Hi All,
The Alternative url : [share].server.sufix
is no longer working while the base url : server.sufix/flexshare/[share]/
is working
The appache error is :
Because the appache configuration is generated by flexshare webconfig in /etc/httpd/conf.d/flex-443.conf
I can't fix it.
The generated configation is :
Alias /flexshare/[share] /var/flexshare/shares/[share]
<VirtualHost *:443>
ServerName [share].server.sufix
DocumentRoot /var/flexshare/shares/[share]
ErrorLog /var/log/httpd/server.sufix_error_log
CustomLog /var/log/httpd/server.sufix_access_log common
SSLEngine on
# No weak export crypto allowed
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384:ECDH+AESGCMH+AESGCM:ECDH+AES256H+A$
SetEnvIf User-Agent ".*MSIE.*"nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/server.sufix/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.sufix/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server.sufix/chain.pem
</VirtualHost>
<Directory /var/flexshare/shares/[share]>
Options +Indexes +FollowSymLinks -IncludesNOExec
AuthName "my share"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
<RequireAll>
Require unix-group moi
</RequireAll>
<FilesMatch \.php$>
SetHandler None
ForceType text/plain
SetHandler application/x-httpd-php-source
</FilesMatch>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>
I also do not understand why the configuration is different as they both target the same folder and so the same configuration directives ?!?
What did I miss ?
Why this working feature is now down ?
As the user get a 403 error :
92.184.105.74 - - [17/Jun/2022:10:06:46 +0200] "GET / HTTP/1.1" 403 4897
The Alternative url : [share].server.sufix
is no longer working while the base url : server.sufix/flexshare/[share]/
is working
The appache error is :
Cannot serve directory /var/flexshare/shares/xxx/: No matching DirectoryIndex (index.html,default.html,index.php) found, and server-generated directory index forbidden by Options directive
Because the appache configuration is generated by flexshare webconfig in /etc/httpd/conf.d/flex-443.conf
I can't fix it.
The generated configation is :
Alias /flexshare/[share] /var/flexshare/shares/[share]
<VirtualHost *:443>
ServerName [share].server.sufix
DocumentRoot /var/flexshare/shares/[share]
ErrorLog /var/log/httpd/server.sufix_error_log
CustomLog /var/log/httpd/server.sufix_access_log common
SSLEngine on
# No weak export crypto allowed
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384:ECDH+AESGCMH+AESGCM:ECDH+AES256H+A$
SetEnvIf User-Agent ".*MSIE.*"nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/server.sufix/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.sufix/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server.sufix/chain.pem
</VirtualHost>
<Directory /var/flexshare/shares/[share]>
Options +Indexes +FollowSymLinks -IncludesNOExec
AuthName "my share"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
<RequireAll>
Require unix-group moi
</RequireAll>
<FilesMatch \.php$>
SetHandler None
ForceType text/plain
SetHandler application/x-httpd-php-source
</FilesMatch>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>
I also do not understand why the configuration is different as they both target the same folder and so the same configuration directives ?!?
What did I miss ?
Why this working feature is now down ?
As the user get a 403 error :
92.184.105.74 - - [17/Jun/2022:10:06:46 +0200] "GET / HTTP/1.1" 403 4897
In Flexshare
Share this post:
Accepted Answer
Hi All,
I've google a little and find this post :
https://serverfault.com/questions/786371/apache-2-4-options-indexes-inside-virtualhost
So I've fixed this issue with adding this at the end :
So now the question is how could we fix the flexshare apps ?
Any help will be apreciated
I've google a little and find this post :
https://serverfault.com/questions/786371/apache-2-4-options-indexes-inside-virtualhost
However, placing the Options +Indexes directive inside the <Location /> container will fix it and the auto-generated index will be served.
So I've fixed this issue with adding this at the end :
<Location />
Options +Indexes +FollowSymLinks -IncludesNOExec
</Location>
</VirtualHost>
So now the question is how could we fix the flexshare apps ?
Server version: Apache/2.4.6 (CentOS)
Server built: Mar 24 2022 14:57:57
Any help will be apreciated
Responses (5)
-
Accepted Answer
-
Accepted Answer
Hi Developpers,
I've fixed the /usr/clearos/apps/flexshare/libraries/Flexshare.php
with line 3282 : I've add the variable $options like this :
// Create new configuration files in parallel
$config_virtual_host = $this->_generate_web_virtual_hosts($share, $port, $options);
Instead of :
// Create new configuration files in parallel
$config_virtual_host = $this->_generate_web_virtual_hosts($share, $port);
So naturaly I've extended the function line 3433 with :
protected function _generate_web_virtual_hosts($share, $port, $options)
Instead of
protected function _generate_web_virtual_hosts($share, $port)
And at last I do the job with an insert before line 3549 :
Insted of :
$config_virtual_host[] = "<_/VirtualHost_>\n";
I've set :
if (strlen($options) > 0) {
$config_virtual_host[] = "\t\<_Location_>";
$config_virtual_host[] = "\t\tOptions" . $options;
$config_virtual_host[] = "\t\<_/Location_>";
}
$config_virtual_host[] = "<_/VirtualHost_>\n";
Please note that _ hasbeen added after < and before > and MUST BE REMOVED as they are only needed in this forum to display the tag correctly.
And job done.
I hope it will helps to include this in the next release of Flexshare. -
Accepted Answer
-
Accepted Answer
Your contribution has now built and should be available soon in clearos-updates-testing, thanks.
While looking at it, it shows up an inconsistency between sites set up through the Web Server menu and sites set up through the Flexshare menu in that flexshares allow you to force https while websites to not. More investigation needed but it won't hold up this fix. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »