[gentoo-user] Apache server setup

[gentoo-user] Apache server setup

[Peter Humphrey]

Hi List,

Is there a guide to setting up an Apache server on a Gentoo system? I'm 
having difficulty getting the SSI module started; also the top-level 
.htaccess file that comes from the production server Out There throws an 
error on my local LAN server: "/home/prh/public_html/.htaccess: Options 
not allowed here".

I run a website whose pages all have the same menu bar below the title, 
so to simplify maintenance of the 130 pages I've extracted that bit of 
HTML into an included page. This works fine on the production server but 
not on the local server.

Of course there's lots of documentation of Apache on their site, but the 
config on Gentoo differs from the standard and I find the Gentoo docs 
unhelpful - they seem to assume a good working knowlege of Apache and 
just show the differences from other setups.

-- 
Rgds
Peter

Re: [gentoo-user] Apache server setup

[Paul Hartman]

On Fri, Jun 8, 2012 at 11:01 AM, Peter Humphrey
<peter@humphrey.ukfsn.org> wrote:
> Hi List,
>
> Is there a guide to setting up an Apache server on a Gentoo system? I'm
> having difficulty getting the SSI module started; also the top-level
> .htaccess file that comes from the production server Out There throws an
> error on my local LAN server: "/home/prh/public_html/.htaccess: Options
> not allowed here".
>
> I run a website whose pages all have the same menu bar below the title,
> so to simplify maintenance of the 130 pages I've extracted that bit of
> HTML into an included page. This works fine on the production server but
> not on the local server.
>
> Of course there's lots of documentation of Apache on their site, but the
> config on Gentoo differs from the standard and I find the Gentoo docs
> unhelpful - they seem to assume a good working knowlege of Apache and
> just show the differences from other setups.

What version are you on? Are both servers running the same version?
Apache 2.4 had some dramatic changes to module names and some
configuration names were changed, it caused my previously-working-fine
2.2 to stop working. I haven't had time to go through it all yet, so
for now I've masked it and gone back to 2.2. See here for the upgrade
guide: https://httpd.apache.org/docs/2.4/upgrading.html

The most confusing/frustrating thing with Apache and trying to Google
for information is that the configuration changes so much from one
version to another, and often times the article doesn't mention which
specific version they are talking about (I still encounter a lot of
tutorials from Apache 1.x). There are also differences depending on
whether you're using virtual hosts or not, chroots, distro-specific
stuff like webapp-config.

If you want help with the specific error I would suggest posting the
contents of the .htaccess file and which version of Apache you're
using.

Re: [gentoo-user] Apache server setup

[Peter Humphrey]

On Friday 08 June 2012 18:19:10 Paul Hartman wrote:

> What version are you on? Are both servers running the same version?

The remote server is 2.2.20 and I'm on 2.2.22-r1

> See here for the upgrade guide:
> https://httpd.apache.org/docs/2.4/upgrading.html

Useful for later, when I need to - thanks.

> The most confusing/frustrating thing with Apache and trying to Google
> for information is that the configuration changes so much from one
> version to another, and often times the article doesn't mention which
> specific version they are talking about (I still encounter a lot of
> tutorials from Apache 1.x). There are also differences depending on
> whether you're using virtual hosts or not, chroots, distro-specific
> stuff like webapp-config.

No virtual hosts, chroots or any complicating factor that I can think 
of. Webapp-config is installed here but I haven't used it.

When I rsync'd my site to /var/www/localhost/htdocs on the local server, 
Apache wouldn't display any images, saying that I didn't have 
permission. All files had the same ownership so something must be awry in 
the server config. So I moved the site from there to ~/public_html where 
it works properly apart from the included file I mentioned.

On second thoughts, I see the .htaccess file, which was missing from the 
local server, has a rewrite rule referring to images. Does that explain 
this problem?

> If you want help with the specific error I would suggest posting the
> contents of the .htaccess file and which version of Apache you're
> using.

Right, thanks! Sorry about the word-wrap.

