Proposal for ns7 VirtualHost page

I think the stupid here is our UI and we shall improve it! :wink:

This is my proposal for ns7. Letā€™s create a new page, say Virtual hosts. Generally, a virtual host requires a DNS record, and the right place to set it up by now is under the DNS > Alias server page. Virtual hosts lists the same items of DNS > Alias server, and could also allow creating a new one. I think it is more intuitive to allow both methods of creation. In other words the two pages should offer different views of the same DB records.

When an item of Virtual hosts is modified, the interface allows selecting the shared folders that it serves. Each shared folder can be mounted with an alias or selected as the web root of the virtual host. To persist this relation I propose to add a prop to self records in hosts DB.

ProxyPass configuration should be implemented in a similar way.

The other object that needs to be associated to virtual hosts are SSL certificates. Thereā€™s some UI work also on that side. I think the following choices should cover all use cases:

  • Optional self-signed certificate (both HTTP and HTTPS work)
  • Mandatory self-signed certificate (HTTP redirects to HTTPS)
  • Mandatory existing SSL certificate (uploaded, letsencryptā€¦, HTTP redirects to HTTPS)

Then there are a lot of app/site specific configurations. They can be provided by additional plugins; for instance, Iā€™m thinking about PHP ini values, like @stephdlā€™s nethserver-php-settings does for shared folders, or URL rewriting rules. A free text-area where configuration is pasted from an howto should guarantee the command line is never required!

In the end, filesystem permissions and HTTP authentication are still controlled by the Shared folders page. Only the ā€œvirtual hostā€ features are moved to the new Virtual hosts page.

Shared folder page could still provide HTTP (and even WebDAV) access but

  • only the Apache default virtual host is configured (i.e. server IP in site URL)
  • alias canā€™t be changed: is fixed to ibay name
  • SSL certificate is always the default one
4 Likes

I agree with your proposal. I have some concerns about keeping the HTTP authentication on Shared Folders panel, what about remove it totally? Using ā€œShared Foldersā€ just for configure samba. People frequently confuse the multipurpose aspect of shared folders, Iā€™d like to simplify this part.

In my mind:

  • Shared folders = fileserver
  • VirtualHost = WebServer

I like to preserve this part but it would be completly configured by the Virtual Hosts panel. Just to be clear, Iā€™d like to remove this tab moving it on the VH panel:

Finally, stuff like these should be included into the new Virtual Host page:

Any thoughts? @JOduMonT @Technet @stephdl @Hunv @fasttech @ctek @GG_jr @Nas @eliezer.axiem

I think the whole HTTP is multi-purpose! Thus we should focus on two main aspects

  • file sharing
  • web applications / virtual host

Iā€™m afraid this would lead to an excessive duplication of objects and features. I think that separating virtual host from shared folders balances effectively all aspects.

To set up a web application we need one or more directories in the server, and granting permissions to user and groups, and configuring one or more a file protocolsā€¦ I think duplicating all this stuff on two different pages is not good for both the final user and the development barriers.

I agree with this point of view, but probably final users expect to access web folders using Samba (as suggested by Davide).

From a technical perspective Iā€™d to separate things and have something like this:

  • Shared folders, accessible only from Samba (and NFS)
  • Virtual hosts, accessible using webdav, SFTP and FTP (optional)
2 Likes

I really like this discussion, we are getting somewhere now.
At least a draft of the ā€œnewā€ virtual hosts can be planned.

Indeed, I donā€™t want duplicate anything, just:

  • move totally the http configuration on VirtualHost
  • keep the chance in the VH configuration to select and existing shared folders that it serves. No shared folders? Nothing to serve.

In this scenario we can configure virtualhosts also to serve objects different from shared folders like: webapp (owncloud or wordpress) proxypass, etcā€¦
Am I wrong?

AFAIK this means we loose a nice feature: access to http://<server_ip>/ibayname

If I just need accessing files through HTTP(+WebDAV), why I must configure a virtual-bells-and-whistles-host? :bell:

Do not remove it. Just rename ā€œWeb accessā€ as ā€œHTTPā€ and remove fields ā€œVirtual hostā€ and ā€œWeb address (URL)ā€.

