How to configure Apache document root?
Solution 1
Assuming you have SELinux enabled, not all of those options will work due to SELinux denying access to non-standard folders by the httpd process.
IIRC, the preferred method for manually adding web applications on CentOS (e.g. a mediawiki install) is to install them to /var/www/<myappname>
and create an Alias in the /etc/httpd/conf/httpd.conf file that points to your app (I usually pattern mine to be similar to the existing alias for the /var/www/icons
folder).
Typical file ownership for anything under /var/www
on CentOS is root
.
Solution 2
It's really up to you, I would personally opt for CentOS's default DocumentRoot in /var/www/html/myWebApp
as it maintains a clean, extensible and obvious structure for future maintainers etc.
You can own the application files yourself, however they should be readable (but not owned - unless the application has to overwrite/edit them) by the user and group that apache is configured to run as. This is usually nobody:nobody
- and that user should be unprivileged (i.e. only able to read the files in your document root, nothing more).
edit: For SVN checkout, you can leave the files owned by the SVN user (SVN
or root
I assume - as long as it's different from the user apache is running as) and permissions should be 644 (-rw-r--r--)
- I believe this is what SVN will use by default, if not chmod the directory in the post-commit hook.
...and to determine if you have an SELinux issue, try disabling it and retesting. If that works, gather the logs and modify the HTTPD policy (possibly just enabling httpd_disable_trans
). Or use Ophidian's method :)
Solution 3
(this should be a comment for Ophidian but it won't fit in the space allowed for a comment so I am posting it as a reply)
You can do it under selinux by chcon'ing the dirs/files you want to use with the appropriate contexts/type.
To find out the correct context the easiest method is to examine an already correctly labelled dir. E.g.
[root@somehost ~]# ls -ldZ /var/www/html drwxr-xr-x root root system_u:object_r:httpd_sys_content_t /var/www/html
Then set the correct se linux type on your new content dir. E.g. if you want to use /home/myapp as your doc root: chcon -t httpd_sys_content_t /home/myapp
chcon only persists until the next filesystem relabel. Don't forget to use semanage fcontext if you do so that the new contexts will persist through file system relabels!
semanage fcontext -at httpd_sys_content_t /home/myapp
Related videos on Youtube
benjisail
Updated on September 17, 2022Comments
-
benjisail over 1 year
I am in the process to migrate to a new web server and I would like to have a clean and safe file architecture for apache and my web application.
The server will serve one single php/mysql application. This application receive files from FTP and webservices and generate logs files.
The server OS is CentOS 5.4.
The default Apache document root is
/var/www/html
.Should I put my web application directory under :
/var/www/html/myWebApp
?/www/myWebApp
?/home/www/myWebApp
?- Somewhere else?
The application directory should be owned by the
root
user orapache
user or an other user?Thanks for your help.
-
Spidfire almost 11 yearsFor the people who are getting mad just like me: If you are using centos or an other RHEL disto there are program specific permissions you need. serverfault.com/a/409488/43746
-
Ophidian about 14 yearsOh, I 100% agree. There are lots of ways around the SELinux limitations, but if we're discussing basic httpd configuration then I think getting into the vagaries of SELinux tuning is a likely bit much. :)
-
Andy about 14 yearsFile ownership should not be apache if that is also the user under which httpd is running, otherwise the web server can overwrite your application code if your permissions are not correct.