-- Leo's gemini proxy

-- Connecting to warmedal.se:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini; lang=en

Configuring the Apache Web Server for a Tilde


Most readers in geminispace will already be familiar with the term "tilde" as synonymous with a shared/multi-user unix environment. I've recently reconfigured my personal server to be more like these traditional systems, because it's a configuration that works well for me. In doing so I went from using nginx to using apache, because it seemed the better choice for the job. Nginx is better optimized for high load and easier to configure as a proxy for application servers, but apache has a lot of advantages for a shared environment:


Very easy to configure for user directory serving.

Handles CGI gracefully, including setting uuid and guid to the script owner.

While recursive searching for .htaccess files is suboptimal for high load, it allows users to set their own access rules in their directories.


You'll need to enable the suexec and userdir mods for apache, but after that the configuration is quite straight forward. Here's what mine looks like for the vhost in question:

<VirtualHost *:80>
        ServerName warmedal.se
        ServerAlias www.warmedal.se
        Redirect permanent / https://warmedal.se/
</VirtualHost>
<VirtualHost *:443>
        ServerName warmedal.se
        ServerAlias www.warmedal.se

        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/warmedal.se/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/warmedal.se/privkey.pem

        # I have several vhosts all using the same folder for letsencrypt acme challenges
        Alias /.well-known/acme-challenge /home/www-data/acme-challenge/.well-known/acme-challenge

        DocumentRoot /home/www-data/warmedal.se

        # I disallow access to all hidden files and directories
        <Location ~ "\/\..*">
                Deny from All
        </Location>
        <Location ~ "^\/.well-known\/.*">
                Allow from All
        </Location>

        # This part is all it takes to serve files from ~/public_html of any user
        UserDir public_html

        # And this executes all files ending in .cgi instead of serving their contents
        <Directory "/home/*/public_html">
                Options +ExecCGI
                AddHandler cgi-script .cgi
        </Directory>
</VirtualHost>

Please tell me if you see any obvious mistakes here. I'm specifically uncertain about the difference between "Deny from All" and "Require all denied".


-- CC0 ew0k, 2021-01-07

-- Response ended

-- Page fetched on Sat May 4 17:46:55 2024