Re: [Qgis-user] Deployment scenarios of QGIS Server projects?
Hi Axel, I am adding the Apache rewriting rule (originally written by Pirmin Kalberer, Sourcepole) that I use: RewriteRule ^/ows/(.+)$ /cgi-bin/qgis_mapserv.fcgi?map=/home/qgis/$1.qgs [QSA,PT,L] Examples: URL https://yourserver.org/ows/katasterplan would map to https://yourserver.org/cgi-bin/qgis_mapserv.fcgi?map=/home/qgis/katasterplan.qgs URL https://yourserver.org/ows/naturschutzgebiete would map to https://yourserver.org/cgi-bin/qgis_mapserv.fcgi?map=/home/qgis/naturschutzgebiete.qgs URL https://yourserver.org/ows/basisplaene/uebersichtsplan would map to https://yourserver.org/cgi-bin/qgis_mapserv.fcgi?map=/home/qgis/basisplaene/uebersichtsplan.qgs The third example uses an additional folder, for additional structuring. /ows/ stands for OGC web services (WMS/WFS/WCS), as QGIS is not only a WMS server. You could have separate folders with separate rules for password-protected services. Hope this helps, Andreas On 2017-10-05 11:01, Andreas Neumann wrote: > Hi Axel, > > You don't need these symbolic links. They are unnecessary. > > It is also bad (security wise) to copy or link .qgs file into a directory > that is reachable on the web - be it in a regular web directory or in a CGI > directory. > > What I do is: > > * .qgs Files reside in a path NOT REACHABLE by a webbrowser. This is > important, as .qgs files contains sensitive information about datasource you > don't want to reveal to the public. An example path is /home/xyz > * Use Postgis databases as a datasource (preferably use service name > definitions and no hardcoded server/port/db combinations) > * scp the .qgs files to the server (or if it is on the same LAN you can use > SAMBA and a Windows network share) > * Make sure the directory where the .qgs files reside can be read (not > written) by the user that is used by the web-server (on Ubuntu: www-data) > * Copy SVG files or images needed by a QGIS layout or QGIS symbology if > necessary either to the central svg directory or into the directory of the > project > * In Apache (this has to be done by the sysadmin) I create Apache rewrite > rules to hide the actual path where the .qgs files reside. > > There are plugins around for QGIS cloud or Lizmap that ease the deployment > for the user. They take care about copying the .qgs file and necessary linked > resources to the server. You may want to have a look at these plugins to see > what they do. > > Hope this helps a bit, > > Definitely you don't need any symbolic links. > > Andreas > > On 2017-10-05 10:03, Axel Schaefer wrote: > >> Hi. >> >> How do you deploy your QGIS Server projects from your desktop to the server? >> Let's collect the possibilities. This should not deal directly with the >> installation but the deployment of your projects between two different >> machines (QGIS Desktop client-machine and QGIS Server server-machine). >> >> Background: Out of some talks, I know that there are some possiblities to >> get your QGIS qgs-files to the server and to let for example Apache do some >> work to facilitate an easy way. People are doing that in different ways, and >> I would like to know how. And it seems like all the ways provide a good >> mechanism to distinguish between the GIS-expert doing the work on the QGIS >> project and the sysadmin. >> >> First way, the easy way: >> >> What I'm presenting right now is Level 1 and follows the way Anita Graser >> has described in her blog for Ubuntu: >> https://anitagraser.com/2012/03/30/qgis-server-on-ubuntu-step-by-step/ in >> Chapter "Adding a QGIS project file". >> >> After the installation I have the directory "/usr/lib/cgi-bin" with the 2 >> files qgis_mapserv.fcgi and wms_metadata.xml. For every new project (in this >> example called "bonn") I do the following steps. >> >> 1.) Create a directory in /usr/lib/cgi-bin called "bonn": >> /usr/lib/cgi-bin/bonn. >> >> 2.) Make two symbolic links: First to the "qgis_mapserv.fcgi" file and >> second to the "wms_metadata.xml" file. >> >> $ /usr/lib/cgi-bin/bonn % sudo ln -s ../qgis_mapserv.fcgi >> $ /usr/lib/cgi-bin/bonn % sudo ln -s ../wms_metadata.xml >> $ /usr/lib/cgi-bin/bonn % ls >> qgis_mapserv.fcgi wms_metadata.xml >> $ /usr/lib/cgi-bin/bonn % >> >> 3.) I create a third symbolic link to the QGIS-Project-file. But that >> resides in my home-directory. >> >> $ /usr/lib/cgi-bin/bonn % sudo ln -s ~/qgisserver/bonn/bonn.qgs >> $ /usr/lib/cgi-bin/bonn % ls -l >> lrwxrwxrwx 1 root root 40 Sep 27 09:43 bonn.qgs -> >> /home/aschaefer/qgisserver/bonn/bonn.qgs >> lrwxrwxrwx 1 root root 20 Sep 27 09:38 qgis_mapserv.fcgi -> >> ../qgis_mapserv.fcgi >> lrwxrwxrwx 1 root root 19 Sep 27 09:38 wms_metadata.xml -> >> ../wms_metadata.xml >> $ /usr/lib/cgi-bin/bonn % >> >> The interesting part is the last one. I can handle my qgis-files in my own >> home directory. All I have to do is to call the admin to a) create the >> directory, b) create the two symbolic links to the u
Re: [Qgis-user] Deployment scenarios of QGIS Server projects?
Hello Axel, thank you for this topic. I can imagine a talk at the upcoming FOSSGIS [1], at least I'd attend it :) In the past I had to deal with how to deploy a project to QGis server. Here is they way I came up with: At first, the server and all work stations are setup with fixed paths for a) the QGis project files b) Symbology files (svg, png) c) pg_service.conf file for database connection All changes to QGis project files and symbology files at the work stations are synchronized to the server via the users using ssh connection. The webserver is setup so that in the URL only the path and file name needs to change https://my-qgis.maps/cgi-bin/qgis_mapserv.fcgi?...MAP=/path/to/qgis-file... The users can deploy the files themselves. Including the risk of mistakes like missing files, using absolute path instead of relative ones, using non-local layer sources etc. This is covered by training the users. Some tasks might be automated in the future. With this setup, the user can create a WMS/WFS by its own. But this services are only used internally. For including the services in public web applications, MapProxy is used. Here is a script monitoring changes in the directories and generating the MapProxy configuration. This part is fully automated and can also be triggered by the user. Since some tasks might to run a long time (e.g. setting up or reseeding a cache), you probably want a (super)user be able to trigger it at a convenient time. The QGis files and directory are following a name scheme. This was necessary for generating MapProxy config. The goal was to let the users create map services without calling a administrator. Of course there a some special cases, but the majority of cases can be handled by every user. Enhancements to this setup could be to using e.g. git repository to store the QGis files. Tests and signaling would also be very useful. Best wishes, Lars [1] https://www.fossgis-konferenz.de/2018/callforpapers/ ___ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
Re: [Qgis-user] Deployment scenarios of QGIS Server projects?
