Patrick O'Callaghan wrote: > On Fri, 2025-05-30 at 17:11 -0700, Samuel Sieb wrote: >> On 5/30/25 3:19 AM, Tim via users wrote: >>> On Thu, 2025-05-29 at 20:05 -0400, Jeffrey Walton wrote: >>>> Also see >>>> <https://docs.fedoraproject.org/en-US/fedora-server/services/httpd-basic-setup/> >>>> and the section, "Configure a Virtual Host for the domain". >>> >>> When following such instructions, you have to be careful about the >>> choice of where you put virtually hosted sites. If you do decide to >>> make sub-directories inside /var/www/html (as some advocate, and is >>> mentioned in that linked page) you have to make sure that nobody >>> connecting to the IP of the server can simply append the filepath used >>> by the site to the IP address, and bypass any security restrictions. >> >> That page doesn't suggest using /var/www/html. It suggests >> /var/www/<sitename>, but recommends using /srv. I've always used >> directories under /var/www because it's a lot easier and doesn't require >> any selinux modifications. > > I wanted to have a large Calibre database under /var/www but on a > separate drive with a symlink. I was constantly impeded by SElinux > until I used a bind mount, which solved the problem (I know semanage > and restorecon would also work).
To expand on that for the benefit of others who may not know
how to use semange and restorecon in a case like this, the
*_selinux man pages often contain useful information. In
this case, that is in httpd_selinux(8).
It is relatively long, but in the FILE CONTEXTS section it
mentions how to configure things if you want httpd to serve
files from an alternate location:
httpd policy stores data with multiple different file context
types under the /var/www directory. If you would like to store
the data in a different directory you can use the semanage
command to create an equivalence mapping. If you wanted to store
this data under the /srv directory you would execute the
following command:
semanage fcontext -a -e /var/www /srv/www
restorecon -R -v /srv/www
The *_selinux man pages for services which are part of
selinux-policy are provided by selinux-policy-doc.
--
Todd
signature.asc
Description: PGP signature
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
