[horde] Recommended Apache config

Tue Apr 2 14:56:30 UTC 2013

> >> >> Hello,
> >> >>
> >> >> stumbeled the hard way across the need for activated .htaccess and
> >> >> rewrite stuff for Horde/Nag and maybe other parts of Horde. This
> >> >> really makes me wonder if there is some resource which explains what
> >> >> are the recommended/needed webserver features are. In the
> installation
> >> >> docs i have not found anything about this and it looks like older
> >> >> versions of Horde/IMP/Nag haven't need it also.
> >> >> With something around this it is now working but with the below
> quote
> >> >> from the Apache documentation i'm not sure if this is the preferred
> way:
> >> >>
> >> >> <Directory "/var/www/horde">
> >> >>    Options -Indexes -ExecCGI -Includes -MultiViews
> >> >>    AllowOverride FileInfo Limit
> >> >>    Order allow,deny
> >> >>    Allow from all
> >> >> </Directory>
> >> >>
> >> >>
> >> >> Quota from Apache docus regarding .htaccess:
> >> >>
> >> >> You should avoid using .htaccess files completely if you have access
> >> >> to httpd main server config file. Using .htaccess files slows down
> >> >> your Apache http server. Any directive that you can include in a
> >> >> .htaccess file is better set in a Directory block, as it will have the
> >> >> same effect with better performance.
> >> >>
> >> >> So should i try to merge the .htaccess in the main config?
> >> >>
> >> >> Is this documented somwhere?
> >> >
> >> > The only thing which is not mentioned in INSTALL docs is that you
> >> > need mod_rewrite module for the Apache.
> >> >
> >> > Other settings are really out of scope of the install documentation
> >> > because there are too many different webserver configurations out
> >> > there. You cannot prepare to them all. It's up to system
> >> > administrators to know what they are doing.
> >>
> >> If these settings are vital for the working of a application it should
> >> be included in the documentation, even more if it was not necessary
> >> before. If have run all webservers with "AllowOverride None" until now
> >> because i have never needed it. It is common pratice to disable all
> >> unneeded things, so simply blame the admin is lazy to say at least.
> >> With the above argumentation one could also delete the test.php script
> >> and the documentation about enabling PHP.
> >
> > IMHO this goes under the same category as "it is recommended to
> > *not* use root MySQL user but create a separate user and give it
> > access to Horde database". MySQL is a requirement, but configuring
> > and properly securing an environment is totally the job of the
> > administrator. In your case Apache + mod_rewrite is a requirement,
> > but allowing Apache to use .htaccess files is totally different
> > story. It has nothing to do with laziness, it's just simple best
> > practices/know-how every admin should know.
> 
> No, enabling mod_rewrite is *not* sufficient to run the application,
> at least in case of Nag. So it *is* different from the "it works but
> not recommended" case of the MySQL database.
> It should be documented that:
> a.) Horde needs mod_rewrite
> b.) Horde needs the mod_rewrite settings listed in the .htaccess files
> either by enabling .htaccess files or by merging it in the main.config

In such case you could say:

c) Horde needs PHP to have a writable permission on a temporary directory.

or:

d) Horde needs an Operating System to have a firewall with 80 port open.

> > As for the mod_rewrite requirement itself, yes, INSTALL files could
> > be adjusted.
> >
> >> > Regarding .htacess vs httpd.conf file I suppose the documentation
> >> > talks about administration global settings. When settings need to be
> >> > adjusted per application level .htaccess files are the only option
> >> > to have a good out-of-the-box experience. I suggest to *not* try to
> >> > merge them because it is too much work. A) the performance
> >> > difference is negligible, b) they will be recreated on next "pear
> >> > update" anyway, c) you would need to follow .htaccess changes as
> >> > Horde versions progresses and apply them to your configuration.
> >>
> >> That's exactly the kind of pointers which should go to the documentation.
> >
> > Yes, into Apache documentation, or into PEAR management
> documentation :)
> 
> The Apache/PEAR documentation documents the details/possibilities of
> Apache/PEAR. The Horde documentation should document the needs of
> Horde and point to Apache/PEAR docs for the details.
> 
> > This is not Horde specific. Any other web application which needs to
> > use .htaccess files have exactly the same installation issues.
> 
> Of course, but if these web applications are quality ones they list
> the .htaccess requirement...
> 
> Regards
> 
> Andreas
> 
> 
> 
> 
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org