On 10.03.2015 0:50, Francis Daly wrote:
even more, redmine documentation:
http://www.redmine.org/projects/redmine/wiki/HowTo_install_Redmine_on_CentOS_5
RECOMMENDS to install redmine into /var/www/redmine
see: "Configure /var/www/redmine/config/database.yml"
Yes, that url shows redmine installed to /var/www/redmine.
In that case, the nginx "root" should be /var/www/redmine/public.
http://wiki.nginx.org/Redmine now fixed and provides correct info.
Perhaps it will be useful for someone to note that the "root" directive
value in nginx must be the root directory of the redmine web content,
which is the "public" directory of the redmine distribution. That appears
not to have been clear on the nginx wiki page.
Current nginx redmine config example at wiki is more safe, because
even in case of "ln -s /var/lib/redmine/public /var/www/redmine"
and "root /var/www/redmine/public;" in the nginx config
- all should work fine, without any security vulnerabilities.
And Debian users probably easy can guess what
they should replace "root /var/www/redmine/public;"
with "root /var/www/redmine;" because /var/www/redmine
is symlink to /var/lib/redmine/public in their install.
redmine documentation at redmine site recomments install
entire redmine into /var/www/redmine directory, not only public content.
The redmine installation instructions are something that the redmine
people might be interested in making more consistent.
May be this is Debian-way, make symlinks to only "static" files
inside /var/www ? And all other services in Debian configured
in the same way? So redmine can't break Debian packaging rules?
And all other UNIX-like OS and distros do not have such requirements
about creating such useless and potentially dangerous symlinks?
Dangerous, - if nginx configured with "disable_symlinks on;"
--
Best regards,
Gena
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
