ISPConfig 3 und TYPO3 Konfiguration Questions

Discussion in 'ISPConfig 3 Priority Support' started by muekno, Jun 7, 2015.

  1. muekno

    muekno Active Member HowtoForge Supporter

    Typical and recomande you have symbolic links to TYPO3 folders
    /srv/www/vhosts/domain1/typo3_src -> ../typo3_src_ver_1
    /srv/www/vhosts/domain2/typo3_src -> ../typo3_src_ver_1
    /srv/www/vhosts/domain3/typo3_src -> ../typo3_src_ver_2

    So you need space only once per typo3 version and you can change/update website easily from one version to the other by just changing symlink.

    I tried to do equal for multiple domain for multible clients by installing typo3 versions under /srv/www/clients/ but websites have no access to these directories, same if I installed it for just one client under /srv/www/clients/clientx/. I understand that is why the document root for for the website is /srv/www/clients/clientx/webx/web/ for security reasons.
    So I added the path to typo3_src_verx to PHP open_basedir in WEB DOMAIN->options, but this worked only patitial.
    I supose if I add /srv/www/clients/typo3_scr_ver_1 this should includ the subdirectorys there or am I wrong?

    Do I have to add follow_symlinks for Apache, I think no as symlinks are use by ISPConfig itself?
    Do I need anything other to make it work?
    I am not sure do I have to have a trailing / in the path in PHP open_basedir, test both no real succes?
    Who should be the owner of the /srv/www/clients/typo3_src_verx and what file rights, read only for the client are enough as nothing should be writen there by the clients?
    It ist not very comfortable to have to add or change the path in PHP open_basedir every time TYPO3 version is changed, alternativ suggestion, i.e. an other base directory, whist is written in PHP open_basedir, for all TYPO3 versions.

    Thanks for any help

  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    You would only be able to do that, if you change all websites to modphp and owner www-data.
    If you use fastcgi or fpm, the owner of the websites is webX:clientY and normally has no access to php files owned by other users (suExec should block that).
    You should have corresponding error messages in the log when trying to access the folder/includes. And for security reasons I would strongly! recommend not doing what you try to. It is most likely that you will end up with lots of problems.
  3. muekno

    muekno Active Member HowtoForge Supporter

    OK, but would it be possible within the same client? That means the TYPO3 sources will be in /srv/www/clients/clientx. The TYPO3 sources have to be only readonly. HD Space is not the problem today, but multiple installations for the same code is not good too. Especialy if you have updates ist is quite easier to change 1 symlink per site than to replace the complete code base.

  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    For sure you could try to add the typo3 directories /srv/www/clientX/typoXXX to the open basedir of all webs of that client and make the path group-accessible. Do not add /srv/www/clientX itself to open basedir, as this would mean all webs could access all files of the other webs. For sure this is not what you want ;)
    Anyway I would never recommend sharing paths between webs.
    muekno likes this.

Share This Page