| 1 | GLEP: 11 |
1 | GLEP: 11 |
| 2 | Title: Web Application Installation |
2 | Title: Web Application Installation |
| 3 | Version: $Revision: 1.1 $ |
3 | Version: $Revision: 1.6 $ |
| 4 | Last-Modified: $Date: 2003/08/07 19:02:40 $ |
4 | Last-Modified: $Date: 2006/09/04 03:12:43 $ |
| 5 | Author: Troy Dack <tad@gentoo.org> |
5 | Author: Troy Dack <tad@gentoo.org> |
|
|
6 | Author: Stuart Herbert <stuart@gentoo.org> |
| 6 | Discussions-To: gentoo-dev@gentoo.org |
7 | Discussions-To: gentoo-dev@gentoo.org |
| 7 | Status: Draft |
8 | Status: Final |
| 8 | Type: Standards Track |
9 | Type: Standards Track |
| 9 | Content-Type: text/x-rst |
10 | Content-Type: text/x-rst |
| 10 | Created: 02 August 2003 |
11 | Created: 02-August-2003 |
| 11 | Post-History: 07 Aug 2003 |
12 | Post-History: 07-Aug-2003, 12-Aug-2003, 13-Aug-2003, 3-Sep-2006 |
|
|
13 | |
|
|
14 | Status |
|
|
15 | ====== |
|
|
16 | |
|
|
17 | As of 2006-09-03 the webapp eclass has existed for some time. |
| 12 | |
18 | |
| 13 | Credits |
19 | Credits |
| 14 | ======= |
20 | ======= |
| 15 | |
21 | |
| 16 | Based on comments posted to gentoo-dev mailing list [#WebAppPost1]_ |
22 | Based on comments posted to gentoo-dev mailing list [#WebAppPost1]_ |
| 17 | [#WebAppPost2]_ [#WebAppPost3]_ by: |
23 | [#WebAppPost2]_ [#WebAppPost3]_ by: |
| 18 | |
24 | |
| 19 | Stuart Herbert <stuart@gentoo.org>, Max Kalika <max@gentoo.org>, |
25 | Stuart Herbert <stuart at gentoo.org>, Max Kalika <max at gentoo.org>, |
| 20 | Robin H.Johnson <robbat2@gentoo.org> and others |
26 | Robin H.Johnson <robbat2 at gentoo.org> and others |
| 21 | |
27 | |
| 22 | Definitions |
28 | Definitions |
| 23 | =========== |
29 | =========== |
| 24 | |
30 | |
| 25 | *Web Application* |
31 | *Web Application* |
| … | |
… | |
| 85 | 1. Gentoo installed web applications (eg: horde, phpbb, cacti, |
91 | 1. Gentoo installed web applications (eg: horde, phpbb, cacti, |
| 86 | phpmysql) should not be installed in the Document Root of a web server. |
92 | phpmysql) should not be installed in the Document Root of a web server. |
| 87 | 2. Web applications should not have their configuration files installed |
93 | 2. Web applications should not have their configuration files installed |
| 88 | under the Document Root of a web server. |
94 | under the Document Root of a web server. |
| 89 | |
95 | |
| 90 | i. Web Application must be slotted by their major version numbers to |
96 | i. Web Application must be slotted by their full version numbers to |
| 91 | further avoid downtime when true configuration changes are required. |
97 | further avoid downtime when true configuration changes are required. |
| 92 | |
98 | |
| 93 | 3. Web applications should not be owned by the same user as the web server. |
99 | 3. Web applications should not be owned by the same user as the web server. |
| 94 | 4. It should be easily possible to have multiple instances of a web |
100 | 4. It should be easily possible to have multiple instances of a web |
| 95 | application without any duplication of source files. |
101 | application without any duplication of source files. |
| … | |
… | |
| 97 | application. |
103 | application. |
| 98 | |
104 | |
| 99 | Implementation |
105 | Implementation |
| 100 | ============== |
106 | ============== |
| 101 | |
107 | |
| 102 | Max Kalika <max@gentoo.org> stated that he has a preliminary eclass that |
108 | Max Kalika <max at gentoo.org> stated that he has a preliminary eclass that |
| 103 | implements a good deal of this GLEP. |
109 | implements a good deal of this GLEP. |
| 104 | |
110 | |
| 105 | Stuart Herbert <stuart@gentoo.org> has committed:: |
111 | Stuart Herbert <stuart at gentoo.org> has committed:: |
| 106 | |
112 | |
| 107 | webapp-apache.eclass |
