1 |
On Thursday 28 October 2004 22:48, Anthony Gorecki wrote: |
2 |
> I concur with Wendall's decision; I don't use it because I've found that it |
3 |
> creates -more- work than manually installing web applications. See your |
4 |
> comment on self-configuring web applications. |
5 |
|
6 |
Hrm ... I haven't made any comment on self-configuring web applications. |
7 |
|
8 |
> In addition, some web applications will download their own source files on |
9 |
> demand and update themselves on demand, in a manner similar to Portage. |
10 |
> webapp-config would be completely unsuitable for these applications. |
11 |
|
12 |
And so is Portage ;-) |
13 |
|
14 |
Until UPSTREAM apps play nicely, this will always be a problem with any tool |
15 |
that anyone writes. And UPSTREAM can't play nicely until there's a tool to |
16 |
play nicely with. |
17 |
|
18 |
> As a second addition to the above, and in response to "Web applications |
19 |
> should not be owned by the same user as the web server," some web |
20 |
> applications -should- and are -designed and required- to be owned by the |
21 |
> web server's user. |
22 |
|
23 |
webapp-config copes with this just fine; Portage cannot. It also allows you |
24 |
to have application config files owned by a different shell user if you need. |
25 |
|
26 |
We're also looking at adding support for alternative MPM's for Apache 2, so |
27 |
that individual websites can be wholy owned by a single shell account, for |
28 |
added security. |
29 |
|
30 |
> In these cases, additional backend configuration is necessary to protect |
31 |
> websites from unauthorized access (PHP's open_basedir, for example), |
32 |
> however this would be soley the responsibility of web host and the script. |
33 |
|
34 |
The next version of webapp-config will be able to handle that sort of |
35 |
configuration too. We need to provide a tool to do it; we can't expect all |
36 |
of our users to have the skills to secure a PHP app by hand. |
37 |
|
38 |
> webapp-config should be completely oblivious to this, as these safeguards |
39 |
> would obviously beyond the scope of the program; however, it should support |
40 |
> the functionality if it is required. |
41 |
|
42 |
Why 'obviously' beyond the scope? |
43 |
|
44 |
Every web-based app installed on practically every platform out there is |
45 |
hampered by the limited capabilities of package managers and current |
46 |
automated installers. |
47 |
|
48 |
We're going to have to get there a step at a time, but I think it's worth the |
49 |
effort. |
50 |
|
51 |
> If the vhost flag is not set, is there a way to alter the install location |
52 |
> from /var/www/localhost? If there isn't, why isn't there? I haven't had a |
53 |
> chance to look through all of the software resources for this program, |
54 |
> though I haven't seen anything helpful this far. |
55 |
|
56 |
Take a look at /etc/vhosts/webapp-config and the man page for webapp-config.5. |
57 |
The support you need is there. I don't run any of own sites from /var/www. |
58 |
|
59 |
'localhost' *is* currently hard-coded as the hostname that an app is installed |
60 |
into when USE=-vhosts. This is something we can change. |
61 |
|
62 |
Best regards, |
63 |
Stu |
64 |
-- |
65 |
Stuart Herbert stuart@g.o |
66 |
Gentoo Developer http://www.gentoo.org/ |
67 |
http://stu.gnqs.org/diary/ |
68 |
|
69 |
GnuPG key id# F9AFC57C available from http://pgp.mit.edu |
70 |
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C |
71 |
-- |
72 |
|
73 |
-- |
74 |
gentoo-portage-dev@g.o mailing list |