Apache webspace structure
Disclaimer: the article is applicable to the Standard Linux Shared Hosting, not to Linux Shared Hosting NG. Refer to the article https://kb.cloudblue.com/en/114326 for information about Linux Shared Hosting NG in POA.
The main points to keep in mind in regard to customers' webspaces on POA-managed Linux Shared Hosting server.
1. All webspaces are located in the single root folder which is /usr/local/pem/vhosts on most installations. The actual webspaces root folder may be found in POA Provider Control Panel in properties of a particular Linux Shared Hosting server:
- Open properties of a server in POA PCP (hardware node or VPS)
- Switch to the Applications tab
- Click on the Apache application
- Switch to the Configuration tab
- See the value of the 'Webspaces root' parameter
2. A particular customer's webspace is located in the /usr/local/pem/vhosts/WEBSPACE_ID folder, where WEBSPACE_ID is the ID of a webspace which may be found in POA Provider Control Panel in the list of websites at Service Director > Shared Hosting Manager > Websites. Webspace ID also may be found in Customer CP on the Websites tab:
3. Apache webspace is represented by the 'Physical hosting (Apache)' resource in a customer subscription. It is enough to have one unit of the resource in a subscription.
4. Many websites may be hosted in a single webspace, in different folders (locations).
5. Data of customers' websites are located in webspace in folders like /usr/local/pem/vhosts/WEBSPACE_ID/webspace/httpdocs/LOCATION/ (accessible by HTTP protocol) or /usr/local/pem/vhosts/WEBSPACE_ID/webspace/httpsdocs/LOCATION/ (accessible by HTTPS protocol), where LOCATION is the name of sub-folder which customer entered during website creating. Website location may be found in POA Customer CP in the 'Hosting Services' section in a website properties:
It is natural to use the name of website's domain as the website location, in this case it will be easy to find all data of a particular website.
6. Apache logs are being stored per webspace in the /usr/local/pem/vhosts/WEBSPACE_ID/log folder, not per every single website hosted in a webspace. There are three separate Apache logs in every webspace:
- access_log - log of HTTP requests
- ssl_access_log - log of HTTPS requests
- error_log - log of errors
7. POA creates separate Apache configuration file for every webspace, it is located in the /usr/local/pem/vhosts/WEBSPACE_ID/webspace/conf/ folder, the name of file is vhost.conf. Apache reads configuration files of all webspaces during startup (through the /usr/local/pem/etc/apache/httpd.conf_pem.vhosts configuration file, refer to the article Apache service configuration for more details).
All customer's websites hosted within webspace are configured as virtual hosts in the vhost.conf file.
8. POA creates system Linux user for every single webspace, the name of an user is generated automatically as 'xWEBSPACE_ID', where 'x' is a character and WEBSPACE_ID is the ID of a webspace, e.g. t100101. This user is configured as owner of part of webspace data. See the table below for more information about system user.
9. POA configures disk quotas for every system user created for a webspace which limit size of data a customer may upload into their webspace. The quota is defined by the corresponding activation parameters in the 'Physical hosting (Apache)' resource type included in customer's subscription (the parameters may be redefined in a Service Template a particular subscription is based on). There are two types of parameters defining disk quota:
Disk space quota parameters:
- Web disk space usage soft limit, (KB)
- Web disk space usage hard limit, (KB)
Disk inodes quota parameters (limit on number of files which may be created in a webspace):
- Web inodes usage soft limit
- Web inodes usage hard limit
Quite often problems with Linux Shared web hosting are caused by improper ownership and/or permissions on files/folders in customers' webspaces, e.g. due to manual changes on POA-managed server which must not happen. For example, Apache may be not able to read configuration file vhost.conf in a webspace or cannot get access to particular file/folder in a webspace.
Refer to the tables below which describe an Apache webspace structure along with the default ownership and permissions for them, this information may help to restore broken webspace.
All paths in the table are relative to a particular webspace root folder /usr/local/pem/vhosts/WEBSPACE_ID, e.g. /usr/local/pem/vhosts/100101.
