TACTIC Open Source
tactic 4.7 VM error 403 getting assets from custom folder - Printable Version

+- TACTIC Open Source (http://forum.southpawtech.com)
+-- Forum: TACTIC Open Source (http://forum.southpawtech.com/forumdisplay.php?fid=3)
+--- Forum: TACTIC Discussion (http://forum.southpawtech.com/forumdisplay.php?fid=4)
+--- Thread: tactic 4.7 VM error 403 getting assets from custom folder (/showthread.php?tid=16)



tactic 4.7 VM error 403 getting assets from custom folder - samaya - 10-25-2019

Hi guys,

I'm testing the new VM and it works really good from this side as default so I decided to continue changing the Assets folder to a custom one following the actual documentation on the community page but I have a really mysterious issue with this new asset folder,

when I create an asset and upload the file, for example, the icon for a project it works like a charm, I can see the file created in my new folder but when the app tries to use it it gets a 403 (Forbidden)


Code:
GET http://localhost/assets/admin/project/t/icon/.versions/bmad_icon_icon_v001.png 403 (Forbidden)


[root@localhost ~]# ll /mnt/tactic/assets/admin/project/t/icon/.versions/
total 34
-rw-rw-r--. 1 nobody nobody 6473 Oct 25 14:37 bmad_icon_icon_v001.png
-rw-rw-r--. 1 nobody nobody 5158 Oct 25 14:35 bmad_icon_v001.png
-rw-rw-r--. 1 nobody nobody 2769 Oct 25 14:37 bmad_web_icon_v001.jpg
[root@localhost ~]#



RE: tactic 4.7 VM error 403 getting assets from custom folder - remkonoteboom - 10-26-2019

The 403 Forbidden message comes from Apache. It is likely that your new mount is not exposed to Apache. Take a look at the tactic.conf file for Apache typically installed in /etc/httpd/conf.d folder. Apache is the service that serves files as it is much more efficent that Python so it must be configure to see your new folder.

You will see that the /assets path is mapped with an Alias to your old folder. Make it point to your new folder.

Alias /assets /mnt/tactic/assets


Also make sure that the folder is permitted with the configuration such as:

<Directory "/mnt/tactic" >
Options FollowSymLinks
AllowOverride All
Order Allow,Deny
Allow from All
# Apache 2.4
Require all granted
</Directory>


RE: tactic 4.7 VM error 403 getting assets from custom folder - samaya - 10-28-2019

I already did that but no luck, this is my actual conf file.

Code:
###########################################################
#
# Copyright (c) 2005, Southpaw Technology
#                     All Rights Reserved
#
# PROPRIETARY INFORMATION.  This software is proprietary to
# Southpaw Technology, and is not to be reproduced, transmitted,
# or disclosed in any way without written permission.
#
#
#


# Settings for /home/apache/tactic in case this is not the Document Root
# for Windows it could be <Directory "C:/Program Files/Southpaw/Tactic">
# This should be the TACTIC_INSTALL_DIR
<Directory "/opt/tactic/tactic" >
    Options FollowSymLinks
    AllowOverride None
    Order Allow,Deny
    Allow from All
    # Apache 2.4
    Require all granted
</Directory>

<Directory "/mnt/tactic" >
    Options FollowSymLinks
    AllowOverride None
    Order Allow,Deny
    Allow from All
    # Apache 2.4
    Require all granted
</Directory>

# This is for delegating to a single server
ProxyPreserveHost on
RewriteEngine on


# Using the ProxyPass directives
<Proxy balancer://tactic>
BalancerMember http://localhost:8081/tactic
BalancerMember http://localhost:8082/tactic
BalancerMember http://localhost:8083/tactic
</Proxy>
ProxyPass /assets !
ProxyPass /context !
Proxypass /doc !

