WebHosting Linux NG webspace structure
Disclaimer: the article is applicable to WebHosting Linux NG, not to Standard Linux Shared Hosting. Refer to the article https://kb.cloudblue.com/en/115792 for information about Linux Standard Linux Shared Hosting.
WebHosting Linux NG infrastructure could be deployed in two ways: as Standalone Web Servers or as Web Cluster NG. It is possible to use Standalone Web Servers and Web Cluster NG simultaneously. For more details, please refer to WebHosting Linux Guide
The main points to keep in mind in regard to Customers webspaces on OA-managed WebHosting Linux NG servers (HEWSLs).
All webspaces are located under the single virtual hosts root directory which is
/var/www/vhosts/<mount_point_id>.A particular Customer's webspace is located in the
/var/www/vhosts/mount_point_id/webspace_iddirectory, where WEBSPACE_ID is the ID of a webspace which may be found underProvider Control Panel > Services > Web Hosting > Webspaces. Webspace ID also may be found in Customer CP on the Websites tab:Apache webspace is represented by the
Apache Web Hostingresource in a Customer subscription. It is enough to have one unit of the resource in a subscription.Many websites may be hosted in a single webspace, in different directories (locations).
Data of Customer's websites are located in webspace in directories like
/var/www/vhosts/mount_point_id/webspace_id/httpdocs/LOCATION/(accessible by HTTP protocol) or (accessible by HTTPS protocol), where LOCATION is the name of sub-folder which Customer entered during website creating. Website location may be found underCustomer CP > Websites > Hosting Servicessection in a website properties:It is natural to use the name of website's domain as the website location, in this case it will be easy to find all data of a particular website.
Apache logs are being stored per webspace in the
/var/www/vhosts/mount_point_id/webspace_id/logdirectory, not per every single website hosted in a webspace. There are three separate Apache logs in every webspace:- access_log - log of HTTP requests
- ssl_access_log - log of HTTPS requests
- error_log - log of errors
Unlike of Legacy Linux Shared Hosting, Odin Automation stores information about Apache virtual hosts in
redisdatabase located at/var/lib/redis/dump.rdbon Web Server host.Odin Automation creates system Linux user for every single webspace, the name of an user is generated automatically as
xWEBSPACE_ID, wherexis a character andWEBSPACE_IDis the ID of a webspace, e.g.n100555. This user is configured as owner of part of webspace data. See the table below for more information about system user. Information about webspace users stored in redis data base. For example:[root@web1 ~]# redis-cli -s /var/lib/redis/redis.sock get "user-by-id:100555" | redis-decode-obj --type user_info_t m_user_id: 100555 m_group_id: 10003 m_login: "n100555" m_passwd: "*" m_gecos: "POA Webspace Owner" m_homedir: "/var/www/vhosts/1/100555" m_shell: "/sbin/nologin" m_last_change: 1556874084 m_min_ndays: 0 m_max_ndays: 99999 m_warn_ndays: 0 m_inact_ndays: 0 m_expire_ndays: -1 m_flags: 0 m_cpu_lim: 0 m_mem_lim: 0 m_nproc_lim: 0 m_lve_cpu_lim: 100 m_lve_nproc_lim: 20 m_io_lim: 102400
Quite often problems with WebHosting Linux NG are caused by improper ownership and/or permissions on files/directories in Customer's webspaces, e.g. due to manual changes on OA-managed server which must not happen. For example, web user is not able get an access to particular file/directory in a webspace.
Refer to the tables below which describe an WebHosting Linux NG webspace structure along with the default ownership and permissions for them, this information may help to restore broken webspace.
All paths in the table are relative to a particular webspace root directory /var/www/vhosts/mount_point_id/webspace_id, e.g. /var/www/vhosts/1/100555.