$ cat .htaccess
RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tideswellmvc.co.uk/.*$      
[NC]
RewriteCond %{HTTP_REFERER} !^http://www.tideswellmvc.co.uk$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

Options +Includes
$

-- 
Rgds
Peter

Re: [gentoo-user] Apache server setup

[Paul Hartman]

On Fri, Jun 8, 2012 at 1:21 PM, Peter Humphrey <peter@humphrey.ukfsn.org> wrote:
>> If you want help with the specific error I would suggest posting the
>> contents of the .htaccess file and which version of Apache you're
>> using.
>
> Right, thanks! Sorry about the word-wrap.
>
> $ cat .htaccess
> RewriteEngine on
>
> RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk/.*$      [NC]
> RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk$      [NC]
> RewriteCond %{HTTP_REFERER} !^http://www.tideswellmvc.co.uk/.*$
> [NC]
> RewriteCond %{HTTP_REFERER} !^http://www.tideswellmvc.co.uk$      [NC]
> RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
>
> Options +Includes

I suspect this particular error ("Options not allowed here") is
because this .htaccess is running in a user home directory, and
Options +Includes can't be set by a user. You may need to declare that
in your apache httpd.conf "Directory" section for that path, rather
than in the .htaccess file.

Re: [gentoo-user] Apache server setup

[Peter Humphrey]

On Friday 08 June 2012 22:01:08 Paul Hartman wrote:
> On Fri, Jun 8, 2012 at 1:21 PM, Peter Humphrey 
<peter@humphrey.ukfsn.org> wrote:
> > $ cat .htaccess
> > RewriteEngine on
> > 
> > RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk/.*$    
> >  [NC] RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk$    
> >  [NC] RewriteCond %{HTTP_REFERER}
> > !^http://www.tideswellmvc.co.uk/.*$ [NC]
> > RewriteCond %{HTTP_REFERER} !^http://www.tideswellmvc.co.uk$    
> >  [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
> > 
> > Options +Includes
> 
> I suspect this particular error ("Options not allowed here") is
> because this .htaccess is running in a user home directory, and
> Options +Includes can't be set by a user. You may need to declare
> that in your apache httpd.conf "Directory" section for that path,
> rather than in the .htaccess file.

Hmm. Sounds plausible. Maybe I'll have to put it back into /var/www/... 
and try to work out why I can't see images there.

Thanks for your help Paul.

-- 
Rgds
Peter

Re: [gentoo-user] Apache server setup

[Michael Orlitzky]

On 06/09/2012 05:59 AM, Peter Humphrey wrote:
> On Friday 08 June 2012 22:01:08 Paul Hartman wrote:
>> On Fri, Jun 8, 2012 at 1:21 PM, Peter Humphrey 
> <peter@humphrey.ukfsn.org> wrote:
>>> $ cat .htaccess
>>> RewriteEngine on
>>>
>>> RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk/.*$    
>>>  [NC] RewriteCond %{HTTP_REFERER} !^http://tideswellmvc.co.uk$    
>>>  [NC] RewriteCond %{HTTP_REFERER}
>>> !^http://www.tideswellmvc.co.uk/.*$ [NC]
>>> RewriteCond %{HTTP_REFERER} !^http://www.tideswellmvc.co.uk$    
>>>  [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
>>>
>>> Options +Includes
>>
>> I suspect this particular error ("Options not allowed here") is
>> because this .htaccess is running in a user home directory, and
>> Options +Includes can't be set by a user. You may need to declare
>> that in your apache httpd.conf "Directory" section for that path,
>> rather than in the .htaccess file.
> 
> Hmm. Sounds plausible. Maybe I'll have to put it back into /var/www/... 
> and try to work out why I can't see images there.
> 
> Thanks for your help Paul.
> 

If you want to allow overrides in an htaccess, you'll need at least,

  <Directory "/var/www/whatever">
    Options +SymLinksIfOwnerMatch
    AllowOverride FileInfo Options
  </Directory>

in the main config or your vhost config.

The Gentoo config modularizes by default, but you don't have to use it
if you don't want to. Almost everything under /etc/apache2/modules.d is
disabled by default unless you enable it in /etc/conf.d/apache2.

Named virtual hosts are also disabled by default if I remember
correctly, so you should be able to just stick stuff in httpd.conf or
00_default_settings.conf and have it take effect if you don't want to do
anything fancy.

Almost everything "different" about the Gentoo config comes from these
two lines at the bottom of httpd.conf:

  Include /etc/apache2/modules.d/*.conf
  Include /etc/apache2/vhosts.d/*.conf

which do exactly what you'd expect.

