You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2023-12-05 07:08:18

bugless
Member
Registered: 2010-01-24
Posts: 37

Error "Web server root directory configuration is not safe"

Trying GLPI 10.0.10 new installation from scratch.

As per the docs:
https://glpi-install.readthedocs.io/en/ … figuration
I left /etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/ssl.conf just as they are out of the box, except for single extra line "Include sites-enabled/*.conf" at very end of httpd.conf.

In /etc/httpd/sites-available I put glpi-000.conf and glpi-ssl.conf, which contents are:
glpi-000.conf:

<VirtualHost *:80>
        ServerName glpi.localhost
        DocumentRoot /var/www/glpi/public
        <Directory /var/www/glpi/public>
                Require all granted
                RewriteEngine On
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteRule ^(.*)$ index.php [QSA,L]
        </Directory>
</VirtualHost>
Include sites-available/glpi-ssl.conf

glpi-ssl.conf

<VirtualHost *:443>
        ServerName glpi.localhost
        DocumentRoot /var/www/glpi/public
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/glpi.crt
        SSLCertificateKeyFile /etc/ssl/private/glpi.key
        <Directory "/var/www/glpi/public">
                Require all granted
                RewriteEngine On
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteRule ^(.*)$ index.php [QSA,L]
        </Directory>
</VirtualHost>

Finally symlink /etc/httpd/sites-available/glpi-000.conf to /etc/httpd/sites-enabled/glpi-000.conf.

Command "httpd -S" does show both glpi vhosts, albeit including as well the default httpd vhosts...

When running the environment checks once running install.php in web browser, there's always this error/warning (as far as I recall):
"Web server root directory configuration is not safe
/var/www/glpi/public/glpi/public should be the preferred web root"

WTH!? Then what was the point of making /var/www/glpi/public the DocumentRoot for the vhost?
And I cannot get rid of that warning no matter what I try. It's been already more than two weeks with this...

Moreover, I actually had to change the ServerName from "glpi.localhost" to <host_ip_address> because otherwise all site malfunctioned: all https attemtps gave "Page not found" and on http the installer runs, but cannot progress beyond language selection...

And additionally, if just trying to browse http(s)://<glpi_ip_address>, instead of getting the Apache test page, now I get "Page not found"; unless I comment out the Rewrite* directives in the vhosts configurations.
Is this expected?

Thanks.

Offline

#2 2023-12-05 15:20:56

boombasstic
Member
Registered: 2023-12-05
Posts: 2

Re: Error "Web server root directory configuration is not safe"

did a fresh install yesterday, i had the same issue all afternoon.
i fixed it now, i think the issue comes from you moving the glpi folder around.

start from scratch, uncompress the glpi archive as root directly in /var/www/

Last edited by boombasstic (2023-12-05 15:21:07)

Offline

#3 2023-12-06 02:38:20

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,813
Website

Re: Error "Web server root directory configuration is not safe"

The "secure installation" does not require you to move GLPI around to a different location. Extract the GLPI release contents to "/var/www/" so you have a /var/www/glpi folder.
All changes related to the secure installation are done in your web server config.
1. Change the DocumentRoot to /var/www/glpi/public
2. Change the Directory directive to point to /var/www/glpi/public
3. Add the rewrite rule as shown in the installation documentation and enable the rewrite engine
4. Verify the rewrite module of Apache is enabled "sudo a2enmod rewrite"
5. Restart Apache

Then, when you request a page like "/front/login.php", Apache will transparently redirect the request to "/public/front/login.php". Since that path doesn't exist, Apache will fall back to running the "/public/index.php" script. This script then can see that the original request was for "/front/login.php" and since it is a path that is allowed to be accessed over the web, it then calls the "/front/login.php" script. If, for example, a user tries to access "/config/config_db.php" (your db config), the public router will deny the request. Before, if your folder permissions were messed up or there was some other configuration issue, you could have accidentally exposed this sensitive file over the web.

GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#4 2023-12-07 06:51:19

bugless
Member
Registered: 2010-01-24
Posts: 37

Re: Error "Web server root directory configuration is not safe"

Thanks very much.

Finally worked with all that.

Offline

Pages: 1

Board footer

Powered by FluxBB