Remote editing of nginx conf file present in an AWS ec2 instance - nginx

So, I have installed nginx in an EC2 instance that is running a RHEL OS. Everything is fine, except that I can't remotely edit the nginix conf file using SFTP client Cyberduck.
The problem is AWS EC2 seems to have a restriction on SFTP using root user. I installed nginx with sudo, guess it is saving the conf files with root priviledges. So when I sftp using ec2-user (since root is not allowed), Cyberduck simply complains that you can not save the file because conf file is owned by root.
So nginx developers out there, how do you handle this situation? For me it is really tedious to edit the conf file via ssh and vi editor in EC2 instance. That is why I prefer to edit it locally and sync. But I am not sure how to achieve this. I tried giving access to the conf folder to the ec2-user as per this post too. But invain!. Any help is appreciated.
PS: I installed the nginx using sources and here is the configure command with options I used:
./configure --sbin-path=/usr/bin/nginx --conf-path=/home/ec2-user/conf/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path==/var/log/nginx/access.log --with-pcre --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-http_v2_module

I finally figured out that we can change the permissions of the root folder from where nginx is serving its contents, in this case /var/share/nginx/html to 777. Also ensure the permissions for files inside this folder have 666 permission.
sudo chmod 777 /var/share/nginx/html
sudo chmod 666 /var/share/nginx/html/*
Also enabled read/write permissions for all users for the configuration files as well. This enabled me remote editing the configs as well as html contents.

Related

How can I set EC2 ownership permissions that allow me to update WordPress and modify files via FTP?

I have an AWS EC2 (Ubuntu Server 18.04 LTS (HVM), SSD Volume Type) on Apache with a working WordPress site on it.
If I run sudo chown -R ubuntu:ubuntu /var/www/html, then I can edit files via SFTP and save them, but not update my plugins.
If I run sudo chown -R www-data:www-data /var/www/html, then I can update my plugins but not edit files via SFTP and save them.
How can I update my plugins and edit my files without having to run the corresponding command each time?
I have already run sudo chmod -R 755 /var/www/html.
The permissions seems correct to me. Did you install a ftp server in the ec2 instance?
As you don't mention that, I guess you will have to install one than use credentials in wordpress to connect. Here's one guide to install and configure ftp at ubuntu
http://gabrielmagana.com/2014/11/installing-ftp-server-vsftpd-on-an-amazon-ec2-ubuntu-14-04-host/
If I remember correctly, you can set the owner of the directory to www-data. Then add user Ubuntu to the www-data group.
sudo adduser www-data ubuntu

How to give bitnami user edit permission on .htaccess for bitnami multisite ec2?

I have installed a Bitnami Multisite Wordpress AMI on my Amazon EC2 instance. to setup the Multiite Network I need to make changes in the .htaccess file.
I checked the permission on the file :
-rw-r--r-- 1 daemon daemon 235 Nov 29 12:15 .htaccess
I need the bitnami user to be able to edit the file. So first I did
getfacl .htaccess
# file: .htaccess
# owner: daemon
# group: daemon
user::rw-
group::r--
other::r--
I am logged in as bitnami user. So i used the command as below to give bitnami edit permissions.
sudo setfacl –m u:bitnami:rwx .htaccess
But I get the error as
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
Try `setfacl --help' for more information.
Need help to resolve the same.
Thanks
Bitnami Engineer here.
You can change the permissions of the .htaccess file by running this command
sudo chown bitnami:daemon .htaccess
sudo chmod g+w .htaccess
After running those commands, you can start to edit the file.
For security and performance reasons, we do not allow Apache to read the .htaccess files. For this reason, we moved the configuration in the .htaccess files to the main application configuration files and set the AllowOverride option to None by default.
You have two different options to start using .htaccess files:
- Edit the /opt/bitnami/apps/mediawiki/conf/htaccess.conf file and include the information of the .htaccess file inside a Directory block. You will find more information about this in this guide
https://docs.bitnami.com/aws/apps/wordpress-multisite/administration/use-htaccess/
Edit the /opt/bitnami/apps/wordpress/conf/httpd-app.conf file and change the AllowOverride option to All. After that, you will need to restart Apache
In both options, you will need to restart Apache after that:
sudo /opt/bitnami/ctlscript.sh restart apache

