Replies: 2 comments
-
|
For a working Apache configuration, please see https://github.com/netbox-community/netbox/blob/develop/contrib/apache.conf There is no need for WSGIPassAuthorization, since Netbox does not run as a WSGI within Apache; it runs as a separate process (gunicorn) which Apache proxies to. However, I don't think that turning it on will do any harm. Otherwise, if Apache is rejecting these incoming requests with "client denied by server configuration", then it must be somewhere else in your Apache configuration. You'll have to look at all your other conf files to see if any of them is requiring authorization. Given that you're using a RedHat-derived distro, it's always possible that SELinux is messing with things. I don't think that's the case here, but in general, turning SELinux into permissive mode is always a first step for debugging problems under RedHat. |
Beta Was this translation helpful? Give feedback.
-
|
On my apache config my Location / has auth (I'm using REMOTE_USER and SAML auth within apache).
I will note also that I don't know if SELinux is a factor, but you can check for AVC log messages (sudo grep AVC /var/log/audit/audit.log) to see if SELinux is in play at all before blanket disabling it, it logs permission denies. I personally am a bit of an SELinux die-hard, and I've found that when there are AVC denies that a little getsebool/setsebool flags or audit2allow to add a local policy, maybe adding some file/port tagging regex with semanage or even chcon can usually fix it right up (except for my cases where I have a CGI using clogin to SSH and run commands on devices, SELinux _really_ does not want Apache child processes opening PTYs...).
# Hint to Django app that redirects should use same scheme (https) as original request
RequestHeader set X-Forwarded-Proto "%{REQUEST_SCHEME}s"
<Location /static>
Satisfy Any
Allow from all
AuthType None
ShibDisable On
ProxyPass !
Require all granted
</Location>
<Directory /opt/netbox/current/netbox/static>
Options Indexes FollowSymLinks MultiViews
</Directory>
—
Mark Tinberg ***@***.***>
Division of Information Technology-Network Services
University of Wisconsin-Madison
…________________________________
From: smolko345 ***@***.***>
Sent: Sunday, October 30, 2022 1:20 PM
To: netbox-community/netbox ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [netbox-community/netbox] AH01630: client denied by server configuration: /opt/netbox/netbox/static (Discussion #10792)
Hey guys,
after installing Netbox ( version v3.3.5 ), I am not able to open Netbox. The site keeps refreshing without seeing any content
https://netbox.example.com/login/?next=/media-failure/%3Ffilename%3Dnetbox-print.css
Upgrade.sh was succesfull, both netbox and netbox-rq services are running but I can see this error in /var/log/httpd/error_log
AH01630: client denied by server configuration: /opt/netbox/netbox/static, referer: https://netbox.example.com/login/?next=/media-failure/%3Ffilename%3Dnetbox-print.css
Permissions should be fine.
/etc/httpd/conf.d/netbox.conf
Alias /static /opt/netbox/netbox/static
# Needed to allow token-based API authentication
WSGIPassAuthorization on
<Directory /opt/netbox/netbox/static>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<Location /static>
ProxyPass !
</Location>
ProxyPass / http://127.0.0.1:8001/
ProxyPassReverse / http://127.0.0.1:8001/
Httpd version:
httpd-2.4.6-97.el7_9.5.x86_64
Do you have any idea why is this happening ?
—
Reply to this email directly, view it on GitHub<#10792>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAS7UM7L3QNFGBP55IQR7RDWF2U47ANCNFSM6AAAAAARSMZRWU>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey guys,
after installing Netbox ( version v3.3.5 ), I am not able to open Netbox. The site keeps refreshing without seeing any content
https://netbox.example.com/login/?next=/media-failure/%3Ffilename%3Dnetbox-print.css
Upgrade.sh was succesfull, both netbox and netbox-rq services are running but I can see this error in /var/log/httpd/error_log
AH01630: client denied by server configuration: /opt/netbox/netbox/static, referer: https://netbox.example.com/login/?next=/media-failure/%3Ffilename%3Dnetbox-print.css
Permissions should be fine.
/etc/httpd/conf.d/netbox.conf
Alias /static /opt/netbox/netbox/static
Httpd version:
httpd-2.4.6-97.el7_9.5.x86_64
Do you have any idea why is this happening ?
Beta Was this translation helpful? Give feedback.
All reactions