Re: [gentoo-portage-dev] webapp-config and webapps

[Stuart Herbert <stuart@gentoo.org>]

On Thursday 28 October 2004 22:48, Anthony Gorecki wrote:
> I concur with Wendall's decision; I don't use it because I've found that it
> creates -more- work than manually installing web applications. See your
> comment on self-configuring web applications.

Hrm ... I haven't made any comment on self-configuring web applications.

> In addition, some web applications will download their own source files on
> demand and update themselves on demand, in a manner similar to Portage.
> webapp-config would be completely unsuitable for these applications.

And so is Portage ;-)

Until UPSTREAM apps play nicely, this will always be a problem with any tool 
that anyone writes.  And UPSTREAM can't play nicely until there's a tool to 
play nicely with.

> As a second addition to the above, and in response to "Web applications
> should not be owned by the same user as the web server," some web
> applications -should- and are -designed and required- to be owned by the
> web server's user.

webapp-config copes with this just fine; Portage cannot.  It also allows you 
to have application config files owned by a different shell user if you need.

We're also looking at adding support for alternative MPM's for Apache 2, so 
that individual websites can be wholy owned by a single shell account, for 
added security.

> In these cases, additional backend configuration is necessary to protect
> websites from unauthorized access (PHP's open_basedir, for example),
> however this would be soley the responsibility of web host and the script.

The next version of webapp-config will be able to handle that sort of 
configuration too.  We need to provide a tool to do it; we can't expect all 
of our users to have the skills to secure a PHP app by hand.

> webapp-config should be completely oblivious to this, as these safeguards
> would obviously beyond the scope of the program; however, it should support
> the functionality if it is required.

Why 'obviously' beyond the scope?

Every web-based app installed on practically every platform out there is 
hampered by the limited capabilities of package managers and current 
automated installers.

We're going to have to get there a step at a time, but I think it's worth the 
effort.

> If the vhost flag is not set, is there a way to alter the install location
> from /var/www/localhost? If there isn't, why isn't there? I haven't had a
> chance to look through all of the software resources for this program,
> though I haven't seen anything helpful this far.

Take a look at /etc/vhosts/webapp-config and the man page for webapp-config.5.  
The support you need is there.  I don't run any of own sites from /var/www.

'localhost' *is* currently hard-coded as the hostname that an app is installed 
into when USE=-vhosts.  This is something we can change.

Best regards,
Stu
-- 
Stuart Herbert                                              stuart@gentoo.org
Gentoo Developer                                       http://www.gentoo.org/
                                                   http://stu.gnqs.org/diary/

GnuPG key id# F9AFC57C available from http://pgp.mit.edu
Key fingerprint = 31FB 50D4 1F88 E227 F319  C549 0C2F 80BA F9AF C57C
--

--
gentoo-portage-dev@gentoo.org mailing list