Contents of /xml/htdocs/proj/en/glep/glep-0011.html

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (hide annotations) (download) (as text)
Thu Aug 7 19:06:01 2003 UTC (15 years, 2 months ago) by g2boojum
Branch: MAIN
File MIME type: text/html
New glep added.

1 g2boojum 1.1 <?xml version="1.0" encoding="utf-8" ?>
2     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3     <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4     <!--
5     This HTML is auto-generated. DO NOT EDIT THIS FILE! If you are writing a new
6     PEP, see http://www.python.org/peps/pep-0001.html for instructions and links
8     -->
9     <head>
10     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
11     <meta name="generator" content="Docutils 0.3.0: http://docutils.sourceforge.net/" />
12     <title>GLEP 11 -- Web Application Installation</title>
13     <link rel="stylesheet" href="tools/glep.css" type="text/css" />
14     </head>
15     <body bgcolor="white">
16     <table class="navigation" cellpadding="0" cellspacing="0"
17     width="100%" border="0">
18     <tr><td class="navicon" width="150" height="35">
19     <a href="http://www.gentoo.org/" title="Gentoo Linux Home Page">
20     <img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]"
21     border="0" width="150" height="35" /></a></td>
22     <td class="textlinks" align="left">
23     [<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>]
24     [<b><a href="http://www.gentoo.org/proj/en/glep">GLEP Index</a></b>]
25     [<b><a href="http://www.gentoo.org/proj/en/glep/glep-0011.txt">GLEP Source</a></b>]
26     </td></tr></table>
27     <div class="document">
28     <table class="rfc2822 field-list" frame="void" rules="none">
29     <col class="field-name" />
30     <col class="field-body" />
31     <tbody valign="top">
32     <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">11</td>
33     </tr>
34     <tr class="field"><th class="field-name">Title:</th><td class="field-body">Web Application Installation</td>
35     </tr>
36     <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.1</td>
37     </tr>
38     <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0011.txt?cvsroot=gentoo">2003/08/07 19:02:40</a></td>
39     </tr>
40     <tr class="field"><th class="field-name">Author:</th><td class="field-body">Troy Dack &lt;tad&#32;&#97;t&#32;gentoo.org&gt;</td>
41     </tr>
42     <tr class="field"><th class="field-name">Discussions-To:</th><td class="field-body"><a class="reference" href="mailto:gentoo-dev&#64;gentoo.org?subject=PEP%2011">gentoo-dev&#32;&#97;t&#32;gentoo.org</a></td>
43     </tr>
44     <tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td>
45     </tr>
46     <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
47     </tr>
48     <tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference" href="glep-0002.html">text/x-rst</a></td>
49     </tr>
50     <tr class="field"><th class="field-name">Created:</th><td class="field-body">02 August 2003</td>
51     </tr>
52     <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">07 Aug 2003</td>
53     </tr>
54     </tbody>
55     </table>
56     <hr />
57     <div class="contents topic" id="contents">
58     <p class="topic-title"><a name="contents">Contents</a></p>
59     <ul class="simple">
60     <li><a class="reference" href="#credits" id="id5" name="id5">Credits</a></li>
61     <li><a class="reference" href="#definitions" id="id6" name="id6">Definitions</a></li>
62     <li><a class="reference" href="#conventions" id="id7" name="id7">Conventions</a></li>
63     <li><a class="reference" href="#abstract" id="id8" name="id8">Abstract</a></li>
64     <li><a class="reference" href="#motivation" id="id9" name="id9">Motivation</a></li>
65     <li><a class="reference" href="#rationale" id="id10" name="id10">Rationale</a></li>
66     <li><a class="reference" href="#implementation" id="id11" name="id11">Implementation</a><ul>
67     <li><a class="reference" href="#web-server" id="id12" name="id12">1. Web Server</a><ul>
68     <li><a class="reference" href="#default-document-root" id="id13" name="id13">1.1 Default Document Root</a></li>
69     <li><a class="reference" href="#apache-2" id="id14" name="id14">1.2 Apache 2</a></li>
70     </ul>
71     </li>
72     <li><a class="reference" href="#virtual-host-flexibility" id="id15" name="id15">2. Virtual Host Flexibility</a><ul>
73     <li><a class="reference" href="#new-vhost-use-flag" id="id16" name="id16">2.1 New &quot;vhost&quot; USE Flag</a></li>
74     <li><a class="reference" href="#vhost-configuration-tool" id="id17" name="id17">2.2 VHost Configuration Tool</a></li>
75     </ul>
76     </li>
