DocumentRoot¶
Publish¶
In order for a website to be accessible to visitors, it must be published to the correct directory. Upload your files via SFTP and place them in /var/www/virtual/<username>/html. We also create a symlink ~/www in your home directory that points to /var/www/virtual/<username>.
Additional DocumentRoots¶
Warning:
We strongly suggest to use different accounts for different projects due to security reasons. If one of the DocumentRoots gets compromised (e.g. because of a CVE), all other files within all other DocumentRoots can be compromised as well.
By default, every domain you add gets its own folder at /var/www/virtual/<username>/<domain>, which is a symlink to html, so all your domains share the same DocumentRoot unless you change this.
To give a domain its own, separate DocumentRoot, remove the symlink and create a real folder in its place:
[isabell@moondust ~]$ rm /var/www/virtual/isabell/isabell.example
[isabell@moondust ~]$ mkdir /var/www/virtual/isabell/isabell.example
Each domain gets its own Apache VirtualHost, with its DocumentRoot set directly to that folder – no RewriteRules or .htaccess tricks required, and the DOCUMENT_ROOT variable Apache sets reflects the real path.
Warning:
Symlinking to folders in /home will not work here because the Apache web server does not have access rights to anything in /home.
Warning:
Don't delete /var/www/virtual/<username>/html while any of your domains still symlink to it (the default for every domain you haven't given a separate DocumentRoot) – those domains would become inaccessible. Domains you've given their own real folder are unaffected.
Example: Change DocumentRoot location¶
Many PHP apps like Symfony provide their own public webfolder within their folder structure. It is recommended to only make this folder accessible by the webserver. This can be done like this:
# in /var/www/virtual/$USER
[isabell@moondust isabell]$ rm -f html/nocontent.html
[isabell@moondust isabell]$ rmdir html
[isabell@moondust isabell]$ mkdir -p my_project/public
[isabell@moondust isabell]$ ln -s my_project/public html
This results in the following structure:
[isabell@moondust]$ tree /var/www/virtual/$USER
.
├── html -> my_project/public
└── my_project
└── public
Because my_project is not a domain name that can be reached by the webserver, the source code will never be reachable from the outside.
Permissions¶
Since the webserver runs with a different user, you need to make sure your files have the right permissions. The folder /var/www/virtual/<username>/html and all additional DocumentRoots need to have mode 0755, the files within 0644. To fix this for all files and folders, use:
[isabell@moondust ~]$ chmod -R u=rwX,go=rX ~/html
Tip:
Since the folder /var/www/virtual/<username> has mode 0750, other users on the same server can't access your files.
Configuration¶
Provided configuration¶
We provide the following configuration:
DirectoryIndex index.html index.htm index.php nocontent.html
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/wasm .wasm .wasm.gz .wat .wat.gz
The full configuration is in /etc/httpd/conf/httpd.conf, which is readable by every user.
Own configuration¶
You can provide your own configuration with .htaccess files. Check the Directive Quick Reference for valid directives. The third column must contain h for it to be allowed in .htaccess.