Hi, I have an ISPc3 setup working well and I'm petrified of breaking anything so just wanted someone to sanity-check the following... I really have no idea what I'm doing. I notice there is a lot of interest in webdav as related to ISP3 so perhaps this can become a howto in the end... I'm assuming the following: I'm running ISP3 on Ubuntu 8.04 LTS server. My site is called 'www.mysite.com'. It's already created using ISPc3. I want to create a dav folder for the client 'Mike' within my website. Does the following make sense...? Become root: Code: sudo su Enable the WebDav modules: Code: a2enmod dav (enter) a2enmod dav_fs (enter) Reload apache Code: /etc/init.d/apache2 force-reload Create a dav folder for 'Mike': (The exact location may be different for you) Code: mkdir /var/www/clients/client4/www.mysite.com/web/clients/dav/mike Only allow root and www-data group members to access. Then set permissions: Code: chgrp root:www-data /var/www/clients/client4/www.mysite.com/web/clients/dav/mike chmod 640 /var/www/clients/client4/www.mysite.com/web/clients/dav/mike Create the htpasswd file and add the user 'mike'. The -c flag creates the file if it doesn't already exist. *Only* use it the first time. You will be asked for the password you wish 'mike' to use. Code: htpasswd -c /var/www/clients/client4/www.mysite.com/web/clients/dav/mike/.DAVlogin mike I then go to my ISPc3 control panel and log in. I go to the 'Sites' tab Click on 'www.mysite.com' Go to 'Options' In the 'Apache Directives' field I paste in: Code: DAVLockDB /tmp/DAVLock #DAVMinTimeout 600 <Location /clients/client4/www.mysite.com/web/clients/dav/mike/> Dav On AuthType Basic AuthName mike AuthUserFile /var/www/clients/client4/www.mysite.com/web/clients/dav/mike/.DAVlogin <LimitExcept OPTIONS> Require user mike </LimitExcept> </Location> Save and log out of ISPc3 Restart apache Code: /etc/init.d/apache2 restart I more or less have to repeat this whole thing for each WebDav user I want to create. Is this going to work? Is there a more elegant way, especially given that I will need to create further password protected Dav folders for other users? Thanks guys! S
Hi, Sadly have to report that this *will not* work... Things that are tripping me up: I thought the command to add a directory to several groups (root and www.data in this case) was Code: chgrp root:www.data directoryname But I get: chgrp: invalid group: `root:www-data' I have given the dav folder permissions of 640 775 and 777 but nothing works. When I try to access the folder through a browser I get 'Access forbidden' My log is saying: [Thu Jan 14 12:43:42 2010] [error] [client 192.168.0.6] Directory index forbidden by Options directive: /var/www/www.mytestsite.co.uk/web/davtest/ Does anyone have any ideas to get me past this? I'd really appreciate it S
Falko, I was hoping you'd show up... ;-) That must be a typo in my post here. Sorry. The error message from Terminal had it correct as www-data not www.data so I must have got it right in my command originally. Any other ideas as to why things aren't working? The message from my error log makes me think the issue is in the code I pasted into the options field in ISPc3...? I just don't know enough to spot the issue. Code: DAVLockDB /tmp/DAVLock #DAVMinTimeout 600 <Location /clients/client4/www.mysite.com/web/clients/dav/mike/> Dav On AuthType Basic AuthName mike AuthUserFile /var/www/clients/client4/www.mysite.com/web/clients/dav/mike/.DAVlogin <LimitExcept OPTIONS> Require user mike </LimitExcept> </Location> What are your thoughts? S
Are you sure that the path in <Location /clients/client4/www.mysite.com/web/clients/dav/mike/> is correct?
