Separating source code from web root with PHP and NetBeans

Posted by on December 19, 2011 Leave a comment (0) Go to comments

I recently tidied my server filesystem and ended up making webroot a little more secure by keeping all of my source out of there, and having nothing that I edit directly in place.

Mainly this was done to avoid duplication of backups. Okay, so you can never have enough backups, but I previously kept all of my development code in ~/Development which was being backed up as well as all being under version control with Assembla. It also meant I had a load of symlinks in webroot pointing at various trunks and branches and I’d never really liked the idea of that.

The solution I’ve currently gone with is maybe a bit more than is required given I’m a sole developer on my home machine, but right now it’s working nicely for me. That said, the old approach worked nicely for a few months too, so I don’t expect this will be the best, or most final, solution I try. Anyway…

All source code is now in /usr/local/source, organised by projects. Each project is owned by root, chgrp for ‘developers’, and ‘chmod g+s’ to ensure that all files remain accessible to the developers group. And each project may contain sub-projects, with everything being under version control with either svn (client projects) or git (personal projects). Eg:

cd /usr/local/source
svn checkout https://subversion.assembla.com/svn/sandbox/
sudo chown root:developers -R sandbox
sudo chmod g+s sandbox
sudo chmod 660 sandbox
cd sandbox
find . -type d -print0 | xargs -0 sudo chmod 770
find . -type f -print0 | xargs -0 sudo chmod 660
sudo chmod -a -G developers mark #requires logout

I create NetBeans projects with the project root at this location, and ‘Copy files form the Sources Folder to another location’ is ticked, and directed to a suitably named folder in webroot.

Once this is created, it is ‘chown root:www-data’, and chmod ‘g+s’ with default permissions allowing the web server can write to logs and write any cache files that are used. And I’m added as a member of www-data group.

cd /var/www
sudo chown root:www-data -R sandbox
sudo chmod g+s sandbox
sudo usermod -a -G www-data mark #requires logout

After this, I create a new virtual host to the project in /etc/apache2/sites-available, an entry to /etc/hosts, a number of aliases so I can easily access various points of the project from the terminal, and usually add a bookmark to the Bookmarks Toolbar in Firefox for easy access.

cd /etc/apache2/sites-available
sudo cp default sandbox
sudo vi sandbox
#Edit to look like
        DocumentRoot /var/www/sandbox
        
                Options FollowSymLinks
                AllowOverride  All
        
        
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        
:wq
sudo a2ensite sandbox
sudo service apache2 restart

cd /etc
sudo vi hosts
#Edit to add
127.0.0.1       sandbox
:wq

cd 
vi .bash_aliases
#Edit to add
alias sand="cd /var/www/sandbox"
alias sands="cd /usr/local/src/sandbox"
alias sandl="tail100 -n 100 -f /var/www/sandbox/logs/sandbox.log"
:wq
. .bash_aliases

It seems complicated now I look at it again, and I’m happy to accept it might not be the best way. But it avoids a large amount of duplication in backups, still allows me to use xdebug in NetBeans, allows me to easily view logs and drop into the project webroot or source in a terminal if I need to. And as I prefer to use svn and git in CLI and not in NetBeans, this can be helpful.

And it feels like a step in the right direction, so I’ll go with it for now.

Linux,

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>