Create a new sharedFolder UI plugin for WEB Settings


(Stefano Giraldi) #21

Hi Folks, you are awesome! :smile:

I’m just working today on a ibay configuration for hosting a web application in PHP (also if I like pyhton :stuck_out_tongue: ) and I stumbled across the problem indicated by @davidep

And I found this good topic. I’m lucky…

I agree with this: two separate tab in the future could remain useful to implement other specific tabs for web applications written in languages different from PHP (I’ve said that I like Python? :wink:)

Just one thing at the end: I haven’t seen in the implementation of @stephdl the capability to set the write permission for apache user over the directory. Could it be made via web interface or do you think that it should be a security weakness if made on the whole ibay and it could be made via command line?

Anyway, a useful improvement. Compliments!


(Davide Principi) #22

You’re right guys, so I like adding SSL and .htaccess to “Web access” tab and keeping PHP (and any other language) options on a separate tab.

This is an important point: now read permissions for apache are set with POSIX ACLs. The Reset permissions button clears any ACL that is not from the “ACL” tab and /etc/e-smith/templates/ibays/system-acls/ template. The responsible for this task is action nethserver-ibays-set-permissions.

If admin sets special ACLs on a specific subdirectory, to grant rw access to apache could we assume he is smart enough to not press Reset permission button and wipe them out? :slight_smile: If you feel NO is the answer, we need to maintain a special subdirectory whitelist.

It should not be too hard to implement a rule in nethserver-ibays-set-permissions that skips setfacl on any directory in the whitelist.

Of course, I’ll take care of the core package: the need for “Force SSL” was already solicited in the past and is partially implemented in nethserver-httpd.

If @stephdl agrees, he could bundle the PHP settings tab into a separate package… Stéphane, is it ok for you?


(Stéphane de Labrusse) #23

Well I’m facing the murphy’s laws these last days, so my free time is unfortunately limited…welcome in the real life :smile:

@etino could you write a draft of your needs with python and apache, I do not know at all about python, but I do know about templates and SME/NETH(a bit less) internal workings. So for my personal culture I would be interested by what you are looking for.

@davidep could you add what the ssl redirection is missing, I’m still curious :smile:


(Stefano Giraldi) #24

At the moment I haven’t studied in depth a well organized implementation of a python webpp using Nethserver ibays. I’ve installed a Flask python app on an ibay just for filesystem access convenience and then via ssh I run manually it using gunicorn

Probably Python will need less server parameter configuration than PHP becouse it can run on a virtuallized environment with his library and configuration.

I promised myself to better reorganize it on a more linear and clean manner, when done, if some interesting things should emerge, I will be happy to share it here.


(Filippo Carletti) #25

@etino, if you want to see how we used gunicorn for a python webapp, look at the webvirtmgr software module. It also has an upstart job to run the service.


(Stéphane de Labrusse) #26

Well I turned a bit around the issue and I can not figured how I could modify the shared folder settings without providing some code to nethserver-httpd like I did in my first push-request https://github.com/stephdl/nethserver-httpd/commit/f0f23e2cc058064910ad502fb0b7381e14cd7a27

So I would know if you can accept some code in the shared folder templates and I will provide a panel (with a separate rpm) to modify the settings. All values will be turned to disabled, hidden and available only by the command line, except of course if you install the module which provide the panel


(Davide Principi) #27

Hi @stephdl,
these days I’m really focused on 6.6 release and cannot start another front. I’m delaying this issue until 6.6 comes out, I hope it doesn’t hurt!

It seems everybody agrees to add The “force SSL” and “.htaccess” options in the current Web Settings tab: we can start from your code, of course.

Moreover, I’d add a way to grant the web app write permissions on specific subfolders. This must be consistent with the “Reset permissions” action.

Everything else should go into a separate RPM.


(Stéphane de Labrusse) #28

Ok we will see it after the release of ns6.6


(Davide Principi) #29

Hi @stephdl,

continuing this thread after 6.6 release :wink:

This is how the “Web access” tab could look:

I was thinking about changing the last checkbox label to something like “Extensible web server configuration”. When it is checked

  • .htaccess overrides are enabled
  • If a file named .http_writable (or similar) exists in the shared folder, it is parsed to apply special write permissions for the web server.

The .http_writable would contain a list of sub directories (relative to shared folder) where the web server is allowed to write. This is to cover situations where a web app needs to write some data on the disk. And it’s also compatible with the “Reset permissions” action.

What do you think?


Shared folder Posix ACL snapshots
Shared folder Posix ACL snapshots
(Giacomo Sanchietti) #30

I think is not clear: if you’re a web developer you know what is htaccess. So, I’d like to leave “Allow .htaccess overrides”.

Again, not clear enough. I propose to add a new field “Writable folders”.
The user can enter a list of writable folders; paths should be relative, like “cache,tmp/templates” etc.


(Davide Principi) #31

@giacomo’s remarks are definitely embraceable: I started that way. Anyway when I was adding the second checkbox, what he called “Writable folders”, I started asking myself why not making one?

The two functions are related to the same scenario: configuring a web application into a shared folder, and it is likely both are simultaneously enabled or disabled.


(Stéphane de Labrusse) #32

One point for giacomo, I fully agree


(Filippo Carletti) #33

Me too. :smile:
Instructions of web apps often mention the word “.htaccess”. Even a non-developer reading instructions will understand the server-manager option.


(Giacomo Sanchietti) #34

I don’t get it.
Can you make an example?


(Davide Principi) #35

Install web app xyapp into a shared folder. This is a common basic scenario that requires:
A. enabling .htaccess (shipped with xyapp)
B. granting Apache write permissions on some directory

B could never occur without A, A usually requires B. Thus let’s enable A+B with a single checkbox.

Let’s find a good name for it. Some proposals:

  1. Allow .htaccess overrides
  2. Allow .htaccess and write permissions overrides
  3. Special web application permissions

(Stéphane de Labrusse) #36

Plop tout le monde

The module is not completely finished, I still need to add some validators, but at least I would have your reviews on parameters we can add or eventually if we can trick the values of these parameters.

sources are available https://github.com/stephdl/nethserver-phpsettings/tree/ns6

and rpms http://mirror.de-labrusse.fr/nethserver/nethserver-phpsettings/

yum install http://mirror.de-labrusse.fr/nethserver/nethserver-phpsettings/nethserver-phpsettings-1.0.0-2.ns6.noarch.rpm

(Davide Principi) #37

Thanks @stephdl, I’ll reply on GitHub!