Forbidden You don't have permission to access this resource

| SYSTEM INFORMATION||
|------------------------------|-------------------------------|
Operating system Ubuntu Linux | 24.04.1
Webmin version | 2.202
Virtualmin version | 7.30.4
Apache Webserver | 2.4.58

I am working on a Python-based Flask API, and all its files are located on a subserver/subdomain. When I try to access the API through the subdomain(URL), it returns a 403 error stating, “Forbidden: You don’t have permission to access this resource.” However, when I access the same API using the local or public IP, it opens and works perfectly.

What am I doing wrong? Please guide me.

Thumbnails (1)1280×720 138 KB

Path to the API files = /var/www/main_domain/domains/sub.main_domain.com/public_html

Presumably you’ve got an application server serving the Python, and presumably that’s on a port, and when you say it “works using the local or public IP” you mean you’re also using the port?

If so, you need to proxy to your application. You may be able to use Proxy Paths in the Virtualmin GUI, or you may need to do something more complicated (depending on expectations of your application wrt URLs and such).

You should not put Python applications in public_html.

Users have no business in the Python, and Apache cannot do anything useful for Python files.

Only static files (HTML, CSS, images, etc.) belong in public_html. Python isn’t like PHP, it doesn’t live in the document root, it’s got its own web server which should be serving the application on a port on localhost (or, better, a socket), and the web server should proxy to it.

@Joe Respected Sir i have just updated the question and added the screenshot of the files I am using as well as the path to those files

I saw that, and already answered. That’s not where Python files belong. Python runs under an application server, not Apache. So, they don’t need to be in the document root, and since they don’t need to be in the document root, they should not be in the document root (for safety, if you make a mistake in your configuration files, your files could be or become visible to users).

what I have understood is that I should change the hierarchy of the files and folders here . am I right

The reason it’s not working is not related to where the files are. The reason it’s not working is because you’re expecting Apache to run Python, and that’s not how it works. You need an application server, and presumably you have one running since you said you can access it on the IP (with a port, I guess). You need to proxy to that application server.

I’m also telling you to not do something potentially dangerous. Get your files out of public_html. They don’t belong there.

I’m repeating myself, though. Please just re-read what I’ve already written. I have told you what you need to do, multiple times.

@Joe Sir im following the following mentioned article

and completed all the steps

one more thing I have also used Apache wherever Nginx was mention

Why? Apache is not Nginx - they are not the same - they are both webservers - yes, but are otherwise - no!

but this still does not change the fact that apps should not be in public_html

sir I want to deal with this issue first then I will definitely Get my files out of public_html

I understand things late so can you please guide me how can I proxy the API so that it can run when I search it using the URL of my subdomain

so I get it now, i need to change the path of some files here and bring them out of the public_html

below is mentioned the path where the files of my API are currently located

/var/www/main_domain/domains/sub.main_domain.com/public_html

@Joe please have a look at the files I have and please guide me what files I should bring out of the public_html

Thumbnails (1)1280×720 138 KB

Sir @Joe /var/www/maindomain/domains/app.maindomain.com/

│
├──app/                        # Flask app folder
│   ├── app.py                        # Main Flask application file
│   ├── config.py                     # App configuration
│   ├── db.py                         # Database connection code
│   ├── app.sock                  # Socket communication file
│   ├── templates/                # File upload directory
         |-----home.html
         |-----Dashboard.html
         |-----signup.html
         |-----login.html                    
│   ├── uploads/                      
│   ├── wsgi.py                       # WSGI entry point for Flask
│   └── requirements.txt              # Python package dependencies
│
├── venv/                             # Virtual environment
│   ├── bin/                          # Virtual environment binaries (Python, Pip, etc.)
│   ├── lib/                          # Installed Python packages
│   └── include/                      # Include files for Python extensions
│
└── public_html/                      # Public folder for static files
    ├── static/                       # Public static assets (CSS, JS, images)

Above is mentioned the new and as asked by Sir @Joe & Sir @Stegan to bring my files out of the public_html

app.service file below:

[Unit]
Description=Gunicorn instance to serve app.maindomain.com application
After=network.target

[Service]
User=power99hosting
Group=power99hosting
WorkingDirectory=/var/www/maindomain/domains/app.maindomain.com/app
Environment="PATH=/var/www/maindomain/domains/app.maindomain.com/venv/bin"
ExecStart=/var/www/maindomain/domains/app.maindomain.com/venv/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app

[Install]
WantedBy=multi-user.target

@Joe sir can u please prepare Apache conf file for me to proxy this site

Sir, please Answer

That’s quite a big ask. And after less than two hours of requesting, it’s pretty impertinent.

sir I have provided above with the files and folder structure newly set, but the document route in the apache config file is pointing towards the public_html, in my limited knowledge here app.py is the main entry point for your Flask application

As I indicated above changing an app from Nginx to Apache is not a simple task - likewise Apache to Nginx. Apache makes extensive use of .htaccess files Nginx does not. And anyway as already pointed out this is a Python app so should be proxy to localhost.

I stopped using Apache years ago. I also have only very little experience with Python.

As for time to get a response - please be aware that this is a forum and is dependant on the attention of its membership across the world and their various time zones - people sleep and their attention span is also limited to free time. Technical Support is limited (see Pro membership)

pro membership1527×137 17 KB

So with respect - please be patient.

No! That’s even worse. That is still a document root (where Python files do not belong), and it isn’t where homes live in a Virtualmin environment. You would ideally put applications that run under an application server in a directory in the home of the domain owner user (e.g. /home/domain-name/my-app), not in a document root. Apache does not run Python applications, so it doesn’t make sense to put those applications into the Apache document root. (It may be that your app also also uses static files, like HTML, images, media, etc., which you want the web server to serve, in which case you can/should put those files into the document root.)

But, the location is still not the reason your application isn’t working. The problem continues to be you need to proxy to applications that have application servers. You need a ProxyPass directive and maybe a ProxyPassReverse. Don’t forget to exclude .well-known so you can continue to get Let’s Encrypt certificates.

I can’t believe I have to link you to the damned documentation for the framework and language you chose yourself. Is this really how helpless you are? OK, fine, here it is:

https://flask.palletsprojects.com/en/stable/deploying/apache-httpd/

Since mod_proxy is almost certainly already loaded, you probably just need:

ProxyPass / http://127.0.0.1:8000/
RequestHeader set X-Forwarded-Proto http
RequestHeader set X-Forwarded-Prefix /

Obviously replacing the port with the port you’re application runs on. (Or file socket, which can be more secure.)