Apache Webspace Directory Structure
The folder contains current and rotated log files for all websites hosted in the webspace:
Log files are hidden from everyone except the pemsrv group which includes special user created by the Log File Access service to allow customer to download log files of own websites in POA Customer CP.
|tmp/||apache:apache||rwxr-x---||The folder contains temporary files like PHP sessions and so on. The folder is writable for apache user since mod_php uses it to execute PHP scripts.|
|webspace/||root:root||rwxr-xr-x||The main folder where customer's data are stored.|
|webspace/certs/||root:root||rwxr-x---||Directory contains SSL certificates that customer installed for their websites on exclusive IP in POA Customer CP.|
|webspace/certs/httpsd.pem||root:root||rw-------||Certificates are private information; Apache main process reads them during startup.|
|webspace/cgi-bin/||<user>:pemsrv||rwxr-x---||Directory for customer’s CGI scripts, customers may put own scripts here. The folder is readable for Apache server user apache.|
Scripts should be readable and executable at least for owner (i.e. have r*x****** permissions). Ownership is important, if it is other than specified mod_suexec will refuse to execute such script.
CGI scripts are executed with webspace/cgi-bin/ working directory. UID/GID are set to <user>:pemcln.
|webspace/conf||root:root||rwxr-xr-x||Directory for webspace-specific Apache configuration files, e.g. vhost.conf. It is writable only for root.|
|webspace/conf/vhost.conf||root:root||r--------||Configuration file vhost.conf is readable only by root. Apache reads it on startup.|
|webspace/error_docs/||root:pemsrv||rwxr-xr-x||Error documents are readable only by Apache and by webspace owner. Webspace owner can replace them.|
|webspace/error_docs/<HTTP error code>.html||<user>:pemsrv||rw-r-----||Error documents are readable only by Apache and by webspace owner. Webspace owner can replace them.|
Document root of all customer websites accessible by HTTP protocol, websites are being put into corresponding sub-folders which customer entered as Location in POA Customer CP when creating website.
The folder is readable by Apache to process requests and by webspace owner to upload data. Webspace owner can modify content of this directory. Those files should be world-readable to be accessible by Apache.
|webspace/httpsdocs/||<user>:pemsrv||rwxr-x---||Document root for web sites accessible by HTTPS protocol. Other than that, it is just as the httpdocs/ folder described above.|
|webspace/pd/||root:pemsrv||rwxr-x---||Folder for authorization files for protected directories, no one but root can read that files.|
|webspace/pd/<dir_id>||root:root||r--------||Authorization files for a particular protected directory, no one but root can read that files.|
|webspace/webstat/||root:pemsrv||rwxr-x---||Web statistics generated by Webalizer. Directory is readable for Apache system group to be accessible via HTTP.|
|webspace/webstatssl/||root:pemsrv||rwxr-x---||Web statistics accessible by HTTPS protocol.|
|webspace/siteapps/||<user>:pemsrv||--x--x---||Folder containing all applications distributed with POA. Customers are not allowed to modify them manually; they can only view and install/uninstall these applications via CCP.|
|webspace/siteapps/<application name>||root:root||--x--x--x||Folder containing a particular APS application installed by a customer via POA CCP.|
|webspace/webapps/||<user>:pemsrv||--x--x---||Folder containing so called legacy applications - third-party web applications inherited from old POA versions. Since POA 2.6.5 such applications are still supported, however they are not further maintained by POA. Customers are not allowed to modify the content of the directory manually; they can only view and install/uninstall these applications via CCP. Note: If support of legacy applications is disabled by POA Provider, this directory is not used.|
|webspace/webapps/<application name>/||root:root||--x--x--x||Folder containing a particular legacy web application.|
|User||Description||Role in Webspace|
|root||System administrator.||Owner of basic webspace directory structure and other private data created by POA and not intended for modification by a customer.|
|apache||The user HTTP server is run under.||PHP scripts are run under this user, so files/directories intended to be modified with PHP script should be writable for this user.|
|<user>||System user created for every single webspace.||
User name is auto-generated by POA as 'xWEBSPACE_ID' where 'x' is character and WEBSPACE_ID is ID of a customer webspace, e.g. t100101.
This user is owner of customer’s data which they can modify (via FTP, File Manager, custom scripts). Customer’s CGI scripts are also executed with privileges of this system user.
|Group||Description||Role in Webspace|
|root||System administrator’s group.||Owner of basic webspace directory structure and other private data created by POA and not intended for modification by a customer.|
|pemsrv||The group HTTP server belongs to (shortcut for ‘POA servers’: HTTP, FTP).||This group is used for files and directories accessible by HTTP server.|
|pemcln||The group POA Customers belong to (shortcut for ‘POA clients’).||Used to execute CGI scripts with Apache mod_suexec.|
See the main Knowledgebase article #115790 Website Hosting: General information, Best Practices and Troubleshooting for more information.