[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virtual hosting in apache and file locations

also sprach Daniel Stone (on Tue, 02 Oct 2001 08:10:38PM +1000):
> I think that a symlink from /var to /home is bad. Maybe if we stored it
> under /home/www-data or such.

that's one possibility, although i am more in favor of uniting sites
into single directory hierarchies. what's the big point of having
documents in /var/www and below, but cgi's in /usr/lib/apache/cgi-bin?
and manuals in /usr/share..., and logs in /var/log/apache?

i understand, there is the FHS, but a virtual site is a virtual site,
in fact, any website is it's own site and doesn't really have anything
to do with the host server except for a small number of cases.

i think that /home/www-data or /home/apache is a reasonable idea, but
somehow you need to fuse allowing users to edit their own pages, and
protecting the apache installation against fuckups - because a single
user who moves the directory corresponding to the webpage will make
apache fail to start the next time.

instead, i propose the following: any apache configuration only serves
virtual sites, where the primary site (the actual server site) is the
first, which means the default if no Host HTTP Request Header is
transmitted. virtual hosts relying on Host headers bind to
only, IP virtuals bind to that IP.

for every virtual site defined in apache's config (which i am
currently reworking), there is one equinomial[1] directory under
/home/apache/sites (chmod 2711, chown root.staff). e.g.:
/home/apache/sites/pantsfullofunix.net and
/home/apache/sites/debianplanet.org. permissions are then set
according to who is administering the site, although i propose having
an equinomial group for every site anyway, and 2775 permissions
recursively . now, you can symlink out of a home directory, i.e. from
~madduck/web/pantsfullofunix.net to

this pretty much ensures that when /home is up, apache will serve
whatever is in these directories.

furthermore, one could create
/home/apache/common/{img,scripts,cgi-bin,whatever}, which could be
(script-)aliased as /cgi-pub, scripts-pub, /img-pub, /whatever-pub
server wide, and could contain common CGIs like counters or guestbooks
and whatever kind of junk the people want.

in addition, every /home/apache/sites/* directory has it's own
cgi-bin, iff the owner so desires and the hostmaster allows it. this
gives separate custom cgi control over each site while not limiting
the cgi-pub access. very much the same approach can be taken with
scripts, and even PHP capabilities and other stuff. all i am saying
is: <VirtualHost> is your friend!!! and you can use it the same way
with no negative consequences if you are only serving one site.

lastly, i propose (even though i have not been able to implement
this), to give every single site directory a 0750 root.site
subdirectory "log", in which the error and access logs for that site
are placed. this much works for my server, but what i also want is one
centralized logfile for all in /var/log/apache. this allows users
access to their logs, it keeps /var/log/apache and files clean, and
it's a perfect way to handle multiple sites, especially because
apache's cron.daily knows how to rotate any logfile no matter where it
is, and because such a convention allows script access to logs via
/home/apache/sites/*/log. here i propose that the directory is owned
by root and grouped to the site group so that the webmasters have
read-access to their logs, but noone else, which is all that you ever

now, with this setup, which i have implemented on two productive
servers so far, administration is bloody simple, and it makes sense! a
virtual website does not have to melt in with the server FHS, it
*could* have it's own FHS instantiation, but there is no need or point
to log to /var/log (other than collectively), to serve from /var/www,
or to execute CGIs from /usr/lib.

lastly, to help other debian packages (like webalizer and others) to
switch to a new convention, /var/www could very well be a symlink to

[1] no, this isn't a word. but it should be. you get the idea...

> I think that it should remain that way, but hey, this is my main server:
> daniel@piro:~% ls -l /var
> lrwxrwxrwx    1 root     root            9 Jul  4 09:48 /var ->
> /home/var

uhm, daniel, are you, uhm, okay?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
perl -le '$_="6110>374086;2064208213:90<307;55"; \
          tr[0->][ LEOR\!AUBGNSTY];print'

Attachment: pgpAqY1t1xkis.pgp
Description: PGP signature

Reply to: