Munin server with apache - You don't have permission to access /munin on this server

Question

On a fresh apache and munin server install when I to to domain.com/munin I get this error.

Forbidden

You don't have permission to access /munin on this server.

for these directories I did a chown -R munin:munin

dbdir /var/lib/munin
htmldir /var/cache/munin/www
logdir /var/log/munin
rundir  /var/run/munin

What am I supposed to do with apache? I restated apache with /etc/init.d/apache restart but still get forbidden. I have made no changes to the apache config files from a fresh apache install.

Answer 1

For Apache 2.4 (which ships with Ubuntu 13.10), the /etc/munin/apache.conf configuration file syntax has changed:

Order allow, deny
Allow from all

needs to be changed to

Require all granted

Additional detail regarding upgrading from Apache 2.2 to Apache 2.4 can be found in the Apache upgrade notes.

Answer 2

Edit /etc/munin/apache.conf and uncomment the 4 lines following from AuthUserFile.

    AuthUserFile /etc/munin/.htpasswd
    AuthName "Munin"
    AuthType Basic
    require valid-user

Answer 3

I had the same issue, after a clean install of apache2, munin and munin-node on Ubuntu 12.04LTS. Tried all the suggested options above with no effect. Found in the end that I had to

chmod 755 /var/www/munin
chown -R munin:munin /var/www/munin

That solved it for me.

cd /pub

more beer

Answer 4

Apache < 2.4

Open the Munin Apache config file:

vim /etc/munin/apache.conf

change the the following lines:

Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
Options None

like so:

Order allow,deny
Allow from all
Options FollowSymLinks SymLinksIfOwnerMatch

Restart Apache and you're golden.

Apache > 2.4

Open the Munin Apache config file:

vim /etc/munin/apache24.conf

change the the following lines:

Require local   
Options None   

like so:

Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch

Restart Apache and you're golden.

sudo service apache2 restart

Answer 5

I was having the same problem as the OP using Ubuntu 14.04 and the stock versions available with apt-get. I tried the official Ubuntu documentation, the DigitalOcean instructions, and couldn't get graphs to show up (403 errors). I uninstalled (purged)/reinstalled munin since it was supposedly a random bug. I finally had luck when following this howtoforge writeup. It does not aim to move munin data from /var/cache/munin/www. Rather, it ensures:

1. Extra plugins are installed: apt-get install munin munin-node munin-plugins-extra
2. Apache fcgid is enabled: a2enmod fcgid
3. A sparse /etc/munin/apache.conf file is used (see below)

Replace your entire /etc/munin/apache.conf file contents with:

Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
 # Require local
 Require all granted
 Options FollowSymLinks SymLinksIfOwnerMatch
 Options None
</Directory>

ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
 # Require local
 Require all granted
 Options FollowSymLinks SymLinksIfOwnerMatch
 <IfModule mod_fcgid.c>
 SetHandler fcgid-script
 </IfModule>
 <IfModule !mod_fcgid.c>
 SetHandler cgi-script
 </IfModule>
</Location>

Answer 6

I faced the same problem and changed the /etc/munin/apache.conf line to Allow from all but still got the same 403 Forbidden error, I also had to change munin-node.conf Comment block from munin-node.conf file where I made a change

#A list of addresses that are allowed to connect. This must be a regular expression, since Net::Server does not understand CIDR-style network notation unless the perl module Net::CIDR is installed. You may repeat the allow line as many times as you'd like

Added my munin IP here in similar format and it worked allow ^127.0.0.1$

P.S I am running munin master and node on the same box when testing this.

Answer 7

Here is my complete install procedure for installing Munin on Linux Mint 17.3 (kernal 3.19), and should also work with recent Ubuntu.

Unlike Monit, Munin does not have its own web server, so is a bit more complicated to install.

#!/bin/bash
# Install script for Apache 2 with MySQL, PHP 5, etc.
# Update the Package Lists
apt-get update
# Install the MySQL Server and Client before installing Apache
apt-get install mysql-server mysql-client
# Install Apache
apt-get install apache2
# Install PHP5
apt-get install php5 libapache2-mod-php5
# Restart Apache
/etc/init.d/apache2 restart
# Install some extras
apt-get install snmp php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
# Once again, restart
/etc/init.d/apache2 restart
# Install the Munin Server and the Client
apt-get install munin munin-node
# Restart the machine
shutdown -r now

Ignore the uninstall part and replace your entire /etc/munin/apache.conf file contents as hamx0r says earlier in this thread (please vote up his post):

https://stackoverflow.com/a/35656044/5178979

"Allow from all" makes sense to me, but it no longer works.

Maybe because I installed Munin prior to installing Apache2, I was missing the following symbolic links:

/etc/apache2/conf-available/munin.conf -> ../../munin/apache.conf

/etc/apache2/conf-enabled/munin.conf -> ../conf-available/munin.conf

cd /etc/apache2/conf-available && ll

If you do not see the link, create it:

ln -s ../../munin/apache.conf munin.conf && ll

If the first file is missing, this one is probably also missing

cd /etc/apache2/conf-enabled/ && ll

Create the link:

ln -s ../conf-available/munin.conf munin.conf && ll    

Restart Apache2, wait 5 minutes, and hopefully it works.

If you want to monitor a machine other than the one running Munin, you simply install munin-node, and then add a line to /etc/munin/munin-node.conf

Find this line

allow ^127.0.0.1$

Add another similar line that includes the address of the munin server like:

allow ^192.168.1.100$

This is not necessary for Windows clients running munin-node.

Don't forget to add machines you want to monitor to your Munin server

/etc/munin/munin.conf

# MyMachine
[MyMachineName.mydomain]
address 127.0.0.1
use_node_name yes

Now for a question for the experts. Why do some machines not report hard drive temperature? I know that is a vague question and probably needs more details.

Answer 8

I had the same issue and solved it.

I was using Munin with Apache 2.4.18 so there was a seperate configuration file (/etc/munin/apache24.conf) which I had to edit.

Editing /etc/munin/apache.conf had NO effect.

Answer 9

I have the same issue when create a soft link named 'share' under the root document and let it point to a package like /Users/me/desktop/share

firstly I do chmod 655 /Users/me/desktop/share I can not work then I do chmod 655 /Users/me/desktop

It works, I can see the 'share' listed under the root document path.

I user Mac Yosemite 10.10.3 and its in build Apache 2.4 hope its helpful

Answer 10

I don't know if it's the same problem but I found a solution that fixed it for me.

I followed the tutorial here (from the italian ubuntu wiki), and changed the string from:

htmldir /var/cache/munin/www

To:

htmldir /var/www/munin

Then I edited the file:

vim /etc/munin/apache.conf

Allowing from all, as Johe Green did. But then take a close look to the Directory path, since it must be modified as the htmldir path in the munin conf.

Alias /munin /var/www/munin

<Directory /var/www/munin>
    Order allow, deny
    Allow from all

    [...]

Answer 11

I had the same problem, and none of the advices were helpful. So I've browsed a little bit in the directory tree, and found the apache24.conf file. So I've add to this /etc/munin/apache24.conf file the following, as j7nn7k described:

Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch

And of course I deleted the old values. Now It's working!

Answer 12

I'm using apache 2.4.10 and munin 2.0.25-1 on ubuntu 15.04

To solve the problem, I followed Lars' sugestion, i.e. using Require all granted, but applying the changes to the file /etc/munin/apache24.conf

Changing /etc/munin/apache.conf had no effect for me. I have tried to grep me to the file determining which apache config file is chosen without success. But at list I solve the problem.