cannot access asset folder inside document root on centOS

The Architect asked:

I was able to finally get my site up and running on DigitalOcean and after getting some help on ServerFault the certificates are all in order.

However, I cannot seem to get access to my asset folders once I access the site

The site URL is: https://www.zandu.biz or https://zandu.biz

this link should work
https://zandu.biz/icons/menu/menusection_humanresources.jpg

but it doesn’t

Any advice on what i missed here?

the /var/www/html/zeintek/merlin/front_end/dist/ folder is the document root and where index is located.

enter image description here

here is my apache conf file:

ServerRoot "/etc/httpd"

Listen 80
Listen 8029

Include conf.modules.d/*.conf

User apache
Group apache

ServerName localhost
ServerAdmin [email protected]

<Directory />
    AllowOverride none
    Require all denied
    Header set Access-Control-Allow-Origin "*"
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>

<Directory "/var/www/html">
    Options Indexes FollowSymLinks

    AllowOverride None

    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"
LogLevel info

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>

EnableSendfile on

IncludeOptional conf.d/*.conf
IncludeOptional conf/v-hosts/*.conf

here is my vhost file:

<VirtualHost *:80>

  ServerAdmin [email protected]
  DocumentRoot "/var/www/html/zeintek/merlin/front_end/dist/"
  ServerName zandu.biz
  ServerAlias www.zandu.biz

  <Directory "/var/www/html/zeintek/merlin/front_end/dist/">

    AddHandler cgi-script .cgi .pl .py 
    Options Indexes Includes FollowSymLinks ExecCGI
    Options +ExecCGI
    AllowOverride All 
    Order Allow,Deny
    Allow From All

    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

   </Directory>

  ErrorLog "logs/webservicesliveroot1.zeintek.com-error.log"
  CustomLog "logs/webservicesliveroot1.zeintek.com-access.log" common

</VirtualHost>

<VirtualHost *:8029>

  ServerAdmin [email protected]
  DocumentRoot "/var/www/html/zeintek/merlin/back_end/public/"
    ServerName zandu.biz
  ServerAlias www.zandu.biz

  <Directory "/var/www/html/zeintek/merlin/back_end/public/">

    AddHandler cgi-script .cgi .pl .py 
    Options Indexes Includes FollowSymLinks ExecCGI
    AllowOverride All 
    Order Allow,Deny
    Allow From All

    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

   </Directory>

  ErrorLog "logs/webservicesliveroot2.zeintek.com-error.log"
  CustomLog "logs/webservicesliveroot2.zeintek.com-access.log" common

</VirtualHost>

here is my ssl vhost file:

<VirtualHost *:443>

  LogLevel warn
  SSLEngine On
  #we need to prevent the POODLE attach to v3 of SSL is disable. Also we need to enable forward secrecy so disable v2
  # SSLProtocol all -SSLv2 -SSLv3
  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
  #for forward secrecy
  SSLHonorCipherOrder on
  #for forward secrecy
  #SSLCipherSuite EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
  SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

  SSLCertificateFile /etc/letsencrypt/live/zandu.biz-0002/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/zandu.biz-0002/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/zandu.biz-0002/chain.pem

  #unused for now
  #SSLCACertificateFile NOTUSEDFORNOW  #If using a self-signed certificate or a root certificate provided by ca-certificates, omit this line

  ServerAdmin [email protected]
  DocumentRoot "/var/www/html/zeintek/merlin/front_end/dist/"
  ServerName zandu.biz
  ServerAlias www.zandu.biz

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>

  <Directory "/var/www/html/zeintek/merlin/front_end/dist/">

    SSLOptions +StdEnvVars
    AddHandler cgi-script .cgi .pl .py 
    Options Indexes Includes FollowSymLinks ExecCGI
    AllowOverride All 
    Order Allow,Deny
    Allow From All

    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

  </Directory>

  TransferLog "logs/webservicesliveroot3.zeintek.com-transfer.log"
  ErrorLog "logs/webservicesliveroot3.zeintek.com-error.log"
  CustomLog "logs/webservicesliveroot3.zeintek.com-access.log" common
  BrowserMatch "MSIE [2-5]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
  #CustomLog logs/ssl_request_log \
  #  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

<VirtualHost *:8039>

  LogLevel warn
  SSLEngine On
  #we need to prevent the POODLE attach to v3 of SSL is disable. Also we need to enable forward secrecy so disable v2
  # SSLProtocol all -SSLv2 -SSLv3
  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
  #for forward secrecy
  SSLHonorCipherOrder on
  #for forward secrecy
  SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

  SSLCertificateFile /etc/letsencrypt/live/zandu.biz-0002/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/zandu.biz-0002/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/zandu.biz-0002/chain.pem

  #unused for now
  #SSLCACertificateFile NOTUSEDFORNOW  #If using a self-signed certificate or a root certificate provided by ca-certificates, omit this line

  ServerAdmin [email protected]
  DocumentRoot "/var/www/html/zeintek/merlin/back_end/public/"
  ServerName zandu.biz
  ServerAlias www.zandu.biz

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>

  <Directory "/var/www/html/zeintek/merlin/back_end/public/">
    SSLOptions +StdEnvVars
    AddHandler cgi-script .cgi .pl .py 
    Options Indexes Includes FollowSymLinks ExecCGI
    AllowOverride All 
    Order Allow,Deny
    Allow From All

    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
  </Directory>

  TransferLog "logs/webservicesliveroot4.zeintek.com-transfer.log"
  ErrorLog "logs/webservicesliveroot4.zeintek.com-error.log"
  CustomLog "logs/webservicesliveroot4.zeintek.com-access.log" common
  BrowserMatch "MSIE [2-5]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
  #CustomLog logs/ssl_request_log \
  #  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

My answer:


The default Apache configuration shipped with CentOS includes an Alias which causes URL paths beginning with /icons/ to be loaded from another directory.

In /etc/httpd/conf.d/autoindex.conf you will find:

Alias /icons/ "/usr/share/httpd/icons/"

Because your icon isn’t in that directory, you get an Apache 404 error.

You should comment out or remove that line from the file.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.