OLS + CentOS 7.5 gives persistent 404 error on new virtual host

#1
I've been scratching my head a while trying to set up OLS on Centos 7.

I've installed Centos + OLS 1.4.44.
I ran simply did a 'systemctl start lsws' + 'systemctl enable lsws' after installation, and I've established that:
- The admin interface is working (122.133.122.133:7080)
- The virual host "Example" is working (122.133.122.133)

I have made a new Virtual Host for domain.com - but it returns 404 error no matter what I've tried so far.
1. I've added a user "peter" ('adduser peter') with homedir of /home/peter
2. Logged in as "peter" I have created a directory /home/peter/public_html (0775) + /home/peter/logs (0775)
3. I've made a index.html (0664) in /home/peter/public_html/ cointaining "Hello World" and nothing else

4. I've set up a Virtual Host in Openlitespeed admin interface as follow:
Virtual Host Name - domain.com
Virtual Host Root - /home/peter/
Config File - $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
Follow Symbolic Link - Yes
Enable Scripts - Yes
Restrained - Yes
External App Set UID Mode - Server UID
suEXEC User - Not set
suEXEC Group - Not set
Document Root - $VH_ROOT/public_html/
Domain Name - domain.com
Enable Compression - Yes
Use Server Index Files - No
Index Files - index.html
Auto Index - Not set
Auto Index URI - /_autoindex/default.php

I've also set up logs to be on DEBUG to $VH_ROOT/logs/error.log and access logs to $VH_ROOT/logs/access.log.

5. In Virtual Host Mappings I've added a new mapping for domain.com. I've also set "Example" to domain 122.133.122.133 (instead of *).
6. I've done a graceful/restart of OLS.

I am getting 404 error when visiting domain.com.

My first thoughts are that this has something to do with file permissions - but I am not sure.

- I have turned off SELinux
- I have tried adding public_html to group nobody
- I have tried ridicolous permissions like 777 on file and directories
- I have tried different "External App Set UID Mode" and even suEXEC user/group set to 'peter'

In the access logs (/home/peter/logs/access.log) I am getting when trying to open domain.com. I notice that the log file is owned by nobody:nobody.
111.111.111.111 - - [27/Feb/2019:15:10:43 +0000] "GET / HTTP/1.1" 404 655 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"
111.111.111.111 - - [27/Feb/2019:15:10:43 +0000] "GET / HTTP/1.1" 404 655 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"
111.111.111.111 - - [27/Feb/2019:15:10:44 +0000] "GET / HTTP/1.1" 404 655 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"

For testing purposes I fired up a "VPS with Ubuntu + OLS + WordPress". Made the exact same configuration to user, directories, index.html, virtual host and listener - and it's working without problems.

What am I doing wrong? Anyone had similar issues?

Thank you.
 
#2
I've played around with file ownership to /home/peter/public_html and managed to progress a bit.

Setting owner of /home/peter (and public_html subdir) to nobody:user does work and the 404 error is gone. This however, is not optimal - and probably not secure at all.

Setting virtual host root to $SERVER_ROOT/domain/ works out of the box. All files owned by root. This does not make sense to me. OLS running as nobody is able to read files with owner root: but not a non-superuser.

How do you solve this matter with OLS? Can someone please elaborate how you solve this?

Thank you.
 
Last edited:
#4
Sorry for bumping my old thread.

The error is due to OpenLiteSpeed running as nobody:nobody and can't access /home/username. The immediate solution is to either 'chown nobody:username /home/username' or 'chmod 0755 /home/username'. None of these are optimal though but I'm not knowledgable to figure out a better solution.

I haven't checked what Ubuntu does different, or if OpenLiteSpeed runs as a different user by default.

How would you advise to configure this in a shared environment?
 
#6
I've already configured suEXEC by vhost and user as described in the guide you posted.

Here's my setup.

Virtual Host Directory: /home/username1/
Document Root: $VH_ROOT/public_html/

I've configured the Virtual Host to use suEXEC user: username1 and suEXEC group: grumpyold at Virtual Host > Basic > Security.

Code:
# stat /home/username1/
  File: '/home/username1/'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 700h/1792d      Inode: 1182659     Links: 7
Access: (0700/drwx------)  Uid: ( 1001/username1)   Gid: ( 1001/username1)

# stat /home/username1/public_html/
  File: '/home/username1/public_html/'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 700h/1792d      Inode: 1182663     Links: 7
Access: (0755/drwxr-xr-x)  Uid: ( 1001/username1)   Gid: ( 1001/username1)
I've created a dummy index.html in /home/username1/public_html/
Code:
# cat index.html
NOTHING HERE!
When OLS is running as nobody:nobody it won't be able to access the file /home/username1/public_html/index.html due to /home/username1 being 0700.

That's why browsing https://mydomain.com returns a 404 error. The server log tells me that the file index.html does not exist. Changing permission on the /home/username1 directory to 0755 resolves this and https://mydomain.com shows the content of my index.html.

I can't find any other solution.


On a sidenote I did chmod /home/username1 to 0755 and installed WordPress (after setting up suEXEC according to the guide you posted) and it works prefectly - php is running as username1. Reverting to the default file permission returns 404 still though.
 

Pong

Administrator
#7
As you have already found, "0700" won't work for sure. all files/folders under /home/$USER will be owned by user:user, then difference permissions to allow webserver(nobody) to read. glad you have figurated out.

I would like recommend you to use some control panel, like cyberpanel with OpenLiteSpeed, then you don't need to worry about setting such permission/ownership yourself manually, cyber panel will handle them for you.
 
Top