/login not found - rewrites are not complete #34

trizzosk commented 2022年03月28日 14:46:32 +02:00 (Migrated from github.com)

Hi, sorry for noob questions, but -> using this config, the /login alias (redirect) does not function. It does not matter if rewrites are in apache virtualhost or in .htaccess file in /public directory under bookstack root.... Any clues?

Hi, sorry for noob questions, but -> using this config, the /login alias (redirect) does not function. It does not matter if rewrites are in apache virtualhost or in .htaccess file in /public directory under bookstack root.... Any clues?

ssddanbrown commented 2022年03月28日 15:25:18 +02:00 (Migrated from github.com)

Hi @trizzosk,
What exactly are you attempting to use or do? This repository contains a host of different scripts and configs.

Hi @trizzosk, What exactly are you attempting to use or do? This repository contains a host of different scripts and configs.

trizzosk commented 2022年03月28日 15:31:41 +02:00 (Migrated from github.com)

Hi,

I did a manual install procedure from the scratch on Ubuntu 20.04 (azure vm image). I want to continue with installation but I cannot login becasue the /login "does not exist" (getting HTTP 404 error). So I suspect some kind of incorrect rewrite... (there is no login in /public folder which must be as DocumentRoot on vhost). Yes, and I am using only HTTPS vhost config (binded to 443 port).

Hi, I did a manual install procedure from the scratch on Ubuntu 20.04 (azure vm image). I want to continue with installation but I cannot login becasue the /login "does not exist" (getting HTTP 404 error). So I suspect some kind of incorrect rewrite... (there is no login in /public folder which must be as DocumentRoot on vhost). Yes, and I am using only HTTPS vhost config (binded to 443 port).

trizzosk commented 2022年03月28日 15:35:09 +02:00 (Migrated from github.com)

<Directory /var/www/html/Bookstack/public/>
 		Options Indexes FollowSymLinks
 		AllowOverride None
 		Require all granted
 		
