Can't access https://www2.graphviz.org/magjac-Packages/development/

I can however access https://www2.graphviz.org/magjac-Packages.

@Ellson I haven’t found anything specific regarding /var/www/html/Packages/ in the Apache conf under /etc/httpd so I don’t think I should need anything for magjac-Packages either.

I’ve checked the permissions:

[root@www2 magjac]# ls -ltd `find /var/www/html/magjac-Packages`
-rw-r-----. 1 deploy deploy 27038801 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug/msbuild/Win32/graphviz.zip
drwxr-x---. 2 deploy deploy       26 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug/msbuild/Win32
drwxr-x---. 4 deploy deploy       29 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10
drwxr-x---. 3 deploy deploy       21 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug
drwxr-x---. 3 deploy deploy       19 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug/msbuild
-rw-r-----. 1 deploy deploy 12462075 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/msbuild/Win32/graphviz.zip
drwxr-x---. 4 deploy deploy       34 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os
drwxr-x---. 3 deploy deploy       19 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/msbuild
drwxr-x---. 2 deploy deploy       26 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/msbuild/Win32
-rw-r-----. 1 deploy deploy  4606993 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/x64/Graphviz-2.45.20200623.1728-win64.exe
drwxr-x---. 2 deploy deploy       96 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/x64
-rw-r-----. 1 deploy deploy  4748280 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/Win32/Graphviz-2.45.20200623.1728-win32.exe
drwxr-x---. 2 deploy deploy       96 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/Win32
drwxr-xr-x. 3 deploy deploy       25 Jun 23 12:10 /var/www/html/magjac-Packages
-rw-r-----. 1 deploy deploy  4606747 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows/10/os/cmake/x64/Graphviz-2.45.20200623.1706-win64.exe
drwxr-x---. 4 deploy deploy       30 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows/10/os/cmake
-rw-r-----. 1 deploy deploy  4748887 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows/10/os/cmake/Win32/Graphviz-2.45.20200623.1706-win32.exe
drwxr-x---. 3 deploy deploy       16 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows
drwxrwxr-x. 3 deploy deploy       21 Jun 23 11:30 /var/www/html/magjac-Packages/development

compare with:

[root@www2 magjac]# ls -ltd /var/www/html/Packages
drwxr-x---. 4 deploy deploy 95 Jul 17  2019 /var/www/html/Packages
[root@www2 magjac]# ls -ltd /var/www/html/Packages/development/
drwxrwxr-x. 6 deploy deploy 71 Jun 23 10:01 /var/www/html/Packages/development/

I saw.

[root@www2 magjac]# more ~ellson/NOTES
file indexing improvement
=========================

# diff httpd.conf.orig httpd.conf
56a57
> LoadModule autoindex_module modules/mod_autoindex.so
144a146
>     IndexOptions NameWidth=* SuppressDescription


httpd access to ~deploy/Packages
================================

## add apache to deploy's groups in /etc/group
# chcon -Rv --type=httpd_sys_content_t /home/deploy  ## will survice reboot but not relabel

I tried the last command (although I don’t know what it’s doing) and got:

[root@www2 magjac]# sudo chcon -Rv --type=httpd_sys_content_t /home/deploy
changing security context of ‘/home/deploy/.bash_logout’
changing security context of ‘/home/deploy/.bash_profile’
changing security context of ‘/home/deploy/.bashrc’
changing security context of ‘/home/deploy/.ssh/authorized_keys’
changing security context of ‘/home/deploy/.ssh’
changing security context of ‘/home/deploy/.bash_history’
changing security context of ‘/home/deploy/Packages’
changing security context of ‘/home/deploy/magjac-Packages’
changing security context of ‘/home/deploy’

I didn’t help.

