ISPC3: howto install packages and make them accessible through https

Discussion in 'Developers' Forum' started by kalua, Nov 2, 2008.

  1. kalua

    kalua New Member

    Hi,

    I want to install some packages like phpmyadmin, drupal, mailman or webmailclients and make them accessible only through https.

    This is currently not possible with the frontend. Here are the steps I did to get it to work:

    # phpmyadmin
    I installed the debian package, so phpmyadmin is in /usr/share/phpmyadmin
    The client directory is in /var/www/domain.tld/ and the documentroot in /var/www/domain.tld/web

    I also created an subdomain in ISPConfig to get access via phpmyadmin.domain.tld or domain.tld/phpmyadmin
    The necessary rewrite rules are created by ISPConfig

    phpmyadmin bring its own .htaccess and I want to use this because I think this is the easiest way. But unfortunately I had to change the Options and AllowOverride directives in the vhost definition. It would be better if every subdomain get its own directory definition with own Options/AllowOverride/etc

    So I created such an directory definition which controls access for the folder /var/www/domain.tld/

    But the vhost-generation script writes the client/web path as /var/www/client0/web1
    I'm not sure why and what are the benefits, but I think its not good to mix the paths as this causes some permission problems.

    Therefore I decided to use everywhere the schema /var/www/domain.tld

    This is my Directory definiton:
    Code:
    <Directory /var/www/domain.tld/web/phpmyadmin>
            Options Indexes +FollowSymlinks Multiviews
            AllowOverride None
            Order allow,deny
            Allow from all
    </Directory>
    
    This code needs to be written in the ssl-vhost configuration, if you want it there. If you are happy with unencrypted connections put it in the standard *:80 vhost configuration.

    Now I created an symlink:
    Code:
    ln -s /usr/share/phpmyadmin /var/www/domain.tld/web/phpmyadmin
    
    After restarting apache I had access to phpmyadmin via https://domain.tld/phpmyadmin

    # drupal
    As my drupal installation resides in the /var/www/domain.tld/web and not in /var/www/domain.tld/web/drupal I had to change the default directory definition. Maybe putting drupal (or any other cms) in an subdirectory is the cleaner way... and maybe I'll change my installation again

    The benefit would be that all applications (drupal, phpmyadmin...) have an subfolder in the standard webroot. Through separate Directory definitions every application could get its private configuration.

    Drupal needs some rewrite rules to enable CleanURLs. I modified the directory definition to allow the use of the drupal .htaccess

    # mailman
    Well... its not done yet. I hope its similar to what I wrote above. If there are any problems I'll post it here.

    The problem with my way above is, that every change via ISPConfig would remove my editing. That's not a big problem now because I have root access, but for the future it would be nice if the frontend could handle the installation, or better preparation, for standard web applications.

    Any comments are welcome...
     
  2. quentusrex

    quentusrex New Member

    You could always do it the following way so that all users get access to it. So rather in each individual vhost file, you have one global file. Check my writeup of roundcube on this forum.

    Add this to /etc/apache2/apache2.conf
    =============
    # Include generic snippets of statements
    Include /etc/apache2/conf.d/
    ================

    Then add the following file: /etc/apache2/conf.d/phpmyadmin.conf

    ========================
    # phpMyAdmin default Apache configuration

    Alias /phpmyadmin /usr/share/phpmyadmin

    <Directory /usr/share/phpmyadmin>
    Options Indexes FollowSymLinks
    DirectoryIndex index.php

    # Authorize for setup
    <Files setup.php>
    # For Apache 1.3 and 2.0
    <IfModule mod_auth.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    # For Apache 2.2
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
    </Files>
    <IfModule mod_php4.c>
    AddType application/x-httpd-php .php

    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_flag register_globals Off
    php_value include_path .
    </IfModule>
    <IfModule mod_php5.c>
    AddType application/x-httpd-php .php

    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_flag register_globals Off
    php_value include_path .
    </IfModule>
    </Directory>

    =================================
     
  3. kalua

    kalua New Member

    Thank you! That was indeed very helpful
     
  4. quentusrex

    quentusrex New Member

    kalua, once you have these packages setup, do you mind posting a working write up? So that others(and developers) can quickly and easily follow your steps? Maybe even post them in different threads? One for phpmyadmin, one for drupal, etc?

    As for drupal, I'd be interested to see how you are going to handle the modules, and the drupal updates. You could also offer drupal 5, and drupal 6 separately. You could have the modules, files, sites, folders as actual folders in the /var/clients/clientX/webY/web folder, and have all of the standard(across all the clients) folders in /usr/share/drupal5/

    I look forward to your write up.
     
  5. kalua

    kalua New Member

    I don't mind writen an howto. In fact I document my steps for myself, so this would just need an cleanup if I'm done.

    Currently I'm using drupal in single site mode. So the drupal code resides in an subfolder of an ISPConfig-client.

    At this point I have some trouble to setup the rewrite rules. Well they are working but I had to manually add an rule to handle applications in subdirectories on the same level as drupal. I will do some test and maybe I'll report back in a sec and cry for help :D
     
  6. quentusrex

    quentusrex New Member

    I'll be here.
     
  7. kalua

    kalua New Member

    I don't have multisite apps (apart phpmyadmin) , and I'm thinking about to change this.

    Currently I have a client account and this client (me) tries to get the following setup running:

    domain.tld/drupal
    domain.tld/phpmyadmin

    The url domain.tld gets forwared to the drupal subdir. This happens transparent so no url change in the browser url display.
    As I have setup the redirect, everything is redirected.

    To easy things up I'm using now an drupal.conf and phpmyadmin.conf in /etc/apache/conf.d where settings and rewriting for the apps happens.