			<IfModule mod_rewrite.c>
 			<IfModule mod_negotiation.c>
 			Options -MultiViews -Indexes
 			</IfModule>
 			RewriteEngine On
 			# Handle Authorization Header
 			RewriteCond %{HTTP:Authorization} .
 			RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 			# Redirect Trailing Slashes If Not A Folder...
 			RewriteCond %{REQUEST_FILENAME} !-d
 			RewriteCond %{REQUEST_URI} (.+)/$
 			RewriteRule ^ %1 [L,R=301]
 			# Handle Front Controller...
 			RewriteCond %{REQUEST_FILENAME} !-d
 			RewriteCond %{REQUEST_FILENAME} !-f
 			RewriteRule ^ index.php [L]
				RewriteCond %{SERVER_NAME} =$SERVER
 			RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 		</IfModule>
 		</Directory>

```apacheconf <Directory /var/www/html/Bookstack/public/> Options Indexes FollowSymLinks AllowOverride None Require all granted <IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews -Indexes </IfModule> RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.+)/$ RewriteRule ^ %1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] RewriteCond %{SERVER_NAME} =$SERVER RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </IfModule> </Directory> ```

trizzosk commented 2022年03月28日 15:35:33 +02:00 (Migrated from github.com)

I axdded a section from vhost config of apache2.

I axdded a section from vhost config of apache2.

ssddanbrown commented 2022年03月28日 15:36:37 +02:00 (Migrated from github.com)

@trizzosk Have you enabled apache mod_rewrite like so?:

BookStackApp/devops@02f356cda1/scripts/installation-ubuntu-20.04.sh (L83)

Make sure you restart apache afterwards.
You could generally follow the commands of our Ubuntu 20.04 install script to ensure you have performed all required steps:
https://github.com/BookStackApp/devops/blob/main/scripts/installation-ubuntu-20.04.sh

@trizzosk Have you enabled apache `mod_rewrite` like so?: https://github.com/BookStackApp/devops/blob/02f356cda1b32f4aea85ec9b0bf574be8abbe449/scripts/installation-ubuntu-20.04.sh#L83 Make sure you restart apache afterwards. You could generally follow the commands of our Ubuntu 20.04 install script to ensure you have performed all required steps: https://github.com/BookStackApp/devops/blob/main/scripts/installation-ubuntu-20.04.sh

trizzosk commented 2022年03月28日 15:39:49 +02:00 (Migrated from github.com)

I did that. As you can see that example is only for :80 port (http). I can only use https, so I adjusted that vhost config with all SSL (signed cert, etd.) stuff. all the stuff is running but I cannot login to the bookstack page.

I did that. As you can see that example is only for :80 port (http). I can only use https, so I adjusted that vhost config with all SSL (signed cert, etd.) stuff. all the stuff is running but I cannot login to the bookstack page.

trizzosk commented 2022年03月28日 15:40:45 +02:00 (Migrated from github.com)

@ssddanbrown:

$ sudo a2enmod rewrite
Module rewrite already enabled

@ssddanbrown: ```bash $ sudo a2enmod rewrite Module rewrite already enabled ```

ssddanbrown commented 2022年03月28日 15:46:32 +02:00 (Migrated from github.com)

@trizzosk Have you updated the APP_URL in your BookStack .env file to start with https://?

@trizzosk Have you updated the `APP_URL` in your BookStack `.env` file to start with `https://`?

trizzosk commented 2022年03月28日 15:49:00 +02:00 (Migrated from github.com)

@ssddanbrown yes indeed ([redacted] here to hide real URL)

# Application URL
# This must be the root URL that you want to host BookStack on.
# All URLs in BookStack will be generated using this value
# to ensure URLs generated are consistent and secure.
# If you change this in the future you may need to run a command
# to update stored URLs in the database. Command example:
# php artisan bookstack:update-url https://old.example.com https://new.example.com
APP_URL=https://[redacted]

@ssddanbrown yes indeed ([redacted] here to hide real URL) ``` # Application URL # This must be the root URL that you want to host BookStack on. # All URLs in BookStack will be generated using this value # to ensure URLs generated are consistent and secure. # If you change this in the future you may need to run a command # to update stored URLs in the database. Command example: # php artisan bookstack:update-url https://old.example.com https://new.example.com APP_URL=https://[redacted] ```

ssddanbrown commented 2022年03月28日 15:58:53 +02:00 (Migrated from github.com)

@trizzosk Okay, I'd remove the following from your config:

RewriteCond %{SERVER_NAME} =$SERVER
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Just in case they're adding confusion. Note, After removing and and restarting apache you may want to test via a different browser just because that rule is permanent so may still take affect in the browser.

If things are still not working after that, it may be due to configration outside of that, such as other content within the virtual host file. I'd need more detail such as where the above apache configuration is set, and a more complete view of the virtualhost config assuming it's configured as a virtualhost.

@trizzosk Okay, I'd remove the following from your config: ```apache RewriteCond %{SERVER_NAME} =$SERVER RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] ``` Just in case they're adding confusion. Note, After removing and and restarting apache you may want to test via a different browser just because that rule is permanent so may still take affect in the browser. If things are still not working after that, it may be due to configration outside of that, such as other content within the virtual host file. I'd need more detail such as where the above apache configuration is set, and a more complete view of the virtualhost config assuming it's configured as a virtualhost.

trizzosk commented 2022年03月28日 16:02:20 +02:00 (Migrated from github.com)

@ssddanbrown apache2 restarted (systemctl restart apache2.service). Tried 2 different browsers (Firefox and MS Edge linux, because I use chromium as main browser). unfortunately, still the same :/

@ssddanbrown apache2 restarted (systemctl restart apache2.service). Tried 2 different browsers (Firefox and MS Edge linux, because I use chromium as main browser). unfortunately, still the same :/

trizzosk commented 2022年03月28日 16:03:07 +02:00 (Migrated from github.com)

I will prepare more details later today and share here.

I will prepare more details later today and share here.

trizzosk commented 2022年03月29日 14:37:13 +02:00 (Migrated from github.com)

Hi, regarding the vhost config, rest of directives are relevant only for ssl:

/etc/apache2/sites-available/bookstack.conf -> /etc/apache2/sites-enabled/bookstack.conf (linked using a2ensite bookstack.conf inside /sites-available/)

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin [redacted]@[dom].[xXx]
		DocumentRoot /var/www/html/BookStack/public/
		<Directory /var/www/html/Bookstack/public/>
 		Options Indexes FollowSymLinks
 		AllowOverride None
 		Require all granted
 		
			<IfModule mod_rewrite.c>
 			<IfModule mod_negotiation.c>
 			Options -MultiViews -Indexes
 			</IfModule>
 			RewriteEngine On
 			# Handle Authorization Header
 			RewriteCond %{HTTP:Authorization} .
