I’m just working today on a ibay configuration for hosting a web application in PHP (also if I like pyhton ) and I stumbled across the problem indicated by @davidep
And I found this good topic. I’m lucky…
I agree with this: two separate tab in the future could remain useful to implement other specific tabs for web applications written in languages different from PHP (I’ve said that I like Python? )
Just one thing at the end: I haven’t seen in the implementation of @stephdl the capability to set the write permission for apache user over the directory. Could it be made via web interface or do you think that it should be a security weakness if made on the whole ibay and it could be made via command line?
You’re right guys, so I like adding SSL and .htaccess to “Web access” tab and keeping PHP (and any other language) options on a separate tab.
This is an important point: now read permissions for apache are set with POSIX ACLs. The Reset permissions button clears any ACL that is not from the “ACL” tab and /etc/e-smith/templates/ibays/system-acls/ template. The responsible for this task is action nethserver-ibays-set-permissions.
If admin sets special ACLs on a specific subdirectory, to grant rw access to apache could we assume he is smart enough to not press Reset permission button and wipe them out? If you feel NO is the answer, we need to maintain a special subdirectory whitelist.
It should not be too hard to implement a rule in nethserver-ibays-set-permissions that skips setfacl on any directory in the whitelist.
Of course, I’ll take care of the core package: the need for “Force SSL” was already solicited in the past and is partially implemented in nethserver-httpd.
If @stephdl agrees, he could bundle the PHP settings tab into a separate package… Stéphane, is it ok for you?
Well I’m facing the murphy’s laws these last days, so my free time is unfortunately limited…welcome in the real life
@etino could you write a draft of your needs with python and apache, I do not know at all about python, but I do know about templates and SME/NETH(a bit less) internal workings. So for my personal culture I would be interested by what you are looking for.
@davidep could you add what the ssl redirection is missing, I’m still curious
At the moment I haven’t studied in depth a well organized implementation of a python webpp using Nethserver ibays. I’ve installed a Flask python app on an ibay just for filesystem access convenience and then via ssh I run manually it using gunicorn
Probably Python will need less server parameter configuration than PHP becouse it can run on a virtuallized environment with his library and configuration.
I promised myself to better reorganize it on a more linear and clean manner, when done, if some interesting things should emerge, I will be happy to share it here.
@etino, if you want to see how we used gunicorn for a python webapp, look at the webvirtmgr software module. It also has an upstart job to run the service.
So I would know if you can accept some code in the shared folder templates and I will provide a panel (with a separate rpm) to modify the settings. All values will be turned to disabled, hidden and available only by the command line, except of course if you install the module which provide the panel
Hi @stephdl,
these days I’m really focused on 6.6 release and cannot start another front. I’m delaying this issue until 6.6 comes out, I hope it doesn’t hurt!
It seems everybody agrees to add The “force SSL” and “.htaccess” options in the current Web Settings tab: we can start from your code, of course.
Moreover, I’d add a way to grant the web app write permissions on specific subfolders. This must be consistent with the “Reset permissions” action.
I was thinking about changing the last checkbox label to something like “Extensible web server configuration”. When it is checked
.htaccess overrides are enabled
If a file named .http_writable (or similar) exists in the shared folder, it is parsed to apply special write permissions for the web server.
The .http_writable would contain a list of sub directories (relative to shared folder) where the web server is allowed to write. This is to cover situations where a web app needs to write some data on the disk. And it’s also compatible with the “Reset permissions” action.
I think is not clear: if you’re a web developer you know what is htaccess. So, I’d like to leave “Allow .htaccess overrides”.
Again, not clear enough. I propose to add a new field “Writable folders”.
The user can enter a list of writable folders; paths should be relative, like “cache,tmp/templates” etc.
@giacomo’s remarks are definitely embraceable: I started that way. Anyway when I was adding the second checkbox, what he called “Writable folders”, I started asking myself why not making one?
The two functions are related to the same scenario: configuring a web application into a shared folder, and it is likely both are simultaneously enabled or disabled.
Me too.
Instructions of web apps often mention the word “.htaccess”. Even a non-developer reading instructions will understand the server-manager option.
Install web app xyapp into a shared folder. This is a common basic scenario that requires:
A. enabling .htaccess (shipped with xyapp)
B. granting Apache write permissions on some directory
B could never occur without A, A usually requires B. Thus let’s enable A+B with a single checkbox.
The module is not completely finished, I still need to add some validators, but at least I would have your reviews on parameters we can add or eventually if we can trick the values of these parameters.