Webserver tricks

NethServer Version: latest
Module: webserver .

My nightmare comes true :slight_smile: : containers everywhere !

we have folders in _data that holds websites

deleting one an recreating it by a symbolic link breaks everything.

I have a mirror, in /mir/data1 .

I do

ln -s /mir/data1 /........./_data/900X ...

I get 404 whatever I do, rights/modes etc .

One details, /mir is a second disk .

changing the root folder of the WWW site with sftpgo admin doesn’t help at all .

I would love to see a clean way of doing that, on NS7 it worked great .

This is VERY logical, as this would just break security. To keep things simple, Data for a module is best kept in the module…
Inside the container, you can symlink all you want, it would work. But would not solve your space problem. But outside the container?

And - to be honest, it worked on NS7, yes, but never was supported. But I also used that method for a short while. NS7 will not show the used space correctly, and other caveats.

Planning your Server is also a fundamental issue. NS8 is new, so why are old bottles used for new wine?
You should have learned from NS7 how much space your system requires, and planned that accordingly!

My 2 cents
Andy

Well that is life , I have a machine with this and that HW …

I put NS on the disk one SSD …
and my data on a huge HDD …

this is the principle of modern computers and … servers :slight_smile: .

If a software cannot handle that , then it has problem that is called : Limitation .
I may sound picky, but this limitation should be known.

Web servers administrators have already their protocols and standards,
so “you” land in his office with a folder like:

/home/webserver1/.local/share/containers/storage/volumes/websites/_data/900X

he will not be happy, so

Or we can modify that ( a parameter somewhere)
Or we do the soft links tricks,

a process accesses a file, the OS takes care of the rest (the file can be a device, a regular file, a link …)

security wise, I don’t see the relationship … I mean, we have web-servers running “differently” than this everywhere …just fine .

logically there a solution to this in here (NS8).

the further I went is with www-data as the ‘user’ , later on I will redo everything with ‘webserver1’ as the user, as I suspect a read permission issue somewhere …

unless the container runs under a different (U)ID .

another question,

the folders in _data , 900X … , have UID and GID foreing to the server, so I deduct from what you said that , those UID/GID are local in the containers ?

exp: username “toto” has UID of 12134 , on the server that UID doesnt exist and yet has been created by NS8’s webserver installer .

also, I may just zap everything by just mounting the disk on _data folder ? or maybe higher in the tree ?

Hi @remi_python

You are very right, if the calendar would state somewhere in the last millenium, like 1990…

We now have 2024. And virtualization is everywhere. Doing a native install is sooo dated!


I use Proxmox as Hypervisor, and let that take care of Storage and redundancy.

If the software supports it (eg Windows), I do use several disks, classical C:, D: maybe even a E: Disk if needed.

Systems like NS7, which were always intended to run on a single “logical” disk (If mirrored or raided underneath, still the OS sees a single disk), but also a NS8 “Node”, I prefer to provide a single disk.

While it was always possible to add in another disk, and symlink as needed, the statistics on Cockpit would not show anymore correct data for disk usage, so added danger of disk overfilling, etc. Backups were also getting wrong data amounts in stats…
Ergo, the OS was never designed to handle this additional disk.

It takes about 2 minutes to let the disk grow to a newer required size for almost ANY OS, so why bother?


Containerization, like NS8 uses, is again a different animal. There are rootless containers, and some which need root. But generally, all containers have their own simple users - like almost any other linux - but highly limited. Applications in the container use LDAP or AD to access Users / Groups of the Cluster.

So allowing access from one container to the root file system of the Cluster would be inviting serious trouble!


I hope the above clarifies a few things.

And no, please don’t use a domain like .local or .lan in the days of LetsEncrypt. :slight_smile:

Note:

If you have questions regarding Virtualization, Proxmox or general networking / planning issues, don’t hesitate to PM me.

My 2 cents
Andy

On NS7 most space or data was under /var/lib/nethserver, on NS8 it is mainly in /home.
From my point of view, NS8 will require more space than NS7.

3 Likes

Well no offense (you blame me, criticize me, and didn’t show a glimpse of a solution) so , my simple mind and wallet will wait for the “clean” solution, in the mean time I am “hacking in”.
and will for sure post the solution if found .

Otherwise,I go back to NS7, it is still a nice gem zero problem for years on the same installed servers :slight_smile:

I did offer a PM, better for discussing security, IPs and such than in a public Forum…

The offer still stands.

Sure you can. It is EOL in less than 3 Months and will continue to work, but will have more and more unsupportable problems, besides being a security risk for the rest of the Internet…

You’re free to choose… :slight_smile:

My 2 cents
Andy

that is not the goal of the game , at least how I understood.

we come here to help each others .

and that publicly, so: whoever gets across similar issues, he/she can be saved by a simple query on the forum.

1 Like

@remi_python

More info about virtualization:

https://wiki.nethserver.org/doku.php?id=userguide:nethserver_and_proxmox

All still valid for NS8…

1 Like

I didn’t test yet but symbolic links seem only working with podman when absolute paths are the same in and out of the container:

3 Likes

Thank you, I am on it :slight_smile:

@stephdl Sorry to bother you if you haven’t seen this post,
if I remember the ngix module is done by you, if you have any suggestion, I’ll be very grateful :slight_smile:

1 Like

what is the issue ?

lack of place, I have a solution, buy two SSD 4T one for me, one for you

More seriously, I am listening you

I work this way:

OS on a disk, Data on a disk .

It is not about space really, but to me a way of doing things .

So I spotted that the vhosts of the ngix server (“httpd”) reside in /home…/_data/900X/
(x as in x y or z parameter/number …)

making symlinks like in NS7 doesn’t work (yet? rights/userID ? …) , and instead of spending a lot of time debugging, I thought you may have an idea .

If symlinks are a no got because of this or that, I don’t mind mounting the Data disk on that folder (I haven’t tried that yet).

So I thought of you, is there a specific UID to use ? a folder permissions ? etc .
If I decide to “play” with the mount point of the Data disk, on what level do you suggest I hook it ? : _data or the vhosts ? or higher ?

Selinux is in the party I am not sure we could do easily a symlink

1 Like

I understand that,

I will then mount the disk on _data ,

Or, uninstall NS8 , mount the disk in /home “aka like many unixes …”
and then install NS 8

What do you think ?

Well, thank you for your cooperation !

https://docs.nethserver.org/projects/ns8/en/latest/disk_usage.html

I will basically mount the disk in /home …

1 Like