|
FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
apache documentroot
what is the ideal place for the apache document root. Both from a security and efficency point of view
The default usually is something like /usr/local/apache/htdocs. Also what permissions to give the documentroot directory. So far have run the documentroot with root permissions but would it be better to run it with out root permissions. thanks
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5 |
|
|||
short url
Thank you for your reply
I was thinking of something like Code:
/usr/docroot just makes it easier to fill in absolute paths in scripts. Does having the docroot so close to root cause any security problem. I cannot think of any. But just want to double check. Also how do you manage sftp transfers of files using a client like cuteftp as it is not safe to allow direct root login. So if you login into cuteftp as a member of the wheel group but try to replace files owned by root I think it is not going to allow you to do that right.
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5 |
|
||||
Quote:
dir = /usr/local/apache/htdocs leaves you with $dir .. Quote:
Quote:
|
|
|||
Thanks
Thank you for the comprehensive reply :-)
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5 |
|
|||
Apache Security
From a security point of veiw you should be using jails. Take a look at ezjails in the ports tree.
Mod_security and IPF (firewall) , in ports, should also be considered. |
|
||||
The problem with jails is the overhead of running multiple, separate instances of httpd, plus the need for a separate IP for each jail (and the limit of a single IP per jail).
In a lot of situations, these are not limitations and help a lot. In others, these are limitations that make jails unusable. Each situation is different, and the tools need to be examined in that light in order to select the one that works best. |
|
|||
phoenix,
I know if I was using a "Core2Quad Q9300 8gb DDR2 750gb" for a server, additional IPs wouldn't be a problem or issue. That being said, phoenix is correct, jails do have some issues and the need an IP for each jail is the major one for alot people. |
|
|||
While it may not work for everybody, this is my very specialized setup...
I have a seperate /www filesystem. /usr/home/<username>/public_html is softlinked to /www/<username>. Inside /www/<username> is a directory for every domain each user has under their account. The reason for this is /usr/home/<username> is generally chmodded 700 (or 750 with a very restrictive group assignment), so apache (which is running as it's own user/group) would not access anything within the directory. /www/<username> is generally 750 with the owner as <username> and group set to apache's group. The domain folders below this directory are generally 750, however they can be set 755 and group set to user's primary group (to allow CGI scripts run through suEXEC to run directly in the web root). Apache's DocumentRoot is /www, and each <VirtualHost> is set DocumentRoot to /www/<username>/<domain>.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
PHP 5.2.6 and Apache 1.3 | dialeight | OpenBSD Packages and Ports | 1 | 15th June 2009 03:04 AM |
Upgrade Apache 1.3 mod_ssl to Apache 2.2 | beandip | FreeBSD Ports and Packages | 11 | 26th March 2009 09:12 PM |
Apache 1.3 vs. 2.2 | windependence | FreeBSD General | 4 | 16th June 2008 10:10 PM |
Apache SSL | mike171562 | FreeBSD General | 0 | 5th May 2008 09:41 PM |