You are right, it is something to do with Apache web server after all
and our support is fixing it.
Thanks for the help Bruno!
On 9.10.2020 0:53, Bruno P. Kinoshita wrote:
Hi Mikael,
Thanks for the logs. It appears the 403 is coming from Apache httpd, probably
by a mod like the mod_authz_core I think.
You will need to troubleshoot the httpd configuration of the servers to check
what's wrong.
I would start by confirming they are on the same version. If you use something
like Ansible or Chef, you can check if the same file is being deployed to all
the servers, and if there are any errors reported by the configuration
management tool.
While on it, I would also double-check the httpd & modules versions, making
sure the same version is deployed across the servers, as some settings may be
deprecated or change behavior between releases.
The next thing I would do, if that didn't help, would then be to look for that
error code (AH01797). There could be some other module or configuration that is
causing the issue. Or a value that is deprecated.
Hope that helpsBruno
p.s.: also doesn't hurt to confirm the other libraries in the servers are up to
date, using the same versions, and other things like NTP sync, strange errors
like disk or kernel warnings/errors, etc.
On Friday, 9 October 2020, 1:50:56 am NZDT, Mikael Pesonen
<[email protected]> wrote:
Hi Bruno,
we don't have any extra systems that should cause IP out of range. It's
just standard Ubuntu 20.4 install.
Apache log has these:
[Thu Oct 08 12:12:54.959919 2020] [access_compat:error] [pid 394094]
[client ***:56774] AH01797: client denied by server configuration:
proxy:http://127.0.0.1:3030/js/app/templates/dataset-edit.tpl, referer:
https://***.lingsoft.fi/fuseki/dataset.html?tab=query&ds=/ds
On 8.10.2020 14:00, Bruno P. Kinoshita wrote:
Hi Mikael,
This one "ProxyTimeout 1200" looks like it could fail to load a template file
if it took 1200 seconds to load (I think that's seconds). But probably you'd get a 503 or
similar error.
The "Require ip" could fail, but only if you had some sort of network setup
with, perhaps, a load balancer, or an intrusion detection system, or something special
that would send an IP out of range. That could raise a 401 or 403 I think.
That's from "mod_authz_core" I think. Do you have anything in the httpd or
system logs about 403/401 errors from this mod?
Bruno
On Thursday, 8 October 2020, 11:46:41 pm NZDT, Mikael Pesonen
<[email protected]> wrote:
We have this kind of reverse proxy on all instances:
ProxyPreserveHost On
ProxyTimeout 1200
ProxyPass /fuseki/ http://127.0.0.1:3030/
ProxyPassReverse /fuseki/ http://127.0.0.1:3030/
<LocationMatch "/fuseki/">
<RequireAny>
Require ip ***/22
Require ip ***/24
Require ip ***/24
Require ip ***
</RequireAny>
</LocationMatch>
Jena is ran as service:
# cat fuseki.service
[Unit]
Description=Fuseki
[Service]
Environment=FUSEKI_HOME=/opt/fuseki
Environment=FUSEKI_BASE=/etc/fuseki
Environment=JVM_ARGS="-Xmx6G
-Dlog4j.configuration=file:/opt/apache-jena-fuseki-3.16.0/log4j2.properties"
User=fuseki
ExecStart=/opt/fuseki/fuseki-server --config=/etc/fuseki/config.ttl
--update
Restart=on-failure
RestartSec=15
[Install]
WantedBy=multi-user.target
ps showing
fuseki 383091 1 16 17:27 ? 00:00:06 /usr/bin/java -Xmx6G
-Dlog4j.configuration=file:/opt/apache-jena-fuseki-3.16.0/log4j2.properties
-cp /opt/fuseki/fuseki-server.jar org.apache.jena.fuseki.cmd.FusekiCmd
--config=/etc/fuseki/config.ttl --update
On 8.10.2020 12:40, Bruno P. Kinoshita wrote:
Strange, I am using the web GUI more these past days but I haven't seen
this error yet.
It could be because I don't have auth/Shiro. Do you have permissions/auth set
up in Fuseki? Anything special about your set up, like a reverse proxy in front
of Fuseki?
Bruno
On Thursday, 8 October 2020, 10:18:15 pm NZDT, Mikael Pesonen
<[email protected]> wrote:
Hi,
what causes error when Fuseki GUI loads partly, up to "query upload
files edit info" menu, but after that stops to 403 errors and
shows only the text "Please select a dataset." for each tab?
Components fail to load include dataset-selector.tpl, file-upload.tpl...
We have few identical (I think) Jena/Fuseki installations and this
occurs on some of them.
