/[gentoo]/xml/htdocs/proj/en/glep/glep-0011.txt
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0011.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.1 Revision 1.5
1GLEP: 11 1GLEP: 11
2Title: Web Application Installation 2Title: Web Application Installation
3Version: $Revision: 1.1 $ 3Version: $Revision: 1.5 $
4Last-Modified: $Date: 2003/08/07 19:02:40 $ 4Last-Modified: $Date: 2004/01/31 21:56:55 $
5Author: Troy Dack <tad@gentoo.org> 5Author: Troy Dack <tad@gentoo.org>
6Author: Stuart Herbert <stuart@gentoo.org>
6Discussions-To: gentoo-dev@gentoo.org 7Discussions-To: gentoo-dev@gentoo.org
7Status: Draft 8Status: Accepted
8Type: Standards Track 9Type: Standards Track
9Content-Type: text/x-rst 10Content-Type: text/x-rst
10Created: 02 August 2003 11Created: 02-August-2003
11Post-History: 07 Aug 2003 12Post-History: 07-Aug-2003, 12-Aug-2003, 13-Aug-2003
12 13
13Credits 14Credits
14======= 15=======
15 16
16Based on comments posted to gentoo-dev mailing list [#WebAppPost1]_ 17Based on comments posted to gentoo-dev mailing list [#WebAppPost1]_
17[#WebAppPost2]_ [#WebAppPost3]_ by: 18[#WebAppPost2]_ [#WebAppPost3]_ by:
18 19
19 Stuart Herbert <stuart@gentoo.org>, Max Kalika <max@gentoo.org>, 20 Stuart Herbert <stuart at gentoo.org>, Max Kalika <max at gentoo.org>,
20 Robin H.Johnson <robbat2@gentoo.org> and others 21 Robin H.Johnson <robbat2 at gentoo.org> and others
21 22
22Definitions 23Definitions
23=========== 24===========
24 25
25 *Web Application* 26 *Web Application*
85 1. Gentoo installed web applications (eg: horde, phpbb, cacti, 86 1. Gentoo installed web applications (eg: horde, phpbb, cacti,
86 phpmysql) should not be installed in the Document Root of a web server. 87 phpmysql) should not be installed in the Document Root of a web server.
87 2. Web applications should not have their configuration files installed 88 2. Web applications should not have their configuration files installed
88 under the Document Root of a web server. 89 under the Document Root of a web server.
89 90
90 i. Web Application must be slotted by their major version numbers to 91 i. Web Application must be slotted by their full version numbers to
91 further avoid downtime when true configuration changes are required. 92 further avoid downtime when true configuration changes are required.
92 93
93 3. Web applications should not be owned by the same user as the web server. 94 3. Web applications should not be owned by the same user as the web server.
94 4. It should be easily possible to have multiple instances of a web 95 4. It should be easily possible to have multiple instances of a web
95 application without any duplication of source files. 96 application without any duplication of source files.
97 application. 98 application.
98 99
99Implementation 100Implementation
100============== 101==============
101 102
102Max Kalika <max@gentoo.org> stated that he has a preliminary eclass that 103Max Kalika <max at gentoo.org> stated that he has a preliminary eclass that
103implements a good deal of this GLEP. 104implements a good deal of this GLEP.
104 105
105Stuart Herbert <stuart@gentoo.org> has committed:: 106Stuart Herbert <stuart at gentoo.org> has committed::
106 107
107 webapp-apache.eclass 108 webapp-apache.eclass
108 109
109to CVS, this is a stop-gap measure whilst this GLEP is being finalised. 110to CVS, this is a stop-gap measure whilst this GLEP is being finalised.
110 111
111 112
1121. Web Server 1131. Web Server
113--------------------- 114-------------
114 115
115A common default web server will have to be selected and ebuild authors should 116A common default web server should be selected. Selection of a default web
116ensure that their applications contain configuration directives suitable for 117server will help to reduce the number of bugs that are reported.
118
117that server. Given the popularity of the Apache web server it is suggested 119Given the popularity of the Apache web server it is suggested that Apache be
118that Apache be selected as the Gentoo default web server. 120selected as the Gentoo default web server.
119 121
120Whilst it is acknowledged that other web servers do exist and are used, there 122The Virtual Host Configuration tool (see below) will transparently support
121has to be an assumption made somewhere that people who choose to use something 123different web servers, thus enabling web applications to be installed on a
122other than the default have enough knowledge to adapt configurations 124Gentoo system irrespective of the installed web server.
123accordingly.
124 125
1251.1 Default Document Root 1261.1 Default Document Root
126''''''''''''''''''''''''' 127'''''''''''''''''''''''''
127 128
129The current default Document Root for Gentoo is /home/httpd/, this is
130unsuitable for a couple of reasons:
131
132 * /home/ may be exported via nfs to numerous other hosts, it is not
133 acceptable to share publically accessible files with numerous hosts.
