Announcement

Collapse
No announcement yet.

Adding /public in Apache configuration causes client/ to become inaccessible.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding /public in Apache configuration causes client/ to become inaccessible.

    I am attempting to use a local installation of Espo from the repo to make a pull request for a new feature. The webserver is Apache 2.4.58 and espo is the latest version (8.1.1). For testing purposes, I created two vhost configurations:

    Code:
    <VirtualHost *:8081>
        DocumentRoot /var/www/espocrm-fork/build/EspoCRM-8.1.1/
        Alias /client/ /var/www/espocrm-fork/build/EspoCRM-8.1.1/client/
        ServerName espocrm-fork
    
        <Directory /var/www/espocrm-fork/build/EspoCRM-8.1.1/>
          AllowOverride all
          Require all granted
        </Directory>
    </VirtualHost>
    
    <VirtualHost *:8081>
        DocumentRoot /var/www/espocrm-fork/build/EspoCRM-8.1.1/public/
        Alias /client/ /var/www/espocrm-fork/build/EspoCRM-8.1.1/client/
        ServerName espocrm-fork-public
    
        <Directory /var/www/espocrm-fork/build/EspoCRM-8.1.1/public/>
          AllowOverride all
          Require all granted
        </Directory>
    </VirtualHost>​
    Note: I had to add Require all granted to make it work. Otherwise, Apache would not serve anything at all for the repo. ("Forbidden ...")



    Accessing the first site (without /public) works as expected:

    http://espocrm-fork:8081/install/
    Code:
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /install/ HTTP/1.1" 200 25093 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /client/lib/espo.js HTTP/1.1" 200 1331791 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /install/css/install.css HTTP/1.1" 200 2491 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /client/lib/espo-main.js HTTP/1.1" 200 980081 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /install/js/install.js HTTP/1.1" 200 21020 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /client/css/espo/violet.css HTTP/1.1" 200 474209 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /client/img/logo.svg HTTP/1.1" 200 4432 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /install/img/devices.png HTTP/1.1" 200 175349 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /client/fonts/open-sans/open-sans-v16-cyrillic_latin_cyrillic-ext_latin-ext-600.woff2 HTTP/1.1" 200 44936 "http://espocrm-fork:8081/client/css/espo/violet.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:07 -0700] "GET /client/img/favicon.ico HTTP/1.1" 200 1406 "http://espocrm-fork:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"​
    [FONT=Courier New][/FONT]


    Accessing the second site (with /public) does not work. Every request to client/ returns a 403:

    http://espocrm-fork-public:8081/install/
    Code:
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /install/ HTTP/1.1" 200 25093 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /client/lib/espo.js HTTP/1.1" 403 199 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /client/css/espo/violet.css HTTP/1.1" 403 199 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /client/lib/espo-main.js HTTP/1.1" 403 199 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /client/img/logo.svg HTTP/1.1" 403 199 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /install/img/devices.png HTTP/1.1" 200 175349 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /install/css/install.css HTTP/1.1" 200 2491 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /install/js/install.js HTTP/1.1" 200 21020 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
    127.0.0.1 - - [26/Jan/2024:11:33:22 -0700] "GET /client/img/favicon.ico HTTP/1.1" 403 199 "http://espocrm-fork-public:8081/install/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"​


    I have narrowed it down to an issue with the .htaccess file after several hours of debugging. The .htaccess file is as follows:
    Code:
    <ifModule mod_headers.c>
        Header always set Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE"
    </ifModule>
    
    DirectoryIndex index.php
    
    Options -Indexes
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        # Forbid access. Not actual as redirect to `public` is applied.
        # An extra security measure if redirect not fired.
        RewriteRule ^/?data/ - [F]
        RewriteRule ^/?application/ - [F]
        RewriteRule ^/?custom/ - [F]
        RewriteRule ^/?vendor/ - [F]
        RewriteRule /?web\.config - [F]
    
        # Forbid `public` dir.
        RewriteCond %{ENV:REDIRECT_STATUS} !=200
        RewriteRule ^/?public/? - [F,L]
    
        # Skip redirect for `client` dir.
        RewriteRule ^client/ - [L]
    
        # Store base path.
        RewriteCond %{REQUEST_URI}::$1 ^(.*?/)(.*)::\2$
        RewriteRule ^(.*)$ - [E=BASE:%1]
    
        # Add trailing slash.
        RewriteCond %{DOCUMENT_ROOT}/%{ENV:BASE}/public/$1 -d
        RewriteRule ^(.*?[^/])$ %{REQUEST_URI}/ [L,R=301,NE]
    
        # Rewrite to `public` dir.
        RewriteRule ^((?!public/).*)$ %{ENV:BASE}/public/$1 [L,NC]
    
        RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]
    </IfModule>


    Any help would be greatly appreciated.
    Attached Files

  • #2
    I've had some trouble with adding /public to the vhost configurations in production environments as well. I think the .htaccess file or some of the server configuration instructions may need to be adjusted for Apache 2.4+.

    Comment


    • #3
      I had alot of trouble on cPanel server with this. Here is a copy of my apache 2.4.58 conf file. The main difference I see is you don't have a directive to grant access to the /client/ alias directory

      From the apache 2.4 docs

      "In particular, if you are creating an Alias to a directory outside of your DocumentRoot, you may need to explicitly permit access to the target directory".​


      Code:
      <IfModule mod_fcgid.c>
          FcgidPassHeader Authorization
          FcgidPassHeader Proxy-Authorization
          FcgidPassHeader HTTP_AUTHORIZATION
      </IfModule>
      
      <IfModule mod_fastcgi.c>
          FastCgiConfig -pass-header Authorization \
                        -pass-header Proxy-Authorization \
                        -pass-header HTTP_AUTHORIZATION
      </IfModule>
      
      Alias /client/ {path-to-espo}/client/
      
      <Directory {path-to-espo}>
          AllowOverride None
      </Directory>
      
      <Directory{path-to-espo}/public/>
          AllowOverride All
      </Directory>
      
      <Directory {path-to-espo}/client/>
          Require all granted
      </Directory>​
      Last edited by czcpf; 03-19-2024, 04:05 PM.

      Comment


      • bandtank
        bandtank commented
        Editing a comment
        Thank you for the information. That was very helpful.
    Working...
    X