Re: [gentoo-user] Apache server setup

[Michael Orlitzky]

On 06/10/2012 09:58 PM, Michael Orlitzky wrote:
> 
> If you want to allow overrides in an htaccess, you'll need at least,
> 
>   <Directory "/var/www/whatever">
>     Options +SymLinksIfOwnerMatch
>     AllowOverride FileInfo Options
>   </Directory>
> 
> in the main config or your vhost config.
> 

Ugh. If you want to allow *rewrites* in htaccess...

Re: [gentoo-user] Apache server setup

[Peter Humphrey]

On Monday 11 June 2012 02:58:08 Michael Orlitzky wrote:

> If you want to allow [rewrites] in an htaccess, you'll need at least,
> 
>   <Directory "/var/www/whatever">
>     Options +SymLinksIfOwnerMatch
>     AllowOverride FileInfo Options
>   </Directory>
> 
> in the main config or your vhost config.

OK, I've added that to 00_default_settings.conf. I'm not sure whether I 
need rewrites though.

> The Gentoo config modularizes by default, but you don't have to use
> it if you don't want to. Almost everything under
> /etc/apache2/modules.d is disabled by default unless you enable it
> in /etc/conf.d/apache2.
> 
> Named virtual hosts are also disabled by default if I remember
> correctly, so you should be able to just stick stuff in httpd.conf or
> 00_default_settings.conf and have it take effect if you don't want to
> do anything fancy.

At present I don't need to serve more than one site from this box so I 
haven't tried virtual hosts, named or otherwise.

> Almost everything "different" about the Gentoo config comes from
> these two lines at the bottom of httpd.conf:
> 
>   Include /etc/apache2/modules.d/*.conf
>   Include /etc/apache2/vhosts.d/*.conf
> 
> which do exactly what you'd expect.

The fog is beginning to clear. Thanks.

I still can't get server-side includes to work though. Modules.d/*.conf 
don't include a suitable module. I've added "-D INCLUDE" to APACHE2_OPTS 
in /etc/conf.d/apache2.conf but it seems not to be enough.

Also:

# emerge -pv apache

These are the packages that would be merged, in order:

Calculating dependencies  ...... done!
[ebuild   R    ] www-servers/apache-2.2.22-r1  USE="ssl -debug -doc -
ldap (-selinux) -static -suexec -threads" APACHE2_MODULES="actions alias 
auth_basic authn_alias authn_anon authn_dbm authn_default authn_file 
authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user 
autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env 
expires ext_filter file_cache filter headers include info log_config logio 
mem_cache mime mime_magic negotiation rewrite setenvif speling status 
unique_id userdir usertrack vhost_alias -asis -auth_digest -authn_dbd -
cern_meta -charset_lite -dbd -dumpio -ident -imagemap -log_forensic -
proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http -
proxy_scgi -reqtimeout -substitute -version" APACHE2_MPMS="prefork -
event -itk -peruser -worker" 5,316 kB

...which includes "include".

-- 
Rgds
Peter

Re: [gentoo-user] Apache server setup

[Michael Orlitzky]

On 06/11/12 12:54, Peter Humphrey wrote:
> OK, I've added that to 00_default_settings.conf. I'm not sure whether I 
> need rewrites though.
> 

Your htaccess had some rewrite rules, that's why I suggested it.


> The fog is beginning to clear. Thanks.
> 
> I still can't get server-side includes to work though. Modules.d/*.conf 
> don't include a suitable module. I've added "-D INCLUDE" to APACHE2_OPTS 
> in /etc/conf.d/apache2.conf but it seems not to be enough.

We have this working here.. let's see.

First of all, I see you have the mime module compiled; that's good. Is
it enabled? You should have,

  LoadModule mime_module modules/mod_mime.so

in httpd.conf.

Once the mime module is enabled, everything in
modules.d/00_mod_mime.conf will be processed (it's conditional on the
existence of the mime module).

Then, you should add or uncomment the following in 00_mod_mime.conf:

  # Filters allow you to process content before it is sent to the
  # client
  #
  # To parse .shtml files for server-side includes(SSI):
  # (You will also need to add "Includes" to the "Options"
  # directive.)
  AddType text/html .shtml
  AddOutputFilter INCLUDES .shtml

That will enable server-side includes in *.shtml files, assuming you
also add "Includes" to the relevant "Options" directive.

