Where to place my local website starting with the 2.4.7 version of apache2?

Question

I recently installed Ubuntu 14.04, then I installed lamp-server and placed my webpages in /var/www directory, but when I opened localhost in the browser there was nothing. I think that happened because Zend updated Apache.

Whatever the reason may be, I want to know where to keep my php files so that I can access them from my browser.

Although not an answer to the OP's question, the following answer may help some visitors who stumble onto this question while trying to fix a related problem: http://askubuntu.com/a/525120/1183 — augustin, Sep 17 '14 at 10:46

score 79 · Accepted Answer · edited Nov 05 '18 at 14:08

79

The apache2 version that was published when the Ubuntu 14.04 release was made is 2.4.7 and starting with this version it seems that, for security reasons, the new root directory for the server is:

/var/www/html

So, from now on, this is where you must place the files for your (local) website. You should not have this problem again with the future updates.

Anyway, if you want to change this directory with another one, you have to modify (as root) the following line from /etc/apache2/sites-available/000-default.conf file (sudo nano /etc/apache2/sites-available/000-default.conf):

DocumentRoot /var/www/html

to

DocumentRoot /path/to/another/directory

After this, for the new changes to take effect, you have to restart the apache server using the following command:

sudo service apache2 restart

edited Nov 05 '18 at 14:08

abu_bua

10,783

answered Apr 17 '14 at 09:35

Radu Rădeanu

169,590

10

Interesting, I tried searching for the reasoning behind this move. If anyone is interested I found this bug report in Debian which explains it. – Dan Apr 17 '14 at 09:53
6

I'm getting forbidden error after this change. – Darshana Sep 13 '14 at 08:17
1

@Darshana Default configuration in apache2.4 doesn't allow apache to access anything outside /var/www/html. Putting your site anywhere other than in that directory (or its sub-directories), will give you a 403 error. You need to add a <Directory /path/to/your/site> directive to your VHost configs with a require directive in it. – Dan Jun 22 '15 at 09:21
This didn't work for me. – user124384 Jul 02 '15 at 15:19
Same here.. Its now gives me Error 403 forbidden! How should I solve it(In simpler, noober way PLEASE) – abhishah901 Oct 12 '15 at 17:20
But why is in apache2.conf only the directive <Directory /var/www/> instead of <Directory /var/www/html>? – John Goofy Nov 30 '18 at 16:04

Dan · Answer 2 · 2018-11-05T15:59:45.713

Instead of modifying /etc/apache2/sites-available/000-default.conf back to the old version, I prefer keeping default package files unmodified.

A reason for this is that so it wouldn't break during the next upgrade again which might reset the 000-default.conf file.
Besides, such modifications are not done just to annoy us, the modification was done for a good reason, as this bug report in Debian explains.

Our webservers [sic] set the default document root to /var/www, whereas site-local administrators tend to use /var/www/example.com. This has security implications if visitors access the default document root, bypassing the /supposed/ document root of example.com. That's problematic if sensitive data is placeѕ outside the supposed document root (e.g. consider a hypothetical /var/www/example-com-db.conf configuration file).

A better solution would be to move the sites files from /var/www to /var/www/html/.

# 1. move all files excluding the `html` directory
sudo mv /var/www/[!html]* /var/www/html
# 2. Move the hidden files as well which are skipped in previous command
sudo mv /var/www/.[!.]?* /var/www/html/

Also, another possible solution is to create another Virtual Host and disable the default one with the command sudo a2dissite 000-default

Where to place my local website starting with the 2.4.7 version of apache2?

2 Answers2

Linked

Related