Blog: 2025-06-16

From razwiki
Jump to navigation Jump to search 
2025-06-16 10:27:47	-->	razzi [razzi] (razzi) (~razzi@user/razzi) has joined #php
2025-06-16 10:27:47	--	Topic for #php is "This is a code help channel. Stable PHP versions: 8.4.7, 8.3.21, 8.2.28, 8.1.32 · /msg php-bot guidelines · Be respectful & keep your language clean · Use a paste site for code · http://hashphp.org has some useful links"
2025-06-16 10:27:47	--	Topic set by __adrian (~adrian@user/adrian/x-7832151) on Fri, 09 May 2025 11:28:41
2025-06-16 10:27:47	--	Channel #php: 237 nicks (1 op, 1 voiced, 235 regular)
2025-06-16 10:27:49	--	Channel created on Wed, 19 May 2021 08:43:11
2025-06-16 10:28:28	<--	CiaoSen (~Jura@2a02:8071:64e1:da0:5a47:caff:fe78:33db) has quit (Ping timeout: 272 seconds)
2025-06-16 10:29:32	razzi	Hi, what's the easiest way to create an apache php site in a directory owned by a normal user (so editing it wouldn't require sudo)? I know I can use php -S localhost:5000 from the directory, but I'm looking for a way that would run in the background with apache
2025-06-16 18:32:49	lembron	razzi easier than what? or what part of the puzzle is unclear?
2025-06-16 18:35:19	razzi	Well I haven't been able to get apache to work outside of the default /var/www - so I'm looking for an easier way to work on a site than editing the files there with sudo every time
2025-06-16 18:35:23	AllenJB	Assuming you're on linux, you can use groups to allow both Apache / php-fpm and the user to have write access to a directory at the same time.
2025-06-16 18:36:10	AllenJB	PHP-FPM allows you to change the user scripts run as on a per-pool basis.
2025-06-16 18:36:57	AllenJB	(Note: I don't recommend running web scripts as the same user that uploads the .php files. Web scripts should not have write access to their own code)
2025-06-16 18:39:28	razzi	I'm curious if the /srv directory is conventionally used this way, as I see it mentioned in the apache2.conf. I'm thinking I can make that directory accessible to edit by my normal user and read by my run user www-data
2025-06-16 18:39:44	lembron	or: so what have yu tried? ;D - in a way just changing that documentroot should already do - dropping your own vhost in is a bit "cleaner" - and if thefolder doesnt even matter, just set the access rights to var/ww as you need?
2025-06-16 18:39:54	-->	magla [magla] (realname) (~gelignite@195.52.54.74) has joined #php
2025-06-16 18:40:47	lembron	"if srv is used" depends a bit on distro/admin...
2025-06-16 18:40:49	razzi	I considered just making /var/www editable by my user, but it feels off ... for example putting a git repository in the /var directory seems fishy
2025-06-16 18:41:18	razzi	I feel like I'm missing some obvious solution, maybe even just a symlink would work?
2025-06-16 18:41:43	AllenJB	Doesn't really matter where on the filesystem the site files are located. The permissions setup you want would be the same.
2025-06-16 18:41:54	lembron	sidenote: GIT_DIR can be something entirely different --- but yes mingling those things is ugly as hell ;) so having those with a vhost "somewhere else" is certianly the nicer
2025-06-16 18:42:32	razzi	Basically my requirements are: editable files by non-root user, located in that user's home directory, running on localhost:5000 without having to add paths to the url etc
2025-06-16 18:43:00	lembron	apache can follow symlinks, but i think its off by default
2025-06-16 18:43:18	razzi	I could daemonize php -S and all problems solved too?? Or just go back to what I had working with a tmux split and php -S running
2025-06-16 18:43:24	lembron	if its just localhosting, id just edit the directory Root line in the edfault config and fine is
2025-06-16 18:44:19	lembron	php -S is not "production" - how real that is as dev-system "kinda depends" i guess
2025-06-16 18:44:44	lembron	if fpm is to much config to mess with, mod_php is still there and fine too
2025-06-16 18:45:25	razzi	I have php support just from `apt-get install php` on ubuntu, I think that's mod_php
2025-06-16 18:45:28	lembron	and then its purely apt-get and one texteditor session and donzo (note youll need a <directory> block to set allowed-access on it too
2025-06-16 18:45:34	thumbs	For mod_php, you have to be more careful with configuring httpd, especially with high loads.
2025-06-16 18:45:53	razzi	It's just for local development, so performance isn't much a concern
2025-06-16 18:46:14	lembron	also on localhosting, considerd docker and there like? - as much terrible it has, for stuff like thats its awesome ;P
2025-06-16 18:47:09	razzi	huh yeah I guess docker/podman would work, but part of the hope here is to have it running in the background without having to manage any other processes
2025-06-16 18:49:10	razzi	I was able to get localhost:5000 to bind by making a 001-dev.conf in sites-available, and a2ensite it (and edit ports.conf and apache2.conf) ... but then accessing localhost:5000 gave me 403 Forbidden
2025-06-16 18:49:42	razzi	I guess I have to add a read permission to the apache user for the directory .. and its parent directories?
