently minimized Show
Responses (5)
  • Accepted Answer

    Friday, June 17 2022, 10:12 AM - #Permalink
    Resolved
    1 votes
    Thanks for that. To make my life easy, is there any chance that you can e-mail your /usr/clearos/apps/flexshare/libraries/Flexshare.php to me at support@clearcenter.com?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, June 17 2022, 09:50 AM - #Permalink
    Resolved
    0 votes
    Hi Developpers,

    I've fixed the /usr/clearos/apps/flexshare/libraries/Flexshare.php
    with line 3282 : I've add the variable $options like this :
                    // Create new configuration files in parallel
    $config_virtual_host = $this->_generate_web_virtual_hosts($share, $port, $options);


    Instead of :
                    // Create new configuration files in parallel
    $config_virtual_host = $this->_generate_web_virtual_hosts($share, $port);


    So naturaly I've extended the function line 3433 with :
        protected function _generate_web_virtual_hosts($share, $port, $options)

    Instead of
        protected function _generate_web_virtual_hosts($share, $port)


    And at last I do the job with an insert before line 3549 :
    Insted of :
                $config_virtual_host[] = "<_/VirtualHost_>\n";

    I've set :
                if (strlen($options) > 0) {
    $config_virtual_host[] = "\t\<_Location_>";
    $config_virtual_host[] = "\t\tOptions" . $options;
    $config_virtual_host[] = "\t\<_/Location_>";
    }

    $config_virtual_host[] = "<_/VirtualHost_>\n";


    Please note that _ hasbeen added after < and before > and MUST BE REMOVED as they are only needed in this forum to display the tag correctly.
    And job done.

    I hope it will helps to include this in the next release of Flexshare.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, June 17 2022, 10:59 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Thanks for that. To make my life easy, is there any chance that you can e-mail your /usr/clearos/apps/flexshare/libraries/Flexshare.php to me at support@clearcenter.com?


    Sure !

    I've done. Please confirm reception...

    I hope it will helps.

    Taryck.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 20 2022, 02:17 PM - #Permalink
    Resolved
    0 votes
    Your contribution has now built and should be available soon in clearos-updates-testing, thanks.

    While looking at it, it shows up an inconsistency between sites set up through the Web Server menu and sites set up through the Flexshare menu in that flexshares allow you to force https while websites to not. More investigation needed but it won't hold up this fix.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 20 2022, 03:05 PM - #Permalink
    Resolved
    0 votes
    Thanks great news.

    I guess I've solved this in the apache root configuration file while preventing all http (only) communications.
    The reply is currently minimized Show
Your Reply