How to enable CORS in Lightsail LAMP stack (not Wordpress)

Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Services (Apache, MariaDB, MySQL…)

bnsupport ID: bbaed38f-eaeb-f408-ebfa-e5941c6bb3d5

bndiagnostic output:

? Apache: Found possible issues
? Resources: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/

bndiagnostic failure reason: The suggested guides are not related with my issue

Description:
I have a LAMP stack running in AWS Lightsail and I need to enable CORS. The only documentation I can find is for Wordpress installations.

The closest thing I could find was this…but it’s specifically for Node.js stacks.

https://docs.bitnami.com/bch/infrastructure/nodejs/administration/enable-cors-nodejs/

Any specific help here would be appreciated.

Hi @ray7,

The procedure is the same for a LAMP installation. If you have a custom PHP application you need to add the headers to it’s directive:

<Directory “/opt/bitnami/myapp”>

Header set Access-Control-Allow-Origin “*”
Header set Access-Control-Allow-Methods “GET, OPTIONS, POST”
Header set Access-Control-Allow-Headers “origin, x-requested-with, content-type, accept”

You can find more information regarding the Apache configuration of custom PHP applications here:

https://docs.bitnami.com/aws/infrastructure/lamp/administration/create-custom-application-php/

Regards,
Michiel

Thanks Michiel, but could you specify that file that goes into?

Thank you.

Hi @ray7,

In my example it would go into the “/opt/bitnami/apache2/conf/vhosts/myapp-vhost.conf” file. Can you check the guide I shared with you for configuring a PHP application? I recommend using that example as a template for your own setup.

Best regards,
Michiel

Thanks Michiel, but it’s not very clear.

The guide you posted refers to a custom PHP application. I don’t have custom app, just a simple website.

There is no myapp-vhost.conf file at that location, only a file named 00_status-vhost.conf, which I guess is what you mean.

Even then, I don’t know what to do with the <Directory line that you have, especially since there’s no myapp. Should that reference apache2?

I’m sorry, but the reason beginners like me use prebuilt stacks is so we don’t get lost in the weeds. I don’t understand all the finer points of configuring apache, I just know that I need to enable CORS because I have one ajax line in an html file that appends a text file into the html, which is where I’m getting the “not allowed by Access-Control-Allow-Origin” error.

It would really help if this particular LAMP stack’s documentation had a complete “How to enable CORS” page like the Wordpress and Node.js stacks have.

Thank you.

Hi @ray7,

You can add the lines inside the directive in the “apache2/conf/bitnami/bitnami.conf” file:

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  <Directory "/opt/bitnami/apache/htdocs">
    Header set Access-Control-Allow-Origin “*”
    Header set Access-Control-Allow-Methods “GET, OPTIONS, POST”
    Header set Access-Control-Allow-Headers “origin, x-requested-with, content-type, accept”
  Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html
</VirtualHost>

Regards,
Michiel

I added those 3 Header lines to the bitnami.conf exactly as you show and then chased my tail for an hour because you had “ ” instead of " ".

Once I had that, I restarted apache, but it never came back up.

This is what was in the apache error_log:
[Wed Aug 11 02:06:41.820051 2021] [ssl:warn] [pid 18799:tid 140025150098304] AH01909: www.
example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Aug 11 02:06:41.827217 2021] [ssl:warn] [pid 18800:tid 140025150098304] AH01909: www.
example.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Aug 11 02:06:41.827924 2021] [mpm_event:notice] [pid 18800:tid 140025150098304] AH004
89: Apache/2.4.48 (Unix) OpenSSL/1.1.1d configured – resuming normal operations
[Wed Aug 11 02:06:41.827946 2021] [core:notice] [pid 18800:tid 140025150098304] AH00094: C
ommand line: ‘/opt/bitnami/apache/bin/httpd -f /opt/bitnami/apache/conf/httpd.conf’

Where did www.example.com come from? Once I removed those 3 header lines and restarted apache, it came back up, but now I’m back to where I started.

Hi @ray7,

Sorry for that, I didn’t notice it.

There is probably an Apache configuration error, can you run the bnsupport tool again and send me the code?

This is just a warning, you can ignore it. Example.com is a placeholder we use for the self signed certificate.

Regards,
Michiel

After some digging, I found the line

ServerName www.example.com:80

in /opt/bitnami/apache2/conf/httpd.conf

So I changed www.example.com to my domain, restarted apache and it’s now running.

But I’m still getting the cross domain error…

Origin https://www.mydomain.com is not allowed by Access-Control-Allow-Origin.
XMLHttpRequest cannot load https://downloads.mydomain.com/currentVersion.txt due to access control checks.
Failed to load resource: Origin https://www.mydomain.com is not allowed by Access-Control-Allow-Origin.

Ran the support tool and got this:

[Wed Aug 11 05:53:23.941778 2021] [authz_core:error] [pid 23286:tid 
140711458440960] [client **ip_address**:53293] AH01630: client denied by server 
configuration: /opt/bitnami/phpmyadmin/index.php, referer: 
http://44.196.145.15/phpmyadmin/index.php

Hello @ray7,

Can you share the bnsupportID code that the support tool generated? That would allow us to investigate the issue with an updated snapshot of your instance configuration containing your latest changes.

Regards,
Francisco de Paz

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.