How to use re-write module of Apache web server 2.2.3 on FC6 with new or refurbi

http://www.dharwadkar.com/weblog/apache_fc6_01

 

finished upgrading my web server to better hardware and latest OS and web server just yesterday. Whether you get better hardware after you buy refurbished laptops or brand new PCs, upgrading will help your computer run better. Installation of FC6 was seamless once I found out that I could not run XEN on my computer because of CPU limitations. My CPU does not have PAE on which XEN requires to operate. So finally I figured out that not installing virt-manager solves my problem by installing a non-XEN kernel (Duh!!). So once that problem was out of the way, I moved on to the next task of migrating my web server to the new box.

Migrating a Plone website from one box to another is very well documented. However, there are some things to watch out for which I will post here shortly. After a lot of research and trouble-shooting, I finally managed to get the Zope and Plone working on my box. Since Apache is much more secure, robust and modular in management, I use Apache server as a front-end to my website and use URL re-writing to have Apache forward those to Zope.

Last week I moved my website to the new box and copied the re-write configuration from the old httpd.conf file to the new one and switched off the old one. I did not test Apache functionality trusting that it would work in the new setup, if it worked in the old setup. On trying to access the URL, the browser refused to serve the page instantly throwing up a Error 503 on the screen. At first I thought, it was the new Apache server which did not understand the re-write commands from older (2.0.54) version and tried to find out what had changed. I checked forums, website and even Apache release and change notes, but could not find anything that could possibly solve my problem. I worked for around 4 hours on a wild goose chase and then gave up. As the site traffic had also returned to normal, the urgency to upgrade was also not there till yesterday when my son kept on switching off the box as it was accessible to him.

So I started my work again yesterday; this time on a fresh FC6 installation inside a VMWare and worked through the Virtual Hosting Monster and re-write tutorial from the Zope book just to make sure, I was doing everything correctly. The VHM was working correctly, but as soon as switched on Apache URL re-write I started getting the same errors. So it was not my configuration file or version issue with Apache. I again searched for the same and this time I was a bit more successful. One of the forums posts mentioned something about the permissions being correct and it lit a light in my head and I knew the problem was not with Apache but with permissions issue. I checked my error log (which I admit I should have done earlier, but since I am not really "expert" in Linux, I didn't do it. Partly because I never thought of it and mostly because I didn't know the location. Anyway.) and found the following entries in the error_log.

[Tue Nov 14 16:03:53 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:04:20 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:22:17 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:26:44 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:26:47 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:28:08 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:28:12 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:45:43 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:47:14 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
[Tue Nov 14 16:47:17 2006] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed

I checked the permissions on all the folder and didn't find anything that would have caused any problems. Suddenly a thought came to my mind to check the security level issue as I had faced issues with security level (firewall) in the past. The only difference this time being, I disable Linux firewall as I have hardware firewall. So I opened up the Security Configuration screen and started reviewing the SELinux policy settings. As I have already mentioned I am not an expert in Linux, I started experimenting with the SELinux policy for HTTPD Service by enabling one setting at a time and checked if Apache URL re-writing worked or not. The second option I chose to "Allow HTTPD scripts and modules to connect to the network" did the trick and the re-writing started flowing correctly.

I made the similar change in my production web server and happily it started working and I was able to move the website to the new server and switch off the old one. Because I am not an expert in Linux and these things are not documented anywhere, I thought I would add my two cents to the documentation and make Linux a better OS and usable to non-techie guys like me. Now that SELinux is an integral part of Linux (at the Fedora and Ubuntu flavours) I am sure many more people will face this same issue. I hope this will help them to save time and effort that I had to spend to get this issue resolved. If there is a better way of doing this out there, please direct me to it so that I can update my piece and knowledge.

Category(s)
 
Linu

你可能感兴趣的:(apache)