1

I'm trying to use calibre2opds to put my library on my server (fedora21). Everything works fine, I can navigate, until I want to download an epub.

I get en error 403:

You don't have permission to access /Anonyme/Le Livre Sans Nom (41)/Le Livre Sans Nom - Anonyme.epub on this server.

I access the server by 192.168.1.21/calibre. Calibre2ops put everything in 

/mnt/Sardaukar/web/calibre

The HTML files are put by calibre2opds in 

/mnt/Sardaukar/web/calibre/_catalog

and the actual epubs in, for instance 

/mnt/Sardaukar/web/calibre/Anonyme/Le Livre Sans Nom (41)/Le Livre Sans Nom - Anonyme.epub

and the httpd file looks like 

Alias /calibre /mnt/Sardaukar/web/calibre/_catalog
<Directory /mnt/Sardaukar/web/calibre/_catalog>
AllowOverride All
Options Indexes FollowSymLinks
Require all granted
</Directory>

I did it before, even with an .htaccess and it worked before, but now, I have no idea what is wrong. The permissions on /mnt/Sardaukar/web/calibre are 770, and chown by me:www-users

After more research, I found in the error log:

[Mon Jun 22 21:06:59.774348 2015] [authz_core:error] [pid 10805] [client 192.168.1.5:51992] AH01630: client denied by server configuration: /var/www/html/Anonyme, referer: http://192.168.1.21/calibre/book_0
 >>>/book_41.html

Why does it try to read the epub in /var/www/html??

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Napseis
  • 153
  • 8
  • Read your error again: `/Anonyme/Le Livre Sans Nom (41)/Le Livre Sans Nom - Anonyme.epub on this server.` Your entire path must be owned by `www-user` not just your alias. Try `chown -Rv www-user:www-user /Anonyme` – eyoung100 Jun 22 '15 at 00:49
  • hi. This doesn't change anything, I chown apache:www-users the whole /mnt/Sardaukar/web/calibre . It seems logical, since the permissions are already 770. (and 777 doesn't change this behavior) – Napseis Jun 22 '15 at 18:35
  • Would you please verify the owner of at least one epub file in the `Le Livre Sans Nom (41)` directory? – eyoung100 Jun 22 '15 at 18:38
  • Yes, here it is: -rwxr--r-- 1 napseis www-users 1,2M 21 juin 21:29 /mnt/Sardaukar/web/calibre/Anonyme/Le Livre Sans Nom (41)/Le Livre Sans Nom - Anonyme.epub – Napseis Jun 22 '15 at 18:51
  • As I suspected `napseis` is not `www-users`. You need to either rerun the command I gave above, so that the owner is `www-users` along with the group `www-users` or to shorcut, you can add the user `napseis` to the group `www-users`. On a side note, make sure the `www-users` user exist. There is a typo in my original command. Be sure to add an s to the end of both sets of `user`. – eyoung100 Jun 22 '15 at 18:57
  • the `www-users` does not exists, only the group. Apache is run by the user `apache`. I did try to run the chown with apache:www-users, and even did a chmod 777. This doesn't chaneg anything. I more likely suspect something wrong in the conf files inside `/etc/httpd` – Napseis Jun 22 '15 at 19:03
  • Try adding user `napseis` to group `www-users`... If that doesn't work, undo the assignment, then poke around in Apache – eyoung100 Jun 22 '15 at 19:06
  • napseis is in the group. I looked into the error log, and updated the main post. Thank you. – Napseis Jun 22 '15 at 19:10

1 Answers1

0

First off, see the DistrosDefaultLayout - Fedora entry on the Apache Wiki

Looks like you may need to add a Document Root (to override the default), and since you aren't serving files from the default root, a ServerRoot (again to override the default):

Alias /calibre /mnt/Sardaukar/web/calibre/_catalog
ServerRoot "/calibre"
# Ensure that Apache listens on port 80
Listen 80
<VirtualHost *:80>
    DocumentRoot "/Anonyme/"
    ServerName mypubs.local

# Other directives here
</VirtualHost>
<Directory /mnt/Sardaukar/web/calibre/_catalog>
    AllowOverride All
    Options Indexes FollowSymLinks
    Require all granted
</Directory>

This should make the Entire path read {ServerRoot} + {DocumentRoot}, or {Alias /calibre} + Anonyme

Reasoning

For Security Reasons, Apache does not allow directory traversal outside the ServerRoot. Your link to all your books wasn't a valid path in ServerRoot. Therefore, I had to tell Apache where your server was being "served" If none of this makes sense Read this great in-depth article over on Slicehost. Since Gentoo isn't your distribution use the Linux Distros Link in the Navigation to find the same article I linked for your particular distribution. As a matter of learning and practice, I would keep your epubs in a safe place, and do the following:

  1. Delete my hackish httpd.conf file.
  2. Follow the guide I linked to enable/configure Virtual Hosting Properly.
  3. Add your epubs to the VirtualHost Configuration you created in Step #2.
eyoung100
  • 5,717
  • 21
  • 50
  • Thank you, the conf file your provided wasn't correct, but your explanations helped me a lot, and now it works ! – Napseis Jul 01 '15 at 18:48
  • @Napseis Great!! If you like, would you provide your fixed conf file, either in your question or here... – eyoung100 Jul 01 '15 at 18:56