113 | webapp-apache.eclass |
| 108 | |
114 | |
| 109 | to CVS, this is a stop-gap measure whilst this GLEP is being finalised. |
115 | to CVS, this is a stop-gap measure whilst this GLEP is being finalised. |
| 110 | |
116 | |
| 111 | |
117 | |
| 112 | 1. Web Server |
118 | 1. Web Server |
| 113 | --------------------- |
119 | ------------- |
| 114 | |
120 | |
| 115 | A common default web server will have to be selected and ebuild authors should |
121 | A common default web server should be selected. Selection of a default web |
| 116 | ensure that their applications contain configuration directives suitable for |
122 | server will help to reduce the number of bugs that are reported. |
|
|
123 | |
| 117 | that server. Given the popularity of the Apache web server it is suggested |
124 | Given the popularity of the Apache web server it is suggested that Apache be |
| 118 | that Apache be selected as the Gentoo default web server. |
125 | selected as the Gentoo default web server. |
| 119 | |
126 | |
| 120 | Whilst it is acknowledged that other web servers do exist and are used, there |
127 | The Virtual Host Configuration tool (see below) will transparently support |
| 121 | has to be an assumption made somewhere that people who choose to use something |
128 | different web servers, thus enabling web applications to be installed on a |
| 122 | other than the default have enough knowledge to adapt configurations |
129 | Gentoo system irrespective of the installed web server. |
| 123 | accordingly. |
|
|
| 124 | |
130 | |
| 125 | 1.1 Default Document Root |
131 | 1.1 Default Document Root |
| 126 | ''''''''''''''''''''''''' |
132 | ''''''''''''''''''''''''' |
| 127 | |
133 | |
|
|
134 | The current default Document Root for Gentoo is /home/httpd/, this is |
|
|
135 | unsuitable for a couple of reasons: |
|
|
136 | |
|
|
137 | * /home/ may be exported via nfs to numerous other hosts, it is not |
|
|
138 | acceptable to share publically accessible files with numerous hosts. |
|
|
139 | |
|
|
140 | * there is a potential (all be it small) for a user name clash |
|
|
141 | |
| 128 | To ensure the greatest flexibility when installing applications the following |
142 | To ensure the greatest flexibility when installing applications the following |
| 129 | *Document Root* locations are to be used: |
143 | *Document Root* locations are to be used: |
| 130 | |
144 | |
| 131 | * For single host installations:: |
145 | * For single host installations:: |
| 132 | |
146 | |
| 133 | /var/www/localhost/htdocs/ |
147 | /var/www/localhost/ |
| 134 | |
148 | |
| 135 | * For multiple virtual host installastions:: |
149 | * For multiple virtual host installations:: |
| 136 | |
150 | |
| 137 | /var/www/<fully qualified domain name>/htdocs/ |
151 | /var/www/<fully qualified domain name>/ |
|
|
152 | |
| 138 | eg: |
153 | eg: |
| 139 | /var/www/www.gentoo.org/htdocs/ |
154 | /var/www/www.gentoo.org/ |
|
|
155 | |
|
|
156 | Additionally the chosen location ( /var/www/ ) appears to be becoming a defacto |
|
|
157 | standard for Linux distributions. |
| 140 | |
158 | |
| 141 | 1.2 Apache 2 |
159 | 1.2 Apache 2 |
| 142 | '''''''''''''''''''''''' |
160 | '''''''''''' |
| 143 | |
161 | |
| 144 | All web application .ebuild will honour any USE flags that are intended to |
162 | All web application .ebuilds will honour any USE flags that are intended to |
| 145 | add support for Apache 2 as well as supporting Apache 1 installations. |
163 | add support for Apache 2 as well as supporting Apache 1 installations. |
| 146 | |
164 | |
| 147 | |
165 | 2. Application Installation |
| 148 | 2. Virtual Host Flexibility |
|
|
| 149 | --------------------------- |
166 | --------------------------- |
| 150 | |
|
|
