Cookbook /
FarmApacheConfiguration
Summary: An attempt to secure a Pmwiki Farm with apache configuration
Version: 2.2 (should work with 2.1)
Prerequisites: Full Access to the Apache web server, Pmwiki2.2 already installed and configured to run a Farm
Status:
Maintainer: Isidor
Discussion: FarmApacheConfiguration-Talk
Questions answered by this recipe
When you're running dozens of Fields in a Farm and you have to configure an Vhost for each one, securing and making mods on the Apache vhosts could be painful.
This receipt will try to describe a way to simplify vhost setup and securing the Fields by the same way ;-)
Description
How to configure Apache when running a PmwikiFarm.
Howto
Farm structure
/var/www/ |-- default (web document root) |-- pmwiki.conf (some files not accessible from the web) |-- _tmp (if safe mode activated) | |-- pmwiki22/ | |-- pmwiki.php (pmwiki.php used by the farm) | |-- wiki.d/ (wiki's page storage) | |-- wikilib.d/ (wikilib's page storage) | |-- local/ (wiki's local configuration) | | |-- farmconfig.php (config for all the Farm Fields) | |-- cookbook/ (wiki's recipes) | |-- uploads/ (Farm page attachments) | `-- pub/ (Farm&Fields publicly-accessible files) |-- field01 / | |-- field.php (wrapper script for the Field) | |-- wiki.d/ (Field page storage) | |-- local/ (Field local configuration) | | |-- config.php (config for the Field) | | |-- Group.php (config for the Group pages) | | `-- Group.Name.php (config for the Group.Name page) | |-- uploads/ (wiki's page attachments) | |-- [pub/cookbook] (only if needed for this Field) |-- field02 /... |-- field03 /... |-- field04 /... * |-- field99 /...
the field.php wrapper script
Could be one unique line :
include('/var/www/pmwiki22/pmwiki.php');
Vhost serving the fields
<VirtualHost 192.168.107.128:80> ServerName field.example.org ServerAlias field01.example.org #..... ServerAlias field99.example.org ## Apache Standard Directives DocumentRoot "/var/www/default/" # Should be a default page with something or not ServerSignature Off Options -Indexes FollowSymLinks MultiViews # others Apache directives ## Rewriting RewriteEngine on RewriteMap lowercase int:tolower RewriteMap vhost txt:/var/www/pmwiki.conf/vmhost.map ## Excluding uploads/pub directories and htm/html/txt files RewriteCond %{REQUEST_URI} !^/(uploads|pub)/ RewriteCond %{REQUEST_URI} !\.(html?|txt)$ ## Rewriting anything else as a wiki Page RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$ RewriteCond ${vhost:%1} ^(/.*)$ RewriteRule ^/(.*)$ %1/field.php?n=$1 [L,qsappend] ## Rewriting for the uploads/pub directories RewriteCond %{REQUEST_URI} ^/(uploads|pub)/ RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$ RewriteCond ${vhost:%1} ^(/.*)$ RewriteRule ^/(.*)$ %1/$1 ## Rewriting for htm/html/txt files RewriteCond %{REQUEST_URI} !^/(uploads|pub)/ RewriteCond %{REQUEST_URI} \.(html?|txt|php)$ RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$ RewriteCond ${vhost:%1} ^(/.*)$ RewriteRule ^/(.*)$ %1/$1 ## Ans we want to log in only one file with the host as a prefix LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" hcombined CustomLog /var/log/apache2/pmwikiAll.log hcombined ## Attempt to secure PHP php_admin_flag safe_mode On # so we go for safe mode php_value session.gc_maxlifetime 14000 # extends session life php_admin_value open_basedir "/var/www/" # be carrefull php_admin_value upload_tmp_dir "/var/www/pmwiki/_tmp" ## Protecting uploads/pub directories <Directory ~ "/(uploads|pub)/"> Options -Indexes FollowSymLinks MultiViews # Again ## Either enable two next lines #php_flag engine Off # no php running #AddType text/plain .php # .php served as .txt ## or enable the next line AddType application/x-httpd-php-source .php # colorize the .php files </Directory> </VirtualHost>
Virtual Map for the hosts
####################################################################################### ## VM des sites pmwiki ## ####################################################################################### ## Sites en Production field01.example.org /var/www/pmwiki/field01 # Field01 Website field01.example.com /var/www/pmwiki/field01 # alias for Field01 Website #... field99.example.org /var/www/pmwiki/field99 # Field99 Website ## EOF
Notes
Release Notes
- 20070607: Draft presented
See Also
All farm related cookBooks WikiFarmsAdvanced
Contributors
Isidor ...
Comments
See discussion at FarmApacheConfiguration-Talk
User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.