Apache: Allow connection to storage server?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by xper, Aug 4, 2010.

  1. macrumors 6502

    xper

    Joined:
    Dec 15, 2005
    Location:
    Sweden - Halmstad
    #1
    Hi!

    I thought this would be a piece of cake actually but it seems i was wrong, i want to use my Mac Mini Server as a webserver (like i do now) but use a freeNAS server as my storage server for static file with my Mac Mini Server.

    The problem is that Apache seems to block all connection to a server or storage for that matter, only folders on its on harddrive seems to be allowed.
    If i choose to store documentroot on my other Mac Mini Server it instantly generates a Apache 403 error document.

    What have i missed?
     
  2. macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #2
    you will most likely have to enable "Others" to have read and/or write permissions to your home drive - which is not recommended at all, i have no problems sharing files to friends via apache. i have created a folder and shared it.

    if you are using client OSX, you generally only can share /Library/Web Documents/Documents/ - that is where the default mount point is for websites etc, if you have OSX Server you can manually specify (im sure you can change this using Terminal too).
     
  3. thread starter macrumors 6502

    xper

    Joined:
    Dec 15, 2005
    Location:
    Sweden - Halmstad
    #3
    Maybe i missunderstood you now but it is the Webserver (Mac minis) that should connect to the storage server (freeNAS), not the other way around.

    To clarify, i want the Mac Mini Server to act as the webserver, as it does now, and store all the files a user upload on my storage server.
     
  4. macrumors 601

    Joined:
    Aug 15, 2005
    #4
    Whatever directory you mount the NAS under must have the correct permissions for Apache to access it. You can see what user and group Apache uses by examining the User and Group attributes in the httpd.conf file.
     
  5. thread starter macrumors 6502

    xper

    Joined:
    Dec 15, 2005
    Location:
    Sweden - Halmstad
    #5
    Yes ofcourse, thank you ;)

    It´s always the small details that i always miss

    Easiest way for me was to change user/group in the conf to admin/admin, any security risk to have it that simple? That pretty much auto permission to all folders on every computer i own, easy enough if its not a security issue

    Edit:

    I basically got it to work now but my php file upload script is pointing to /media/ but it still uploads the files to my document root, but when navigate to /media/ with the browser i end up on the freeNAS storage instead so the Alias is working but it doesnt upload the file to it. I have to manually move the uploaded files to my freeNAS folder and then the image works on the homepage

    My virtual host looks like this:

    Code:
    Alias "/media/" "/Volumes/Storage-1/www/synix/"
    	ServerName [url]www.synix.se:80[/url]
    	DocumentRoot "/Users/admin/Sites/Synix/sv"
    	<Directory "/Users/admin/Sites/Synix/sv">
    		Allow from all
    		<IfModule mod_dav.c>
    			DAV Off
    		</IfModule>
    		AllowOverride All
    		Options +FollowSymLinks +ExecCGI +Indexes +Includes
    		Order allow,deny
    	</Directory>
    	<Directory "/Volumes/Storage-1/www/synix/">
    		Allow from all
    		<IfModule mod_dav.c>
    			DAV Off
    		</IfModule>
    		AllowOverride All
    		Options +FollowSymLinks +ExecCGI +Indexes +Includes
    		Order allow,deny
    	</Directory>
    
     
  6. macrumors 601

    Joined:
    Aug 15, 2005
    #6
    You don't want to set the user/group to admin:admin. Any visitor of your web site only has to make a small exploit and they could own the machine and all data. It's just not wise.

    For the upload, your PHP script is the culprit. It has to upload the file to /media instead of /. You verified this by browsing to /media and seeing the files, so that proves the httpd.conf is correct. Additionally, the daemon doesn't control what the PHP script does in respect to where uploads are occurring. That's all done within the script itself.

    Also, you should restrict the permissions on those Apache directories:

    Code:
    Options +FollowSymLinks +ExecCGI +Indexes +Includes
    That's just asking for trouble.
     
  7. thread starter macrumors 6502

    xper

    Joined:
    Dec 15, 2005
    Location:
    Sweden - Halmstad
    #7
    Ah ok thanks, i will fix those security issues as soon as possible, just want to make the uploads works properly first.

    Well, i can navigate to the /media/ folder in the browser, no problem, and the PHP upload script is set to use the folder /media/ but instead of it following the alias and directory it creates a new /media/ folder in the root every time i make an upload, i am not good at Apache as you notice but shouldnt it use the new path for /media/ now?
     
  8. macrumors 601

    Joined:
    Aug 15, 2005
    #8
    If the PHP script is using the directory path (not the URL path), then you'd need to specify the full filesystem path in your script:

    Code:
    /Volumes/Storage-1/www/synix/
     
  9. thread starter macrumors 6502

    xper

    Joined:
    Dec 15, 2005
    Location:
    Sweden - Halmstad
    #9
    Forgive me, the symlink i made wasnt correct so obviously it didnt work, i could use the code you provided but this platform is made to work on various server setups so it would break on those system.

    Also, the php script can fetch its own URL base so subdomains could be used, pretty great because the webserver is almost down at idle now, pretty nice performance boost.

    Thanks for all your help ;)
     

Share This Page