Samuel Sieb: >> As someone else mentioned, why are you writing logs to the web server >> data directory? There's a directory (/var/log/httpd) that's already >> intended for that. The file context is most likely going to be >> wrong, which is why selinux is (rightly) blocking it. Patrick O'Callaghan: > Why? Because being unfamiliar with Apache (and Certbot) I was foolishly > following an online step-by-step guide: > > https://www.linuxshelltips.com/install-apache-fedora-linux/ > > I've since seen the error of my ways and it seems to be working now. I'm a bit surprised at that site's recommendations. It's quite different from info I've read before, and how the default Apache install on Fedora is set up. My guess is that they've followed some other example, and then just put "Fedora" into the text in a few key places. It's surprising it doesn't also say, first switch off SELinux. The SELinux contexts are applied to files created in certain expected places. I don't know whether SELinux has pre-existing rules for logs in more than one place. We generally expect logs somewhere under /var/log, though. Apache may require specific /httpd log/ contexts to be able to write to them. I've seen other wierd examples, where they've put the logs inside /etc/httpd/ or put symlinks to their real location inside there. Generally, the main Apache config is in /etc/httpd/conf/httpd.conf, and it will "include" any other .conf configuration files from /etc/httpd/conf.d/ for customisation (where you could put your virtual site configs, as well as any other add-ons). That site's whole bit about sites-available and sites-enabled, with symlinking, is a rat's nest of directories that I've never encountered before. We already have an /etc/httpd/conf.d/ that can hold all extra config files. And you can easily create an extra conf.disabled directory, or rename them to not end in .conf, if you want to shift a config file and see how things work without it. Looking at other examples, the default site is inside /var/www/html, and then they've suggested virtual hosted sites to go inside it as sub- directories, meaning the default site can lead incorrectly into the various virtual sites. That could lead to all sorts of bypassing of access controls. (The *default* site being what's served if you don't request a site by a recognised hostname. But if you only have ONE site, it could be the default one.) Other examples suggest schemes like this: /var/www/html/ (the default site) /var/www/now-to-eat-pizza/ (one of your virtual sites) /var/www/exercising-your-pet-rock/ (another of your virtual sites) The whole /var/www/ is a bit odd, too. It's probably no more variable content than your own personal files. Other instructions advise websites should be served from /srv/ There's all sorts of very different example suggestions, and some of them are bad advice. -- uname -rsvp Linux 3.10.0-1160.88.1.el7.x86_64 #1 SMP Tue Mar 7 15:41:52 UTC 2023 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