 			RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 			# Redirect Trailing Slashes If Not A Folder...
 			RewriteCond %{REQUEST_FILENAME} !-d
 			RewriteCond %{REQUEST_URI} (.+)/$
 			RewriteRule ^ %1 [L,R=301]
 			# Handle Front Controller...
 			RewriteCond %{REQUEST_FILENAME} !-d
 			RewriteCond %{REQUEST_FILENAME} !-f
 			RewriteRule ^ index.php [L]
 		</IfModule>
 		</Directory>
LogLevel debug ssl:warn
		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile	/etc/ssl/certs/[redacted].cer
SSLCertificateKeyFile /etc/ssl/private/[redacted].key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
	</VirtualHost>
</IfModule>

ports.conf:

<IfModule ssl_module>
	Listen 443
</IfModule>
<IfModule mod_gnutls.c>
	Listen 443
</IfModule>

Note: I cannot anyhow use port 80 as default, I can only acccess the machine via https/443.

The last config which I edited with settings which I use on a number of other apache2 web server is /etc/apache/conf-available/security.conf:

#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages.
#
#<Directory />
# AllowOverride None
# Require all denied
#</Directory>
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
ServerTokens Prod
#ServerTokens Full
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#ServerSignature Off
ServerSignature Off
#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
TraceEnable Off
#TraceEnable On
#
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for subversion:
#
#<DirectoryMatch "/\.svn">
# Require all denied
#</DirectoryMatch>
#
# Setting this header will prevent MSIE from interpreting files as something
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
#Header set X-Content-Type-Options: "nosniff"
#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 
 SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 
 SSLHonorCipherOrder On
 
 
 Header always set X-Frame-Options DENY
 
 Header always set X-Content-Type-Options nosniff
 
 # Requires Apache >= 2.4
 
 SSLCompression off
 
 SSLUseStapling on
 
 SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
 
 
 # Requires Apache >= 2.4.11
 
 SSLSessionTickets Off

Any clues? Honestly I see that the problem will be somewhere in the rewrite rules which are maybe not properly written for the case of vhost with SSL/TLS encryption. Honestly, this is a bit tricky for me how to adjust, I am a bit noob in this....

Thx for any useful advice :)

Hi, regarding the vhost config, rest of directives are relevant only for ssl: /etc/apache2/sites-available/bookstack.conf -> /etc/apache2/sites-enabled/bookstack.conf (linked using a2ensite bookstack.conf inside /sites-available/) ```apacheconf <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin [redacted]@[dom].[xXx] DocumentRoot /var/www/html/BookStack/public/ <Directory /var/www/html/Bookstack/public/> Options Indexes FollowSymLinks AllowOverride None Require all granted <IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews -Indexes </IfModule> RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.+)/$ RewriteRule ^ %1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] </IfModule> </Directory> LogLevel debug ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/[redacted].cer SSLCertificateKeyFile /etc/ssl/private/[redacted].key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule> ``` ports.conf: ```apacheconf <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> ``` Note: I cannot anyhow use port 80 as default, I can only acccess the machine via https/443. The last config which I edited with settings which I use on a number of other apache2 web server is /etc/apache/conf-available/security.conf: ```apacheconf # # Disable access to the entire file system except for the directories that # are explicitly allowed later. # # This currently breaks the configurations that come with some web application # Debian packages. # #<Directory /> # AllowOverride None # Require all denied #</Directory> # Changing the following options will not really affect the security of the # server, but might make attacks slightly more difficult in some cases. # # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minimal | Minor | Major | Prod # where Full conveys the most information, and Prod the least. #ServerTokens Minimal ServerTokens Prod #ServerTokens Full # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail #ServerSignature Off ServerSignature Off # # Allow TRACE method # # Set to "extended" to also reflect the request body (only for testing and # diagnostic purposes). # # Set to one of: On | Off | extended TraceEnable Off #TraceEnable On # # Forbid access to version control directories # # If you use version control systems in your document root, you should # probably deny access to their directories. For example, for subversion: # #<DirectoryMatch "/\.svn"> # Require all denied #</DirectoryMatch> # # Setting this header will prevent MSIE from interpreting files as something # else than declared by the content type in the HTTP headers. # Requires mod_headers to be enabled. # #Header set X-Content-Type-Options: "nosniff" # # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # #Header set X-Frame-Options: "sameorigin" SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder On Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff # Requires Apache >= 2.4 SSLCompression off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)" # Requires Apache >= 2.4.11 SSLSessionTickets Off ``` Any clues? Honestly I see that the problem will be somewhere in the rewrite rules which are maybe not properly written for the case of vhost with SSL/TLS encryption. Honestly, this is a bit tricky for me how to adjust, I am a bit noob in this.... Thx for any useful advice :)

ssddanbrown commented 2022年03月29日 15:00:15 +02:00 (Migrated from github.com)

Hi @trizzosk,

Most of that looks fine, but I did notice this:

DocumentRoot /var/www/html/BookStack/public/
<Directory /var/www/html/Bookstack/public/>

Note the difference in BookStack and Bookstack of the two paths.
Could you check the actual casing used in the actual BookStack filesystem path and then update the config to properly match on both of these lines, then restart the server and check if that enables things to work as expected.

Hi @trizzosk, Most of that looks fine, but I did notice this: ```apache DocumentRoot /var/www/html/BookStack/public/ <Directory /var/www/html/Bookstack/public/> ``` Note the difference in `BookStack` and `Bookstack` of the two paths. Could you check the actual casing used in the actual BookStack filesystem path and then update the config to properly match on both of these lines, then restart the server and check if that enables things to work as expected.

trizzosk commented 2022年03月29日 15:49:11 +02:00 (Migrated from github.com)

@ssddanbrown You are genius!!!! Simple typo :) great, now works without any issue. This can be closed now.

@ssddanbrown You are genius!!!! Simple typo :) great, now works without any issue. This can be closed now.

ssddanbrown commented 2022年03月29日 16:39:12 +02:00 (Migrated from github.com)

Amazing! Glad to hear it's working now!

Amazing! Glad to hear it's working now!