In order for a website to be accessible to visitors, it must be published to the correct directory. Upload your files via SFTP and place them in
/var/www/virtual/<username>/html. Access the files via your domain.
We strongly suggest to use different accounts for different projects due to security reasons. If one of the DocumentRoots gets compromised (e.g. because of a CVE), all other files within all other DocumentRoots can be compromised as well.
You can create folders (and symlinks) in the form of
/var/www/virtual/<username>/<domain>. Make sure your domain is setup and configured correctly. To use
RewriteRules, you have to create a .htaccess file within the DocumentRoot with the following content:
DOCUMENT_ROOT variable set by Apache always points to the one and only DocumentRoot
/var/www/virtual/<username>/html so you will get a misleading value. There is no way to change that behaviour.
Do not delete
/var/www/virtual/<username>/html. If this folder doesn’t exist, the RewriteRules implementing the additional DocumentRoots don’t work, so all your domains will be inaccessible.
Example how to change DocumentRoot location¶
Many PHP apps like Symfony provide their own public webfolder within their folder structure. It is recommended to only make this folder accessible by the webserver. This can be achieved, for example, with the following procedure:
# in /var/www/virtual/$USER [eliza@dolittle eliza]$ rm -f html/nocontent.html [eliza@dolittle eliza]$ rmdir html [eliza@dolittle eliza]$ mkdir -p my_project/public [eliza@dolittle eliza]$ ln -s my_project/public html
this will result in the following structure:
[eliza@dolittle eliza]$ tree . ├── html -> my_project/public └── my_project └── public
my_project is not a domain name that can be reached by the webserver, the source code will never be reachable from the outside.
Since the webserver runs with a different user, you need to make sure your files have the right permissions. The folder
/var/www/virtual/<username>/html and all additional DocumentRoots need to have mode
0755, the files within
0644. To fix this for all files and folders you can use the following code:
[eliza@dolittle ~]$ chmod -R u=rwX,go=rX ~/html
Since the folder
/var/www/virtual/<username> has mode
0750, other users on the same server can’t access your files.
In addition to “traditional” permission bits, uberspace uses SELinux. For the webserver user to be able to access the files, they need to have a SELinux type of
httpd_sys_content_t. If you create files in your home directory, those files will carry the
user_home_t type instead. Using
mv to move the files will take care of this, as
mv is aliased to
mv -Z by default (
-Z: set SELinux security context of destination file to default type). However, if you move your files in a different way, you might need to set the SELinux label accordingly, for example using restorecon:
[eliza@dolittle ~]$ restorecon -R -v ~/html
We provide the following configuration:
DirectoryIndex index.html index.htm index.html.var index.php index.cgi index.sh nocontent.html TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddType application/wasm .wasm .wasm.gz .wat .wat.gz AddOutputFilter INCLUDES .shtml
The full configuration ist provided within the file
/etc/httpd/conf/httpd.conf which is readable by every user.