Fedora 31 Server Edition filesystem permissions changed to 777
-
It looks like something is missing. I rolled back from https to default http and I can reach Apache's default welcome side by using IP address. But if I try to reach Nextcloud by IP the browser is showing me the sourcecode of Nextcloud's index.php file.
Using https again brings me just Internal Server Error.
The same happens with a clean installation of Nextcloud.
Am I missing something here?Got fixes those two errors I wrote about above.
But getting now:
AH01071: Got error 'Primary script unknown'
-
Likely in your configs http has instructions to read index.php and https is missing that directive.
-
Can someone tell me what that entries mean? I found it access_log file.
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Can someone tell me what that entries mean? I found it access_log file.
It's quite straightforward, but the name is so bizarre that it makes it confusing. It's not anything weird, other than the name.
The position in the log represents the "browser" identifier. The browser's name (Chrome, Firefox, etc.) is masscan and the browser version is 1.0. People are likely to be confused by that, so the "browser" ID includes the URL of the browser's code so that you can look it up.
So in this case, it tells us that someone using masscan made a request to your site. It's someone port scanning you.
-
If you wanted to test / demonstrate this, you could download masscan to another computer from the given URL and use it to scan your own site. You should get an identical log entry, except with your IP address listed of course.
-
Thanks for your reply. It is scary.
-
@scottalanmiller What means the line with IP 217.131.28.231
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
@scottalanmiller What means the line with IP 217.131.28.231
That field, the first one, is the IP address of the browser making a request. Try accessing your own site from a public IP that you know, and then look for that IP in the log to see how it works. But that first field is just the requesting public IP field.
-
Is it safe to remove Letsencrypt certificates by deleting certificate files and so
dnf remove certbot httpd php-fpm mariadb
and try again reinstall? Or does certificate files stored on Letsencrypt servers and synced next time a certificate is generated by same email-address and domain?
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Is it safe to remove Letsencrypt certificates by deleting certificate files and so
dnf remove certbot httpd php-fpm mariadb
and try again reinstall? Or does certificate files stored on Letsencrypt servers and synced next time a certificate is generated by same email-address and domain?
It's pretty safe, but better if you make a copy, just in case.
-
@scottalanmiller said in Fedora 31 Server Edition filesystem permissions changed to 777:
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Is it safe to remove Letsencrypt certificates by deleting certificate files and so
dnf remove certbot httpd php-fpm mariadb
and try again reinstall? Or does certificate files stored on Letsencrypt servers and synced next time a certificate is generated by same email-address and domain?
It's pretty safe, but better if you make a copy, just in case.
If you request a new cert in the same name, you will simply get a new cert.
Nothing is saved by Let's Encrypt. Now obviously, they have the old record, and you will get a renewal notice at 30 days out. But you just ignore it. -
Any thoughts about using Nginx rather than Apache?
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Any thoughts about using Nginx rather than Apache?
Nextcloud still defaults their builds to Apache. so i use Apache.
That said, all of my instances are sitting behind a separate Nginx Reverse Proxy.
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Any thoughts about using Nginx rather than Apache?
I would stick to Apache. Use what the devs use. Nginx is great for the reverse proxy in front of it all, if you want.
-
@JaredBusch said in Fedora 31 Server Edition filesystem permissions changed to 777:
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
Any thoughts about using Nginx rather than Apache?
Nextcloud still defaults their builds to Apache. so i use Apache.
That said, all of my instances are sitting behind a separate Nginx Reverse Proxy.
Same here.
-
Is it possible that Nextcloud has to be installed before creating certificates?
Because, when I installed Nextcloud 11(?) on Fedora Server 26 I did first installing everything, apache, php-fpm, mysql, nextcloud followed by created self-signed certificates. After that, I did creating certificates from Letsencrypt with certbot but this happened not with Fedora Server 26. It happened later.
Fedora Server 31 is the first installation after all releases that I have to reinstall (did just updating between all releases) and the one and only thing I did in a different way was the order of creating certificates and installing Nextcloud. I did creating of certificates before installing Nextcloud. -
@JaredBusch I never understood why to use Nginx as reverse proxy What's the meaning with it?
-
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
@JaredBusch I never understood why to use Nginx as reverse proxy What's the meaning with it?
A reverse proxy allows you to have multiple websites on the same port behind 1 IP address. This also generally means multiple servers behind the proxy as well - as if all websites were on a single http service, that service could likely determine itself which webservice to give the packets to.
-
@Dashrender said in Fedora 31 Server Edition filesystem permissions changed to 777:
@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:
@JaredBusch I never understood why to use Nginx as reverse proxy What's the meaning with it?
A reverse proxy allows you to have multiple websites on the same port behind 1 IP address. This also generally means multiple servers behind the proxy as well - as if all websites were on a single http service, that service could likely determine itself which webservice to give the packets to.
This is correct. Specifically, I have a server in a colo. I have a single IP available to me.
So ports 80/443 on that IP are directed to the Nginx Reverse Proxy. Nginx handles sending the inbound FQDN to the right backend servers.
https://domain.com = 12.45.67.89 https://nc.domain.com = 12.45.67.89 https://blog.domain.com = 12.45.67.89
How do you make all of that work? With a Reverse Proxy. Nginx is much better at that than Apache.
Nginx is listening on 12.45.67.89:80 and 12.45.67.89:443
When something comes in, it reads the FQDN out of the HTTP headers and sends it on to the correct backend IP.domain.com = 10.1.2.3 nc.domain.com = 10.1.2.4 blog.domain.com = 10.1.2.5
-
THANK YOU @JaredBusch and @Dashrender for this good explanation. That was the easiest understandable explanation I have heard for a long time.
I'll try my luck again. Thanks again guys.