On Fri, Mar 07, 2025 at 11:10:48AM -0800, Van Snyder wrote:

I have two computers, both running Debian 12.5 with kernel 6.1.0-31-
amd64

Both are running Apache/2.4.62 (Debian), Server built: 2024-10-
04T15:21:08

Both machines show one "/usr/sbin/apache2 -k start" process owned by
root and three owned by www-data.

This seems normal: the root process is the one started first, and its
only job is to fork "workers": those change user to www-data before
they do anything else.

Both have web pages in /opt/www, not /var/www, so they don't disappear
when I re-install.

They shouldn't, but I don't know how you "re-install", so I'll shut
up. If you take into account the new dir in your web server configs,
this shouldn't be a problem.

Their /etc/apache2/apache2.conf files are identical. The only changes
from the default one are

# <Directory /var/www/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
# </Directory>

<Directory /opt/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

Somewhere there should be a DocumentRoot which you might want to
adjust accordingly.

My uname "vsnyder" is in the same places in /etc/group* on both
machines, in particular on the "adm" line (and lpadmin as well).

This should be irrelevant.

My uid and default gid are the same on both machines.

Same.

In /opt/www on both machines, all of the files and directories are
owned by vsnyder:adm

This is not very typical. In any case, the web server, running as
www-data, should have read access to those files. If you want to
keep the ownerships as above (why?), you should make them world
readable (you haven't shown us the permissions, BTW, only the
ownerships).

Depending on the application running under the web server (PHP?
What else?) www-data might want to have write access to same file.

In /opt/www on both machines, the directories' modes are all 755, and
the files' modes are all 644.

Ah -- so www-data should have read (the third 4 is r--, that's for
"others") access to the files. Good.

Web pages display on one, but not the other.
/var/log/apache2/access.log and /var/log/apache2/error.log show 403
errors on GET lines.

Check the read permissions on the directories "above", i.e. /, /opt/
and /opt/www/. AFAIR the web server needs read access along the full
path (I don't think it needs "list", aka "execute" access).

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZ8tMowAKCRAFyCz1etHa Rn7VAJ9jr71/oFbwUAJk4+MQQe4gaHTyawCfTXeOgD4bDdASPpNEP3ItDVdUec0=
=ECNO
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, Mar 07, 2025 at 11:10:48AM -0800, Van Snyder wrote:

I have two computers, both running Debian 12.5 with kernel 6.1.0-31-
amd64
 
Both are running Apache/2.4.62 (Debian), Server built: 2024-10-
04T15:21:08
 
Both machines show one "/usr/sbin/apache2 -k start" process owned by
root and three owned by www-data
 
Both are running Apache/2.4.62 (Debian), Server built: 2024-10-
04T15:21:08

….

Web pages display on one, but not the other.

Might there be a firewall setting on one machine that blocks port 80,
but not on the other machine?

When I re-installed Debian 12.5, I told the installer I wanted a web
server and an ssh server.

ssh works. Web doesn't.

Neither machine has an iptables file.

/etc/nftables.conf and /usr/lib/systemd/system/nftables.service are the
same on the two machines.

The two machines are on the same side of the router so a firewall in
the router isn't blocking one from seeing the other.