| 151 | In a similar vein to Gentoo's Zope scripts, namely zope-config, we |
|
|
| 152 | should be able to have multiple instances of a single web application |
|
|
| 153 | without duplicating all of the files. |
|
|
| 154 | |
|
|
| 155 | This also allows system administrators to control where web applications |
|
|
| 156 | will appear on their system, as well as to customize a file in a single |
|
|
| 157 | instance of a web application without effecting the original material. |
|
|
| 158 | |
|
|
| 159 | This is easily acheived thru use of Apache configuration directivies and |
|
|
| 160 | symlinks. For PHP instances, see http://tavi.sourceforge.net/VirtualHosts |
|
|
| 161 | for some details. |
|
|
| 162 | |
|
|
| 163 | The primary idea here is that to the web-application, it appears that |
|
|
| 164 | all of it's configuration and files are in the instance directory, but |
|
|
| 165 | the files are physicalled located elsewhere. |
|
|
| 166 | |
|
|
| 167 | 2.1 New "vhost" USE Flag |
|
|
| 168 | '''''''''''''''''''''''' |
|
|
| 169 | |
|
|
| 170 | To enable support for multiple virtual host installations a new USE flag is |
|
|
| 171 | to be added to Portage. The use flag will be:: |
|
|
| 172 | |
|
|
| 173 | vhost |
|
|
| 174 | |
|
|
| 175 | When *vhost* is _set_ the installation location and configuration for the web |
|
|
| 176 | application will be effected, see below for more details. |
|
|
| 177 | |
|
|
| 178 | 2.2 VHost Configuration Tool |
|
|
| 179 | '''''''''''''''''''''''''''' |
|
|
| 180 | |
|
|
| 181 | To assist administration of multiple virtual hosts a "VHost Configuration Tool" |
|
|
| 182 | needs to be developed and implemented. Initial discussion and regarding the VHost |
|
|
| 183 | Config tool can be found at http://article.gmane.org/gmane.linux.gentoo.devel/10874. |
|
|
| 184 | |
|
|
| 185 | The VHost Configuration Utility will need to be a seperate package, maintained by Gentoo. |
|
|
| 186 | Apache .ebuilds will require the VHost Config tool as a dependency (DEPEND). |
|
|
| 187 | |
|
|
| 188 | << TO BE EXPANDED UPON >> |
|
|
| 189 | |
|
|
| 190 | 3. Application Installation Location |
|
|
| 191 | ------------------------------------ |
|
|
| 192 | |
167 | |
| 193 | The current accepted standard Document Root in Gentoo is /home/httpd. The |
168 | The current accepted standard Document Root in Gentoo is /home/httpd. The |
| 194 | discussion suggest that this is not the best location to install web based |
169 | discussion suggest that this is not the best location to install web based |
| 195 | applications. |
170 | applications. |
| 196 | |
171 | |
|
|
172 | 2.1 Application SLOTs |
|
|
173 | ''''''''''''''''''''' |
|
|
174 | |
|
|
175 | All ebuilds are to set the SLOT variable as follows:: |
|
|
176 | |
|
|
177 | SLOT="${PV}" |
|
|
178 | |
|
|
179 | Setting the SLOT variable as shown will enable different versions of the same |
|
|
180 | web application to be served concurrently by one server. |
|
|
181 | |
|
|
182 | 2.2 Installation Paths |
|
|
183 | '''''''''''''''''''''' |
|
|
184 | |
| 197 | Web applications should be installed outside of the Document Root using the following |
185 | Web applications should be installed outside of the Document Root using the following |
| 198 | defaults: |
186 | defaults: |
| 199 | |
187 | |
| 200 | * for files to be served to clients:: |
188 | * for files to be served to clients:: |
| 201 | |
189 | |
| 202 | /usr/share/webapps/${PF}/ |
190 | /usr/share/webapps/${PF}/htdocs/ |
| 203 | |
191 | |
| 204 | /usr/share/webapps/${PF}/public_html/ for files served by the web server |
|
|
| 205 | |
|
|
| 206 | /usr/share/webapps/${PF}/cgi-bin/ for CGI-BIN files |
192 | /usr/share/webapps/${PF}/cgi-bin/ |
| 207 | |
193 | |
| 208 | * install configuration files in:: |
