[horde] Anyone Running Horde with Apache 2.4 yet?...some more info
Andy Dorman
adorman at ironicdesign.com
Thu Aug 29 16:32:44 UTC 2013
On 08/28/2013 05:34 PM, Andy Dorman wrote:
> On 08/28/2013 10:12 AM, Andy Dorman wrote:
>> I am trying to get Horde Groupware Webmail Edition (Debian package
>> 5.1.1-1 with php-horde 5.1.2) running with Apache 2.4. It was
>> previously working fine with Apache 2.2.
>>
>> Now when I go to /index.php I get
>> ------------------
>> Forbidden
>>
>> You don't have permission to access /index.php on this server.
>> Apache/2.4.6 (Debian) Server at beta.mail.homefreemail.com Port 80
>> ------------------
>>
>> If anyone has made this switch, any details on what you had to change to
>> go from Apache 2.2.x -> Apache 2.4.x would be greatly appreciated.
>>
>> I updated the .htaccess file in Horde's root dir per the recommendations
>> at https://httpd.apache.org/docs/2.4/upgrading.html (and yes, I
>> understand I should not edit that file...for now I am just trying to get
>> Horde running under A 2.4 on my dev server)
>>
>> The Apache upgrade docs include this note about common problems:
>> "htaccess files aren't being processed - Check for an appropriate
>> AllowOverride directive; the default changed to None in 2.4.
>>
>> I have added this directive to my <VirtualHost *:80>
>>
>> <Directory /usr/share/horde>
>> AllowOverride All
>> </Directory>
>>
>> and this is my current /usr/share/horde/.htaccess
>>
>> # IMPORTANT: DO NOT EDIT THIS FILE!
>> # It will be overwritten with any future upgrade.
>>
>> Require all granted
>>
>> <IfModule mod_rewrite.c>
>> RewriteEngine On
>> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteCond %{REQUEST_FILENAME} !-f
>> RewriteRule ^(.*)$ rampage.php [QSA,L]
>> </IfModule>
>>
>> Thank you for any feedback on this upgrade.
>>
> Sorry for the length of this post...
>
> OK, some progress but still no success.
>
> I should also point out that until this morning when I started working
> with Apache 2.4.x, this horde install had been working fine with Nginx &
> php-fpm for a couple of weeks and with Apache 2.2 before that. Long
> annoying story about WHY we can not use Nginx & Apache 2.2. :-P
>
> Anyway, I finally checked the list archives and I saw the note about the
> problems with Nag & the .htaccess file and Apache 2.4.6. So my main
> Apache2 config now contains:
>
> <Directory /usr/share>
> AllowOverride FileInfo Nonfatal=All
> Require all granted
> </Directory>
>
> My /usr/share/horde/.htaccess looks like this:
>
> # IMPORTANT: DO NOT EDIT THIS FILE!
> # It will be overwritten with any future upgrade.
>
> <IfModule mod_rewrite.c>
> RewriteEngine On
> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteRule ^(.*)$ rampage.php [QSA,L]
> </IfModule>
>
> The sites-available config has not changed since Apache 2.2 and looks
> like this:
>
> <VirtualHost *:80>
> ServerName mail.homefreemail.com
> ServerAlias beta.mail.homefreemail.com
> DirectoryIndex index.php
> DocumentRoot /usr/share/horde/
> SuexecUserGroup antespam antespam
> IPCCommTimeout 120
> <Files "*.php">
> SetHandler fcgid-script
> FCGIWrapper /var/www/mail.homefreemail.com/php5-cgi .php
> </Files>
> FcgidMaxRequestLen 10496000
> </VirtualHost>
>
>
> I have the rewrite, fcgid & mime modules enabled.
>
> The apache trace log below is from a request for the root url, "/",
> which points to horde's root dir. Now I am NOT an Apache nor php guru,
> but if I read the log correctly, it shows the .htaccess rewrite rules
> working as they should and /index.php is passed to be executed with this
> line
> [Wed Aug 28 16:52:20.774108 2013] [rewrite:trace1] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] pass through /usr/share/horde/index.php
>
> immediately followed by the response with the 403 error.
>
> [Wed Aug 28 16:52:20.774173 2013] [http:trace3] [pid 14294:tid
> 140251620177664] http_filters.c(963): [client 71.207.183.174:52146]
> Response sent with status 403, headers:
>
> My (and another one of our Perl programmers) response to this was WTF
> happened?
>
> When index.php was passed it should have triggered the <Files "*.php">
> directive which should have set the fcgid-script handler and executed
> the FCGIWrapper which merely calls the php5-cgi executable to handle it.
>
> I even tried running the little wrapper script from the command line as
> the appropriate user, just to make sure it would start OK. Aside from a
> couple of php warnings it started up /usr/bin/php5-cgi as it is supposed
> to.