WebHosting Linux NG Webspace Directory Structure
| Path | Ownership | Mode | Description |
| log/ | root:pemsrv | rwxr-x--- | The directory contains current and rotated log files for all websites hosted in the webspace: * access\_log * ssl\_access\_log * error\_log Log files are hidden from everyone except the `pemsrv` group which includes special user created by the Log File Access service to allow Customer to download log files of own websites in Customer Panel. |
| tmp/ | apache:apache | rwxr-x--- | The directory contains temporary files like PHP sessions and so on. The directory is writable for apache user since `mod_php` can use it to execute PHP scripts. |
| webspace/ | root:root | rwxr-xr-x | The main directory where Customer's data is stored. |
| webspace/certs/ | root:root | rwxr-x--- | Directory contains SSL certificates that Customer installed for their websites from Customer CP. |
| webspace/certs/httpsd.pem | root:root | rw-r--r-- | Website certificate file |
| webspace/certs/httpsd.pemca | root:root | rw-r--r-- | Website CA certificate file |
| webspace/cgi-bin/ | <user>:pemsrv | rwxr-x--- | Directory for Customer’s CGI scripts, Customers may put own scripts here. The directory is readable for Apache server user apache (via `pemsrv` group) |
| webspace/cgi-bin/test.cgi | <user>:pemcln | rwxr-xr-x | Scripts should be readable and executable at least for owner (i.e. have `rx` permissions). Ownership is important, if it is other than specified `mod_suexec` will refuse to execute such script. CGI scripts are executed with webspace/cgi-bin/ working directory. UID/GID are set to <user>:pemcln. |
| webspace/conf | root:root | rwxr-xr-x | Directory for webspace-specific Apache configuration files, e.g. `webalizer.conf`. It is writable only for root. |
| webspace/conf/webalizer.conf | root:pemgroup | rwxr-xr-x | Webalizer web statistic engine configuration file. |
| webspace/error_docs/ | root:pemsrv | rwxr-xr-x | Error documents are readable only by Apache and by webspace owner. Webspace owner can replace them. |
| webspace/error_docs/<HTTP error code>.html | <user>:pemsrv | rw-r----- | Error documents are readable only by Apache and by webspace owner. Webspace owner can replace them. |
| webspace/httpdocs/ | <user>:pemsrv | rwxr-x--- | Document root of all Customer websites accessible by HTTP protocol, websites are being put into corresponding sub-directiries which Customer entered as `Location` in Customer CP when creating website. The directory is readable by Apache to process requests and by webspace owner to upload data. Webspace owner can modify content of this directory. Those files should be world-readable to be accessible by Apache. |
| webspace/httpsdocs/ | <user>:pemsrv | rwxr-x--- | Document root for web sites accessible by HTTPS protocol. Other than that, it is just as the httpdocs/ folder described above. |
| webspace/pd/ | root:pemsrv | rwxr-x--- | Directory for authorization files for protected directories |
| webspace/pd/<dir_id> | root:root | r-------- | Authorization files for a particular protected directory, no one but root can read that files. |
| webspace/webstat/ | root:pemsrv | rwxr-x--- | Web statistics generated by Webalizer. Directory is readable for Apache system group to be accessible via HTTP. |
| webspace/webstatssl/ | root:pemsrv | rwxr-x--- | Web statistics accessible by HTTPS protocol. |
| webspace/siteapps/ | <user>:pemsrv | r-x--x--- | Directory contains all site applications distributed with Odin Automation, e.g. WordPress, Joomla and etc. Customers are not allowed to modify them manually; they can only view and install/uninstall these applications via Customer Panel. |
| webspace/siteapps/<application name> | n100555:pemcln | rwxr-xr-x | Directory containing a particular APS application installed by a Customer via Customer Panel. |
| webspace/webapps/ | <user>:pemsrv | --x--x--- | Directory containing so called legacy applications - third-party web applications inherited from old Odin Automation versions. Since OA 2.6.5 such applications are still supported, however they are not further maintained by OA. Customers are not allowed to modify the content of the directory manually; they can only view and install/uninstall these applications via Customer Panel. Note: If support of legacy applications is disabled by Odin Automation Provider, this directory is not used. |
| webspace/webapps/<application name>/ | root:root | --x--x--x | Directory containing a particular legacy web application. |
System users
| User | Description | Role in Webspace |
| root | System Administrator. | Owner of basic webspace directory structure and other private data created by Odin Automation and not intended for modification by a Customer. |
| apache | The user HTTP server is run under. | PHP scripts are run under this user, so files/directories intended to be modified with PHP script should be writable for this user. |
| <user> | System user created for every single webspace. | User name is auto-generated by OA as `xWEBSPACE_ID` where `x` is character and `WEBSPACE_ID` is ID of a Customer webspace, e.g. `n100555`. This user is owner of Customer’s data which they can modify (via FTP, File Manager, custom scripts). Customer’s CGI scripts are also executed with privileges of this system user. |
System groups
| Group | Description | Role in Webspace |
| root | System administrator’s group. | Owner of basic webspace directory structure and other private data created by OA and not intended for modification by a customer. |
| pemsrv | The group HTTP server belongs to (shortcut for OA servers: HTTP, FTP). | This group is used for files and directories accessible by HTTP server. |
| pemcln | The group OA Customers belong to (shortcut for POA clients). | Used to execute CGI scripts with Apache `suexec_module` or `sucgid_module`. |
See the main Knowledgebase article #114326 Linux Shared Hosting NG: General Information, Best Practices and Troubleshooting for more information.