Patrick O'Callaghan wrote: > On Fri, 2025-05-30 at 17:11 -0700, Samuel Sieb wrote: >> On 5/30/25 3:19 AM, Tim via users wrote: >>> On Thu, 2025-05-29 at 20:05 -0400, Jeffrey Walton wrote: >>>> Also see <https://docs.fedoraproject.org/en-US/fedora-server/services/httpd-basic-setup/> >>>> and the section, "Configure a Virtual Host for the domain". >>> >>> When following such instructions, you have to be careful about the >>> choice of where you put virtually hosted sites. If you do decide to >>> make sub-directories inside /var/www/html (as some advocate, and is >>> mentioned in that linked page) you have to make sure that nobody >>> connecting to the IP of the server can simply append the filepath used >>> by the site to the IP address, and bypass any security restrictions. >> >> That page doesn't suggest using /var/www/html. It suggests >> /var/www/<sitename>, but recommends using /srv. I've always used >> directories under /var/www because it's a lot easier and doesn't require >> any selinux modifications. > > I wanted to have a large Calibre database under /var/www but on a > separate drive with a symlink. I was constantly impeded by SElinux > until I used a bind mount, which solved the problem (I know semanage > and restorecon would also work). To expand on that for the benefit of others who may not know how to use semange and restorecon in a case like this, the *_selinux man pages often contain useful information. In this case, that is in httpd_selinux(8). It is relatively long, but in the FILE CONTEXTS section it mentions how to configure things if you want httpd to serve files from an alternate location: httpd policy stores data with multiple different file context types under the /var/www directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv directory you would execute the following command: semanage fcontext -a -e /var/www /srv/www restorecon -R -v /srv/www The *_selinux man pages for services which are part of selinux-policy are provided by selinux-policy-doc. -- Todd
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
