[horde] Recommended Apache config

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Tue Apr 2 14:27:48 UTC 2013 

Zitat von Vilius Šumskas <vilius at lnk.lt>:

>> >> Hello,
>> >>
>> >> stumbeled the hard way across the need for activated .htaccess and
>> >> rewrite stuff for Horde/Nag and maybe other parts of Horde. This
>> >> really makes me wonder if there is some resource which explains what
>> >> are the recommended/needed webserver features are. In the installation
>> >> docs i have not found anything about this and it looks like older
>> >> versions of Horde/IMP/Nag haven't need it also.
>> >> With something around this it is now working but with the below quote
>> >> from the Apache documentation i'm not sure if this is the preferred way:
>> >>
>> >> <Directory "/var/www/horde">
>> >>    Options -Indexes -ExecCGI -Includes -MultiViews
>> >>    AllowOverride FileInfo Limit
>> >>    Order allow,deny
>> >>    Allow from all
>> >> </Directory>
>> >>
>> >>
>> >> Quota from Apache docus regarding .htaccess:
>> >>
>> >> You should avoid using .htaccess files completely if you have access
>> >> to httpd main server config file. Using .htaccess files slows down
>> >> your Apache http server. Any directive that you can include in a
>> >> .htaccess file is better set in a Directory block, as it will have the
>> >> same effect with better performance.
>> >>
>> >> So should i try to merge the .htaccess in the main config?
>> >>
>> >> Is this documented somwhere?
>> >
>> > The only thing which is not mentioned in INSTALL docs is that you
>> > need mod_rewrite module for the Apache.
>> >
>> > Other settings are really out of scope of the install documentation
>> > because there are too many different webserver configurations out
>> > there. You cannot prepare to them all. It's up to system
>> > administrators to know what they are doing.
>>
>> If these settings are vital for the working of a application it should
>> be included in the documentation, even more if it was not necessary
>> before. If have run all webservers with "AllowOverride None" until now
>> because i have never needed it. It is common pratice to disable all
>> unneeded things, so simply blame the admin is lazy to say at least.
>> With the above argumentation one could also delete the test.php script
>> and the documentation about enabling PHP.
>
> IMHO this goes under the same category as "it is recommended to  
> *not* use root MySQL user but create a separate user and give it  
> access to Horde database". MySQL is a requirement, but configuring  
> and properly securing an environment is totally the job of the  
> administrator. In your case Apache + mod_rewrite is a requirement,  
> but allowing Apache to use .htaccess files is totally different  
> story. It has nothing to do with laziness, it's just simple best  
> practices/know-how every admin should know.

No, enabling mod_rewrite is *not* sufficient to run the application,  
at least in case of Nag. So it *is* different from the "it works but  
not recommended" case of the MySQL database.
It should be documented that:
a.) Horde needs mod_rewrite
b.) Horde needs the mod_rewrite settings listed in the .htaccess files  
either by enabling .htaccess files or by merging it in the main.config

> As for the mod_rewrite requirement itself, yes, INSTALL files could  
> be adjusted.
>
>> > Regarding .htacess vs httpd.conf file I suppose the documentation
>> > talks about administration global settings. When settings need to be
>> > adjusted per application level .htaccess files are the only option
>> > to have a good out-of-the-box experience. I suggest to *not* try to
>> > merge them because it is too much work. A) the performance
>> > difference is negligible, b) they will be recreated on next "pear
>> > update" anyway, c) you would need to follow .htaccess changes as
>> > Horde versions progresses and apply them to your configuration.
>>
>> That's exactly the kind of pointers which should go to the documentation.
>
> Yes, into Apache documentation, or into PEAR management documentation :)

The Apache/PEAR documentation documents the details/possibilities of  
Apache/PEAR. The Horde documentation should document the needs of  
Horde and point to Apache/PEAR docs for the details.

> This is not Horde specific. Any other web application which needs to  
> use .htaccess files have exactly the same installation issues.

Of course, but if these web applications are quality ones they list  
the .htaccess requirement...

Regards

Andreas

More information about the horde mailing list