>
> So at this point I am really baffled. If anyone has any suggestions or
> wants to point out something really dumb that I have missed, please do
> and I thank you for it. ;-)
>
> --- detailed apache trace8 log ---
> [Wed Aug 28 16:52:20.773208 2013] [core:trace5] [pid 14294:tid
> 140251620177664] protocol.c(618): [client 71.207.183.174:52146] Request
> received from client: GET / HTTP/1.1
> [Wed Aug 28 16:52:20.773393 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(301): [client 71.207.183.174:52146]
> Headers received from client:
> [Wed Aug 28 16:52:20.773412 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> Host: beta.mail.homefreemail.com
> [Wed Aug 28 16:52:20.773421 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20100101
> Firefox/10.0.12 Iceweasel/10.0.12
> [Wed Aug 28 16:52:20.773429 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> [Wed Aug 28 16:52:20.773438 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> Accept-Language: en-us,en;q=0.5
> [Wed Aug 28 16:52:20.773446 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> Accept-Encoding: gzip, deflate
> [Wed Aug 28 16:52:20.773454 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> Connection: keep-alive
> [Wed Aug 28 16:52:20.773462 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> Cookie: __utma=42324028.948667847.1354917052.1355285020.1372106985.3;
> __utma=25218849.1843664432.1355285037.1355331468.1375823233.4;
> __utmz=42324028.1372106985.3.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
> __utmz=25218849.1375823233.4.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
> __utmv=25218849.comehome.net; default_horde_view=auto
> [Wed Aug 28 16:52:20.773472 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_request.c(305): [client 71.207.183.174:52146]
> Cache-Control: max-age=0
> [Wed Aug 28 16:52:20.773782 2013] [authz_core:debug] [pid 14294:tid
> 140251620177664] mod_authz_core.c(802): [client 71.207.183.174:52146]
> AH01626: authorization result of Require all granted: granted
> [Wed Aug 28 16:52:20.773795 2013] [authz_core:debug] [pid 14294:tid
> 140251620177664] mod_authz_core.c(802): [client 71.207.183.174:52146]
> AH01626: authorization result of <RequireAny>: granted
> [Wed Aug 28 16:52:20.773804 2013] [core:trace3] [pid 14294:tid
> 140251620177664] request.c(238): [client 71.207.183.174:52146] request
> authorized without authentication by access_checker_ex hook: /
> [Wed Aug 28 16:52:20.773832 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea8160a0/initial]
> [perdir /usr/share/horde/] strip per-dir prefix: /usr/share/horde/ -
> [Wed Aug 28 16:52:20.773843 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea8160a0/initial]
> [perdir /usr/share/horde/] applying pattern '.*' to uri ''
> [Wed Aug 28 16:52:20.773869 2013] [rewrite:trace5] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea8160a0/initial]
> setting env variable 'HTTP_AUTHORIZATION' to ''
> [Wed Aug 28 16:52:20.773893 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea8160a0/initial]
> [perdir /usr/share/horde/] strip per-dir prefix: /usr/share/horde/ -
> [Wed Aug 28 16:52:20.773903 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea8160a0/initial]
> [perdir /usr/share/horde/] applying pattern '^(.*)$' to uri ''
> [Wed Aug 28 16:52:20.773924 2013] [rewrite:trace4] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea8160a0/initial]
> [perdir /usr/share/horde/] RewriteCond: input='/usr/share/horde/'
> pattern='!-d' =not-matched
> [Wed Aug 28 16:52:20.773934 2013] [rewrite:trace1] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea8160a0/initial]
> [perdir /usr/share/horde/] pass through /usr/share/horde/
> [Wed Aug 28 16:52:20.773979 2013] [authz_core:debug] [pid 14294:tid
> 140251620177664] mod_authz_core.c(802): [client 71.207.183.174:52146]
> AH01626: authorization result of Require all granted: granted
> [Wed Aug 28 16:52:20.773989 2013] [authz_core:debug] [pid 14294:tid
> 140251620177664] mod_authz_core.c(802): [client 71.207.183.174:52146]
> AH01626: authorization result of <RequireAny>: granted
> [Wed Aug 28 16:52:20.773997 2013] [core:trace3] [pid 14294:tid
> 140251620177664] request.c(238): [client 71.207.183.174:52146] request
> authorized without authentication by access_checker_ex hook: /index.php
> [Wed Aug 28 16:52:20.774012 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] strip per-dir prefix:
> /usr/share/horde/index.php -index.php
> [Wed Aug 28 16:52:20.774022 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] applying pattern '.*' to uri 'index.php'
> [Wed Aug 28 16:52:20.774037 2013] [rewrite:trace5] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> setting env variable 'HTTP_AUTHORIZATION' to ''
