Symfony 2.8
Apache 2.4
Deployer 3.3
Apache user: www-data
Currently the assets directory where images get uploaded is under the Symfony web directory: /var/www/html/project/current/web/assets/items.
When I deploy new versions using Deployer I have to move all of the images into the new assets directory. Although not a big task at the moment (there are 16,000+ images), as we grow this will likely cause issues. Furthermore since the current directory in the path is a symbolic link, it seems that apache/php keeps the old location in memory and serves data from it meaning that requests for those images generate 404 errors.
Moving this directory to another location (and even another hard drive) would solve these annoyances. I don't feel that I have the experience to do this safely without first consulting some best practices. I'm sure I could figure out how to add an Alias in the apache configuration, but I'm concerned about security and how things will operate with Symfony.
My question then is where should the assets directory go in the filesystem with what permissions and what Apache configuration should be applied so that Symfony will not be affected negatively?
Thanks
You can add your assets directory to "shared_dirs" variable, which is used to keep your shared/common files and directories between releases. In this case your assets directory will be stored in /var/www/html/project/shared folder and symlinked to each release.
set('shared_dirs', [
'app/sessions',
'app/logs',
'web/assets/items',
]);
As for Apache symlink issue, please try to reload Apache server's configuration within deployment process.
// Reload Apache configuration to avoid symlink issue
task('apache:reload', function () {
run('sudo /etc/init.d/apache2 reload');
})->desc('Reload Apache configuration');
after('cleanup', 'apache:reload');
Related
Sorry, I'm new to Symfony.
I think I've tried everything here. I'm trying to install a Symfony v2.8 application on a new machine. When I'm trying to access the application I'm getting exceptions stating lack of permissions to access either cache or logs directory. Cache and logs directories are writeable though - mask 777 set for both.
Also there seems to be a process that creates entries in the cache directory as it fills in with files. The problem seems to be that the web server can't access them - but why?
getfacl for both cache and logs directories returns this:
# owner: apache
# group: apache
user::rwx
user:apache:rwx
group::rwx
mask::rwx
other::rwx
default:user::rwx
default:user:apache:rwx
default:group::rwx
default:mask::rwx
default:other::rwx
Any suggestions would be greatly appreciated. Thanks!
Check that you logs and cache are being put in the correct location. Symfony has "two" major development environments (dev and prod). They (env) write logs and caches in two separate folders. Check the getCacheDir() and getLogDir() methods in the app/AppKernel.php.
I've launched Wordpress on Google Compute Engine (via their automated launcher process). It installs quickly and easily and visiting the external IP displayed in my Compute Engine VM Instances Dashboard, I am able access the fresh installation of Wordpress.
However, when I scp an existing Wordpress installation oldWPsite into var/www/ then replace my html directory
mv html htmlFRESH
mv oldWPsite html
my site returns a 'failed to open' error. Directory permissions user:group are identical.
Moreso, when I return the directories to their original configuration
mv html oldWPsite
mv htmlFRESH html
Still, the error persists.
I am familiar with other hosting paradigms where I can easily switch between the publicly served files by simply modifying directory names. Is there something unique about Google Compute Engine? What is the best way to import existing sites, files, etc into the Google Cloud environment?
Replicate
Install Wordpress via Google Launcher on a micro-VM.
Visit public IP of the VM instance.
SCP a fresh installation of Wordpress tovar/www.
Replace the Google installed html directory with the newly created and copied Wordpress directory using mv commands.
Visit public IP of the VM instance.
===
Referenced Questions:
after replacing /var/www/html directory, apache does not work anymore
permission for var/www/html directory - a2enmod command unrecognized on new G-compute VM
The import .htaccess file had https redirect which caused the server to prompt failure since https is not setup in a fresh launch of Wordpress through GCE. Compounding the issue, the browser cache held that memory when the previous site was moved back to the initial conditions.
Per usual, the solution involved the investigation of user errors.
the default install of apache in CentOS or RHEL, looking at file system permissions for html directory in /var/www/
drwxr-xr-x. 2 root root 4096 Aug 13 2013 html
My website works, and I have no issues with it, however I would like to know why and when do we need to set the directory to apache:apache?
Thank you
Since Apache is not running as root (presumably, hopefully), it only has read permissions on the directory as part of the last o=rx. This is a good default, since it means that it cannot alter the directory, only passively read and serve files from it. Everything running under an Apache process (e.g. mod_php) thereby has the same restrictions. That prevents a lot of common rookie exploits, like allowing uploads of .php files into a public web folder; because Apache/PHP cannot write into the web folder.
You should assign directories that Apache/PHP/CGI should explicitly be able to write into to apache/www-data (depending on your OS/configuration). It's not typically a good idea to do this with any directory under /var/www, you should leave that read-only as much as possible. However, adding an application-specific folder to something like /usr/local/var/<my website> with write permissions for Apache and selectively sym-linking or mod_rewriting to it is fine.
When your website need permission to modify direction/file on web app folder, you have 2 choices: 1) chmod folder to 777/666 or 2) change owner of these folders/files to apache
Sometimes, change owner is prefer to chmod because of security reason.
I have a had a wordpress site up and running for over a month, and I have set that my uploads be organized by month/year.. When april was made the uploads stopped working.
The permissions on the wp-content and uploads are 775, the permission of 04(folder) was 747 and the owner was "apache" I've never run into this issue before on any wordpress site, how do I correct this for the future and fix the present issue?
I changed the organization option and I still can't upload.
The error is
The uploaded file could not be moved
to
/var/www/vhosts/websitename.com/httpdocs/wp-content/uploads.
Can you upload by FTP to that folder? It could be a problem of lack of disk space (or quota), specially if this is a shared hosting. But even in VPS or dedicated, sometimes the /tmp directory where PHP first uploads the files is mounted from a different filesystem than /var (where the apache vhost root is probably located). That could explain why you can upload it but not move it.
Today I discovered that my fresh installation of Apache HTTP Server is able to serve files from my C:\uploads\ directory.
I have two folders in C:\uploads:
C:\uploads\templates
C:\uploads\sites
Both folders contain testimage.jpg.
I found that Apache will serve the files from the templates folder if I request:
http://localhost/templates/testimage.jpg
However, http://localhost/sites/testimage.jpg 404's!
OMG - firstly, why does Apache serve the templates folder in the first place? Is it special?
Secondly, by what arbitrary set of rules does apache disallow access to other folders such the sites?
I'm so confused. Perhaps I've taken a wrong turn somewhere during the installation.
Did you look through your httpd.conf file to see what rules are in place for what is being served? Alternatively, are there .htaccess files that may be changing what is being served? You might have templates exposed in one or the other, but not sites... that's the first thing that comes to mind.
I would suggest going through these configuration files with a fine toothed comb to see what may cause the behavior you see.