77     <li><a class="reference" href="#application-installation-location" id="id18" name="id18">3. Application Installation Location</a><ul>
78     <li><a class="reference" href="#single-host-installation" id="id19" name="id19">3.1 Single Host Installation</a></li>
79     <li><a class="reference" href="#virtual-host-installation" id="id20" name="id20">3.2 Virtual Host Installation</a></li>
80     </ul>
81     </li>
82     <li><a class="reference" href="#application-configuration" id="id21" name="id21">4. Application Configuration</a><ul>
83     <li><a class="reference" href="#virtual-host-support" id="id22" name="id22">4.1 Virtual Host Support</a></li>
84     </ul>
85     </li>
86     <li><a class="reference" href="#application-permissions" id="id23" name="id23">5. Application Permissions</a></li>
87     </ul>
88     </li>
89     <li><a class="reference" href="#backwards-compatibility" id="id24" name="id24">Backwards Compatibility</a></li>
90     <li><a class="reference" href="#references" id="id25" name="id25">References</a></li>
91     <li><a class="reference" href="#copyright" id="id26" name="id26">Copyright</a></li>
92     </ul>
93     </div>
94     <div class="section" id="credits">
95     <h1><a class="toc-backref" href="#id5" name="credits">Credits</a></h1>
96     <p>Based on comments posted to gentoo-dev mailing list <a class="footnote-reference" href="#webapppost1" id="id1" name="id1">[1]</a>
97     <a class="footnote-reference" href="#webapppost2" id="id2" name="id2">[2]</a> <a class="footnote-reference" href="#webapppost3" id="id3" name="id3">[3]</a> by:</p>
98     <blockquote>
99     Stuart Herbert &lt;<a class="reference" href="mailto:stuart&#64;gentoo.org">stuart&#64;gentoo.org</a>&gt;, Max Kalika &lt;<a class="reference" href="mailto:max&#64;gentoo.org">max&#64;gentoo.org</a>&gt;,
100     Robin H.Johnson &lt;<a class="reference" href="mailto:robbat2&#64;gentoo.org">robbat2&#64;gentoo.org</a>&gt; and others</blockquote>
101     </div>
102     <div class="section" id="definitions">
103     <h1><a class="toc-backref" href="#id6" name="definitions">Definitions</a></h1>
104     <blockquote>
105     <dl>
106     <dt><em>Web Application</em></dt>
107     <dd>an application that requires a web server to function and interacts with
108     the user via a browser</dd>
109     <dt><em>Web Application Instance</em></dt>
110     <dd>An apparent install of the Web Application that is served up via the
111     webserver. There may be any number of instances per Web Application.
112     This is a major use for web applications. Our Gentoo Zope setup
113     already provides instances and can be used for some concepts on this
114     matter.</dd>
115     <dt><em>Web Application Setup Program</em></dt>
116     <dd>A script similar in function to zope-config that sets up instances.</dd>
117     <dt><em>Document Root</em></dt>
118     <dd>a location in the file system that forms the main document tree visible from
119     the web</dd>
120     </dl>
121     </blockquote>
122     </div>
123     <div class="section" id="conventions">
124     <h1><a class="toc-backref" href="#id7" name="conventions">Conventions</a></h1>
125     <blockquote>
126     <p>When describing the location of a directory in the file system it
127     wil be shown <em>with</em> a trailing slash, eg:</p>
128     <pre class="literal-block">
129     /foo/bar/
130     </pre>
131     <p>When describing the location of a specific file (irrespective of any
132     file extention) it will shown <em>with out</em> a trailing slash, eg:</p>
133     <pre class="literal-block">
134     /foo/blah
135     </pre>
136     </blockquote>
137     </div>
138     <div class="section" id="abstract">
139     <h1><a class="toc-backref" href="#id8" name="abstract">Abstract</a></h1>
140     <p>To define where and how web based applications should be installed by Gentoo.</p>
141     </div>
142     <div class="section" id="motivation">
143     <h1><a class="toc-backref" href="#id9" name="motivation">Motivation</a></h1>
144     <p>Currently there is no standard defined regarding the installation of web
145     based applicaitons in Gentoo. This leads to ebuild authors creating a
146     variety of methods to determine:</p>
147     <blockquote>
148     <ul class="simple">
149     <li>where the application should be installed</li>
150     <li>what user and permissions the application should be given</li>
151     <li>where any configuration files related to the application should be
152     installed.</li>
153     </ul>
154     </blockquote>
155     <p>Due to a lack of standard install method configuration files are at