Hi, You can also add this in Apache configuration to avoid qgs file access by Apache : Require all denied Nicolas Le 05/10/2017 à 11:01, Andreas Neumann a écrit : Hi Axel, You don't need these symbolic links. They are unnecessary. It is also bad (security wise) to copy or link .qgs file into a directory that is reachable on the web - be it in a regular web directory or in a CGI directory. What I do is: * .qgs Files reside in a path NOT REACHABLE by a webbrowser. This is important, as .qgs files contains sensitive information about datasource you don't want to reveal to the public. An example path is /home/xyz * Use Postgis databases as a datasource (preferably use service name definitions and no hardcoded server/port/db combinations) * scp the .qgs files to the server (or if it is on the same LAN you can use SAMBA and a Windows network share) * Make sure the directory where the .qgs files reside can be read (not written) by the user that is used by the web-server (on Ubuntu: www-data) * Copy SVG files or images needed by a QGIS layout or QGIS symbology if necessary either to the central svg directory or into the directory of the project * In Apache (this has to be done by the sysadmin) I create Apache rewrite rules to hide the actual path where the .qgs files reside. There are plugins around for QGIS cloud or Lizmap that ease the deployment for the user. They take care about copying the .qgs file and necessary linked resources to the server. You may want to have a look at these plugins to see what they do. Hope this helps a bit, Definitely you don't need any symbolic links. Andreas On 2017-10-05 10:03, Axel Schaefer wrote: Hi. How do you deploy your QGIS Server projects from your desktop to the server? Let's collect the possibilities. This should not deal directly with the installation but the deployment of your projects between two different machines (QGIS Desktop client-machine and QGIS Server server-machine). Background: Out of some talks, I know that there are some possiblities to get your QGIS qgs-files to the server and to let for example Apache do some work to facilitate an easy way. People are doing that in different ways, and I would like to know how. And it seems like all the ways provide a good mechanism to distinguish between the GIS-expert doing the work on the QGIS project and the sysadmin. First way, the easy way: What I'm presenting right now is Level 1 and follows the way Anita Graser has described in her blog for Ubuntu: https://anitagraser.com/2012/03/30/qgis-server-on-ubuntu-step-by-step/ in Chapter "Adding a QGIS project file". After the installation I have the directory "/usr/lib/cgi-bin" with the 2 files qgis_mapserv.fcgi and wms_metadata.xml. For every new project (in this example called "bonn") I do the following steps. 1.) Create a directory in /usr/lib/cgi-bin called "bonn": /usr/lib/cgi-bin/bonn. 2.) Make two symbolic links: First to the "qgis_mapserv.fcgi" file and second to the "wms_metadata.xml" file. $ /usr/lib/cgi-bin/bonn % sudo ln -s ../qgis_mapserv.fcgi $ /usr/lib/cgi-bin/bonn % sudo ln -s ../wms_metadata.xml $ /usr/lib/cgi-bin/bonn % ls qgis_mapserv.fcgi wms_metadata.xml $ /usr/lib/cgi-bin/bonn % 3.) I create a third symbolic link to the QGIS-Project-file. But that resides in my home-directory. $ /usr/lib/cgi-bin/bonn % sudo ln -s ~/qgisserver/bonn/bonn.qgs $ /usr/lib/cgi-bin/bonn % ls -l lrwxrwxrwx 1 root root 40 Sep 27 09:43 bonn.qgs -> /home/aschaefer/qgisserver/bonn/bonn.qgs lrwxrwxrwx 1 root root 20 Sep 27 09:38 qgis_mapserv.fcgi -> ../qgis_mapserv.fcgi lrwxrwxrwx 1 root root 19 Sep 27 09:38 wms_metadata.xml -> ../wms_metadata.xml $ /usr/lib/cgi-bin/bonn % The interesting part is the last one. I can handle my qgis-files in my own home directory. All I have to do is to call the admin to a) create the directory, b) create the two symbolic links to the upper directory content and c) create the symbolic link to my project in my home. If I chnage the qgs file, the content of the service has changed. How do I update the content of the qgs-file? In this case via scp or some similar technique. I have to copy the file to the server. I do it in the beginning, call my admin to do his 3 steps and after that I can update my file. URL to access the WMS: http://localhost/cgi-bin/bonn/qgis_mapserv.fcgi?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetCapabilities Basic condition: I use a central database for my geodata and don't hassle with local files. Advantage: Quick and easy and clearly to arrange. Work of GIS-expert can be done without work of admin. Disadvantage: Still communication and work to do. Might be sufficient for small departments with good communication between GIS guy and admin guy. The URL goes directly to the qgis_mapserv.fcgi file. So, how do you do it? Do you use rewrites to hide the unneccess
Re: [Qgis-user] Deployment scenarios of QGIS Server projects?
