On 12/15/20 12:39 PM, Neal Gompa wrote:
On Tue, Dec 15, 2020 at 3:42 AM Ralf Lang <lang@b1-systems.de> wrote:
We had the argument for and against /srv/www for several years. I don't really feel any side of the argument is superior. We should settle for one or the other and work out the details on how to implement it and document that, not go back to the general question time and again.
Using /srv in packages breaks their usability for MicroOS setups (e.g. openSUSE MicroOS web app appliance images, etc.). So it is strongly discouraged that applications install files into /srv.
I'd even argue that PHP applications should be configured to always run under control of php-fpm listening on a Unix domain socket. Benefits: - no need to install or alias the app into web server's document root - better process isolation - separate systemd units - privilege separation with separate system accounts, especially dir/files writeable by PHP application - no limitation to run with apache2-prefork - easier migration to nginx - separation of AppArmor profiles Caveat: - one needs to use mod_proxy_fcgi, but this is in standard packages nowadays I expect real PHP experts to come up with some more advantages and disadvantes. AFAICS darix already started some work in this direction in his OBS home repo: https://build.opensuse.org/package/show/home:darix:apps/roundcubemail https://build.opensuse.org/package/show/home:darix:apps/nextcloud BTW: darix seems to already package the Nextcloud apps, so no need to grant nextcloud write access to apps directory. Cool. Ciao, Michael.