156     risk of being overwritten during upgrade, potentially causing system
157     administrators down tine as they have to reconfigure web applications
158     after an upgrade.</p>
159     </div>
160     <div class="section" id="rationale">
161     <h1><a class="toc-backref" href="#id10" name="rationale">Rationale</a></h1>
162     <p>A discussion on the gentoo-dev mailing list <a class="footnote-reference" href="#webapppost1" id="id4" name="id4">[1]</a> raised the
163     following points regarding how Gentoo handles the installation of web based
164     applications:</p>
165     <blockquote>
166     <ol class="arabic">
167     <li><p class="first">Gentoo installed web applications (eg: horde, phpbb, cacti,
168     phpmysql) should not be installed in the Document Root of a web server.</p>
169     </li>
170     <li><p class="first">Web applications should not have their configuration files installed
171     under the Document Root of a web server.</p>
172     <blockquote>
173     <ol class="lowerroman simple">
174     <li>Web Application must be slotted by their major version numbers to
175     further avoid downtime when true configuration changes are required.</li>
176     </ol>
177     </blockquote>
178     </li>
179     <li><p class="first">Web applications should not be owned by the same user as the web server.</p>
180     </li>
181     <li><p class="first">It should be easily possible to have multiple instances of a web
182     application without any duplication of source files.</p>
183     </li>
184     <li><p class="first">It should be immediately apparent how to control instances of a web
185     application.</p>
186     </li>
187     </ol>
188     </blockquote>
189     </div>
190     <div class="section" id="implementation">
191     <h1><a class="toc-backref" href="#id11" name="implementation">Implementation</a></h1>
192     <p>Max Kalika &lt;<a class="reference" href="mailto:max&#64;gentoo.org">max&#64;gentoo.org</a>&gt; stated that he has a preliminary eclass that
193     implements a good deal of this GLEP.</p>
194     <p>Stuart Herbert &lt;<a class="reference" href="mailto:stuart&#64;gentoo.org">stuart&#64;gentoo.org</a>&gt; has committed:</p>
195     <pre class="literal-block">
196     webapp-apache.eclass
197     </pre>
198     <p>to CVS, this is a stop-gap measure whilst this GLEP is being finalised.</p>
199     <div class="section" id="web-server">
200     <h2><a class="toc-backref" href="#id12" name="web-server">1. Web Server</a></h2>
201     <p>A common default web server will have to be selected and ebuild authors should
202     ensure that their applications contain configuration directives suitable for
203     that server. Given the popularity of the Apache web server it is suggested
204     that Apache be selected as the Gentoo default web server.</p>
205     <p>Whilst it is acknowledged that other web servers do exist and are used, there
206     has to be an assumption made somewhere that people who choose to use something
207     other than the default have enough knowledge to adapt configurations
208     accordingly.</p>
209     <div class="section" id="default-document-root">
210     <h3><a class="toc-backref" href="#id13" name="default-document-root">1.1 Default Document Root</a></h3>
211     <p>To ensure the greatest flexibility when installing applications the following
212     <em>Document Root</em> locations are to be used:</p>
213     <blockquote>
214     <ul>
215     <li><p class="first">For single host installations:</p>
216     <pre class="literal-block">
217     /var/www/localhost/htdocs/
218     </pre>
219     </li>
220     <li><p class="first">For multiple virtual host installastions:</p>
221     <pre class="literal-block">
222     /var/www/&lt;fully qualified domain name&gt;/htdocs/
223     eg:
224     /var/www/www.gentoo.org/htdocs/
225     </pre>
226     </li>
227     </ul>
228     </blockquote>
229     </div>
230     <div class="section" id="apache-2">
231     <h3><a class="toc-backref" href="#id14" name="apache-2">1.2 Apache 2</a></h3>
232     <p>All web application .ebuild will honour any USE flags that are intended to
233     add support for Apache 2 as well as supporting Apache 1 installations.</p>
234     </div>
235     </div>
236     <div class="section" id="virtual-host-flexibility">
237     <h2><a class="toc-backref" href="#id15" name="virtual-host-flexibility">2. Virtual Host Flexibility</a></h2>
238     <p>In a similar vein to Gentoo's Zope scripts, namely zope-config, we
239     should be able to have multiple instances of a single web application
240     without duplicating all of the files.</p>
241     <p>This also allows system administrators to control where web applications
