Thomas Goirand commented on our proposed rewrite of dtc templates: > - Please note that apache's standard installation setup /var/www as the > - apache web area (document root). Remove this manually in your > - /etc/apache/httpd.conf (or in /etc/apache2) if you choose /var/www/sites > - as DTC's hosting area. > + The default Apache installation defines /var/www as the document > + root. This should be removed from the httpd.conf file manually when > + another directory is chosen as DTC's hosting area. > > You are changing the meaning of it. The purpose of this was to tell that > the default DocumentRoot should NOT be pointing to /var/www if using > this path, as this could reveal all the files. By the way, on the > current setup, this is not true anymore. DTC takes over the apache > config, but maybe, to be 100% sure there is no security issue, best > would be to just write something like this: > > If you choose the default of /var/www, make sure that no DocumentRoot is > pointing to this path, so there is no chance to publicly give access to > all your hosted files. OK, let's retry another way: Template: dtc/conf_hostingpath Type: string Default: /var/www/sites _Description: Path for hosted domains: Please enter the directory to be used by DTC to store files for all hosted domains. . If you choose /var/www, which is Apache's default document root, all files hosted in that directory will become publicly accessible. It is therefore recommended to choose another directory if the local web server is hosting other files in /var/www. > > -_Description: Path where to build the chroot environment: > - Please enter the path where you want DTC to build the cgi-bin chroot > +_Description: Path for the chroot environment: > + Please enter the directory to be used by DTC to build the cgi-bin chroot > > I'd like to insist a bit more on the fact this is a template copied on > each subdomain. Maybe it's better to write: > > +_Description: Path for the chroot environment template: OK, that wasn't clear. "template" added. > This one now: > > - Note that in the case of a dynamic IP address, using NAT and port > forwarding > - is the only way to use DTC (because apache vhost file wont need to be > - regenerated at each IP change). > + Do not choose this option if the server is directly connected to the > + Internet, except when using dynamic IP addresses. In such cases, NAT > + and port forwarding are mandatory for DTC. > > Reading it, it seems a bit strange, as the server can't be both > connected directly to internet with a public IP, and have NAT. Maybe we > should write this: > > + Do not choose this option if the server is directly connected to the > + Internet. If your internet connection is delivered by a dynamic IP > addresses, choosing this option is mandatory. You then have to use a > firwall doing NAT between your server and the internet, and use port > forwarding to your server. My proposed rewording of this: Template: dtc/conf_use_nated_vhosts Type: boolean Default: false _Description: Use "NATed" vhosts? DTC can configure Apache to use one of your IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a "NATed" vhost configuration can be generated. . This option should be chosen only if the server is directly connected to the Internet and uses a dynamic public IP addres. In such cases, NAT and port forwarding are mandatory for DTC.
Attachment:
signature.asc
Description: Digital signature