Falko, It seems the path wasn't correct (thanks but I *still* can't get things right... This is what I just did... Code: root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# locate davtest /var/www/clients/client1/web1/web/davtest /var/www/clients/client1/web1/web/davtest.DAVlogin root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# htpasswd -c /var/www/clients/client1/web1/web/davtest/.Davlogin davtest New password: Re-type new password: Adding password for user davtest root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart * Restarting web server apache2 ...done. root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# chgrp root:www-data /var/www/clients/client1/web1/web/davtest chgrp: invalid group: `root:www-data' root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# chmod 640 /var/www/clients/client1/web1/web/davtest root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart * Restarting web server apache2 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs ...fail! root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart * Restarting web server apache2 httpd (no pid file) not running ...done. root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart * Restarting web server apache2 ...done. root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# I created the directory 'davtest' using my ftp client first, then searched for it... I still get the error: Code: ERROR 403 - Forbidden! The following error occurred: You are not permitted to access the requested URL. Please contact the webmaster with any queries. My error log says: Code: [Tue Jan 19 09:14:34 2010] [crit] [client 192.168.0.6] (13)Permission denied: /var/www/www.myothersite.co.uk/web/davtest/.htaccess pcfg_openfile: unable to check htaccess$ These are the permissions: Code: root@mybox:/var/www/clients/client1/web1/web# ls -a -l total 36 drwxr-xr-x 5 web1 client1 4096 2010-01-14 13:50 . drwxr-xr-x 6 root root 4096 2009-06-09 11:38 .. drw-r----- 2 www-data client1 4096 2010-01-19 09:06 davtest -rw-r--r-- 1 root root 22 2010-01-14 14:08 davtest.DAVlogin drwxr-xr-x 2 web1 client1 4096 2009-06-09 10:48 error -rwxr-xr-- 1 web1 client1 1406 2009-06-09 10:48 favicon.ico -rwxr-xr-- 1 web1 client1 0 2009-06-09 10:48 .htaccess -rwxr-xr-- 1 web1 client1 1861 2009-06-09 10:48 index.html -rwxr-xr-- 1 web1 client1 34 2009-06-09 10:48 robots.txt drwxr-xr-x 2 web1 client1 4096 2010-01-15 00:30 stats lrwxrwxrwx 1 root root 16 2009-06-09 12:12 webmail -> /var/www/webmail Make any sense? Thanks for your help as always... (Why do I get those apache errors on restart btw...? They go away on the third attempt...) S
Falko, Really sorry but after Code: root@mybox:/var/www/clients/client1/web1/web# ls -a -l total 36 drwxr-xr-x 5 web1 client1 4096 2010-01-14 13:50 . drwxr-xr-x 6 root root 4096 2009-06-09 11:38 .. drw-r----- 2 www-data client1 4096 2010-01-19 09:06 davtest -rw-r--r-- 1 root root 22 2010-01-14 14:08 davtest.DAVlogin drwxr-xr-x 2 web1 client1 4096 2009-06-09 10:48 error -rwxr-xr-- 1 web1 client1 1406 2009-06-09 10:48 favicon.ico -rwxr-xr-- 1 web1 client1 0 2009-06-09 10:48 .htaccess -rwxr-xr-- 1 web1 client1 1861 2009-06-09 10:48 index.html -rwxr-xr-- 1 web1 client1 34 2009-06-09 10:48 robots.txt drwxr-xr-x 2 web1 client1 4096 2010-01-15 00:30 stats lrwxrwxrwx 1 root root 16 2009-06-09 12:12 webmail -> /var/www/webmail root@mybox:/var/www/clients/client1/web1/web# chmod 751 davtest root@mybox:/var/www/clients/client1/web1/web# /etc/init.d/apache2 restart * Restarting web server apache2 ...done. root@mybox:/var/www/clients/client1/web1/web# I still get the 403 error above. Log: Code: [Wed Jan 20 13:26:19 2010] [error] [client 192.168.0.6] Directory index forbidden by Options directive: /var/www/www.myothersite.co.uk/web/davtest/ I notice above that the directory davtest is in the group www-data and the davtest.DAVlogin file is in the group root. I'm guessing this is significant (?) but I get the error here: Code: