Ask Your Question
0

Creating VirtualHosts On Fedora 20

asked 2014-05-14 16:49:43 -0500

Dumindu gravatar image

updated 2014-05-15 09:40:29 -0500

mether gravatar image

Hi,

I'm a web developer, I installed LAMPP Stack by following steps on Fedora 20,

yum install mariadb mariadb-server
yum install php
yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-magickwand php-mbstring php-mcrypt php-mssql php-shout php-snmp php-soap php-tidy
yum install phpmyadmin

I store my development projects under /home/<user>/Development folder and I want to create several VirtualHosts for the projects.</user>

Then I created /etc/httpd/conf.d/sample.conf and added following line to it.

<VirtualHost *:80>
  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin webmaster@sample.com
  ServerName  sample.dev
  ServerAlias www.sample.dev


  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.php
  DocumentRoot /home/<user>/Development/sample/public
  <Directory "/home/<user>/Development/sample/public">
    Order allow,deny
    Allow from all
    AllowOverride all
  </Directory>

  # Custom log file locations
  LogLevel warn
  ErrorLog  /home/<user>/Development/sample/log/error.log
  CustomLog /home/<user>/Development/sample/log/access.log combined
</VirtualHost>

after that I added 127.0.0.1 instantapp.dev to the end of the /etc/hosts

But it gives

Forbidden; You don't have permission to access / on this server.

Please anybody can tell me the correct/best way to create multiple VirtualHosts on Fedora 20.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2014-05-14 20:49:31 -0500

Fedora, by default, only allows httpd to read files in the designated httpd directory. There are clear security risks to allowing a public-facing web server to read users' home directory, where you might store personal files, bank records, site cookies, and other things you generally don't want to share.

Instead, I would recommend structuring your virtualhost DocumentRoot in the standard /var/www/ directory. Give your user permission to read and write there with chmod, or if you're not the only one, assign those permissions to a group with chgrp and add your users to the group.

If you have a solid reason for allowing httpd to access your home directories despite the security risk and unneeded extra work, read man httpd_selinux for relevant booleans and check the security logs with ausearch -m avc -ts recent|audit2why

edit flag offensive delete link more

Comments

Hi,

Thanks for the reply. we are using a SVN to store project files including docs, designs and etc. And I usually checkout the whole directory which includes Database, Documentation, SourceCode folders via the IDE (PhpStorm) and set the SourceCode's public directory as the document root. So is it ok to do the same thing on /var/www folder or can I use a symlink while stored the code on home? or what is the correct/ best way to do such thing? And this is a development environment, not a hosting environment. Thanks

Dumindu gravatar imageDumindu ( 2014-05-15 03:12:21 -0500 )edit

You can can either put the whole tree in /var/www and set DocumentRoot appropriately, sure. If you keep the files in /home, whether symlinking or not, know that SELinux can't be tricked by symlinks; the files still need to be labeled appropriately.

randomuser gravatar imagerandomuser ( 2014-05-15 13:14:49 -0500 )edit
0

answered 2014-05-15 02:44:19 -0500

remi gravatar image

updated 2014-05-15 02:45:21 -0500

   Allow from all

This configuration directive is deprecated with Apache Httpd 2.4. You need to use the new "Require" syntax.

   Require all granted

Notice the mod_access_compat recognize the old directive, and only allow to restrict some area, but doesn't allow to give access to area protected by the default rule...

edit flag offensive delete link more

Comments

got it, thank. I want to know the correct/ best way to do this. On ubuntu I have did this several times but still couldn't understand Fedora's strategy with SELinux.

Dumindu gravatar imageDumindu ( 2014-05-15 03:16:58 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2014-05-14 16:49:43 -0500

Seen: 1,002 times

Last updated: May 15 '14