-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insufficient description how to configure AllowOverride directive for Apache configuration #1224
Comments
Updated formats and steps for MAGECLOUD-1048
I have found this AllowOverride directive for I got an error 500 due to |
Hi @sgnsajgon, would you be willing to create a PR with this information for the page? |
@osrecio, is this something you could help us with? |
For sure. Now I'm at MM18DE. I will check on Thursday. |
Hi @osrecio, can you take a look at this this week? |
I tested the config from @sgnsajgon and seems to be ok. I compared with other projects in production with Apache and is so similar. I will create a PR to add the advices I think is a good idea to have a guideline if is your first time with Magento and Apache configuration. IMHO the Apache configuration depends at all of your environment although it is true that we can have a "standard". |
Thanks @osrecio! |
Hey @osrecio @jeff-matthews - Was there a PR created for this work? I don't notice one referenced here. Let us know so we can update this to be accurate! |
@osrecio Is this still In Progress? |
We haven't heard from you regarding this issue in two weeks or more. Due to inactivity, we are closing this issue. If you have further comments and feedback, please create a new issue. Thanks for taking the time to create a GitHub issue for docs improvement! |
Your documentation is still horribly lacking. I hope the guidance I found here helps me. This should not have been a closed thread without having acted on the suggestion and updated the documentation as suggested or explained why that is not a good thing to be done. JMO |
Feedback on page: /guides/v2.1/install-gde/prereq/apache.html
Aforementioned page is aimed to explain how to enable Apache 2.2 and 2.4 Rewrites module and specify a setting for the distributed configuration file, .htaccess. In fact, presented explanation is insufficient and superficial, because does not concern the heart of the matter, namely how to setup AllowOverride directive of site configuration. It merely forces reader to see the guidelines in the Apache documentation. In my opinion, this page should precisely show how Apache configuration for Magento has to be setup. It is likely that user would have to spend some time to find proper configuration using "trials and errors" approach, or would be discouraged to find a solution on her/his own and would configure it as "AllowOverride All", what is probably not a good idea due to security concerns.
I have done some recognitions and I have concluded that the minimal configuration for working site on Apache 2.4 should be as shown below, assuming that document root is "/var/www/html/magento":
Rationale:
To test above configuration, we can run Magento virtual host site (without installation steps performed), and try to access (simulating web browser) each Magento filesystem directory which contains .htaccess file using the following command (assuming that virtual host in configured for magento.sgnsajgon.pl domain):
find -name .htaccess -printf 'http://magento.sgnsajgon.pl%h/\n' | sed -e 's|\./|/|' | xargs curl -vIL --stderr - | grep "500\|403" -B 10
We can see that there is no page causing 403 (Forbidden) error, and only 2 pages cause 500 (Internal Error) error, but due to PHP exceptions, not Apache configuration issues.
It is minimal configuration for Apache 2.4. Configuration for Apache 2.2 is likely the same or very similar, but I have no tested it with version 2.2.
I have several additional proposals of improvements for this page:
In section "Enable rewrites and .htaccess for Apache 2.4" there is an advise:
For clarify it should be explained what cases are meant here.
In section "Enable rewrites and .htaccess for Apache 2.2" there is an advise:
For clarify it should be explained what cases are meant here.
in sections "Solving 403 Forbidden errors for Apache 2.4" and "Solving 403 Forbidden errors for Apache 2.2" there are advices:
For clarify it should be explained what cases are meant here.
In configuration examples on page there is presented Options directive:
Options Indexes FollowSymLinks MultiViews
Is it necessary? I have found that several .htaccess configurations enable or disable these options explicitly for directory if needed ( thus "AllowOverride Options=FollowSymLinks,Indexes,MultiViews" directive is required, as I describe above), so I guess that it is not required to enable them for entire site. In fact, it may cause security issues, i.e. if Indexes option in set for entire site and we forget to apply DiretoryIndex directive in any .htaccess file - it would cause directory content leak.
The text was updated successfully, but these errors were encountered: