DocumentRoot¶
Publish¶
In order for a website to be accessible to visitors, it must be published to the correct directory. Upload your files via SFTP and place them in /var/www/virtual/<username>/html. Access the files via your domain.
Additional DocumentRoots¶
Warning
We strongly suggest to use different accounts for different projects due to security reasons. If one of the DocumentRoots gets compromised (e.g. because of a CVE), all other files within all other DocumentRoots can be compromised as well.
You can create folders (and symlinks) in the form of /var/www/virtual/<username>/<domain>. Make sure your domain is setup and configured correctly. To use RewriteRules, you have to create a .htaccess file within the DocumentRoot with the following content:
RewriteBase /
Tip
The DOCUMENT_ROOT variable set by Apache always points to the one and only DocumentRoot /var/www/virtual/<username>/html so you will get a misleading value. There is no way to change that behaviour.
Warning
Symlinking to folders in /home will not work here because the Apache web server does not have access rights to anything in /home.
Warning
Do not delete /var/www/virtual/<username>/html. If this folder doesn’t exist, the RewriteRules implementing the additional DocumentRoots don’t work, so all your domains will be inaccessible.
Example how to change DocumentRoot location¶
Many PHP apps like Symfony provide their own public webfolder within their folder structure. It is recommended to only make this folder accessible by the webserver. This can be achieved, for example, with the following procedure:
# in /var/www/virtual/$USER
[isabell@stardust isabell]$ rm -f html/nocontent.html
[isabell@stardust isabell]$ rmdir html
[isabell@stardust isabell]$ mkdir -p my_project/public
[isabell@stardust isabell]$ ln -s my_project/public html
this will result in the following structure:
[isabell@stardust isabell]$ tree
.
├── html -> my_project/public
└── my_project
└── public
because my_project is not a domain name that can be reached by the webserver, the source code will never be reachable from the outside.
Permissions¶
Since the webserver runs with a different user, you need to make sure your files have the right permissions. The folder /var/www/virtual/<username>/html and all additional DocumentRoots need to have mode 0755, the files within 0644. To fix this for all files and folders you can use the following code:
[isabell@stardust ~]$ chmod -R u=rwX,go=rX ~/html
Tip
Since the folder /var/www/virtual/<username> has mode 0750, other users on the same server can’t access your files.
In addition to “traditional” permission bits, uberspace uses SELinux. For the webserver user to be able to access the files, they need to have a SELinux type of httpd_sys_content_t. If you create files in your home directory, those files will carry the user_home_t type instead. Using mv to move the files will take care of this, as mv is aliased to mv -Z by default (-Z: set SELinux security context of destination file to default type). However, if you move your files in a different way, you might need to set the SELinux label accordingly, for example using restorecon:
[isabell@stardust ~]$ restorecon -R -v ~/html
Configuration¶
Provided configuration¶
We provide the following configuration:
DirectoryIndex index.html index.htm index.html.var index.php index.cgi index.sh nocontent.html
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType application/wasm .wasm .wasm.gz .wat .wat.gz
AddOutputFilter INCLUDES .shtml
The full configuration is provided within the file /etc/httpd/conf/httpd.conf which is readable by every user.
Own configuration¶
You can provide your own configuration with .htaccess files. Check the Directive Quick Reference for possible configuration directives. Keep in mind that the third column needs to contain h for .htaccess.