|
Just wanted to mention, the collective wisdom dscovered heree
could go to:
https://wiki.wocommunity.org/display/documentation/Configuring+Apache+for+WebObjects
This page deserves some TLC, no? :--)
cheers - ray
On 6/19/21 1:00 AM, Markus Ruggiero
(rucotec) wrote:
Man I love you (well, sort of anyway😇).
Thanks a lot, the location thing was it. Now
everything works.
Have a great day
---markus---
Do you have a „Location“ based
access grant in your config?
In my (CentOS) Apache config I
have this statement:
# Specific to Apache 2.4
<Location /cgi-bin/WebObjects/>
<Limit GET POST OPTIONS >
Require all granted
</Limit>
Require all denied
</Location>
I have also commented out all
ScriptAlias* directives in all apache config files.
Logging can be enabled by setting
a WebObjectsLog directive:
# To change the logging options, read the following comments:
# The option name is "WebObjectsLog" and the first value indicates the path of the log file.
# The second value indicates the log level. There are five, in decreasing informational order:
# "Debug", "Info", "Warn", "Error", "User"
#
# Note: To enable logging, touch '/tmp/logWebObjects' as the administrator user (usually root).
# After apache starts, you'll have to change the owner permissions to 'www'.
# Type: sudo chown www /Library/WebObjects/Logs/WebObjects.log
# See <rdar://problem/5296267> /tmp/logWebObjects insecure tempfile in WebObjects
#
# The following line is the default:
# WebObjectsLog /tmp/WebObjects.log Debug
For simple applications you could
also completely discard the WOAdaptor and use the
standard proxy mechanism. Single instance deployments
don’t even need a balancer setup:
# in the site config:
ProxyPass /cgi-bin/WebObjects/App.woa http://localhost:2001/cgi-bin/WebObjects/App.woa
ProxyPassReverse /cgi-bin/WebObjects/App.woa http://localhost:2001/cgi-bin/WebObjects/App.woa
<Proxy http://localhost:2001/cgi-bin/WebObjects/App.woa/>
Require all granted
Options none
RequestHeader append x-webobjects-adaptor-version "mod_proxy"
</Proxy>
Ralf
On 18 Jun 2021, at 12:48, Markus
Ruggiero (rucotec) wrote:
Thanks Jesse, yeah, I tried all.
All files are w:r including
/Library/WebObjects/Configuration/* where
SiteConfig.xml lives. JavaMonitor is writing the
SiteConfig.xml, wotaskd uses it and it is readable
for anything Apache.
Apache running under _www or, as I
just now tried running it under my own uid, makes
no difference. The error_log shows this line:
I tried with cgi-bin as well as apps.
For me this indicates something in
WOAdaptor not being right. When I google this
error everyone is pointing to Apache config where
in some places Require all allowed is needed. That
is there and Apache can serve static filesystem
based resources.
As the error points to /apps as the
resource that is not accessible this again points
to WOAdaptor. /apps is NOT a file system path (no
<Directory> block in http.conf) but is part
of the adaptor URL (set in JavaMonitor as http://woapps/apps/WebObjects).
Seems that WOAdaptor does not properly take over
and then of course Apache would try to access this
non-existing path.
This brings me to the next question:
how do I debug WOAdaptor? Or am I going nuts?
Something else: I compared all the
LoadModule directives in httpd.conf with those on
the customer deployment and made sure there
weren’t modules excluded. Nothing helped. Next is
probably to virtualise the client deployment
machine, strip it down to the bare minimum and run
it as a test deployment server inside VMWare.
Maybe last resort....
---markus---
Well, gosh, it just
has to be apache and the OS — run down the
list of suspects
"client denied by server
configuration" is reported so that’s
basically the OS saying you can’t read —
I think?
I can’t read your rules, but
since apache doesn’t seem to barf did
you check user and OS level stuff
carefully?
- the user that is running
apache?
- the actual folder and
parent folder settings?
- read those folders as that
user from the command line?
Other random tests regarding
OS level file permissions?
I’m no expert here, but I’m
pretty sure those files gotta be 755 and
it seems like the apache log is
reporting a filesystem level permission
error…?
This is a
new setup. Up to now I have
had a dedicated deployment
machine that works. As this is
for a customer I do not want
to touch it.
We have a weird
problem that only shows when
more than one instance of
the same app is running. To
be able to debug and analyze
this I thought I’d configure
my dev machine so that I can
deploy to it easily without
disturbing anything
productive.
Yes, of course
mod_webobjects is loaded.
This is the full
wo_apache.config:
LoadModule
WebObjects_module
/Users/Shared/Developer/Libraries/Wonder/ApacheWOAdaptor/Apache2.4/macOS/mod_WebObjects.so
WebObjectsAlias
/apps/WebObjects
all the other
nice stuff in there is
commented and not active.
If on a
command line I type
apachectl -F
I get a whole
list of known directives
and there are many WO
related ons. Where else
would Apache get those if
not through mod_webobjects?
This indicates that the
module is properly
loaded.
Sounds
like apache, are you
sure things like
mod_webobjects are
loaded and those
base things?
I
can’t read apache
rules…sorry! They
are all just
random characters
to me…I guess the
questions is
what’s changed or
is this a new
setup giving you a
hard time?
Probably
missing
something so
basic that I
simply do not
see it. Must
be too hot
outside (33
Celsius) and
no aircon in
the office (31
Celsius).
Hope
someone can
point me in
the right
direction.
Deployment
setup on my
dev machine
(MBpro, macOS
Catalina, JRE
15). Apache
installed via
homebrew
(Apache/2.4.46
(Unix)),
Apple's Apache
not in use
Apache
configured
with various
virtual hosts,
resolved
through
/etc/hosts.
This all
works, Apache
serves static
resources from
these hosts.
JavaMonitor
runs, wotaskd
runs, Apache
loads
WOAdaptor by
including
wo_apache.conf
apachectl -F knows about WOAdaptor,
so I assume it
is properly
loaded
wo_apache.conf
has this line:
WebObjectsAlias
/apps/WebObjects
The
Apache config
file http.conf
has this line
#
ScriptAliasMatch ^/cgi-bin/((?!(?i:webobjects)).*$)
"/usr/local/var/www/CGI-Executables/$1"
ScriptAliasMatch
^/apps/((?!(?i:webobjects)).*$) "/usr/local/var/www/CGI-Executables/$1"
(tried
both variants,
with cgi-bin
and the one
with apps)
In
WOMonitor this
is the URL to
the adaptor:
(woapps
being one of
my virtual
hosts)
When
I try to
access an
installed app
the browser
reports an
error
"You
don't have
permission to
access this
resource”
and
Apache puts a
message into
the error log
file:
[Thu
Jun 17
13:43:57.329921
2021]
[authz_core:error]
[pid 42093]
[client
127.0.0.1:64420]
AH01630:
client denied
by server
configuration:
/apps
/apps
is not a
directory but
the first part
of the WO URL
and thus
should go to
the WOAdaptor.
Has the
ScriptAliasMatch
(see above)
anything to do
with this?
Thanks
for any help
---markus---
Markus
Ruggiero
4051
Basel /
Switzerland
mobile +41 79
508 4701
Markus
Ruggiero
4051
Basel /
Switzerland
mobile +41 79
508 4701
Markus
Ruggiero
4051
Basel /
Switzerland
mobile +41 79
508 4701
Markus
Ruggiero
4051
Basel /
Switzerland mobile +41 79 508
4701
|