If you need server-side includes for other types of files, it isn't
recommended[1], but you can add additional "AddOutputFilter" directives
for each type of file you'd like SSI to work with.



[1] http://httpd.apache.org/docs/2.2/howto/ssi.html

Re: [gentoo-user] Apache server setup

[Peter Humphrey]

On Monday 11 June 2012 18:33:06 Michael Orlitzky wrote:

(Apologies for lateness.)

...>8

> First of all, I see you have the mime module compiled; that's good.
> Is it enabled? You should have,
> 
>   LoadModule mime_module modules/mod_mime.so
> 
> in httpd.conf.

Yes, that's ok.

> Then, you should add or uncomment the following in 00_mod_mime.conf:
> 
>   # Filters allow you to process content before it is sent to the
>   # client
>   #
>   # To parse .shtml files for server-side includes(SSI):
>   # (You will also need to add "Includes" to the "Options"
>   # directive.)
>   AddType text/html .shtml
>   AddOutputFilter INCLUDES .shtml

Those lines are now uncommented. No other changes to that file.

> That will enable server-side includes in *.shtml files, assuming you
> also add "Includes" to the relevant "Options" directive.

# cat modules.d/00_default_settings.conf
...>8
# Added by PRH:
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
<Directory /var/www/localhost/htdocs>
        Options +SymLinksIfOwnerMatch +Includes +IncludesNoExec
</Directory>

Now, after restarting Apache its error_log shows the restart, doesn't 
report any errors. On refreshing the page display on the client, I get 
this:

[Sun Jun 24 18:38:29 2012] [warn] [client 192.168.2.6] mod_include: 
Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed

I've tried removing either +Includes or +IncludesNoExec from Options and 
restarting Apache but the error_log entry still appears, and of course 
the included file isn't (included).

So I still have something wrong. All files under /etc/apache2 are 
root:root 644 and the directories are root:root 755.

> If you need server-side includes for other types of files, it isn't
> recommended[1], but you can add additional "AddOutputFilter"
> directives for each type of file you'd like SSI to work with.

No, I haven't done that.

> [1] http://httpd.apache.org/docs/2.2/howto/ssi.html

That is indeed my working guide. Many thanks for your help so far.

-- 
Rgds
Peter

Re: [gentoo-user] Apache server setup

[Michael Orlitzky]

On 06/24/2012 01:47 PM, Peter Humphrey wrote:
> # Added by PRH:
> AddType text/html .shtml
> AddOutputFilter INCLUDES .shtml
> <Directory /var/www/localhost/htdocs>
>         Options +SymLinksIfOwnerMatch +Includes +IncludesNoExec
> </Directory>
> 
> ...
> 
> That is indeed my working guide. Many thanks for your help so far.

No problem. This is the error you need to fix:

> [Sun Jun 24 18:38:29 2012] [warn] [client 192.168.2.6] mod_include: 
> Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed

I see above that you've already tried to set "Options +Includes" on the
directory, but for some reason it isn't working. You'll have to look for
it, but I can make an educated guess.

When including the various conf files, apache does them in alphabetical
(or numerical, in this case) order. The modules.d directory will be
included first, and then vhosts.d directory because that's the order
specified in httpd.conf:

  Include /etc/apache2/modules.d/*.conf
  ...
  Include /etc/apache2/vhosts.d/*.conf

The alphabetical/numerical order is (probably) just whatever order the
shell glob returns.

When you specify "Options +Foo" for a directory, you're saying, "take
whatever the current options are for this directory, and add Foo to
those." My guess: you specify some options for,

  /var/www/localhost/htdocs

in,

  /etc/apache2/modules.d/00_default_settings.conf

and then later, specify *different* options for the same directory. The
latter ones take precedence, or wipe out the old ones completely if you
didn't use plus/minus signs.

Either modify the other,

  <Directory /var/www/localhost/htdocs>

entry to use plus/minus signs, or just add the "Options Includes" there.