134
135 * there is a potential (all be it small) for a user name clash
136
128To ensure the greatest flexibility when installing applications the following 137To ensure the greatest flexibility when installing applications the following
129*Document Root* locations are to be used: 138*Document Root* locations are to be used:
130 139
131 * For single host installations:: 140 * For single host installations::
132 141
133 /var/www/localhost/htdocs/ 142 /var/www/localhost/
134 143
135 * For multiple virtual host installastions:: 144 * For multiple virtual host installations::
136 145
137 /var/www/<fully qualified domain name>/htdocs/ 146 /var/www/<fully qualified domain name>/
147
138 eg: 148 eg:
139 /var/www/www.gentoo.org/htdocs/ 149 /var/www/www.gentoo.org/
150
151Additionally the chosen location ( /var/www/ ) appears to be becoming a defacto
152standard for Linux distributions.
140 153
1411.2 Apache 2 1541.2 Apache 2
142'''''''''''''''''''''''' 155''''''''''''
143 156
144All web application .ebuild will honour any USE flags that are intended to 157All web application .ebuilds will honour any USE flags that are intended to
145add support for Apache 2 as well as supporting Apache 1 installations. 158add support for Apache 2 as well as supporting Apache 1 installations.
146 159
147 1602. Application Installation
1482. Virtual Host Flexibility
149--------------------------- 161---------------------------
150
151In a similar vein to Gentoo's Zope scripts, namely zope-config, we
152should be able to have multiple instances of a single web application
153without duplicating all of the files.
154
155This also allows system administrators to control where web applications
156will appear on their system, as well as to customize a file in a single
157instance of a web application without effecting the original material.
158
159This is easily acheived thru use of Apache configuration directivies and
160symlinks. For PHP instances, see http://tavi.sourceforge.net/VirtualHosts
161for some details.
162
163The primary idea here is that to the web-application, it appears that
164all of it's configuration and files are in the instance directory, but
165the files are physicalled located elsewhere.
166
1672.1 New "vhost" USE Flag
168''''''''''''''''''''''''
169
170To enable support for multiple virtual host installations a new USE flag is
171to be added to Portage. The use flag will be::
172
173 vhost
174
175When *vhost* is _set_ the installation location and configuration for the web
176application will be effected, see below for more details.
177
1782.2 VHost Configuration Tool
179''''''''''''''''''''''''''''
180
181To assist administration of multiple virtual hosts a "VHost Configuration Tool"
182needs to be developed and implemented. Initial discussion and regarding the VHost
183Config tool can be found at http://article.gmane.org/gmane.linux.gentoo.devel/10874.
184
185The VHost Configuration Utility will need to be a seperate package, maintained by Gentoo.
186Apache .ebuilds will require the VHost Config tool as a dependency (DEPEND).
187
188<< TO BE EXPANDED UPON >>
189
1903. Application Installation Location
191------------------------------------
192 162
193The current accepted standard Document Root in Gentoo is /home/httpd. The 163The current accepted standard Document Root in Gentoo is /home/httpd. The
194discussion suggest that this is not the best location to install web based 164discussion suggest that this is not the best location to install web based
195applications. 165applications.
196 166
1672.1 Application SLOTs
168'''''''''''''''''''''
169
170All ebuilds are to set the SLOT variable as follows::
171
172 SLOT="${PV}"
173
174Setting the SLOT variable as shown will enable different versions of the same
175web application to be served concurrently by one server.
176
1772.2 Installation Paths
178''''''''''''''''''''''
179
197Web applications should be installed outside of the Document Root using the following 180Web applications should be installed outside of the Document Root using the following
198defaults: 181defaults:
199 182
200 * for files to be served to clients:: 183 * for files to be served to clients::
201 184
202 /usr/share/webapps/${PF}/ 185 /usr/share/webapps/${PF}/htdocs/
203 186
204 /usr/share/webapps/${PF}/public_html/ for files served by the web server
205
206 /usr/share/webapps/${PF}/cgi-bin/ for CGI-BIN files 187 /usr/share/webapps/${PF}/cgi-bin/
207 188
208 * install configuration files in:: 189 * install *site default* configuration files in::
209 190
210 /etc/webapps/${PF}/ 191 /etc/webapps/${PF}/
211 192
212 * for documentation files (not served to clients):: 193 * for documentation files (not served to clients)::
213 194
214 /usr/share/doc/${PF}/ 195 /usr/share/doc/${PF}/
215 196
1973. Virtual Host Support
198-----------------------
199
200The ability to easily configure and administer multiple virtual hosts is a
201must.
202
2033.1 New "vhost" USE Flag
204''''''''''''''''''''''''
205
206To enable support for multiple virtual host installations a new USE flag is
207to be added to Portage. The use flag will be::
208
209 vhost
210
211When *vhost* is _set_ the installation location and configuration for the web
212application will be effected, see below for more details.
