On Sun, Dec 07, 2003 at 10:58:17AM +0100, Fabio Massimo Di Nitto wrote: > On Sat, 6 Dec 2003, Joey Hess wrote: > > Maybe it's time to think about amending section 11.5. of policy (Web > > servers and applications) to address some of the problems with it. > > indeed it is. It's long, long, long overdue. > > - Some web servers (eg apache2) can cooexist with other web servers > > installed concurrently. But historically we've had the debian web > > server install a default /var/www/index.html particular to that > > server, and only one web server can do that at a time. So apache2 > > currently violates debian policy by using a different directory as > > its web server root. Which leads to many other administration > > problems, such as anything dropped in /var/www not being available > > under apache2. > > We should consider 2 options to address this problem: > > 1) provide a single default DocumentRoot for all webservers with a common > Debian entry page (as suggested by aj and DanielS on irc) and a > possible /serverinfo/ to let the user verify immediatly which server is > accessing (in case of multiple web servers running at the same time as > suggested by DanielS) This is, of course, my preferred option. > > - If you use vhosts, you can only have one pointing to /var/www, > > so only one will get the debian content provided there. To add it to the > > others, you have to maintain lots of symlinks. > > Even if it is not our task I would like to at least suggest users a common > schema on where to store vhosts and possibly in a future having a small > tool to handle them. It would make life easier for users approching the > first time httpd. vhost-base was a (shockingly-implemented) attempt at this - I still have sources kicking around for anyone who doesn't mind looking at abhorrent Perl that largely doesn't work to see where I was going. > > - Any others? > > From a user point of view nothing more comes in my mind. As one of the > apache maintainer i would like to see the default DocumentRoot situation > clear in policy from the beginning before start having 200 different > implementation, one from each httpd. I think everything needs to be clear in policy. apache2 is, so far, the only httpd to yet have tackled the virtual host problem, thank <insert deity here>. > > I notice that many of these come down to a namespace problem. We have > > appropriated the default top-level namespace of the web server for > > Debian-provided content, which doesn't give the admin enough control. If > > they take back control, for example by changing the web document root to > > /home/web or /srv/web, and creating their own cgi-bin directory, then > > they lose all the benefits of the Debian integration. Unfortunatly many > > hrefs are absolute, and so they break when you do things like this, so > > even making http://host/debian link to all the debian provided stuff is > > not feasable without a lot of work. > > Just FYI there was a proposal to address the /cgi-bin/ problem but your is > more complete and addresss that problem as well. (#167513) I'm not sure I love the /debian-www/ bit; it's a bit aesthetically displeasing, but to each their own. Good idea otherwise, however. > > Web applications should store static web-accessible files (icons, > > non-documentation html pages, etc), under /usr/share/<package> and > > /usr/lib/<package>. > > Perhaps the DocumentRoot can be addressed here with something like > /usr/share/<package>/defaultdocumentroot (or something similar, name is > not important for me..) if we will agree to use the 2nd solution i > proposed above, and users will still be able to change the default > DocumentRoot to point where they prefer without losing any advantage of > the Debian infrastructure. Slightly on-topic, I was saying to Fabio on IRC that every httpd could provide /usr/share/<package>/serverinfo or such, for /serverinfo (as discussed further up). This could be status for the apaches, vague information for boa/lighter servers, or whatever. > > If they include an index.html (or localised index.html.ll or similar > > files) there, they must take care to not overwrite files created by > > the administrator, or by other web servers, and removal of the web > > server should remove those files. > > I think the removal has to be done if we isolate these files where the > user is not supposed to touch them. At this point in time where we use > /var/www we do not touch them. (at least apache doesn't). This is why I believe having a common root and /serverinfo/ is a good idea. This way, we can have a default Debian index.html, chock-full of information, including a, 'Yo! Want to see <a href="/serverinfo">how this server's going</a>?', and admins could override this easily. All this infrastructure could be included in a httpd-base package, or such (possibly combining with a bit of the old vhost-base stuff?). > > Alternatively, web servers may choose to use a different directory > > as their web document root. It is acceptable to prompt the user > > for what directory to use. > > apache already does that but we do not touch or even investigate the > contents of a non-default documentroot. In case of default we only check > for index.html at install time. Would this behaviour be accepted in this > proposal? We mainly use this approch to avoid any risk of overwriting a > user installed index.html (other methods have been failing, see bts for > reference.) I suppose the other achoice is to put all Debian content in /debian-www/, and only have index.html redirecting to /debian-www/, so that way the user only has to overwrite a ~100-byte file. Or something. > > At this time, I'm seeking comments, but not seconds for this proposal. > > In particular, I'm interested in any problems with the current web > > policy which I did not address. > > You did a really good job. Yes. On behalf of someone who tried and failed to implement this (vhost-base, the remenants of which can still be seen in apache2[1]), thankyou very much for finally enumerating this. :) d [1]: sites-{available,enabled} and all that infrastructure used to be managed by vhost-base, until Thom decided (rightly, in 20-20 hindsight) that it was a stupid idea - or, at least, a stupidly-implemented good idea. mods-{available,enabled} stems from the same thinking. -- Daniel Stone <daniels@debian.org> Debian X Strike Force: http://people.debian.org/~branden/xsf/
Attachment:
pgpdU3qgdyWct.pgp
Description: PGP signature