    I'm able to acces drupal with just domain.tld but if I want to access phpmyadmin it gets rewritten to domain.tld/drupal/phpmyadmin

    This is generated from ISPConfig in the vhost file
    Code:
      RewriteCond %{HTTP_HOST}   ^domain.tld [NC]
      RewriteRule   ^/(.*)$ /drupal/$1  [L]
    
    if I add

    Code:
      RewriteCond %{REQUEST_URI} !^/phpmyadmin
    
    I'm able to access phpmyadmin.

    The drawback is, if I change settings via ISPConfig then my subdirs are not accessible anymore.
    And if I add more apps to supdirs, I have to create more exception rules

    Where should I put this exception rule so it doesn't get overridden?

    What I'm doing wrong?

    Would it be better if I had an multisite install of drupal? I'm using the latest drupal 6.6 and there will be no other drupal installation (5.x). But its likely that there'll be other apps like an wiki or mailman

    edit: btw: I'm not familiar with mod_rewrite... just reading apache-docs
     
  8. quentusrex

    quentusrex New Member

    Kalua, first keep in mind that the conf.d method I showed you is useful only for software that is the same across all the clients. For instance the client who owns mydomain1.tld uses the same software and configurations as mydomain2.tld for phpmyadmin. But drupal would have atleast parts of it be client specific. So in that case you have to integrate it into each individual client's webspace. So the conf.d technique won't work.

    Also, with drupal I would definately say to use the multisite method if the clients are going to be sharing any of the drupal code. So, if they aren't going to install drupal for themselves in their own webfolder, then the multisite method needs to be used, and all folders such as modules, sites, files, etc that are specific to each site need to be located in the users /var/clients/clientX/webY/web/ folder.
     
  9. quentusrex

    quentusrex New Member

    If it's decided to use the multisite method for drupal, then the rewrite rule would go in the /usr/share/drupal6/ directory. That way the one configuration works for all the users.
     
  10. kalua

    kalua New Member

    Yes, I'm aware of this. It would be better if everything can be configured by the client himself. I'm actually roleplaying: login in as client and try to install e.g. drupal.
    For my usecase there will be just one client with a few websites.

    I just red the multisite-drupal-5.6 howto here on howtoforge. For a multisite setup I have first to setup a normal drupal setup (client1) and to make it multisite I would create links from client2 to client1.
    That would be interesting to do, especially if you want it to setup automaticly for every client. But I have to shift these topic for now.
     
  11. kalua

    kalua New Member

    I can add apache directives with the frontend but the field is limited. Is this intended or should I file a bug about it?

    Another thing with this: if I put

    Code:
    <Directory /var/www/domain.tld/web/drupal>
        Options -Indexes +FollowSymlinks
        AllowOverride Indexes AuthConfig Limit FileInfo Options=php_value
        Order allow,deny
        Allow from all
        DirectoryIndex index.php
    </Directory>
    
    in it then in the domain.tld.vhost file its just one line so apache wont start.
    The opening and closing tags should be on a separate line.
     
  12. quentusrex

    quentusrex New Member

    kalua, you know what? I was thinking about it and I think it would be a better idea for the ISPConfig3 module, if it just copied the drupal files to the client's webfolder. Maybe even have something config drupal, but I would err against that. I believe the ISP should only provide the Drupal software, that way the ISP doesn't have to worry about drupal updates, or accidentally breaking someone's site due to an update.
     
  13. kalua

    kalua New Member

    I think, if the client has everything in its webroot, it would be the most flexible way for the client. He would than be responsible for updates etc.
    The setup should be possible just with the client account, so the server admin don't has to do anything.

    Maybe there are other voices out there, which wants to offer as much as possible to the client (different cms versions, webmail, everything). If I would be in such a position I would limit the client so such a complex setup would rune smooth.

    I'm in favour of the flexible client way...
     
  14. quentusrex

    quentusrex New Member

    Right, I think the role of the ISPConfig3 module would be to make drupal installation very simple for the client. The module would also setup the vhost file in such a way to easily allow for clean urls. The module would also handle directing the user to setup their new site with a link to the corrent starting page, which is install.php, not index.php.
     
  15. kalua

    kalua New Member

    An drupal setup in an subdirectory can setup by a client. The client has to add an apache directive so he can use the drupal .htaccess
    I have this config working now on my server.

    Problems appear if the client has more than on subfolder AND the default domain.tld is redirected to the drupal subfolder. Then the apps in the subfolders would not be accessible anymore.

    The solution would be to write RewriteCond-lines for each subfolder to the vhost-file. In the frontend there needs to be a new field where the user can list the folders which should not be redirected to the drupal-folder.

    edit: And it has to be in the vhost-file because the user wouldn't be able to write these rules in the htaccess file.

    Sounds this like a practicable way to go?
     
    Last edited: Nov 3, 2008
  16. quentusrex

    quentusrex New Member

    How about not rewriting any of the folders. Have the module dump the drupal folders and files into the /web/ folder, and then just have a .htaccess file in the client's folder? Or maybe a standardized way of rewriting in the client's vhost file. If the client doesn't use the module for the install, then the client has to find some other way to get clean urls. If the client uses the module, then the module would just add a few lines to the vhost file.
     
  17. kalua

    kalua New Member

    On my first try I had setup drupal in the web folder and that was working. But if you want to have other apps you have to create subfolders in the web folder. This way the drupal directory structure would be extended and you have to track (or worst: remember :)) wich directories belong to drupal and which don't.

    And if you want to setup an application which is called modules (yes I know not very likely) you are in trouble because this is an directory of drupal.
     

Share This Page