There is an apache user:

[root@www2 magjac]# sudo ps auxww | grep apache
apache    7132  0.0  0.0 250432  6004 ?        S    Jun22   0:15 /usr/sbin/httpd -DFOREGROUND
apache    7135  0.0  0.0 250432  5944 ?        S    Jun22   0:17 /usr/sbin/httpd -DFOREGROUND
root      9062  0.0  0.0 112812   940 pts/2    R+   14:56   0:00 grep --color=auto apache
apache    9709  0.0  0.0 250428  5944 ?        S    Jun22   0:18 /usr/sbin/httpd -DFOREGROUND
apache    9710  0.0  0.0 250416  5940 ?        S    Jun22   0:10 /usr/sbin/httpd -DFOREGROUND
apache   15696  0.0  0.0 250416  6004 ?        S    Jun22   0:13 /usr/sbin/httpd -DFOREGROUND
apache   23863  0.0  0.0 250396  6028 ?        S    Jun22   0:27 /usr/sbin/httpd -DFOREGROUND
apache   25516  0.0  0.0 250432  5888 ?        S    05:32   0:05 /usr/sbin/httpd -DFOREGROUND
apache   25518  0.0  0.0 250400  5912 ?        S    05:32   0:07 /usr/sbin/httpd -DFOREGROUND
apache   30873  0.0  0.0 250412  5776 ?        S    09:51   0:04 /usr/sbin/httpd -DFOREGROUND
apache   31757  0.0  0.0 250416  5768 ?        S    10:12   0:03 /usr/sbin/httpd -DFOREGROUND
[root@www2 magjac]#

but I can’t su to it:

[root@www2 magjac]# sudo su
[root@www2 magjac]# su apache
This account is currently not available.

Perhaps something with ssl?

[root@www2 magjac]# tail -n10 /var/log/httpd/ssl*log
==> /var/log/httpd/ssl_access_log <==
131.113.102.140 - - [23/Jun/2020:14:56:02 -0400] "GET /Packages/stable/centos/7/os/x86_64/repodata/repomd.xml HTTP/1.1" 200 2976
99.42.161.234 - - [23/Jun/2020:14:57:33 -0400] "GET /Packages/development/fedora/31/os/x86_64/repodata/repomd.xml HTTP/1.1" 200 2979
203.83.195.222 - - [23/Jun/2020:14:57:13 -0400] "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 200 32903746
203.83.195.182 - - [23/Jun/2020:14:58:42 -0400] "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 200 32903746
203.83.195.222 - - [23/Jun/2020:14:58:51 -0400] "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 200 32903746
90.129.218.5 - - [23/Jun/2020:15:00:19 -0400] "GET /magjac-Packages/development/ HTTP/1.1" 403 230
203.83.195.182 - - [23/Jun/2020:15:00:19 -0400] "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 200 32903746
207.46.13.135 - - [23/Jun/2020:15:02:38 -0400] "GET /Packages/development/portable_source/graphviz-2.43.20200403.1243.tar.gz.md5 HTTP/1.1" 200 69
128.193.126.200 - - [23/Jun/2020:15:02:57 -0400] "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 200 32903746
199.29.247.14 - - [23/Jun/2020:15:02:59 -0400] "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 200 32903746

==> /var/log/httpd/ssl_error_log <==
[Tue Jun 23 13:44:01.426914 2020] [autoindex:error] [pid 31757] (13)Permission denied: [client 90.129.218.5:51941] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/
[Tue Jun 23 13:44:02.848790 2020] [autoindex:error] [pid 31757] (13)Permission denied: [client 90.129.218.5:51941] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/
[Tue Jun 23 13:47:11.431773 2020] [autoindex:error] [pid 30873] (13)Permission denied: [client 90.129.218.5:51945] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/
[Tue Jun 23 13:49:43.473932 2020] [autoindex:error] [pid 25516] (13)Permission denied: [client 90.129.218.5:52833] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/
[Tue Jun 23 14:30:21.398110 2020] [autoindex:error] [pid 23863] (13)Permission denied: [client 90.129.218.5:38352] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/
[Tue Jun 23 14:39:29.793510 2020] [autoindex:error] [pid 25516] (13)Permission denied: [client 90.129.218.5:45779] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/
[Tue Jun 23 14:39:33.504768 2020] [autoindex:error] [pid 25516] (13)Permission denied: [client 90.129.218.5:45779] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/
[Tue Jun 23 14:39:37.357720 2020] [autoindex:error] [pid 25516] (13)Permission denied: [client 90.129.218.5:45779] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/
[Tue Jun 23 14:39:39.531055 2020] [autoindex:error] [pid 23863] (13)Permission denied: [client 90.129.218.5:45764] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/
[Tue Jun 23 15:00:19.927879 2020] [autoindex:error] [pid 31757] (13)Permission denied: [client 90.129.218.5:5404] AH01275: Can't open directory for index: /var/www/html/magjac-Packages/development/, referer: https://www2.graphviz.org/magjac-Packages/