242     will appear on their system, as well as to customize a file in a single
243     instance of a web application without effecting the original material.</p>
244     <p>This is easily acheived thru use of Apache configuration directivies and
245     symlinks. For PHP instances, see <a class="reference" href="http://tavi.sourceforge.net/VirtualHosts">http://tavi.sourceforge.net/VirtualHosts</a>
246     for some details.</p>
247     <p>The primary idea here is that to the web-application, it appears that
248     all of it's configuration and files are in the instance directory, but
249     the files are physicalled located elsewhere.</p>
250     <div class="section" id="new-vhost-use-flag">
251     <h3><a class="toc-backref" href="#id16" name="new-vhost-use-flag">2.1 New &quot;vhost&quot; USE Flag</a></h3>
252     <p>To enable support for multiple virtual host installations a new USE flag is
253     to be added to Portage. The use flag will be:</p>
254     <pre class="literal-block">
255     vhost
256     </pre>
257     <p>When <em>vhost</em> is _set_ the installation location and configuration for the web
258     application will be effected, see below for more details.</p>
259     </div>
260     <div class="section" id="vhost-configuration-tool">
261     <h3><a class="toc-backref" href="#id17" name="vhost-configuration-tool">2.2 VHost Configuration Tool</a></h3>
262     <p>To assist administration of multiple virtual hosts a &quot;VHost Configuration Tool&quot;
263     needs to be developed and implemented. Initial discussion and regarding the VHost
264     Config tool can be found at <a class="reference" href="http://article.gmane.org/gmane.linux.gentoo.devel/10874">http://article.gmane.org/gmane.linux.gentoo.devel/10874</a>.</p>
265     <p>The VHost Configuration Utility will need to be a seperate package, maintained by Gentoo.
266     Apache .ebuilds will require the VHost Config tool as a dependency (DEPEND).</p>
267     <p>&lt;&lt; TO BE EXPANDED UPON &gt;&gt;</p>
268     </div>
269     </div>
270     <div class="section" id="application-installation-location">
271     <h2><a class="toc-backref" href="#id18" name="application-installation-location">3. Application Installation Location</a></h2>
272     <p>The current accepted standard Document Root in Gentoo is /home/httpd. The
273     discussion suggest that this is not the best location to install web based
274     applications.</p>
275     <p>Web applications should be installed outside of the Document Root using the following
276     defaults:</p>
277     <blockquote>
278     <ul>
279     <li><p class="first">for files to be served to clients:</p>
280     <pre class="literal-block">
281     /usr/share/webapps/${PF}/
283     /usr/share/webapps/${PF}/public_html/ for files served by the web server
285     /usr/share/webapps/${PF}/cgi-bin/ for CGI-BIN files
286     </pre>
287     </li>
288     <li><p class="first">install configuration files in:</p>
289     <pre class="literal-block">
290     /etc/webapps/${PF}/
291     </pre>
292     </li>
293     <li><p class="first">for documentation files (not served to clients):</p>
294     <pre class="literal-block">
295     /usr/share/doc/${PF}/
296     </pre>
297     </li>
298     </ul>
299     </blockquote>
300     <div class="section" id="single-host-installation">
301     <h3><a class="toc-backref" href="#id19" name="single-host-installation">3.1 Single Host Installation</a></h3>
302     <p>For single host installations the .ebuild will make the required
303     configurations changes and symlinks using the VHost Config tool to ensure
304     that the web application is available to be served from:</p>
305     <pre class="literal-block">
306     /var/www/localhost/htdocs/${PN}
307     </pre>
308     </div>
309     <div class="section" id="virtual-host-installation">
310     <h3><a class="toc-backref" href="#id20" name="virtual-host-installation">3.2 Virtual Host Installation</a></h3>
311     <p>For installations that support multiple virtual hosts the .ebuild will
312     install the web application into the default location and then leave configuration
313     to the user through the VHost Config tool.</p>
314     <p>&lt;&lt; TO BE EXPANDED UPON &gt;&gt;</p>
315     </div>
316     </div>
317     <div class="section" id="application-configuration">
318     <h2><a class="toc-backref" href="#id21" name="application-configuration">4. Application Configuration</a></h2>
319     <p>Having application configuration files in the Document Root of a web
320     server is a potential security risk. Additionally given the way that many