194 | * install *site default* configuration files in:: |
| 209 | |
195 | |
| 210 | /etc/webapps/${PF}/ |
196 | /etc/webapps/${PF}/ |
| 211 | |
197 | |
| 212 | * for documentation files (not served to clients):: |
198 | * for documentation files (not served to clients):: |
| 213 | |
199 | |
| 214 | /usr/share/doc/${PF}/ |
200 | /usr/share/doc/${PF}/ |
| 215 | |
201 | |
|
|
202 | 3. Virtual Host Support |
|
|
203 | ----------------------- |
|
|
204 | |
|
|
205 | The ability to easily configure and administer multiple virtual hosts is a |
|
|
206 | must. |
|
|
207 | |
|
|
208 | 3.1 New "vhost" USE Flag |
|
|
209 | '''''''''''''''''''''''' |
|
|
210 | |
|
|
211 | To enable support for multiple virtual host installations a new USE flag is |
|
|
212 | to be added to Portage. The use flag will be:: |
|
|
213 | |
|
|
214 | vhost |
|
|
215 | |
|
|
216 | When *vhost* is _set_ the installation location and configuration for the web |
|
|
217 | application will be effected, see below for more details. |
|
|
218 | |
|
|
219 | 3.2 VHost Configuration Tool |
|
|
220 | '''''''''''''''''''''''''''' |
|
|
221 | |
|
|
222 | To assist administration of multiple virtual hosts a "VHost Configuration Tool" |
|
|
223 | needs to be developed and implemented. Initial discussion regarding the VHost |
|
|
224 | Config tool and proposed usage can be found at http://article.gmane.org/gmane.linux.gentoo.devel/10874. |
|
|
225 | |
|
|
226 | It's the job of the VHost Config toolset to make a local instance of the web |
|
|
227 | application run under a specific web server. |
|
|
228 | |
|
|
229 | The VHost Configuration Utility will need to be a seperate package, maintained by Gentoo. |
|
|
230 | |
|
|
231 | Web Server .ebuilds will require the VHost Config tool as a dependency (DEPEND). |
|
|
232 | |
|
|
233 | `Bug #26293`_ will be used to track the initial progress of the VHost |
|
|
234 | Configuration Tool. |
|
|
235 | |
|
|
236 | .. _Bug #26293: http://bugs.gentoo.org/show_bug.cgi?id=26293 |
|
|
237 | |
|
|
238 | |
|
|
239 | The vhost-config must do three main things: |
|
|
240 | |
|
|
241 | - creates directories (copies a skeleton directory for the most part). |
|
|
242 | - create web server vhost config files. |
|
|
243 | - HUP web server so it reads in the new config without stopping. |
|
|
244 | |
|
|
245 | Initially the VHost Config tool should provide support for the Apache web |
|
|
246 | server. As the tool matures support for other web servers can be added. |
|
|
247 | |
| 216 | 3.1 Single Host Installation |
248 | 3.3 Single Host Installation |
| 217 | '''''''''''''''''''''''''''' |
249 | '''''''''''''''''''''''''''' |
| 218 | |
250 | |
| 219 | For single host installations the .ebuild will make the required |
251 | For single host installations the .ebuild will make the required |
| 220 | configurations changes and symlinks using the VHost Config tool to ensure |
252 | configurations changes and symlinks using the VHost Config tool to ensure |
| 221 | that the web application is available to be served from:: |
253 | that the web application is available to be served from:: |
| 222 | |
254 | |
| 223 | /var/www/localhost/htdocs/${PN} |
255 | /var/www/localhost/htdocs/${PF}/ |
| 224 | |
256 | |
|
|
257 | In this case it may be feasible for the VHost Config tool to simply symlink the |
|
|
258 | directories from /usr/share/webapps/${PF}/ as is appropriate. |
|
|
259 | |
| 225 | 3.2 Virtual Host Installation |
260 | 3.4 Virtual Host Installation |
| 226 | ''''''''''''''''''''''''''''' |
261 | ''''''''''''''''''''''''''''' |
| 227 | |
262 | |
| 228 | For installations that support multiple virtual hosts the .ebuild will |
263 | For installations that support multiple virtual hosts the .ebuild will |
