I'm trying to enable directory listing for a folder outside the web root, from a different local ext4 mount that uses Basic Authentication, but I'm getting an empty list and no logged errors. What's strange is that if I put in the known location of a file under this directory in my browser, it downloads the file just fine.
Here's my example.conf
file:
<virtualhost *:80>
ServerAdmin donotreply@blah.com
ServerName example.com
ServerAlias www.example.com
DirectoryIndex index.php
DocumentRoot /var/www/example.com
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
LogLevel warn
ErrorLog /var/apachelogs/error.log
CustomLog /var/apachelogs/access.log combined
Alias /blah2 "/blah1/blah2"
<Location /blah2>
Options +Indexes +MultiViews +FollowSymLinks
IndexOptions +FancyIndexing
</Location>
</virtualhost>
And here's my .htaccess
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/home/myusername/.htpasswd"
Require valid-user
Also, I've commented IndexIgnore
out in /etc/apache2/mods-enabled/autoindex.conf
#IndexIgnore .??* *~ *# RCS CVS *,v *,t
I've run chmod -R 755 /blah1/blah2
, and chgrp -R www-data /blah1/blah2
and chmod a+x -R /blah1/blah2
. The folder owner is a member of www-data. If I run sudo usermod -a -G www-data myusername
I can browse and read all files and folders just fine.
Doing some testing, my configuration works fine if I move /blah1/blah2 under my home directory and change the alias. There's something about it being on another mount that is messing up mod_autoindex, even though apache can clearly read the files themselves. Removing authentication doesn't help. With LogLevel warn
I get no logged errors. After changing my LogLevel to trace4, here's my error log.
Here's the mount line from /etc/fstab
:
UUID=[theuuid] /blah1 ext4 rw,nosuid,nodev,errors=remount-ro 0 0
EDIT
Last note: confirming that www-data can read and write to my folder, I made the following php script:
<?php
mkdir ("testdir");
var_dump(scandir('.'));
?>
The result: directory testdir is created with owner www-data:www-data, and the list of directories and files is dumped as a variable.
EDIT2
I've run the following commands to set permissions correctly:
chmod 755 /blah1/blah2
chmod 755 /blah1
find /blah1/blah2 -type d -exec chgrp www-data {} +
find /blah1/blah2 -type d -exec chmod o+rx {} +
find /blah1/blah2 -type d -exec chmod g+rwxs {} +
Still the same result.
Best Answer
There are several things that could be changed in your configuration. In order to help you, I'm providing here the following guide, based on the default Apache2's configuration.
Deal with the file system permissions
In order to access the files, the Apache's user
www-data
needs to have read permissions to the files and read-execute permissions to the directories, also in this number read-execute permissions to the whole path. If you do not have any special requirements, I would suggest you to use the other users permissions.Let's assume the directory you want to index via the web server is named
bar
and it is located in the home directory of the userfoo
. By default he directories/home
and/home/foo
must have755
permissions. The last bit in the octal number755
means all other users have read-execute permissions (content rad access) to the files inside/home/foo
.So let's create our directory
/home/foo/bar
and let's assure it (and its path) hasr-x
permissions for the other users:Now let's create three test files and assure they have read permissions for the other users:
In order to allow
www-data
to write content in/home/foo/bar
you can change the group ownership of the directory and addrwxs
group permissions (more details):Test by creating another three empty files:
Deal with the Apache's configuration
By default, within the main configuration file
/etc/apache2/apache2.conf
, for security reasons, the access to the root directory/
is restricted. I would suggest you to do not override these rules via the virtual host configuration and remove<Directory />
tags (and the enclosed directives).In particular, if you are creating an Alias to a directory outside of your
DocumentRoot
, you may need to explicitly permit access to the target directory (source Apache Module mod_alias).Let's first create
.htpasswd
file with enough permissions (add more security by using 2FA - p.6):According to the above, the relevant part of you virtual host configuration file should be something like this:
Enable the relevant modules and restart Apache2 to apply the new configuration:
Sample result
Update:
I'm assuming the problem belongs to file system's permissions issue. Probably the most easiest way, to solve it, is to mount the target directory inside the DocumentRoot directory by using
bindfs
as it is described in this answer.Working solution:
Here's the final solution: abandon the idea of getting Alias to work correctly for my externally mounted folder and instead take @pa4080's workaround advice and use
bindfs
to mount the folder to /blah2 in the webroot. I was unsuccessful in getting /etc/fsab to correctly initialize my bind, so I decided to write an init script for the task.First, install bindfs:
Next I created a script file
/var/www/scripts/blahbind.sh
to be run on startup:Then give it correct permissions:
Next I created a service script:
With the contents:
Note,
mydrive.mount
should be replaced with the drive of the/blah1/blah2
folder. Get a list of mounts withsystemctl list-units --type=mount
.Confirm that the service script works by running
Then enable the service to persist on reboot with:
And then, my simplified Location block, sans
Alias
inexample.com.conf