Re: [gentoo-user] Apache server setup

[Peter Humphrey]

On Sunday 24 June 2012 20:12:33 Michael Orlitzky wrote:
> On 06/24/2012 01:47 PM, Peter Humphrey wrote:
---->8
> This is the error you need to fix:
> > [Sun Jun 24 18:38:29 2012] [warn] [client 192.168.2.6] mod_include:
> > Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter
> > removed
> 
> I see above that you've already tried to set "Options +Includes" on
> the directory, but for some reason it isn't working. You'll have to
> look for it, but I can make an educated guess.

---->8

Good guess, but no cigar :-)

I think (hope) I've found it:
http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
makes it clear that a subdomain's definition must /precede/ the domain's 
definition. I was doing it the other way around, it seeming obviously 
logical to me: define the whole first, then refine the parts. I didn't even 
consider the alternative. On the other hand this is vhost definition; is 
the reasoning the same?

I haven't proved it yet, because I'm now going to spend a day or two 
scratching my head to decide whether to learn a bit more and make my 
site a vhost. And whereabouts in the /var/www/... structure to put it. I 
expect to use rsync to keep the site updated from my workstation where I 
do the development. An FTP server seems OTT here.

Again, Michael, thank you for your help. This must be the world's best 
technical discussion forum.

-- 
Rgds
Peter

Re: [gentoo-user] Apache server setup

[Michael Orlitzky]

On 06/25/2012 07:36 PM, Peter Humphrey wrote:
> 
> Good guess, but no cigar :-)
> 
> I think (hope) I've found it:
> http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
> makes it clear that a subdomain's definition must /precede/ the domain's 
> definition. I was doing it the other way around, it seeming obviously 
> logical to me: define the whole first, then refine the parts. I didn't even 
> consider the alternative. On the other hand this is vhost definition; is 
> the reasoning the same?

It is extraordinarily late here, but I don't think that remedy #2 makes
sense.

When you make a request to apache, you connect to an IP address (and
port), and send a hostname; for example, "www.example.com". If any of
the virtual hosts on that IP address (and port) answer to that hostname
via "ServerName www.example.com" or "ServerAlias www.example.com", then
that's the website you'll get. Otherwise, you get the default vhost on
that IP/port. This will be whatever vhost was defined first on that
IP/port (see unexpected result #1, but it works on IP/port combinations,
not the entire machine).

The fact that one hostname may be a subdomain of another should be
irrelevant, but ask me again in the morning... In any case, your current
configuration has to be pretty close to working -- you just need to
figure out why "Options Includes" isn't kicking in.

Re: [gentoo-user] Apache server setup

[Peter Humphrey]

On Tuesday 26 June 2012 09:07:14 Michael Orlitzky wrote:
> On 06/25/2012 07:36 PM, Peter Humphrey wrote:
> > I think (hope) I've found it:
> > http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
> > makes it clear that a subdomain's definition must /precede/ the
> > domain's definition. I was doing it the other way around, it
> > seeming obviously logical to me: define the whole first, then
> > refine the parts. I didn't even consider the alternative. On the
> > other hand this is vhost definition; is the reasoning the same?
> 
> It is extraordinarily late here, but I don't think that remedy #2
> makes sense.

Nor to me.

---->8

> The fact that one hostname may be a subdomain of another should be
> irrelevant, but ask me again in the morning... In any case, your
> current configuration has to be pretty close to working -- you just
> need to figure out why "Options Includes" isn't kicking in.

In the figuring-out process I'm revisiting the whole idea from the 
beginning. I've removed PHP, MySQL and Apache from the server box, 
removed the /var/www tree then reinstalled. I haven't yet started 
reconfiguration; I want to be sure I know what I'm doing first. (Fat 
chance of that!)

One decision that will have consequences is where in /var/www to put 
mysite. Should it be in /var/www/mysite/htdocs, in 
/var/www/localhost/mysite or in /var/www/localhost/htdocs/mysite? What 
I've read so far suggests that it doesn't matter, but I'm damn sure if I 
put it in the wrong place I'll suffer for it. And what ownership should 
mysite's files have? My user is in the apache group on the server.

Many thanks for your help.