213
2143.2 VHost Configuration Tool
215''''''''''''''''''''''''''''
216
217To assist administration of multiple virtual hosts a "VHost Configuration Tool"
218needs to be developed and implemented. Initial discussion regarding the VHost
219Config tool and proposed usage can be found at http://article.gmane.org/gmane.linux.gentoo.devel/10874.
220
221It's the job of the VHost Config toolset to make a local instance of the web
222application run under a specific web server.
223
224The VHost Configuration Utility will need to be a seperate package, maintained by Gentoo.
225
226Web Server .ebuilds will require the VHost Config tool as a dependency (DEPEND).
227
228`Bug #26293`_ will be used to track the initial progress of the VHost
229Configuration Tool.
230
231.. _Bug #26293: http://bugs.gentoo.org/show_bug.cgi?id=26293
232
233
234The vhost-config must do three main things:
235
236 - creates directories (copies a skeleton directory for the most part).
237 - create web server vhost config files.
238 - HUP web server so it reads in the new config without stopping.
239
240Initially the VHost Config tool should provide support for the Apache web
241server. As the tool matures support for other web servers can be added.
242
2163.1 Single Host Installation 2433.3 Single Host Installation
217'''''''''''''''''''''''''''' 244''''''''''''''''''''''''''''
218 245
219For single host installations the .ebuild will make the required 246For single host installations the .ebuild will make the required
220configurations changes and symlinks using the VHost Config tool to ensure 247configurations changes and symlinks using the VHost Config tool to ensure
221that the web application is available to be served from:: 248that the web application is available to be served from::
222 249
223 /var/www/localhost/htdocs/${PN} 250 /var/www/localhost/htdocs/${PF}/
224 251
252In this case it may be feasible for the VHost Config tool to simply symlink the
253directories from /usr/share/webapps/${PF}/ as is appropriate.
254
2253.2 Virtual Host Installation 2553.4 Virtual Host Installation
226''''''''''''''''''''''''''''' 256'''''''''''''''''''''''''''''
227 257
228For installations that support multiple virtual hosts the .ebuild will 258For installations that support multiple virtual hosts the .ebuild will
229install the web application into the default location and then leave configuration 259install the web application into the default location and then leave configuration
230to the user through the VHost Config tool. 260to the user through the VHost Config tool.
231 261
232<< TO BE EXPANDED UPON >> 262In this case the web application files will be copied from
263/usr/share/webapps/${PF}/ to /var/www/<FQDN>/ by the VHost Config tool.
233 264
2344. Application Configuration 2653.5 Configuration Files
235---------------------------- 266'''''''''''''''''''''''
236 267
237Having application configuration files in the Document Root of a web
238server is a potential security risk. Additionally given the way that many
239ebuilds currently install web applications it can also lead to the
240overwriting of important configuration files.
241
242As stated above web application configuration files are to be installed into:: 268As stated above web application *site default* configuration files are to be
269installed into::
243 270
244 /etc/webapps/${PF}/ 271 /etc/webapps/${PF}/
245 272
246By installing application configuration files in /etc Portage CONFIG_PROTECT 273The files in this directory are then copied (not symlinked!) by the VHost
247features can be used to ensure that configuration files are not overwritten. 274Config tool to the Document Root for each instance of the app that is installed.
248 275
2494.1 Virtual Host Support 276This will require the VHost Config toolset to emulate Portage's CONFIG_PROTECT
250'''''''''''''''''''''''' 277behaviour for the web applications.
251 278
252<< TO BE EXPANDED UPON >>
253
2545. Application Permissions 2794. Application Permissions
255-------------------------- 280--------------------------
256 281
257Installing web applications and giving the web server ownership of the files 282Installing web applications and giving the web server ownership of the files
258is a security risk. This can possibly lead to application configuration 283is a security risk. This can possibly lead to application configuration
259files being accessed by unwanted third parties. 284files being accessed by unwanted third parties.
272The main issues are: 297The main issues are:
273 * transition of existing configuration files to the 298 * transition of existing configuration files to the
274 /etc/webapps/${PF}/ directory. 299 /etc/webapps/${PF}/ directory.
275 * modification/reconfiguration of applications so that they 300 * modification/reconfiguration of applications so that they
276 are aware of the location of configuration files. 301 are aware of the location of configuration files.
277 * creating approriate Apache configuration snippets for inclusion 302 * creating the VHost Config toolset to enable installation and
278 in the Apache configuration files. 303 configuration of web applications irrespective of web server.
279 304
280 305
281References 306References
282========== 307==========
283 308
287 312
288Copyright 313Copyright
289========= 314=========
290 315
291This document has been placed in the public domain. 316This document has been placed in the public domain.
292

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.5

  ViewVC Help
Powered by ViewVC 1.1.20