| 229 | install the web application into the default location and then leave configuration |
264 | install the web application into the default location and then leave configuration |
| 230 | to the user through the VHost Config tool. |
265 | to the user through the VHost Config tool. |
| 231 | |
266 | |
| 232 | << TO BE EXPANDED UPON >> |
267 | In this case the web application files will be copied from |
|
|
268 | /usr/share/webapps/${PF}/ to /var/www/<FQDN>/ by the VHost Config tool. |
| 233 | |
269 | |
| 234 | 4. Application Configuration |
270 | 3.5 Configuration Files |
| 235 | ---------------------------- |
271 | ''''''''''''''''''''''' |
| 236 | |
272 | |
| 237 | Having application configuration files in the Document Root of a web |
|
|
| 238 | server is a potential security risk. Additionally given the way that many |
|
|
| 239 | ebuilds currently install web applications it can also lead to the |
|
|
| 240 | overwriting of important configuration files. |
|
|
| 241 | |
|
|
| 242 | As stated above web application configuration files are to be installed into:: |
273 | As stated above web application *site default* configuration files are to be |
|
|
274 | installed into:: |
| 243 | |
275 | |
| 244 | /etc/webapps/${PF}/ |
276 | /etc/webapps/${PF}/ |
| 245 | |
277 | |
| 246 | By installing application configuration files in /etc Portage CONFIG_PROTECT |
278 | The files in this directory are then copied (not symlinked!) by the VHost |
| 247 | features can be used to ensure that configuration files are not overwritten. |
279 | Config tool to the Document Root for each instance of the app that is installed. |
| 248 | |
280 | |
| 249 | 4.1 Virtual Host Support |
281 | This will require the VHost Config toolset to emulate Portage's CONFIG_PROTECT |
| 250 | '''''''''''''''''''''''' |
282 | behaviour for the web applications. |
| 251 | |
283 | |
| 252 | << TO BE EXPANDED UPON >> |
|
|
| 253 | |
|
|
| 254 | 5. Application Permissions |
284 | 4. Application Permissions |
| 255 | -------------------------- |
285 | -------------------------- |
| 256 | |
286 | |
| 257 | Installing web applications and giving the web server ownership of the files |
287 | Installing web applications and giving the web server ownership of the files |
| 258 | is a security risk. This can possibly lead to application configuration |
288 | is a security risk. This can possibly lead to application configuration |
| 259 | files being accessed by unwanted third parties. |
289 | files being accessed by unwanted third parties. |
| … | |
… | |
| 272 | The main issues are: |
302 | The main issues are: |
| 273 | * transition of existing configuration files to the |
303 | * transition of existing configuration files to the |
| 274 | /etc/webapps/${PF}/ directory. |
304 | /etc/webapps/${PF}/ directory. |
| 275 | * modification/reconfiguration of applications so that they |
305 | * modification/reconfiguration of applications so that they |
| 276 | are aware of the location of configuration files. |
306 | are aware of the location of configuration files. |
| 277 | * creating approriate Apache configuration snippets for inclusion |
307 | * creating the VHost Config toolset to enable installation and |
| 278 | in the Apache configuration files. |
308 | configuration of web applications irrespective of web server. |
| 279 | |
309 | |
| 280 | |
310 | |
| 281 | References |
311 | References |
| 282 | ========== |
312 | ========== |
| 283 | |
313 | |
| … | |
… | |
| 287 | |
317 | |
| 288 | Copyright |
318 | Copyright |
| 289 | ========= |
319 | ========= |
| 290 | |
320 | |
| 291 | This document has been placed in the public domain. |
321 | This document has been placed in the public domain. |
| 292 | |
|
|
Parent Directory
| 
Revision Log
| 
Patch