Skip to main content

Apache Error "Document Root Doesn't Exist" on Red Hat Enterprise LinuxWhen the Document Root DOES Exist

I upgraded one of our Red Hat Enterprise Linux VMs to Tomcat 7.0.4 tonight, did a bit of Apache reconfiguration, and when I restarted Apache I got a "document root doesn't exist" error even though in fact the document root does exist. (Trust me Apache, it's there.)

I double-checked the owners and permissions of all the directories in question and everything was identical to how things are set on another RHEL VM in this cluster on which I haven't upgraded Tomcat and done the reconfiguration yet. I was at a bit of a loss, so I googled around a bit and the prevailing sentiment seemed to be this was related to either A) a config file copied from a Windows box and the line breaks were throwing things off (wasn't applicable in my case), or B) the fact that SELinux was enabled.

If you've been around the Red Hat flavors of Linux long enough you'll remember that SELinux used to be absolutely horrible. For years the very first thing you had to do on Red Hat and Fedora to get anything working at all was turn SELinux off, and for a long time I believe it was even Red Hat's recommendation under their breath to just shut it off. It's gotten better over the years, and honestly stays out of the way to the point where I'd almost forgotten about it.

Since I didn't have anything else to try, however, I went into /etc/sysconfig/selinux and changed SELINUX=enforcing to SELINUX=disabled, restarted the server, and voila the complaining from Apache went away.

What I still don't get is A) why this isn't occurring on my other RHEL box with the same setup, and B) why it just started happening now. The only potential weirdness here is that my document root is a symlink, but again, it's been that way since I setup up these boxes originally and it hasn't been an issue.

So if you run into this same problem the fix (at least until I have more information about why it's happening) is to disable SELinux, but if anyone has more ideas about why this might be happening I'd love to hear them.


awest said…
Matt, I've run into the selinux wall several times installing ColdFusion 9 on CentOS with Apache 2.2.x. The issues were all related to selinux not allowing the Apache connector to communicate with resources on the system.The best way I've discovered to get CF and Apache working is to not hook up Apache during the installation of CF. Instead, I temporarily disable selinux and run the commands to manually hook CF to Apache post install.After install of CF and the Apache connector I stop Apache and CF and run a few selinux commands that a) set the Apache connector to run in the same selinux security context and all other Apache modules b) set selinux to allow scripts to connect to Apache.After doing these things I put selinux back into enforcing mode and reboot the OS. After restart I check that CF resources are properly going through Apache.Perhaps your issue with Tomcat is related. It may be that something in selinux changed from OS update to update and now selinux (in enforcing mode) is stopping file actions. The selinux log file was a big help for me in resolving the Apache + CF connector issues. Maybe there's something in there on your RHEL system.
Matthew Woodward said…
Thanks for the info Aaron. In this case it's just Apache not seeing a directory that exists so it doesn't even get to the level of the AJP proxying I'm doing between Apache and OpenBD, but that's good info to have. Honestly it doesn't get to the Tomcat level at all; I just have a docroot set in Apache and until I turned off SELinux, Apache couldn't see it. My first guess was permissions/ownership issues but on another VM in this cluster the permissions and ownership are the same (tomcat:tomcat) and Apache saw it just fine. All this leads me to the conclusion you mentioned, which is that a recent update to RHEL (many of which were security related) caused a change of some sort. When I did some work on another VM I had the same issue so that seems to reinforce this idea. I'll check out the selinux logs as you suggested. Thanks!
denstar said…
It depends on how you edited the config files. If you do it wrong (don't ask me how to do it right =]), the files are no longer under the Apache context in SELinux.You don't need to turn off SELinux, you just need to to add the stuff that shows up in /var/log/audit/audit.log (or using audit2allow) back to the security context. I always have to google how to do it. Something like this tho, I think:chcon -t httpd_var_lib_t /path/to/dirFreaking SELinux. It's Good Stuff tho. =)
Matthew Woodward said…
Thanks--great to know. I'll look into that before deciding to leave it off. ;-)

Popular posts from this blog

Installing and Configuring NextPVR as a Replacement for Windows Media Center

If you follow me on Google+ you'll know I had a recent rant about Windows Media Center, which after running fine for about a year suddenly decided as of January 29 it was done downloading the program guide and by extension was therefore done recording any TV shows.

I'll spare you more ranting and simply say that none of the suggestions I got (which I appreciate!) worked, and rather than spending more time figuring out why, I decided to try something different.

NextPVR is an awesome free (as in beer, not as in freedom unfortunately ...) PVR application for Windows that with a little bit of tweaking handily replaced Windows Media Center. It can even download guide data, which is apparently something WMC no longer feels like doing.

Background I wound up going down this road in a rather circuitous way. My initial goal for the weekend project was to get Raspbmc running on one of my Raspberry Pis. The latest version of XBMC has PVR functionality so I was anxious to try that out as a …

Running a Django Application on Windows Server 2012 with IIS

This is a first for me since under normal circumstances we run all our Django applications on Linux with Nginx, but we're in the process of developing an application for another department and due to the requirements around this project, we'll be handing the code off to them to deploy. They don't have any experience with Linux or web servers other than IIS, so I recently took up the challenge of figuring out how to run Django applications on Windows Server 2012 with IIS.

Based on the dated or complete lack of information around this I'm assuming it's not something that's very common in the wild, so I thought I'd share what I came up with in case others need to do this.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Assumptions and CaveatsThe operating system is Windows Server 2012 R2, 64-bit. If another variant of the operating system is being used, these instructions may not work properly.All of the soft…

Fixing DPI Scaling Issues in Skype for Business on Windows 10

My setup for my day job these days is a Surface Pro 4 and either an LG 34UC87M-B or a Dell P2715Q monitor, depending on where I'm working. This is a fantastic setup, but some applications have trouble dealing with the high pixel density and don't scale appropriately.
One case in point is Skype for Business. For some reason it scales correctly as I move between the Surface screen and the external monitor when I use the Dell, but on the LG monitor Skype is either massive on the external monitor, or tiny on the Surface screen.
After a big of digging around I came across a solution that worked for me, which is to change a setting in Skype's manifest file (who knew there was one?). On my machine the file is here: C:\Program Files\Microsoft Office\Office16\LYNC.EXE.MANIFEST
And the setting in question is this:
Which I changed to this: <dpiAware>False/PM</dpiAware>
Note that you'll probably have to edit the file as administr…