2025-06-16 18:50:00	lembron	14. but this should kinda string you along https://stackoverflow.com/questions/5891802/how-do-i-change-the-root-directory-of-an-apache-server
2025-06-16 18:50:18	lembron	(irst reply there)
2025-06-16 18:50:20	thumbs	Step 1: always look at the error log.
2025-06-16 18:50:33	thumbs	Step 2. Don't "guess".
2025-06-16 18:50:53	-->	martymcflyyy [martymcflyyy] (Martin Something) (~martymcfl@user/martymcflyyy) has joined #php
2025-06-16 18:51:56	razzi	Oh cool I just looked at /var/log/apache2/error.log for the first time, and I see: "access to / denied (filesystem path '/home/razzi/hack') because search permissions are missing on a component of the path"
2025-06-16 18:53:13	razzi	and I looked at the stackoverflow link lembron posted and ran the `sudo adduser www-data $USER`, restarted apache and it works!
2025-06-16 18:53:32	razzi	So I was closer than I thought, just needed that `adduser`
2025-06-16 18:53:55	lembron	*thumbsup*
2025-06-16 18:55:28	thumbs	razzi: You don't want to set the docroot to /home/user/foo, no.
2025-06-16 18:55:52	thumbs	razzi: Set it to /var/www/somethingelse, and add a symlink to that path in your home directory.
2025-06-16 18:55:54	<--	martymcflyyy (~martymcfl@user/martymcflyyy) has quit (Ping timeout: 260 seconds)
2025-06-16 18:56:27	thumbs	I suggest undoing what you did, first.
2025-06-16 18:57:02	razzi	thumbs: what's the advantage of making it a symlink?
2025-06-16 18:57:24	thumbs	So you can easily cd to it when you open a terminal.
2025-06-16 18:57:53	thumbs	i.e. cd mywebroot, which would redirect you to /var/www/mywebroot
2025-06-16 18:58:05	lembron	thumbs ye why that? - that requires +followSymLinks whats potentially making it worse no?
2025-06-16 18:58:07	razzi	Oh I see, you want the symlink to point the opposite direction than what I imagined
2025-06-16 18:58:16	thumbs	lembron: No, it does not.
2025-06-16 18:58:20	<--	Arutemisu (~BadAdvice@user/badadvicecat) has quit (Read error: Connection reset by peer)
2025-06-16 18:58:30	thumbs	lembron: The content would live in /var/www, and you would secure it normally.
2025-06-16 18:59:02	-->	wolfravenous [wolfravenous] (wolfravenous) (~wolfraven@66.128.139.34) has joined #php
2025-06-16 18:59:02	thumbs	You DO NOT want to open your /home/username directory to everyone, nor weaken the default security policies.
2025-06-16 18:59:41	thumbs	httpd would never try to access /home/username/foo at all.
2025-06-16 19:00:09	thumbs	This is how folks get compromised.
2025-06-16 19:00:39	lembron	then ill extend on this - and say still "no dont  put that in /var/www/project/htdocs cause chance /var/www/project/.git may bounce when you fudgeup configs and /var/www gets to be docroot again" - so here srv (or in debianland maybe more /opt?) would be choice ye...
2025-06-16 19:00:56	thumbs	Sure, /srv/www/foo is fine.
2025-06-16 19:00:57	razzi	I guess that's the crux of the issue: I want to be able to edit my server files like any other user file, but be able to access them on localhost:5000 through apache. I'd copy the files onto a different server for deployment (tho I'm just exploring php)
2025-06-16 19:01:25	razzi	so yeah I think the way forward is /srv with my user able to edit
2025-06-16 19:01:45	thumbs	razzi: You must not lax your security checks just because it's a 'development' machine.  You'll end up doing the same in production.
2025-06-16 19:01:45	razzi	not in user directory but not in root-owned /var/www either
2025-06-16 19:02:29	-->	Arutemisu [BadAdviceCat] (Arutemisu) (~BadAdvice@user/badadvicecat) has joined #php
2025-06-16 19:03:27	thumbs	Pick /srv/www/somepath if you prefer, that is fine.
2025-06-16 19:04:00	lembron	"building dev just as secure" also helps on the "worked for me..." issue ;)
2025-06-16 19:04:47	thumbs	Folks that skips the most basic security just makes me want to hang up my hat.
2025-06-16 19:05:37	razzi	so let's say I do /srv/www/somepath - how should I set user / group, read / write / execute permissions? right now /srv is totally empty
2025-06-16 19:06:30	thumbs	755 for directories, 644 for files.
