So, your point is: why install a VirtualHost module if you need just a simple http support for ibay? Right?
Uhm, I have to think about this, waiting for others thoughts
Maybe we should create a mockup to clear our mind with a visual example.
I really like @davidep comments. Thats one thing I don’t like at Nethserver as much as other things (but it’s far away from beeing bad!).
I implemented the whole VirtualHost stuff (with SSL and only for ProxyPass) in my own conf-files (without using templates etc.). It works and I’m happy about that.
To manage this using a WebGUI would be a great advantaged. Let’s Encrypt integration would be the best. Also to request Let’s Encrypt certificates with one certificate for each (Sub)Domain and not just one certificate for all Domains would be great. That would be the easiest usage everybody can imagine without the need of having knowlege of Linux, Apache configuration, Certificates and Let’s Encrypt.
A friend of mine has shown me how Sophos UTM is managing this.
You have a page, where you configure your Webservers (the Server where the ProxyPass would redirect to) and the Pages (the ServerName of the VirtualHost as well as the Ports).
This is how it looks like:
The “Website”-Management (“virtual Webserver”):
Just my opinion but you must separate vhosts from the concept of having just another method of sharing files.
Vhost is more related to hosting sites, than to make available the files over http/https.
And you already have owncloud if you want to share files over http.
I can only speak about the vhost topic because I don’t use the other stuff.
It is related to webhosting so, as @Ctek said, it should be separated.
How this should look in detail, I don’t know. Above you see how Sophos solved this. I don’t know if it has to be that big, but at least I must have the possibility to add new vhosts (http and https) and modify the settings of each vhost. Maybe automatic certificate-handling using Let’s encrypt can also be added here.
@Ctek remarked we must separate vhosts and file sharing. I absolutely agree on this.
@alefattorini says everyone uses FTP/SCP to upload websites, so SMB is not required for vhosts.
My concerns are not duplicating features on “shared folders” and “virtual hosts” pages, such as filesystem permission handling. I’d prefer keeping the filesystem permissions part on “shared folders” and allow referencing them from the “virtual hosts page”. A virtual host could require or even not require (in case of proxypass) a filesystem folder.
Why not a filesystem hierarchy that keeps them separated? Isn’t it simpler? For example creating a new folder under /var/lib/nethserver/virtualhosts with apache:apache
Referencing a shared folder from the “virtual hosts page” IMHO is useless and makes things unnecessarily complicated
This is exactly a “Shared folders” feature I don’t want to duplicate!
The new User & Groups model in NS7 allows simplifying the underlying implementation of ACLs for Apache. We could add apache group as “Owner” and also apache user under ACLs tab.
This would remove the need of that exoteric checkbox “Allow .htaccess and write permissions overrides”…
I had a little time think about this feature and I would like to present my proposal.
Let’s start from a strong assumption: FTP is an insecure protocol, password of system users must not be sent over FTP protocol.
Given a virtual host named goofy, the virtual host should have:
DNS name automatically associated as server alias
Custom URL
HTTPS access with custom certificate (auto-signed or Let’s Encrypt or purchased)
Text area for advanced options (like PHP options or rewrite rules)
htaccess support
Password protection
FTP access using the virtual host name as user and a strong generated strong random password.
Example:
User: goofy
Password: GBq6Hdvn
WebDav access (thanks to @stephdl for the implementation already done for NS 6)
This implementation could be very simple to maintain and extend.
Yes, we loose access using system users but this will save us from many problems and hacky code.
It’s not a big lost, virtual users are commonly used to access ftp, since who uploads files isn’t a system users but external webmasters
Like it, we may start with this, see how it goes and improve along the way.