Hi Axel, You don't need these symbolic links. They are unnecessary. It is also bad (security wise) to copy or link .qgs file into a directory that is reachable on the web - be it in a regular web directory or in a CGI directory. What I do is: * .qgs Files reside in a path NOT REACHABLE by a webbrowser. This is important, as .qgs files contains sensitive information about datasource you don't want to reveal to the public. An example path is /home/xyz * Use Postgis databases as a datasource (preferably use service name definitions and no hardcoded server/port/db combinations) * scp the .qgs files to the server (or if it is on the same LAN you can use SAMBA and a Windows network share) * Make sure the directory where the .qgs files reside can be read (not written) by the user that is used by the web-server (on Ubuntu: www-data) * Copy SVG files or images needed by a QGIS layout or QGIS symbology if necessary either to the central svg directory or into the directory of the project * In Apache (this has to be done by the sysadmin) I create Apache rewrite rules to hide the actual path where the .qgs files reside. There are plugins around for QGIS cloud or Lizmap that ease the deployment for the user. They take care about copying the .qgs file and necessary linked resources to the server. You may want to have a look at these plugins to see what they do. Hope this helps a bit, Definitely you don't need any symbolic links. Andreas On 2017-10-05 10:03, Axel Schaefer wrote: > Hi. > > How do you deploy your QGIS Server projects from your desktop to the server? > Let's collect the possibilities. This should not deal directly with the > installation but the deployment of your projects between two different > machines (QGIS Desktop client-machine and QGIS Server server-machine). > > Background: Out of some talks, I know that there are some possiblities to get > your QGIS qgs-files to the server and to let for example Apache do some work > to facilitate an easy way. People are doing that in different ways, and I > would like to know how. And it seems like all the ways provide a good > mechanism to distinguish between the GIS-expert doing the work on the QGIS > project and the sysadmin. > > First way, the easy way: > > What I'm presenting right now is Level 1 and follows the way Anita Graser has > described in her blog for Ubuntu: > https://anitagraser.com/2012/03/30/qgis-server-on-ubuntu-step-by-step/ in > Chapter "Adding a QGIS project file". > > After the installation I have the directory "/usr/lib/cgi-bin" with the 2 > files qgis_mapserv.fcgi and wms_metadata.xml. For every new project (in this > example called "bonn") I do the following steps. > > 1.) Create a directory in /usr/lib/cgi-bin called "bonn": > /usr/lib/cgi-bin/bonn. > > 2.) Make two symbolic links: First to the "qgis_mapserv.fcgi" file and second > to the "wms_metadata.xml" file. > > $ /usr/lib/cgi-bin/bonn % sudo ln -s ../qgis_mapserv.fcgi > $ /usr/lib/cgi-bin/bonn % sudo ln -s ../wms_metadata.xml > $ /usr/lib/cgi-bin/bonn % ls > qgis_mapserv.fcgi wms_metadata.xml > $ /usr/lib/cgi-bin/bonn % > > 3.) I create a third symbolic link to the QGIS-Project-file. But that resides > in my home-directory. > > $ /usr/lib/cgi-bin/bonn % sudo ln -s ~/qgisserver/bonn/bonn.qgs > $ /usr/lib/cgi-bin/bonn % ls -l > lrwxrwxrwx 1 root root 40 Sep 27 09:43 bonn.qgs -> > /home/aschaefer/qgisserver/bonn/bonn.qgs > lrwxrwxrwx 1 root root 20 Sep 27 09:38 qgis_mapserv.fcgi -> > ../qgis_mapserv.fcgi > lrwxrwxrwx 1 root root 19 Sep 27 09:38 wms_metadata.xml -> ../wms_metadata.xml > $ /usr/lib/cgi-bin/bonn % > > The interesting part is the last one. I can handle my qgis-files in my own > home directory. All I have to do is to call the admin to a) create the > directory, b) create the two symbolic links to the upper directory content > and c) create the symbolic link to my project in my home. If I chnage the qgs > file, the content of the service has changed. > > How do I update the content of the qgs-file? In this case via scp or some > similar technique. I have to copy the file to the server. I do it in the > beginning, call my admin to do his 3 steps and after that I can update my > file. > > URL to access the WMS: > http://localhost/cgi-bin/bonn/qgis_mapserv.fcgi?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetCapabilities > > Basic condition: I use a central database for my geodata and don't hassle > with local files. > > Advantage: Quick and easy and clearly to arrange. Work of GIS-expert can be > done without work of admin. > > Disadvantage: Still communication and work to do. Might be sufficient for > small departments with good communication between GIS guy and admin guy. The > URL goes directly to the qgis_mapserv.fcgi file. > > So, how do you do it? Do you use rewrites to hide the unneccessary stuff from > the URL and to make it look nicer? Do you use automatisms? > > B
[Qgis-user] Deployment scenarios of QGIS Server projects?
