How to configure Apache document root?

apache-2.2 centos documentroot
36,403

Solution 1

Assuming you have SELinux enabled, not all of those options will work due to SELinux denying access to non-standard folders by the httpd process.

IIRC, the preferred method for manually adding web applications on CentOS (e.g. a mediawiki install) is to install them to /var/www/<myappname> and create an Alias in the /etc/httpd/conf/httpd.conf file that points to your app (I usually pattern mine to be similar to the existing alias for the /var/www/icons folder).

Typical file ownership for anything under /var/www on CentOS is root.

Solution 2

It's really up to you, I would personally opt for CentOS's default DocumentRoot in /var/www/html/myWebApp as it maintains a clean, extensible and obvious structure for future maintainers etc.

You can own the application files yourself, however they should be readable (but not owned - unless the application has to overwrite/edit them) by the user and group that apache is configured to run as. This is usually nobody:nobody - and that user should be unprivileged (i.e. only able to read the files in your document root, nothing more).

More info here.

edit: For SVN checkout, you can leave the files owned by the SVN user (SVN or root I assume - as long as it's different from the user apache is running as) and permissions should be 644 (-rw-r--r--) - I believe this is what SVN will use by default, if not chmod the directory in the post-commit hook.

...and to determine if you have an SELinux issue, try disabling it and retesting. If that works, gather the logs and modify the HTTPD policy (possibly just enabling httpd_disable_trans). Or use Ophidian's method :)

Solution 3

(this should be a comment for Ophidian but it won't fit in the space allowed for a comment so I am posting it as a reply)

You can do it under selinux by chcon'ing the dirs/files you want to use with the appropriate contexts/type.

To find out the correct context the easiest method is to examine an already correctly labelled dir. E.g.

[root@somehost ~]# ls -ldZ /var/www/html drwxr-xr-x root root system_u:object_r:httpd_sys_content_t /var/www/html

Then set the correct se linux type on your new content dir. E.g. if you want to use /home/myapp as your doc root: chcon -t httpd_sys_content_t /home/myapp

chcon only persists until the next filesystem relabel. Don't forget to use semanage fcontext if you do so that the new contexts will persist through file system relabels!

semanage fcontext -at httpd_sys_content_t /home/myapp

Share:
36,403

Related videos on Youtube

benjisail
Author by

benjisail

Updated on September 17, 2022

Comments

  • benjisail
    benjisail over 1 year

    I am in the process to migrate to a new web server and I would like to have a clean and safe file architecture for apache and my web application.

    The server will serve one single php/mysql application. This application receive files from FTP and webservices and generate logs files.

    The server OS is CentOS 5.4.

    The default Apache document root is /var/www/html.

    Should I put my web application directory under :

    • /var/www/html/myWebApp?
    • /www/myWebApp?
    • /home/www/myWebApp?
    • Somewhere else?

    The application directory should be owned by the root user or apache user or an other user?

    Thanks for your help.

    • Spidfire
      Spidfire almost 11 years
      For the people who are getting mad just like me: If you are using centos or an other RHEL disto there are program specific permissions you need. serverfault.com/a/409488/43746
  • Ophidian
    Ophidian about 14 years
    Oh, I 100% agree. There are lots of ways around the SELinux limitations, but if we're discussing basic httpd configuration then I think getting into the vagaries of SELinux tuning is a likely bit much. :)
  • Andy
    Andy about 14 years
    File ownership should not be apache if that is also the user under which httpd is running, otherwise the web server can overwrite your application code if your permissions are not correct.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache doesn't start: syntax error....DocumentRoot must be a directory
Best permissions/ownership for apache document root
How to whitelist a directory in apache
Best Apache & MySQL config for 16GB and 8 Cores
How to add /home/user/public_html as virtual host in apache - centos
404 Not found - Apache CentOS
PHP 5 will not work in Centos 6 for me
Upgrade to Apache 2.2.20 on Centos
Install GD Library for PHP in GoDaddy VPS with CentOS???
503 Error: Service Temporarily Unavailable (Mod_wsgi, Apache, Django)