321     ebuilds currently install web applications it can also lead to the
322     overwriting of important configuration files.</p>
323     <p>As stated above web application configuration files are to be installed into:</p>
324     <pre class="literal-block">
325     /etc/webapps/${PF}/
326     </pre>
327     <p>By installing application configuration files in /etc Portage CONFIG_PROTECT
328     features can be used to ensure that configuration files are not overwritten.</p>
329     <div class="section" id="virtual-host-support">
330     <h3><a class="toc-backref" href="#id22" name="virtual-host-support">4.1 Virtual Host Support</a></h3>
331     <p>&lt;&lt; TO BE EXPANDED UPON &gt;&gt;</p>
332     </div>
333     </div>
334     <div class="section" id="application-permissions">
335     <h2><a class="toc-backref" href="#id23" name="application-permissions">5. Application Permissions</a></h2>
336     <p>Installing web applications and giving the web server ownership of the files
337     is a security risk. This can possibly lead to application configuration
338     files being accessed by unwanted third parties.</p>
339     <p>All web applications should be owned by <em>root</em> unless the application
340     absolutely requires write access to its installation directories at execution
341     time.</p>
342     </div>
343     </div>
344     <div class="section" id="backwards-compatibility">
345     <h1><a class="toc-backref" href="#id24" name="backwards-compatibility">Backwards Compatibility</a></h1>
346     <p>There may be some issues regarding compatibility with existing installs of
347     web applications. This is particularly true if the default Document Root is
348     moved from what is accepted as the current standard (/home/httpd).</p>
349     <dl>
350     <dt>The main issues are:</dt>
351     <dd><ul class="first last simple">
352     <li>transition of existing configuration files to the
353     /etc/webapps/${PF}/ directory.</li>
354     <li>modification/reconfiguration of applications so that they
355     are aware of the location of configuration files.</li>
356     <li>creating approriate Apache configuration snippets for inclusion
357     in the Apache configuration files.</li>
358     </ul>
359     </dd>
360     </dl>
361     </div>
362     <div class="section" id="references">
363     <h1><a class="toc-backref" href="#id25" name="references">References</a></h1>
364     <table class="footnote" frame="void" id="webapppost1" rules="none">
365     <colgroup><col class="label" /><col /></colgroup>
366     <tbody valign="top">
367     <tr><td class="label"><a name="webapppost1">[1]</a></td><td><em>(<a class="fn-backref" href="#id1">1</a>, <a class="fn-backref" href="#id4">2</a>)</em> <a class="reference" href="http://article.gmane.org/gmane.linux.gentoo.devel/10411">http://article.gmane.org/gmane.linux.gentoo.devel/10411</a></td></tr>
368     </tbody>
369     </table>
370     <table class="footnote" frame="void" id="webapppost2" rules="none">
371     <colgroup><col class="label" /><col /></colgroup>
372     <tbody valign="top">
373     <tr><td class="label"><a class="fn-backref" href="#id2" name="webapppost2">[2]</a></td><td><a class="reference" href="http://news.gmane.org/onethread.php?group=gmane.linux.gentoo.devel&amp;root=%3C1059843010.5023.80.camel%40carbon.internal.lan%3E">http://news.gmane.org/onethread.php?group=gmane.linux.gentoo.devel&amp;root=%3C1059843010.5023.80.camel%40carbon.internal.lan%3E</a></td></tr>
374     </tbody>
375     </table>
376     <table class="footnote" frame="void" id="webapppost3" rules="none">
377     <colgroup><col class="label" /><col /></colgroup>
378     <tbody valign="top">
379     <tr><td class="label"><a class="fn-backref" href="#id3" name="webapppost3">[3]</a></td><td><a class="reference" href="http://news.gmane.org/onethread.php?group=gmane.linux.gentoo.devel&amp;root=%3C86960000.1060038977%40valkyrie.lsit.ucsb.edu%3E">http://news.gmane.org/onethread.php?group=gmane.linux.gentoo.devel&amp;root=%3C86960000.1060038977%40valkyrie.lsit.ucsb.edu%3E</a></td></tr>
380     </tbody>
381     </table>
382     </div>
383     <div class="section" id="copyright">
384     <h1><a class="toc-backref" href="#id26" name="copyright">Copyright</a></h1>
385     <p>This document has been placed in the public domain.</p>
386     </div>
387     </div>
389     <hr class="footer"/>
390     <div class="footer">
391     <a class="reference" href="glep-0011.txt">View document source</a>.
392     Generated on: 2003-08-07 19:02 UTC.
393     Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
394     </div>
395     </body>
396     </html>

  ViewVC Help
Powered by ViewVC 1.1.20