Hi. How do you deploy your QGIS Server projects from your desktop to the server? Let's collect the possibilities. This should not deal directly with the installation but the deployment of your projects between two different machines (QGIS Desktop client-machine and QGIS Server server-machine). Background: Out of some talks, I know that there are some possiblities to get your QGIS qgs-files to the server and to let for example Apache do some work to facilitate an easy way. People are doing that in different ways, and I would like to know how. And it seems like all the ways provide a good mechanism to distinguish between the GIS-expert doing the work on the QGIS project and the sysadmin. First way, the easy way: What I'm presenting right now is Level 1 and follows the way Anita Graser has described in her blog for Ubuntu: https://anitagraser.com/2012/03/30/qgis-server-on-ubuntu-step-by-step/ in Chapter "Adding a QGIS project file". After the installation I have the directory "/usr/lib/cgi-bin" with the 2 files qgis_mapserv.fcgi and wms_metadata.xml. For every new project (in this example called "bonn") I do the following steps. 1.) Create a directory in /usr/lib/cgi-bin called "bonn": /usr/lib/cgi-bin/bonn. 2.) Make two symbolic links: First to the "qgis_mapserv.fcgi" file and second to the "wms_metadata.xml" file. $ /usr/lib/cgi-bin/bonn % sudo ln -s ../qgis_mapserv.fcgi $ /usr/lib/cgi-bin/bonn % sudo ln -s ../wms_metadata.xml $ /usr/lib/cgi-bin/bonn % ls qgis_mapserv.fcgi wms_metadata.xml $ /usr/lib/cgi-bin/bonn % 3.) I create a third symbolic link to the QGIS-Project-file. But that resides in my home-directory. $ /usr/lib/cgi-bin/bonn % sudo ln -s ~/qgisserver/bonn/bonn.qgs $ /usr/lib/cgi-bin/bonn % ls -l lrwxrwxrwx 1 root root 40 Sep 27 09:43 bonn.qgs -> /home/aschaefer/qgisserver/bonn/bonn.qgs lrwxrwxrwx 1 root root 20 Sep 27 09:38 qgis_mapserv.fcgi -> ../qgis_mapserv.fcgi lrwxrwxrwx 1 root root 19 Sep 27 09:38 wms_metadata.xml -> ../wms_metadata.xml $ /usr/lib/cgi-bin/bonn % The interesting part is the last one. I can handle my qgis-files in my own home directory. All I have to do is to call the admin to a) create the directory, b) create the two symbolic links to the upper directory content and c) create the symbolic link to my project in my home. If I chnage the qgs file, the content of the service has changed. How do I update the content of the qgs-file? In this case via scp or some similar technique. I have to copy the file to the server. I do it in the beginning, call my admin to do his 3 steps and after that I can update my file. URL to access the WMS: http://localhost/cgi-bin/bonn/qgis_mapserv.fcgi?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetCapabilities Basic condition: I use a central database for my geodata and don't hassle with local files. Advantage: Quick and easy and clearly to arrange. Work of GIS-expert can be done without work of admin. Disadvantage: Still communication and work to do. Might be sufficient for small departments with good communication between GIS guy and admin guy. The URL goes directly to the qgis_mapserv.fcgi file. So, how do you do it? Do you use rewrites to hide the unneccessary stuff from the URL and to make it look nicer? Do you use automatisms? Best regards Axel -- Axel Schaefer WhereGroup GmbH & Co. KG Eifelstraße 7 53119 Bonn Germany Fon: +49 (0)228 / 90 90 38 - 23 Fax: +49 (0)228 / 90 90 38 - 11 axel.schae...@wheregroup.com www.wheregroup.com | www.mapbender.org | www.meldemax.com Amtsgericht Bonn, HRA 6788 --- Komplementärin: WhereGroup Verwaltungs GmbH vertreten durch: Olaf Knopp, Peter Stamm --- ___ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user