Ubuntu 16.0.4, newest Update for ISPConfig, vhost-Problem with new Website

Discussion in 'ISPConfig 3 Priority Support' started by schmidtedv, Dec 16, 2019.

Tags:
  1. schmidtedv

    schmidtedv Member HowtoForge Supporter

    I never had problems with symlinks like I use them for the typo3-src in /opt/typo3. In the web I put a symlink to the src and it works. Every vhost ISPConfig created before was including "Options +FollowSymLinks" and no problem with that. Now, after just creating a new web, ISPCOnfig created the vhost including "Options +SymlinksIfOwnerMatch" which - of course - is not working anymore with centralized symlinks anymore. Is that a bug, a new "feature" or would I have to do it different from now on?

    vhost.conf.master:
    Code:
    ...
       <Directory {tmpl_var name='web_document_root_www'}>
               # Clear PHP settings of this website
               <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                       SetHandler None
               </FilesMatch>
               Options +SymlinksIfOwnerMatch
               AllowOverride <tmpl_var name='allow_override'>
               <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
               Require all granted
               <tmpl_else>
               Order allow,deny
               Allow from all
               </tmpl_if>
...

       </Directory>
       <Directory {tmpl_var name='web_document_root'}>
               # Clear PHP settings of this website
               <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                       SetHandler None
               </FilesMatch>
               Options +SymlinksIfOwnerMatch
               AllowOverride <tmpl_var name='allow_override'>
               <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
               Require all granted
               <tmpl_else>
               Order allow,deny
               Allow from all
               </tmpl_if>
...
     
    Last edited: Dec 16, 2019
    schmidtedv, Dec 16, 2019
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This is intended and required for security reasons. If you can't use that for your specific setup, then you'll have to create a custom vhost conf master file and put it in the conf-custom folder.
     
    till, Dec 16, 2019
    #2
  3. schmidtedv

    schmidtedv Member HowtoForge Supporter

    Hm, ok, but then...using symlinks is getting a bit useless. I mean, phpmyadmin, roundcube, etc. - if setup manually - are all owned by root and this would not work anymore, am I right? Or would I just have to put another symlink - if that works - for each web-owner in my /opt-directory and anything inside would work as before? Right now, I will use the custom-template, but - also it might be a security risk - losing the funktion is a lot more work. Maybe (just a thought) there could be an config-option to enable/disable unspecific symlink-usage in the web-config?
     
    schmidtedv, Dec 16, 2019
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    phpmyadmin and RoundCube do not use symlinks, they are global aliases in apache which means they are not affected by this change in any way.

    That's not really an option. Instead of a custom vhost file, you can use the apache directives field to override it for the website or create your custom config snippet (see ispconfig system module).
     
    till, Dec 16, 2019
    #4
  5. schmidtedv

    schmidtedv Member HowtoForge Supporter

    You're right, sorry for mixing alias and symlink :) Actually, it isn't that difficult to take care of, if I know now what happened. I just was confused for a couple hours by looking for what I did wrong till I found out, ISPConfig had changed it's template and it had nothing to do with something I might have missconfigured...I just have to put a reminder somewhere, so next time I can remember, what to take care of. I guess, changing one of the older sites - if they use symlinks - would have gotten me in the same situation, so better this than that way...I probably would have gone lost till I might have checked the error.log.
     
    schmidtedv, Dec 16, 2019
    #5

Share This Page