-- 
Rgds
Peter

Re: [gentoo-user] Apache server setup

[Michael Mol]

On Tue, Jun 26, 2012 at 10:42 AM, Peter Humphrey
<peter@humphrey.ukfsn.org> wrote:
> On Tuesday 26 June 2012 09:07:14 Michael Orlitzky wrote:
>> On 06/25/2012 07:36 PM, Peter Humphrey wrote:
>> > I think (hope) I've found it:
>> > http://en.gentoo-wiki.com/wiki/Apache2/Virtual_Hosts
>> > makes it clear that a subdomain's definition must /precede/ the
>> > domain's definition. I was doing it the other way around, it
>> > seeming obviously logical to me: define the whole first, then
>> > refine the parts. I didn't even consider the alternative. On the
>> > other hand this is vhost definition; is the reasoning the same?
>>
>> It is extraordinarily late here, but I don't think that remedy #2
>> makes sense.
>
> Nor to me.
>
> ---->8
>
>> The fact that one hostname may be a subdomain of another should be
>> irrelevant, but ask me again in the morning... In any case, your
>> current configuration has to be pretty close to working -- you just
>> need to figure out why "Options Includes" isn't kicking in.
>
> In the figuring-out process I'm revisiting the whole idea from the
> beginning. I've removed PHP, MySQL and Apache from the server box,
> removed the /var/www tree then reinstalled. I haven't yet started
> reconfiguration; I want to be sure I know what I'm doing first. (Fat
> chance of that!)
>
> One decision that will have consequences is where in /var/www to put
> mysite. Should it be in /var/www/mysite/htdocs, in
> /var/www/localhost/mysite or in /var/www/localhost/htdocs/mysite? What
> I've read so far suggests that it doesn't matter, but I'm damn sure if I
> put it in the wrong place I'll suffer for it.

Doesn't matter, so long as you get privileges sorted out. For example,
on my server, I have stuff at

/var/www/$hostname/

...but in the past on different servers I've had it at

/www/$hostname/

And I've seen servers work perfectly fine with things arranged as

/sharedfiles/www/$hostname

where /sharefiles was served up as a samba share.

> And what ownership should
> mysite's files have? My user is in the apache group on the server.

Depends. Does your site code need to be able to write to the
filesystem? If you're using mpm_prefork, ultimately all you need is
for directories to be readable and executable to whatever group or
user the *apache* process runs as, and for files to be *readable* (not
necessarily executable) by the same. It really comes down to what user
and group the apache process is running as. You only care about your
own user's privileges as far as being able to edit the files yourself.


( Also, if you use something like mpm_itk, the permissions can be
pretty much whatever you want; apache will fork itself to the user and
group specified in your <Virtualhost>, <Location> or <Directory>
setting contexts. As an example, I recently configured a server to put
mediawiki at https://hostname/wiki/, and svn webdav at
https://hostname/svn/ ... requests for https://hostname/svn/ are
processed using a different uid and gid from the rest of the
virtualhost. )

-- 
:wq

Re: [gentoo-user] Apache server setup

[Michael Orlitzky]

On 06/26/12 10:42, Peter Humphrey wrote:
> 
> One decision that will have consequences is where in /var/www to put 
> mysite. Should it be in /var/www/mysite/htdocs, in 
> /var/www/localhost/mysite or in /var/www/localhost/htdocs/mysite? What 
> I've read so far suggests that it doesn't matter, but I'm damn sure if I 
> put it in the wrong place I'll suffer for it. And what ownership should 
> mysite's files have? My user is in the apache group on the server.
> 
> Many thanks for your help.
> 

We're using e.g. /var/www/com/example/www -- basically the website's
hostname in reverse, stored under /var/www.

With lots of sites it's nice to split them up like that. With fewer,
it's probably cleaner to use /var/www/$hostname. It's unimportant; you
can always move the directory and change the path in the conf files.
Apache can do a graceful reload quickly even with hundreds of sites.

I will second the mpm-itk suggestion if you're looking to go all-out.
It's a good compromise between running everything as 'apache' (unsafe)
and giving each website it's own apache process (resource-intensive).

In any case, once you know what user apache is running as (either
'apache' with mpm-prefork, or whatever else), it needs:

  * Execute access on all directories up to and including the document
    root

  * Read access on any files its going to serve.

  * For PHP, write access to the temp/session directories and read
    access to anything you installed in /usr/share/php

  * For (fast)cgi, execute permissions on the scripts you want to run.