Allegedly, on or about 14 June 2013, Rafnews sent: > Goal: > i'm trying to create at home a webserver for testing purposes, having > the same behavior as webhosting companies offers. > the purpose behind that it's to have a representative environment when > testing to not have particular "surprises" with web application i > developed when migrating them to production servers. And that is something I did years ago, for the same reasons you outline. The files I serve from my webserver are owned by me. The CGI scripts the webserver runs are owned be me. The directory permissions for the webserver, right back to the first directory in the path, have the "other" user permissions of readable and executable (user and group permissions don't matter, because they pertain to me, not the webserver). e.g. rwx---r-x This needs to be done with the /var directory, the /var/www/ directory, and any further sub-directories. The file permissions for the webserver, for the files it will serve, have the "other" user permissions of readable and executable (again, user and group permissions don't matter, because they pertain to me, not the webserver). e.g. rw----r-- The script permissions *may* have to have the executable bit set, too, but that hasn't been the case with the scripts I were playing with. That'll probably depend on whatever handles the scripts. If SELinux is enforcing restrictions on your server, then the SELinux contexts have to be appropriately set to allow it. This will be done, by default, if you directly create your webfiles in the normal places for serving them (in ~/public_html/ or in /var/www/html/), or if you copy files from somewhere else to either of those locations. The contexts will be wrong if you *move* files to those locations. In that case you will need to reset the SELinux attributes on those files to their defaults, after putting the files in place. I have served files from ~/public_html/ and /var/www/html/ in this way for many years. To make life easier for me, I've either changed the ownership of /var/www/html/ to myself, so I can easily write files in the web root directories. Or, I've created a subdirectory that I own in /var/www/html/, for the same reason, and that's where I serve my test files from. > for now, all files/folders have correct permissions but owner is > apache:apache This is a VERY BAD IDEA. As various messages have said, mine included, servable files should be owned by the author, not apache. There are three file permission groups, owner, group, and other. The third group, "other," is what everyone else is allowed to do with the files, everyone else being whoever is not the individual-owner or the group-owner. These are the permissions that let apache read *your* files. I'm not familiar with FastCGI, but just looking quickly at it, it looks like a replacement program so that *it* runs your CGI instead of Apache doing it. I don't know if that's a real advantage, or just a perceived one. > 1. FastCGI settings: > my webserver was running (on PHP 5.4, _not php-fpm_) correctly using > the standard Apache 2.4 handler, now i'm trying to make use of FastCGI > bit without success. > Here is my php.conf file setting from apache 2.4.4: > > DirectoryIndex index.php > > php_value session.save_handler "files" > php_value session.save_path "/var/lib/php/session" > > > i removed the addtype and handler as suggested on internet. I added in > myvhosts.conf the following thing (withing <VirtualHost *:80> tag): > <IfModule proxy_module> > ProxyPassMatch ^/(.*\.php(/.*)?)$ > fcgi://127.0.0.1/var/www/html/info/$1 > </IfModule> > > where info is 1 subdirectoy of my webroot. > > Apache starts, however when i want to access to webpage i get the > following error (in vhost log dedicated to my website): > [Fri Jun 14 14:16:07.827425 2013] [proxy:error] [pid 24500] > (111)Connection refused: AH00957: FCGI: attempt to connect to > 127.0.0.1:8000 (*) failed > [Fri Jun 14 14:16:07.827539 2013] [proxy_fcgi:error] [pid 24500] > [client > 127.0.0.1:40982] AH01079: failed to make connection to backend: > 127.0.0.1 > > Q1: my webserver (even if it is a local webserver for testing) has a > fixe IP address. Should i use it in <ifModule proxy_module> tag > instead > of 127.0.0.1 ? My guess would be that if it's acting as a proxy listening on 127.0.0.1 then you need to access your webbrowser through http://127.0.0.1/. If you prefer to use it's actual network IP address, then your configuration probably needs to specify that it listens on that address, too. You may need to open up your firewall, too. It's probably blocking access. By this, I mean open up appropriate holes through it, not switch the entire firewall off. If SELinux is enforcing restrictions on your computer, then you may also need to set options to allow access to the webserver on the ports that you're using. The defaults are probably to disallow it. They used to be, but I haven't looked at such settings on more recent Fedora releases to see what the defaults are. > Q2: port in error log is 8000, where can i set it ? is it possible to > tell fastCGI to use standard 80 and to not conflict with standard > http ? > if yes how ? If it's acting as a proxy, it may need to be on a different port than the webserver. > 2. suExec: > While checking httpd logs i discovered that: > [suexec:notice] [pid 24705] AH01232: suEXEC mechanism enabled > (wrapper: > /usr/sbin/suexec) > > so it mean suExec is running on server. > if i change all files/folders owner to > "rafnews:rafnews"; (files/folders > in /var/www/html) apache do not work and no webpage is displayed. > > so where is my mistake ? Probably permissions of the files you're trying to work with. Before you start playing with CGI, or other scripting, first get flat file serving to work (i.e. static .html pages). Then, move onto the more complex things. -- [tim@localhost ~]$ uname -rsvp Linux 3.8.13-100.fc17.x86_64 #1 SMP Mon May 13 13:36:17 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