root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# chgrp root:www-data /var/www/clients/client1/web1/web/davtest chgrp: invalid group: `root:www-data' This is what's in the 'Options' field in the relevant site in ISPc3: Code: DAVLockDB /var/lock/apache2/DAVLock #DAVMinTimeout 600 <Location /var/www/clients/client1/web1/web/davtest> Dav On AuthType Basic AuthName davtest AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin <LimitExcept OPTIONS> Require user davtest </LimitExcept> </Location> Should the web address be in there somewhere? Thanks for your time with this! I'm sure it's a newb mistake I'm making but I have done this many times on a non-ISPc3 server so it's something specific to this server... S
The chgrp command jujst takes the group name as argument, not a user and a group. What you want is chown instead: Code: chown root:www-data /var/www/clients/client1/web1/web/davtest
Falko, I'm so sorry but I get the same error as before. I did restart apache with "/etc/init.d/apache2 restart". Do I need another command? The log says: Code: [Thu Jan 21 14:36:58 2010] [error] [client 192.168.0.6] Directory index forbidden by Options directive: /var/www/www.myothersite.co.uk/web/davtest/ Any other thoughts? This ought to be possible to do? Yes? S
Falko, In the Options tab for that site within ISPc3 I have: Code: DAVLockDB /var/lock/apache2/DAVLock #DAVMinTimeout 600 <Location /var/www/clients/client1/web1/web/davtest> Dav On AuthType Basic AuthName davtest AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin <LimitExcept OPTIONS> Require user davtest </LimitExcept> </Location> The actual vhost file seems to be: Code: <Directory /var/www/www.myothersite.co.uk> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/www.myothersite.co.uk/web ServerName www.myothersite.co.uk ServerAlias *.www.myothersite.co.uk ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/www.myothersite.co.uk/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp php_admin_value session.save_path /var/www/clients/client1/web1/tmp Hope this helps S
Falko, Sorry, I'm not familiar with things like nano text editor... This is the end of the file: Code: DAVLockDB /var/lock/apache2/DAVLock #DAVMinTimeout 600 <Location /var/www/clients/client1/web1/web/davtest> Dav On AuthType Basic AuthName davtest AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin <LimitExcept OPTIONS> Require user davtest </LimitExcept> </Location> </VirtualHost> Helpful? At least it looks the same as what I pasted in to ISPc3 S
Unfortunately not. I need the full configuration. You can use cat to output the contents of the file.
Falko, Sorry, I'm not doing very well here am I... This is what I got: Code: me@sierra:/var/www/clients/client5/web5$ sudo cat /etc/apache2/sites-enabled/www.myothersite.co.uk.vhost [sudo] password for me: <Directory /var/www/www.myothersite.co.uk> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/www.myothersite.co.uk/web ServerName www.myothersite.co.uk ServerAlias *.www.myothersite.co.uk ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/www.myothersite.co.uk/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp php_admin_value session.save_path /var/www/clients/client1/web1/tmp DAVLockDB /var/lock/apache2/DAVLock #DAVMinTimeout 600 <Location /var/www/clients/client1/web1/web/davtest> Dav On AuthType Basic AuthName davtest AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin <LimitExcept OPTIONS> Require user davtest </LimitExcept> </Location> </VirtualHost> Better? S
Better. Can you change Code: <Directory /var/www/www.myothersite.co.uk/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> to Code: <Directory /var/www/www.myothersite.co.uk/web> Options FollowSymLinks [B][COLOR="Red"]+Indexes[/COLOR][/B] AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web1/web> Options FollowSymLinks [B][COLOR="Red"]+Indexes[/COLOR][/B] AllowOverride All Order allow,deny Allow from all </Directory> and restart Apache?
