403 Symbolic link not allowed with https

[Chris T]

http works fine, https gives 403 with error:

Symbolic link not allowed or link target not accessible: /home/USER/domains/DOMAIN/private_html

I've got a pretty new DA install on Alma 9.2 with cloudlinux. Unfortunately, I didn't test https before installing cloudlinux so I don't know if cloudlinux is blocking the symlink or not.

I've read a few old posts on this and would like some recommendations on how to proceed. I've tried Options +FollowSymLinks but it didn't help. Changing DocumentRoot and corresponding <Directory> to public_html fixes problem

 

[gate2vn]

Yes, it's happening to me too. Still looking for the reason.

 

[Chris T]

I see you have CL too. I made a second DA server on buyvm without CL just for DNS. I'll put an SSL site on there after the weekend to see if I get the same issue.

 

[Richard G]

Last monday I've installed a Debian 11 VPS and yesterday a Almalinux 8 dedicated server. Both do not have this issue.
So it's either a Cloudlinux 9 issue or some security software (modsec, selinux, immunify360 and so on).

 

[Chris T]

Thanks Richard,

1. I copied virtual_host2_secure.conf to /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf, changed "DOCROOT" from private_html to public_html.
2. chown'ed the new template copy to diradmin:diradmin, no idea if this is needed or not
3. # echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
4. I did need to # apachectl restart as well

now works. Minor risk from https://docs.directadmin.com/webservices/apache/customizing.html: "We typically discourage relying on custom versions of these in case we make important changes to them, in which case you wouldn't inherit these changes." Hopefully I'm not ruining future-me's life but I don't agree with the whole private_html symlink anyway. I still should test new account creation, hopefully DOCROOT variable isn't used for symlink creation.

 

[Chris T]

did same thing for virtual_host2_secure_sub.conf

 

[gate2vn]

Thanks Chris. However, the default setting should work. With your new Almalinux 9 server, do you have the same problem? Or it's only happening after converting to CL 9?

 

[Chris T]

@gate2vn : I finally got around to adding a site on my other Almalinux 9 server and SSL site works fine. I'm assuming issue occurred after installing CL.

I'm going to stick with my customized virtual_host2_secure.conf

 

[gate2vn]

I just recognized that DA doesn't list CloudLinux 9 in supported OS, while Almalinux 9 is there. From what I understand, CL 9 is based on Almalinux 9. Is that the reason? @fln When will DA officially support for CL 9?

 

[Zhenyapan]

@gate2vn officially it just planned, not even on progress: https://features.cloudlinux.com/tabs/32-planned