2025-06-16 19:06:55	thumbs	You can chown the content to your user to make it more convenient.
2025-06-16 19:09:09	<--	wolfravenous (~wolfraven@66.128.139.34) has quit (Quit: Konversation terminated!)
2025-06-16 19:09:52	razzi	ok cool now I have it working in /srv, so no apache access needed to /home (and I can even remove the adduser I did earlier)
2025-06-16 19:10:01	razzi	and the directory in srv is owned by me, so I can edit as normal
2025-06-16 19:10:21	razzi	ls
2025-06-16 19:10:24	razzi	oops lol
2025-06-16 19:10:34	thumbs	That sounds like the most efficient approach, yes.
2025-06-16 19:15:13	-->	martymcflyyy [martymcflyyy] (Martin Something) (~martymcfl@user/martymcflyyy) has joined #php
2025-06-16 19:18:59	<--	DevAntoine (~DevAntoin@2a01cb0da07ec09100311bda2acaae7d.ipv6.abo.wanadoo.fr) has quit (Read error: Connection reset by peer)
2025-06-16 19:36:22	-->	kc8hfi [kc8hfi] (Amey, Charles R) (~A007195@129.71.238.252) has joined #php
2025-06-16 19:37:33	<--	wbooze (~inline@ip-005-146-196-202.um05.pools.vodafone-ip.de) has quit (Quit: Leaving)
2025-06-16 19:42:36	<--	Linux_Kerio (~Linux_Ker@chello085216213137.chello.sk) has quit (Read error: Connection reset by peer)
2025-06-16 19:43:01	-->	Linux_Kerio [Linux_Kerio] (LK) (~Linux_Ker@chello085216213137.chello.sk) has joined #php
2025-06-16 19:59:58	-->	DevAntoine [DevAntoine] (DevAntoine) (~DevAntoin@2a01cb0da07ec0917c0c451f466f69f6.ipv6.abo.wanadoo.fr) has joined #php
2025-06-16 20:01:26	<--	eht (~Thunderbi@user/eht) has quit (Quit: well i guess it is good bye)
2025-06-16 20:03:09	<--	slow99 (~slow99@user/slow99) has quit (Ping timeout: 260 seconds)
2025-06-16 20:11:17	+TML	razzi: maybe this was already discussed (I didn't go through the whole backlog), but I'll note that it's almost never a correct configuration to have the httpd have WRITE access to the path it serves files from
2025-06-16 20:16:26	+TML	So what I do is /srv/www/vhosts/domain.tld - which has child paths for "/app" (the PHP code), "/conf" (for PHP configurations specific to that vhost), "/run" (for the fpm and database Unix sockets), "/uploads" (for where the httpd dumps uploaded content), and "/static" (for static content that I want to live on the edge/CDN)
2025-06-16 20:17:27	+TML	not all domains use all folders - some only have a /static, some have no /static, most have no /uploads (I generally only give that to people using Wordpress)
2025-06-16 20:18:52	+TML	and then I use bind-mounts into the containers to expose those paths to the container that actually runs that domain's site
2025-06-16 20:26:27	-->	b3t10 [b3t10] (Albert) (~albert@user/b3t10) has joined #php
2025-06-16 21:08:16	-->	rewrite [rwtrecs] (rewrite) (~rewrite@user/rwtrecs) has joined #php
2025-06-16 21:09:28	<--	sabet (~sabet@user/sabet) has quit (Quit: ZNC 1.8.2+deb2build5 - https://znc.in)
2025-06-16 21:11:28	-->	sabet [sabet] (ZNC - https://znc.in) (~sabet@user/sabet) has joined #php
2025-06-16 21:30:19	<--	DevAntoine (~DevAntoin@2a01cb0da07ec0917c0c451f466f69f6.ipv6.abo.wanadoo.fr) has quit (Read error: Connection reset by peer)
2025-06-16 21:30:29	-->	DevAntoine [DevAntoine] (DevAntoine) (~DevAntoin@2a01cb0da07ec091a8a115a53694b43c.ipv6.abo.wanadoo.fr) has joined #php
2025-06-16 21:36:40	<--	db__ (~db__@user/db-:46856) has quit (Quit: Client closed)
2025-06-16 21:37:09	-->	amigojapan [amigojapan] (Ask Me) (uid86330@id-86330.helmsley.irccloud.com) has joined #php
2025-06-16 21:44:07	-->	mixfix41 [mixfix41] (sdenyninne) (~retry@user/mixfix41) has joined #php
2025-06-16 21:47:46	-->	wbooze [Inline] (inline) (~inline@ip-005-146-196-202.um05.pools.vodafone-ip.de) has joined #php
2025-06-16 21:50:54	--	irc: disconnected from server
Retrieved from "https://wiki.abuissa.net/index.php?title=Blog:_2025-06-16&oldid=1242"