ProxyPass /tactic balancer://tactic/
ProxyPass /projects balancer://tactic/

ProxyPass / balancer://tactic/



# This is for using a customized solution in a script
#RewriteMap    lb    prg:C:/load_balance.pl
#RewriteRule   ^/tactic/(.+)$ ${lb:$1}           [P,L]


# This redirects to a common URL for centralized actions that will
# occur within tactic.
Alias /context        /opt/tactic/tactic/src/context
Alias /assets        /mnt/tactic/assets/
Alias /doc            /opt/tactic/tactic/doc/


# Security.  This will track access to every file in assets.  It is still
# in testing mode.
#<Location /sthpw/assets>
#    SetHandler python-program
#    PythonPath "sys.path + ['/home/apache/tactic/src']"
#    PythonAccessHandler asset_security
#</Location>

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

also, I don't understand how the system is able to upload the file to the asset folder but is not able to read it after that


RE: tactic 4.7 VM error 403 getting assets from custom folder - listy - 10-28-2019

What about chown it as apache user?


RE: tactic 4.7 VM error 403 getting assets from custom folder - Celton McGrath - 10-28-2019

Hi Samaya,

After changing the Apache configuration file, did you restart the Apache service?

- Celton


RE: tactic 4.7 VM error 403 getting assets from custom folder - samaya - 10-28-2019

the permission in the folders are 777 also i make sure that the apache user has access to the file running commands under apache user and it works flawless but the page still prompt 403, after changing the conf file I restarted httpd and tactic services but no success


RE: tactic 4.7 VM error 403 getting assets from custom folder - remkonoteboom - 10-28-2019

Take a look at the apache logs:

/var/log/httpd/error_log

It usually gives more detail. This is definitely an apache configuration issue as static content is delivered by Apache. TACTIC code plays no part in this request (unless you explictly configure Apache to do so ... for security reasons).

Apache can be notoriously conservative about serving files. All the permissions and configurations have to align.


RE: tactic 4.7 VM error 403 getting assets from custom folder - samaya - 10-28-2019

well is not making sense at all, this is the error on the log 

Code:
[Mon Oct 28 13:57:07.082558 2019] [core:error] [pid 16967:tid 139766221764352]
(13)Permission denied: [client xxx.xxx.xxx.xxx:40420] AH00035: access to /assets/admin/project/t/icon/.versions/bmad_icon_icon_v001.png denied
(filesystem path '/mnt/tactic/assets/admin/project/t/icon/.versions/bmad_icon_icon_v001.png') because search permissions are missing on a component of the path,
referer: http://xxx.xxx.xxx.xxx/tactic/

but if I check the file permissions 

Code:
[root@localhost conf.d]# ll /mnt/tactic/assets/admin/project/t/icon/.versions/
total 34
-rwxrwxrwx. 1 nobody nobody 6473 Oct 25 14:37 bmad_icon_icon_v001.png
-rwxrwxrwx. 1 nobody nobody 5158 Oct 25 14:35 bmad_icon_v001.png
-rwxrwxrwx. 1 nobody nobody 2769 Oct 25 14:37 bmad_web_icon_v001.jpg



RE: tactic 4.7 VM error 403 getting assets from custom folder - Celton McGrath - 10-28-2019

Hi Samaya,

Can you try this command to disable SELinux from blocking the content?

Code:
chcon -R -t httpd_sys_content_t /mnt/tactic/assets


Best,

Celton


RE: tactic 4.7 VM error 403 getting assets from custom folder - samaya - 10-28-2019

well it returns an error

Code:
[root@localhost ~]# chcon -R -t httpd_sys_content_t /mnt/tactic/assets
chcon: failed to change context of 'bmad_web_icon.jpg' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'bmad_icon_icon.png' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'bmad_icon.png' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'bmad_web_icon_v001.jpg' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'bmad_icon_v001.png' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'bmad_icon_icon_v001.png' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of '.versions' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'icon' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 't' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'project' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'admin' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of '0aea3bee969068dafa1' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of 'temp' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of '/mnt/tactic/assets' to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported

well, I tried disabling SElinux completly and it works, so now I just want to find why SElinux is blocking httpd to access this files.