web hosting for beginers

[digitus]

Hey. I would like to ask you about web hosting. I have Apache Mysql phpmyadmin FTP and etc. But i need create new users and make personal home folders for webhosting (exmpl: localhost/~user1, localhost/~user2 ... etc) I know how to to this on ftp but how to build for web hosting. Please help.

[DougieLawson]

The stock install of Apache (with mod_userdir built-in) has a nasty habit of serving stuff from ~/public_html without needing any additional encouragement.

Code: Select all

<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root

        <Directory /home/*/public_html>
                AllowOverride FileInfo AuthConfig Limit Indexes
                Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
                <Limit GET POST OPTIONS>
                        Order allow,deny
                        Allow from all
                </Limit>
                <LimitExcept GET POST OPTIONS>
                        Order deny,allow
                        Deny from all
                </LimitExcept>
        </Directory>
</IfModule>

You could change the Directory directive to serve from some other part of the filesystem.

[rpdom]

The first hit when I googled for "apache user directories" was this one
https://httpd.apache.org/docs/2.2/howto ... _html.html

You need to enable the userdir module.
To do this, it says to uncomment a line in the configuration file, but you don't do it that way in Debian/Raspbian. Instead you should do

Code: Select all

sudo a2enmod userdir
sudo service apache2 restart

After that, anyone accessing localhost/~pi/ will get files from /home/pi/public_html/

[digitus]

ok thank you. Work fine. How to set permission because now user 1 can see user's 2 directories (ftp). And how to manage mysql i would like to do same with DB accounts

[Tarcas]

chmod to change the permission bits
chown and chgrp to change owner and group of the files.

File Permissions

Note that for Apache to serve a file, it will have to be world-readable.

Sorry I can't help you with databases... but google can.

[DougieLawson]

Note that for Apache to serve a file, it will have to be world-readable.

You could chown it to group www-data and make it group readable rather than world readable.

[DougieLawson]

And how to manage mysql i would like to do same with DB accounts

By default your MySQL system has a couple of highly privileged users who can read, write, damage and destroy ALL of your databases. That's usually less than desirable. Do NOT run your MySQL applications using a superuser ID.

If you've got phpmyadmin installed that gives you a nice "user friendly" way to manage stuff. You need to set a strong password for the superusers (don't hit the "debian-sys-maint" ID, or you WILL break your system). You need to avoid using the root (ALL PRIVILEGES) users for application access to application data. Look at security permissions for <Directory /usr/share/phpmyadmin> in your Apache2 config files. You will want to include something like

Code: Select all

    Order deny,allow
    Deny from all
    allow from 192.168.xxx.xxx

DO NOT allow anyone outside of your LAN to access http://piaddr/phpmyadmin - if you open that to the public network you will have the World of hackers knocking on your door trying to poison your database.

So create a new ID, create a database with the same name. So if we have an application called "foobar", that runs with a userid of "foobar" and a database (or database prefix) of "foobar". On a single self-contained system you can permit that to "localhost" only. The default is for MySQL to only bind to the local interface unless you change it in your /etc/mysql/*/*.cnf files.

What I then do is create a foobar.cnf file and a foobar.inc.php file in /usr/local/etc/foobar.

/usr/local/etc/foobar/foobar.cnf

Code: Select all

[client]
host     = localhost
port     = 3306

[foobarapp1]
database = foobar
user     = foobar
password = supersecretpasswordhere

/usr/local/etc/foobar/foobar.inc.php

Code: Select all

<?php
 $con = mysql_connect('localhost', 'foobar','supersecretpasswordhere');
 if (!$con) {
        die($msgid.'001T DB Connection Error: ' . mysql_error());
 }
 $dbsel = mysql_select_db('foobar', $con);
 if (!$dbsel) {
        die($msgid.'002T Can\'t use database foobar: ' . mysql_error());
 }
?>

In perl programs I can use

Code: Select all

  my $connect = DBI->connect("DBI:mysql:;mysql_read_default_file=/usr/local/etc/foobar/foobar.cnf;mysql_read_default_group=foobarapp1", undef, undef) or die "something went wrong ($DBI::errstr)";

In PHP programs I can use

Code: Select all

$msgid = "FOOBAR";
include_once('/usr/local/etc/foobar/foobar.inc.php');

That means you can store the password but it's in a place that's not directly accessible form your web server and you're not littering your code with passwords (which would be a monster PITA when you next need to change them).

You can then use
mysql -u foobar -p foobar # note that's -u userid -p (force password) database name
from a command line to run SQL to create your tables/indexes and other resources.

[Tarcas]

Note that for Apache to serve a file, it will have to be world-readable.

You could chown it to group www-data and make it group readable rather than world readable.

I concede, this is true. Either would work. I forgot about that alternative.

[digitus]

Ok i will try it.

My "server" php working in main directory /var/www/index.php (localhost) bur does not working in virtual host folders like localhost/~user1 how to turn on php in this folder?

[digitus]

Nobody knows?

[rpdom]

Google does...

What I found after about 10 seconds searching (apache userdir enable php). Debian (and therefore Raspbian) disable php in user home directories. You can edit the file /etc/apache2/mods-enable/php5.conf to change this behaviour.

Look for this at the end of the file - it even tells you what to change

Code: Select all

# Running PHP scripts in user directories is disabled by default
# 
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
<IfModule mod_userdir.c>
    <Directory /home/*/public_html>                                            
        php_admin_value engine Off
    </Directory>
</IfModule>

After changing this you will need to restart Apache again.