I’ve setup a LAMP environment to test and develop locally with wordpress.
With the default settings, the main webserver folder is located at /srv/www/htdocs/, that contains in example, phpMyAdmin and wordpress main folders.
I find it a bit unhandy, for a couple of reasons: the first one is of permissions (whenever I want to manually change something, I must get admin privileges), the second is that my home folder has a different backup schedule of the root (these folders are better classified as “user content” instead of “system files”).
I only use this to work locally, mainly for testing; nobody else is supposed to access all of this externally.
My questions are:
Is it possible (and advisable) to move these folders somewhere inside my home partition? Are there any drawbacks or generally some things that I should consider when doing this?
And how can I correctly change this setup?
Best thing is of course to use a different user for your web adninistration. That is different from root (so no need to use root for managing in /srv, etc.) and different from “normal end-users” that use their userid for banking, listening music, reading writing e-mail, etc.
Make that user’s primary group www, that is the same group that your Apache server uses at run time. /srv, etc. should all be owned by that user and group www.
User and group ownership of prcosesses and files and file permissions should be understood and used as they were invented for to your advantage. And not seen as things that hamper your system/website/user data managing.
In your apache configuration there is something like
You can change that to whatever path on your system you like. But:
a) it must exist (and even better when it contains web pages);
b) it’s permissions (and those of all the directories in the path leading to it) must enable the apache server processes (that run by deafult under wwwrun:www) to at least read the files in it.
Also, you can add other document pathes to your apache config. I have e.g.
Alias /milweb/ "/home/henk/milweb/"
Deny from all
which serves web-files in /home/henk/milweb (you guess it: in “my” home directory) to the clients when they access domainname.hostname/milweb/…
You’re not alone feeling Apache is a matter of overkill when you’re just trying to deploy a personal Development server for your personal use.
Most people I know (besides myself) typically look for Apache alternatives when developing. Apache can be slow to load, requires an enormous amount of overhead (possibly related to reserved resources for database connections) and may be difficult to modify default structures.
I’d recommend for instance nodejs as an “instant on and minimal resources required” alternative which is one way of deploying a website “anywhere” including in a /home directory or partition (really. No restrictions where which makes something like this ideal for Development).
Now, wordpress is vastly more complicated to set up than a static website, but it seems that just late this past year there seems to have been a big effort to port Wordpress to nodejs (You can Google “nodejs wordpress” to read the blogs).
Inspecting the nodejs repo, it looks like there are hundreds of Wordpress nodejs packages.
Probably the place to start is to look for a package which will automatically retrieve all necessary Wordpress dependencies and install the basic Wordpress framework. I’d expect that after that is installed, you should then be able to import your existing website.
This is so new,
I of course haven’t actually tried this but if you decide to go down this path you should be able to deploy a Wordpress(or most any other) website anywhere on your system. I assume that you have no current experience with nodejs which would likely mean an additional learning curve, but you might find that this is really beneficial for the long term if you develop web content regularly.
No I can’t. My ISP’s message was that it has security risks and that they thus stopped using it (it was somethiing like domain.home/~uname/ it now is uname/home/domain.host/, so all is in the domain path).
I can however imagine that inside a user’s home directory, where (s)he can make all sorts of adaptions like permision changes and links to and from the published files, there is a chance to create security holes.
In any case, it was the reason that I did not advise it to you. But you know your own environment best. When it is purely local to our LAN or even to your system (blocking other access in your apache config and/or your firewall) security assessment will give another result.
OTOH, never forget that most stupid actions breaking your system are self inflicted. So take precautions against your very self. My first advice was based on that.
Of course not. I assume you run the webserver listening on 127.0.0.1 only, like I do. If you run the webserver listening to the whole world, theoretically an intruder could exploit vulnerabilities, but hey.