wordpress: plugin updates not updating

To be clear on some things, I have tried:
going into config.php and inputting define FS_Method, FTP_Base, FTP_Content_Dir, FTP_Plugin_Dir, FTP_User, FTP_Pass, FTP_Host, FTP_SSL
setting file permissions to 755 on wp-content, wp-content/uploads, wp-content/plugins
Things I do not have access to: cpanel, file manager, ubuntu, commands, SSH credentials.
I have spoken to my web host (it is a shared host account), and they will not provide me info on SSH. The only backend I have access to is wordpress admin and FTP through FileZilla or WinSCP. The web host has declared this issue to be in my court and refuses to help me out (unless I want to be charged a hefty fee).
Now, the issue is updating plugins. I can activate and deactivate plugins. But I can't install, delete or update plugins. Originally, the issue was "can't create directory" but then I changed define(FS_METHOD) to ftpsockets. Originally it was direct. (ftpext did not work whatsoever).
NOW the issue is "Update Failed: Could not copy file. all-in-one-wp-migration/all-in-one-wp-migration.php" for the plugin All-in-one WP Migration.
Can anyone help me out or point out what I'm doing wrong?
check your disk quota , the space assigned to your account , it looks like you may be overquota and hence the updates are failed.
As other posts indicate, the root cause is a permissions problem in /var/www/html/wordpress. In my case, I used Microsoft document https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-lamp-stack to install LAMP in Azure on Ubuntu 18.x LTS. I set the app to use the SFTP plugin for updates & uploads per https://wordpress.org/plugins/ssh-sftp-updater-support/. Then I changed permissions in as needed to the directories 'plugins themes upgrade uploads', group www-data (I used top to determine this, but other tools will do the trick), 775 on directories and 664 on files. Of course the user ID used to SFTP files had to be added to the www-data group on the system. I DID NOT set permissions to 777 as some have suggested in other posts and blogs.
Your situation may vary for required group ownership permissions. So analyze accordingly.
And best of luck.
Get your webhost to do this or you can do it yourself if you have SSH access
sudo usermod -aG www-data $USER
sudo chown -R www-data:www-data /var/www
sudo chmod -R 774 /var/www
you may want to revert back to the default: prevent writeable
sudo chmod -R 755 /var/www

Docker nginx SELinux (centOS/RHEL) with 403 forbidden access

So my Dockerfile runs via docker-compose using:
Dockerfile
FROM nginx
#COPY conf
COPY myapp/ /usr/share/nginx/html
RUN chmod -R 664 /usr/share/nginx/html
RUN chown -R nginx /usr/share/nginx/html
RUN chcon -R -t httpd_sys_content_t /usr/share/nginx/html
This is on RHEL 6.x, Docker is old 1.7 or something as well.
I don't even need "run chmod/chown/chcon" for most environments!! The dockerfile works just fine on windows.
However, I still get 403 Forbidden errors whenever nginx tries to access ANY file in /usr/share/nginx/html.
What is the correct way to setup nginx in a docker container and avoid these SElinux problems? (SElinux is on "Enforcing")
In fact, if you do
RUN/CMD ls -l
we can see nginx is the user who owns that folder and it has the right permissions! So what the heck is going on?
Special circumstances related to old Docker 1.7.1 and RHEL6, means you gotta install RHEL7. SELinux does not work well with it. There are some core RHEL6 library issues (shared library permission errors) making it nearly impossible to use with Docker 1.7.1.
The labels are all wrong. the processes inside the image are init_rc_t type labels which are incorrect. The files can be changed to httpd_sys_content_t but it doesn't work.
I think also there may be some nginx:nginx (UID GID mismatching) issues.
But really, it's give up time. Not worth investing time in resolving it and my host provider wouldn't call RHEL6 to ask about it.

WordPress nginx can't create Directories - Permissions correct

I know there are bunch of posts all over the internet about the WordPress permissions, but I am facing an issue I can't explain from the other posts. I am running debops WordPress on Ubuntu 16.04 with nginx.
Basically my updates within WordPress are failing, I am getting the "Could not create directory error". So I checked the permissions, and they are all correct (755 for the directories, 644 for the files).
Furthermore I checked that nginx is actually running as www-data user, which it does:
ps aux|grep nginx|grep -v grep
Shows that nginx is running as www-data.
To verify the permissions, I tried:
sudo -u www-data mkdir test
which worked and created the test directory.
Then some other posts made me think it has to do with a FTP configuration, most of them point to the vsftpd.conf file, but I don't have vsftpd installed (though I am able to connect via sftp to the ubuntu machine).
Question: What other reasons might cause this issue? Technically, WordPress has all the permissions to create it's directories.
Ok I found the problem:
nginx was indeed running as www-data user, but that wasn't the issue. From the debops issues I found that the correct user who should own the WordPress directory is the 'wordpress' user, not www-data.
chown wordpress:wordpress /var/www/ -R
Now everything works well with the updates.

Resources