Falko, I think we are nearly there Don't go! My .vhost now looks like this: Code: <Directory /var/www/www.myothersite.co.uk> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/www.myothersite.co.uk/web ServerName www.myothersite.co.uk ServerAlias *.www.myothersite.co.uk ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/www.myothersite.co.uk/web> Options FollowSymLinks +Indexes AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web1/web> Options FollowSymLinks +Indexes AllowOverride All Order allow,deny Allow from all </Directory> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp php_admin_value session.save_path /var/www/clients/client1/web1/tmp DAVLockDB /var/lock/apache2/DAVLock #DAVMinTimeout 600 <Location /var/www/clients/client1/web1/web/davtest> Dav On AuthType Basic AuthName davtest AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin <LimitExcept OPTIONS> Require user davtest </LimitExcept> </Location> </VirtualHost> Using my browser, I seem to be able to get to the davtest folder but I don't get a username/password challenge, which is important to me. Using the OSX finder I get an error that the "Server cannot be found on the network". There are no errors in my log. Some tweak is required somewhere. EDIT: I thought there wasn't a .Davlogin file inside davtest and so logged in to my ISPc3 panel > Sites > Options and changed the line Code: AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin to Code: AuthUserFile /var/www/clients/client1/web1/web/davtest.DAVlogin as I could see the web/davtest.DAVlogin file. This made no difference but when I changed it back, I suddenly can't get to the davtest folder any more, using my browser. I get a 403 Forbidden! error. I restarted apache. There *is* in fact a .Davlogin file inside the davtest directory. I thought my ftp client was showing invisible files but it didn't show that one. I can see it in the terminal. *Now* my log says: Code: [Thu Jan 28 10:10:33 2010] [error] [client my.ip] Directory index forbidden by Options directive: /var/www/www.myothersite.co.uk/web/davtest/ I'll write all this up when we are done, I promise! S
I guess the previous change was overwritten by ISPConfig because you changed something in the web interface. Please add this to your Apache Directives field in ISPConfig (ISPc3 panel > Sites > Options) so that the change becomes persistent: Code: <Directory /var/www/www.myothersite.co.uk/web> Options +Indexes </Directory> <Directory /var/www/clients/client1/web1/web> Options +Indexes </Directory> What's the output of Code: ls -la /var/www/clients/client1/web1/web/davtest.DAVlogin ?
Falko, Well, I can get to the /davtest directory again but still no username/password challenge. The output of -la /var/www/clients/client1/web1/web/davtest.DAVlogin is: Code: -rw-r--r-- 1 root root 22 2010-01-14 14:08 /var/www/clients/client1/web1/web/davtest.DAVlogin In my Options field within ISPc3 I now have: Code: <Directory /var/www/www.myothersite.co.uk/web> Options +Indexes </Directory> <Directory /var/www/clients/client1/web1/web> Options +Indexes </Directory> DAVLockDB /var/lock/apache2/DAVLock #DAVMinTimeout 600 <Location /var/www/clients/client1/web1/web/davtest> Dav On AuthType Basic AuthName davtest AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin <LimitExcept OPTIONS> Require user davtest </LimitExcept> </Location> The vhost file of www.myothersite.co.uk is: Code: <Directory /var/www/www.myothersite.co.uk> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/www.myothersite.co.uk/web ServerName www.myothersite.co.uk ServerAlias *.www.myothersite.co.uk ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/www.myothersite.co.uk/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp php_admin_value session.save_path /var/www/clients/client1/web1/tmp <Directory /var/www/www.myothersite.co.uk/web> Options +Indexes </Directory> <Directory /var/www/clients/client1/web1/web> Options +Indexes </Directory> DAVLockDB /var/lock/apache2/DAVLock #DAVMinTimeout 600 <Location /var/www/clients/client1/web1/web/davtest> Dav On AuthType Basic AuthName davtest AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin <LimitExcept OPTIONS> Require user davtest </LimitExcept> </Location> </VirtualHost> Apache has been restarted. Sorry this is such hard work! Any ideas? S