Fedora 31 Server Edition filesystem permissions changed to 777
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
I'll see soon. I've reinstalled Fedora 31 Server from scratch. I'm using newer and stronger certificates following those two guides:
https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-centos-8/
https://riegers.in/nextcloud-installation-guide-ubuntu-18-04/Next step is to restore Nextcloud DB and get Nextcloud up and running again. I'm not working with the server every day, that's why it takes some time
Best regards,
WotiGood luck. post here with questions. Busy but will always help if I can.
-
Everyone's busy that's why good things take time
-
My attempt to get running Nextcloud is stopped of a strange issue.
I get these following errors:
ssl_error_log:
[ssl:warn] AH01909: woti.dedyn.io:443:0 server certificate does NOT include an ID which matches the server name
Googling AH01909 gives a lot of answers but I can't figure it out.http_error_log:
[lbmethod_heartbeat:notice] AH02282: No slotmem from mod_heartmonitor
Googling AH02282 gives me different answers, not sure if I need this modul at all? Never had this notice in my prior Fedora system.Is there any way to completely undo certificate creation and start from scratch igjen without reinstalling the whole system?
Best regards,
Woti -
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
My attempt to get running Nextcloud is stopped of a strange issue.
I get these following errors:
ssl_error_log:
[ssl:warn] AH01909: woti.dedyn.io:443:0 server certificate does NOT include an ID which matches the server name
Googling AH01909 gives a lot of answers but I can't figure it out.http_error_log:
[lbmethod_heartbeat:notice] AH02282: No slotmem from mod_heartmonitor
Googling AH02282 gives me different answers, not sure if I need this modul at all? Never had this notice in my prior Fedora system.Is there any way to completely undo certificate creation and start from scratch igjen without reinstalling the whole system?
Best regards,
WotiAny reason you're not using certbot from Let's Encrypt?
-
Yes I do using certbot from Let's Encrypt. I did using it before re-installation too.
I was using this tutorial: https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-centos-8/certbot certonly --agree-tos --email [email protected] --apache -w /var/www/html -d woti.dedyn.io
openssl x509 -in /etc/letsencrypt/live/woti.dedyn.io/fullchain.pem -noout -subject subject=CN = woti.dedyn.io openssl x509 -in /etc/letsencrypt/live/woti.dedyn.io/fullchain.pem -noout -text | grep DNS DNS:woti.dedyn.io
-
It looks like something is missing. I rolled back from https to default http and I can reach Apache's default welcome side by using IP address. But if I try to reach Nextcloud by IP the browser is showing me the sourcecode of Nextcloud's index.php file.
Using https again brings me just Internal Server Error.
The same happens with a clean installation of Nextcloud.
Am I missing something here?Got fixes those two errors I wrote about above.
But getting now:
AH01071: Got error 'Primary script unknown'
-
Likely in your configs http has instructions to read index.php and https is missing that directive.
-
Can someone tell me what that entries mean? I found it access_log file.
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Can someone tell me what that entries mean? I found it access_log file.
It's quite straightforward, but the name is so bizarre that it makes it confusing. It's not anything weird, other than the name.
The position in the log represents the "browser" identifier. The browser's name (Chrome, Firefox, etc.) is masscan and the browser version is 1.0. People are likely to be confused by that, so the "browser" ID includes the URL of the browser's code so that you can look it up.
So in this case, it tells us that someone using masscan made a request to your site. It's someone port scanning you.
-
If you wanted to test / demonstrate this, you could download masscan to another computer from the given URL and use it to scan your own site. You should get an identical log entry, except with your IP address listed of course.
-
Thanks for your reply. It is scary.
-
@scottalanmiller What means the line with IP 217.131.28.231
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
@scottalanmiller What means the line with IP 217.131.28.231
That field, the first one, is the IP address of the browser making a request. Try accessing your own site from a public IP that you know, and then look for that IP in the log to see how it works. But that first field is just the requesting public IP field.
-
Is it safe to remove Letsencrypt certificates by deleting certificate files and so
dnf remove certbot httpd php-fpm mariadb
and try again reinstall? Or does certificate files stored on Letsencrypt servers and synced next time a certificate is generated by same email-address and domain?
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Is it safe to remove Letsencrypt certificates by deleting certificate files and so
dnf remove certbot httpd php-fpm mariadb
and try again reinstall? Or does certificate files stored on Letsencrypt servers and synced next time a certificate is generated by same email-address and domain?
It's pretty safe, but better if you make a copy, just in case.
-
@scottalanmiller said in Fedora 31 Server Edition filesystem permissions changed to 777:
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Is it safe to remove Letsencrypt certificates by deleting certificate files and so
dnf remove certbot httpd php-fpm mariadb
and try again reinstall? Or does certificate files stored on Letsencrypt servers and synced next time a certificate is generated by same email-address and domain?
It's pretty safe, but better if you make a copy, just in case.
If you request a new cert in the same name, you will simply get a new cert.
Nothing is saved by Let's Encrypt. Now obviously, they have the old record, and you will get a renewal notice at 30 days out. But you just ignore it. -
Any thoughts about using Nginx rather than Apache?
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Any thoughts about using Nginx rather than Apache?
Nextcloud still defaults their builds to Apache. so i use Apache.
That said, all of my instances are sitting behind a separate Nginx Reverse Proxy.
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Any thoughts about using Nginx rather than Apache?
I would stick to Apache. Use what the devs use. Nginx is great for the reverse proxy in front of it all, if you want.
-
@JaredBusch said in Fedora 31 Server Edition filesystem permissions changed to 777:
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Any thoughts about using Nginx rather than Apache?
Nextcloud still defaults their builds to Apache. so i use Apache.
That said, all of my instances are sitting behind a separate Nginx Reverse Proxy.
Same here.