Open vipcxj opened 3 years ago
The default storage path for Apache on CentOS is /var/www/html
. A link to https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout could be included in the documentation.
Some web servers run as www-data. Web content should not be owned by this user, or a compromised web server would be able to rewrite a web site.
www-data is the user that web servers on Ubuntu (Apache, nginx, for example) use by default for normal operation. The web server process can access any file that www-data can access. It has no other importance.
(source)
On many (not all) distributions, www-data is the user under which the Apache web server runs. This also means that everything done by Apache (especially including PHP scripts) will be done with the permissions of user www-data (and also group www-data) by default.
(source)
My guess with nginx you will find the user in /etc/nginx/nginx.conf user nginx;
(but have never tested on centos) Then, make sure that the current user and the web user (“nginx”) are allowed to access your app by giving them permissions.
After google,I found in the centos, apache is the replacement. However, there is neither no apache use on my centos server . In the end, I just use the root user.
Some web servers run as www-data. Web content should not be owned by this user, or a compromised web server would be able to rewrite a web site. www-data is the user that web servers on Ubuntu (Apache, nginx, for example) use by default for normal operation. The web server process can access any file that www-data can access. It has no other importance.
(source)
On many (not all) distributions, www-data is the user under which the Apache web server runs. This also means that everything done by Apache (especially including PHP scripts) will be done with the permissions of user www-data (and also group www-data) by default.
(source)
My guess with nginx you will find the user in /etc/nginx/nginx.conf
user nginx;
(but have never tested on centos) Then, make sure that the current user and the web user (“nginx”) are allowed to access your app by giving them permissions.
It seems that www-data is used as a group in the document. The document seems said a user called geonode should be create, and add it to www-data group. I am installing the geonode by docker. I think since all web server is in the docker containers, why we need create a user in the host server?
If you do use docker than it's a different story. Be aware of rootless docker mode. https://docs.docker.com/engine/security/rootless/
@t-book The document said A geonode user should be created and add to docker and www-data group in the docker install part. I want to know is it a necessory step? For adding user to docker group, I see it in many docker configure tutorials. But why www-data is also need?
Hi @vipcxj no I do not see a need that you host user is added to www-data. However I would strongly suggest getting familiar with permissions of users and groups further to visit the docker docs section regarding running Docker in production:
I've never used centos but these steps should cover all you need:
1) https://docs.geonode.org/en/master/install/basic/index.html#id2 2) https://docs.geonode.org/en/master/install/basic/index.html#create-an-instance-of-your-geonode-project 3) https://docs.geonode.org/en/master/install/basic/index.html#startup-the-containers
None of them asks you to deal with www-data
We're always looking for helping hands for improving the docs. If you like to sharpen the setup for centos and docker a PR is very welcome!
@t-book I successfully install the geonode using docker. But I install it using the root user, so most permission Issue will not be problem. I don't sure whether it should be documented.
@vipcxj Just 3 things:
127.0.0.1:5432:5432
Also take a look at the rabbitmq ports. None of them needs to be public! (all these should be setup in your firewall f.e. UFW)
There are many times the
www-data
is mentioned in the document, but it does not exist in the centos. So many commands in the document are not able to invoked in centos.