This is always possible through plugins and free-text-area!

So, your point is: why install a VirtualHost module if you need just a simple http support for ibay? Right?
Uhm, I have to think about this, waiting for others thoughts :slight_smile:

Maybe we should create a mockup to clear our mind with a visual example.

1 Like

I really like @davidep comments. Thats one thing I donā€™t like at Nethserver as much as other things (but itā€™s far away from beeing bad!).
I implemented the whole VirtualHost stuff (with SSL and only for ProxyPass) in my own conf-files (without using templates etc.). It works and Iā€™m happy about that.
To manage this using a WebGUI would be a great advantaged. Letā€™s Encrypt integration would be the best. Also to request Letā€™s Encrypt certificates with one certificate for each (Sub)Domain and not just one certificate for all Domains would be great. That would be the easiest usage everybody can imagine without the need of having knowlege of Linux, Apache configuration, Certificates and Letā€™s Encrypt.

4 Likes

A friend of mine has shown me how Sophos UTM is managing this.
You have a page, where you configure your Webservers (the Server where the ProxyPass would redirect to) and the Pages (the ServerName of the VirtualHost as well as the Ports).

This is how it looks like:
The ā€œWebsiteā€-Management (ā€œvirtual Webserverā€):

Edit a Website:

And managing the Webservers (ā€œReal Webserversā€):

Maybe helpful for some inspiration :slight_smile:

3 Likes

Absolutely, thanks!

So Me and @davidep agree on remove the web configuration part from shared folder.
Iā€™m going to write down a small mockup of the new panel :slight_smile:

3 Likes

Iā€™d like to revive this topic. As we said, we need to move forward with these guidelines:

  • Shared Folders and Virtualhost need to be separated!
  • remove ā€œweb accessā€ panel from Shared folders.
  • re-think the whole ā€œvirtualhostā€ panel adding more features
  • certificate + letā€™sencrypt support
  • advanced php settings
  • access by ftp or scp (not by smb)
  • ProxyPass
  • customizable path (root dir or subdir)

@hunv @Ctek

1 Like

What about webdav?

Why not smb?

Just my opinion but you must separate vhosts from the concept of having just another method of sharing files.
Vhost is more related to hosting sites, than to make available the files over http/https.

And you already have owncloud if you want to share files over http.

2 Likes

I can only speak about the vhost topic because I donā€™t use the other stuff.
It is related to webhosting so, as @Ctek said, it should be separated.

How this should look in detail, I donā€™t know. Above you see how Sophos solved this. I donā€™t know if it has to be that big, but at least I must have the possibility to add new vhosts (http and https) and modify the settings of each vhost. Maybe automatic certificate-handling using Letā€™s encrypt can also be added here.

Because of this:
http://wiki.dreamhost.com/Uploading_your_site
https://it.godaddy.com/help/ftp-how-to-upload-files-96
https://my.bluehost.com/hosting/help/upload-site
Summarizing: everyone uses FTP

1 Like

Offtopic: FTP is the same as Flash. You should not use it but everybody does.

  • @Ctek remarked we must separate vhosts and file sharing. I absolutely agree on this.
  • @alefattorini says everyone uses FTP/SCP to upload websites, so SMB is not required for vhosts.

My concerns are not duplicating features on ā€œshared foldersā€ and ā€œvirtual hostsā€ pages, such as filesystem permission handling. Iā€™d prefer keeping the filesystem permissions part on ā€œshared foldersā€ and allow referencing them from the ā€œvirtual hosts pageā€. A virtual host could require or even not require (in case of proxypass) a filesystem folder.

Why not a filesystem hierarchy that keeps them separated? Isnā€™t it simpler? For example creating a new folder under /var/lib/nethserver/virtualhosts with apache:apache :slight_smile:
Referencing a shared folder from the ā€œvirtual hosts pageā€ IMHO is useless and makes things unnecessarily complicated

  • Shared folders: your files
  • Virtualhost folders: your sites
2 Likes