> [Wed Aug 28 16:52:20.774047 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] strip per-dir prefix:
> /usr/share/horde/index.php -index.php
> [Wed Aug 28 16:52:20.774057 2013] [rewrite:trace3] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] applying pattern '^(.*)$' to uri 'index.php'
> [Wed Aug 28 16:52:20.774071 2013] [rewrite:trace4] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] RewriteCond:
> input='/usr/share/horde/index.php' pattern='!-d' =matched
> [Wed Aug 28 16:52:20.774089 2013] [rewrite:trace4] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] RewriteCond:
> input='/usr/share/horde/index.php' pattern='!-f' =not-matched
> [Wed Aug 28 16:52:20.774108 2013] [rewrite:trace1] [pid 14294:tid
> 140251620177664] mod_rewrite.c(468): [client 71.207.183.174:52146]
> 71.207.183.174 - -
> [beta.mail.homefreemail.com/sid#7f8eea927dd8][rid#7f8eea80e0a0/subreq]
> [perdir /usr/share/horde/] pass through /usr/share/horde/index.php
> [Wed Aug 28 16:52:20.774173 2013] [http:trace3] [pid 14294:tid
> 140251620177664] http_filters.c(963): [client 71.207.183.174:52146]
> Response sent with status 403, headers:
> [Wed Aug 28 16:52:20.774183 2013] [http:trace5] [pid 14294:tid
> 140251620177664] http_filters.c(970): [client 71.207.183.174:52146]
> Date: Wed, 28 Aug 2013 21:52:20 GMT
> [Wed Aug 28 16:52:20.774190 2013] [http:trace5] [pid 14294:tid
> 140251620177664] http_filters.c(973): [client 71.207.183.174:52146]
> Server: Apache
> [Wed Aug 28 16:52:20.774202 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_filters.c(806): [client 71.207.183.174:52146]
> Content-Length: 287
> [Wed Aug 28 16:52:20.774210 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_filters.c(806): [client 71.207.183.174:52146]
> Keep-Alive: timeout=5, max=100
> [Wed Aug 28 16:52:20.774218 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_filters.c(806): [client 71.207.183.174:52146]
> Connection: Keep-Alive
> [Wed Aug 28 16:52:20.774225 2013] [http:trace4] [pid 14294:tid
> 140251620177664] http_filters.c(806): [client 71.207.183.174:52146]
> Content-Type: text/html; charset=iso-8859-1
> [Wed Aug 28 16:52:20.774269 2013] [core:trace6] [pid 14294:tid
> 140251620177664] core_filters.c(525): [client 71.207.183.174:52146]
> core_output_filter: flushing because of FLUSH bucket
> [Wed Aug 28 16:52:25.775615 2013] [core:trace6] [pid 14294:tid
> 140251620177664] core_filters.c(525): [client 71.207.183.174:52146]
> core_output_filter: flushing because of FLUSH bucket
> --- end detailed apache trace8 log ---
>
Some more info...
After poking and studying this for several more hours including trying
solutions discussed here:
http://stackoverflow.com/questions/11992466/apache-permission-denied
On the chance the problem was our fcgid config, I tried Apache's new
mod_proxy_fcgi module with php5-fpm available since Apache versions
2.3+. Implementation is described here:
http://wiki.apache.org/httpd/PHP-FPM
The php5-fpm setup is exactly like what we used successfully with Nginx.
The apache config setup was also simple.
However, when we tried it we got the exact same results already
described...the .htaccess checks happened as expected with the end
result being "pass through /usr/share/horde/index.php".
Then Apache returned a 403, not auth, error
[Thu Aug 29 09:42:56.934556 2013] [rewrite:trace1] [pid 12173:tid
140479773529856] mod_rewrite.c(468): [client 71.207.183.174:33823]
71.207.183.174 - -
[beta.mail.homefreemail.com/sid#7fc40b2c8710][rid#7fc4041f70a0/subreq]
[perdir /usr/share/horde/] pass through /usr/share/horde/index.php
[Thu Aug 29 09:42:56.934629 2013] [http:trace3] [pid 12173:tid
140479773529856] http_filters.c(963): [client 71.207.183.174:33823]
Response sent with status 403, headers:
So at this point it seems to me that our fcgid and proxy_fcgi set ups
are probably fine, but something in our base Apache 2.4 config is
preventing anything in our /usr/share/horde/ directory from being
executed. We have reviewed our base apache2/apache2.conf file till our
eyes crossed and have not figured it out yet...but we all feel we are
going to feel pretty stupid when we finally figure this out.
And I assume from the lack of response from the list on this topic that
no one is using Apache 2.4 yet? Perhaps there is a very good reason for
that? ;-)
--
Andy Dorman
CONFIDENTIALITY NOTICE: This message is for the named person's use only.
It may contain confidential, proprietary or legally privileged
information. No confidentiality or privilege is waived or lost by any
erroneous transmission. If you receive this message in error, please
immediately destroy it and notify the sender. You must not, directly or
indirectly, use, disclose, distribute, or copy any part of this message
if you are not the intended recipient.
More information about the horde
mailing list