<html><head></head><body><div><span style="caret-color: rgb(35, 38, 41); color: rgb(35, 38, 41); font-family: monospace; font-size: 14.666667px;">On Fri, Mar 07, 2025 at 11:10:48AM -0800, Van Snyder wrote:</span><br style="caret-color: rgb(35, 38, 41);
color: rgb(35, 38, 41); font-family: monospace; font-size: 14.666667px;"><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; I have two computers, both running Debian 12.5 with kernel 6.1.0-31-</font></div><div><span style="
font-family: monospace; font-size: 14.666667px; color: rgb(115, 115, 115);">&gt; amd64</span></div><div><div><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt;&nbsp;</font><br style="caret-color: rgb(35, 38, 41); color:
rgb(35, 38, 41); font-family: monospace; font-size: 14.666667px;"><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; Both are running Apache/2.4.62 (Debian), Server built: 2024-10-</font><br style="caret-color: rgb(35, 38,
41); color: rgb(35, 38, 41); font-family: monospace; font-size: 14.666667px;"><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; 04T15:21:08</font><br style="caret-color: rgb(35, 38, 41); color: rgb(35, 38, 41); font-
family: monospace; font-size: 14.666667px;"><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt;&nbsp;</font><br style="caret-color: rgb(35, 38, 41); color: rgb(35, 38, 41); font-family: monospace; font-size: 14.666667px;"><
font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; Both machines show one "/usr/sbin/apache2 -k start" process owned by</font><br style="caret-color: rgb(35, 38, 41); color: rgb(35, 38, 41); font-family: monospace; font-
size: 14.666667px;"><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; root and three owned by www-data</font></div><div><span style="font-family: monospace; font-size: 14.666667px; color: rgb(115, 115, 115);">&gt;</span><
span style="font-family: monospace; font-size: 14.666667px; color: rgb(115, 115, 115);">&nbsp;</span></div><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; Both are running Apache/2.4.62 (Debian), Server built: 2024-10-</
font><br style="caret-color: rgb(35, 38, 41); color: rgb(35, 38, 41); font-family: monospace; font-size: 14.666667px;"><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; 04T15:21:08</font></div><div><div><font color="#
737373" face="monospace"><span style="caret-color: rgb(115, 115, 115); font-size: 14.666667px;">….</span></font></div><div><font color="#737373" style="font-family: monospace; font-size: 14.666667px;">&gt; Web pages display on one, but not the other.</
font></div><br style="caret-color: rgb(35, 38, 41); color: rgb(35, 38, 41); font-family: monospace; font-size: 14.666667px;"></div><div>Might there be a firewall setting on one machine that blocks port 80, but not on the other machine?</div><div style="
caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: &quot;Noto Sans&quot;; font-size: 13.333333px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-
transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none;"><br class="Apple-interchange-newline">When I re-installed Debian 12.5, I told
the installer I wanted a web server and an ssh server.</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: &quot;Noto Sans&quot;; font-size: 13.333333px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-
spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none;"><br><
/div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: &quot;Noto Sans&quot;; font-size: 13.333333px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-
indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none;">ssh works. Web doesn't.</div><br class="Apple-interchange-
newline"><div>Neither machine has an iptables file.</div><div><br></div><div>/etc/nftables.conf and /usr/lib/systemd/system/nftables.service are the same on the two machines.</div><div><br></div><div>The two machines are on the same side of the router so
a firewall in the router isn't blocking one from seeing the other.</div><div><br></div><div><span></span></div></body></html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, Mar 07, 2025 at 02:43:01PM -0800, Van Snyder wrote:

On Fri, Mar 07, 2025 at 11:10:48AM -0800, Van Snyder wrote:

I have two computers, both running Debian 12.5 with kernel 6.1.0-31-
amd64
 
Both are running Apache/2.4.62 (Debian), Server built: 2024-10-
04T15:21:08
 
Both machines show one "/usr/sbin/apache2 -k start" process owned by
root and three owned by www-data
 
Both are running Apache/2.4.62 (Debian), Server built: 2024-10-
04T15:21:08

….

Web pages display on one, but not the other.

Might there be a firewall setting on one machine that blocks port 80,
but not on the other machine?

When I re-installed Debian 12.5, I told the installer I wanted a web
server and an ssh server.

ssh works. Web doesn't.

Now it would be interesting what means exactly "doesnt": Do you get
a "connection refused"? Or a connection timeout?

This would help you differentiate: a connection timeout would hint
at a firewall dropping the packets, a connection refused might be
a firewall rejecting (less typical these days) or the Apache service
not running.

We can pick up the ball from there.

Cheers
--
tomás

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZ8vXggAKCRAFyCz1etHa RtYtAJoCBP008oldP2MpEKA5rPdeInptDACfUBbBIpcKOJaIygL69AfxSIknPz8=
=9tAz
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Mar 08, 2025 at 17:14:44 -0800, Van Snyder wrote:

I want to be able to change the web without logging in as root. I occasionally need to send files to recipients that are big enough
suffocate their mail readers. Putting a soft link to it in /opt/www
without hooking it to my index is an easy way to do that. After it's
fetched, I delete it.

This sounds like a natural use case for the ~/public_html/ directory.
No need to modify the site contents under /opt/www/ when you can just
drop a file in your own public_html directory.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)