==> /var/log/httpd/ssl_request_log <==
[23/Jun/2020:14:56:02 -0400] 131.113.102.140 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /Packages/stable/centos/7/os/x86_64/repodata/repomd.xml HTTP/1.1" 2976
[23/Jun/2020:14:57:33 -0400] 99.42.161.234 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /Packages/development/fedora/31/os/x86_64/repodata/repomd.xml HTTP/1.1" 2979
[23/Jun/2020:14:57:13 -0400] 203.83.195.222 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 32903746
[23/Jun/2020:14:58:42 -0400] 203.83.195.182 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 32903746
[23/Jun/2020:14:58:51 -0400] 203.83.195.222 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 32903746
[23/Jun/2020:15:00:19 -0400] 90.129.218.5 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /magjac-Packages/development/ HTTP/1.1" 230
[23/Jun/2020:15:00:19 -0400] 203.83.195.182 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 32903746
[23/Jun/2020:15:02:38 -0400] 207.46.13.135 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /Packages/development/portable_source/graphviz-2.43.20200403.1243.tar.gz.md5 HTTP/1.1" 69
[23/Jun/2020:15:02:57 -0400] 128.193.126.200 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 32903746
[23/Jun/2020:15:02:59 -0400] 199.29.247.14 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /Packages/stable/portable_source/graphviz-2.44.0.tar.gz HTTP/1.1" 32903746

Please enlighten me.

This didn’t help either:

[root@www2 deploy]# chmod -R a+rX /var/www/html/magjac-Packages
[root@www2 deploy]# ls -ltd `find /var/www/html/magjac-Packages`
-rw-r--r--. 1 deploy deploy 27038801 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug/msbuild/Win32/graphviz.zip
drwxr-xr-x. 2 deploy deploy       26 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug/msbuild/Win32
drwxr-xr-x. 4 deploy deploy       29 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10
drwxr-xr-x. 3 deploy deploy       21 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug
drwxr-xr-x. 3 deploy deploy       19 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/debug/msbuild
-rw-r--r--. 1 deploy deploy 12462075 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/msbuild/Win32/graphviz.zip
drwxr-xr-x. 4 deploy deploy       34 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os
drwxr-xr-x. 3 deploy deploy       19 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/msbuild
drwxr-xr-x. 2 deploy deploy       26 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/msbuild/Win32
-rw-r--r--. 1 deploy deploy  4606993 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/x64/Graphviz-2.45.20200623.1728-win64.exe
drwxr-xr-x. 2 deploy deploy       96 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/x64
-rw-r--r--. 1 deploy deploy  4748280 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/Win32/Graphviz-2.45.20200623.1728-win32.exe
drwxr-xr-x. 2 deploy deploy       96 Jun 23 12:51 /var/www/html/magjac-Packages/development/windows/10/os/cmake/Win32
drwxr-xr-x. 3 deploy deploy       25 Jun 23 12:10 /var/www/html/magjac-Packages
-rw-r--r--. 1 deploy deploy  4606747 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows/10/os/cmake/x64/Graphviz-2.45.20200623.1706-win64.exe
drwxr-xr-x. 4 deploy deploy       30 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows/10/os/cmake
-rw-r--r--. 1 deploy deploy  4748887 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows/10/os/cmake/Win32/Graphviz-2.45.20200623.1706-win32.exe
drwxr-xr-x. 3 deploy deploy       16 Jun 23 11:30 /var/www/html/magjac-Packages/development/windows
drwxrwxr-x. 3 deploy deploy       21 Jun 23 11:30 /var/www/html/magjac-Packages/development

Neither did this:

sudo apachectl restart

I’ve now resorted to use https://www2.graphviz.org/Packages/experimental-development instead which works fine with the only negative aspect that it’s visible to users visiting https://www2.graphviz.org/Packages.

This is more of a note to self, but for the record I yesterday accidentally broke the ability to log in to www2.graphviz.org for the deploy user that GitLab CI/CD uses. This was “accomplished” by running the chcon command above.

I restored it today with:

chcon -v --type=ssh_home_t /home/deploy/.ssh
chcon -v --type=user_home_t /home/deploy/.ssh/authorized_keys

I don’t really know what I’m doing; I just replicated the security settings from my own .ssh directory.

This is now obsolete since I’m done with the testing.