ArchLinux 2016.06.01: public_html with Apache userdir module

This article will describe installing apache and userdir module, and running web server for each user.


1 Install apache

Install apache with pacman.

$ sudo pacman -S --noconfirm apache
$ sudo systemctl enable httpd
$ sudo systemctl restart httpd

2 Home directory permission 701/710

If you do not change permission from 700 to 701, 403 Forbidden error will be occurred.

This is because httpd does not have exec permission and cannot open public_html.

$ chmod 701 ~

You can also change group of home directory to http and change permission to 710.

$ sudo chown hiroom2:http ~
$ chmod 710 ~

If you hide directories and files under home directory, you need create 700 permission directory and put all into there.

3 public_html

Create public_html.

$ mkdir ~/public_html

Now accessing to below URL returns below HTML. If you need to provide file downloader, you only put your file to public_html directory.



A index.html will be loaded by DirectoryIndex when accessing to URL.


4 Digest authentication

Load auth_digest_module in httpd.conf.

$ diff -uprN /etc/httpd/conf/httpd.conf{.org,}
--- /etc/httpd/conf/      2016-06-04 20:49:46.046666665 +0000
+++ /etc/httpd/conf/httpd.conf  2016-06-04 20:49:50.329999997 +0000
@@ -81,7 +81,7 @@ LoadModule authz_core_module modules/mod
 LoadModule access_compat_module modules/
 LoadModule auth_basic_module modules/
 #LoadModule auth_form_module modules/
-#LoadModule auth_digest_module modules/
+LoadModule auth_digest_module modules/
 #LoadModule allowmethods_module modules/
 #LoadModule file_cache_module modules/
 #LoadModule cache_module modules/

Restart httpd.

$ sudo systemctl restart httpd

Create public_html/.htaccess as below. "hiroom2" is a realm for digest authentication.

AuthType Digest
AuthName "hiroom2"
AuthUserFile /home/hiroom2/.htdigest
require valid-user

Add user to accessing to realm "hiroom2" with htdigest.

$ htdigest -c ~/.htdigest "hiroom2" hiroom2
Adding password for hiroom2 in realm hiroom2.
New password:
Re-type new password:

Username and password is required when accessing to URL.



A userdir module does not allow ExecCGI by default.

It may be better to use container like LXC for ExecCGI.


Load mod_cgi in httpd.conf.

$ diff -uprN /etc/httpd/conf/httpd.conf{.org,}
--- /etc/httpd/conf/      2016-06-04 21:11:04.709999998 +0000
+++ /etc/httpd/conf/httpd.conf  2016-06-04 21:17:42.176666667 +0000
@@ -152,8 +152,8 @@ LoadModule lbmethod_byrequests_module mo
 LoadModule lbmethod_bytraffic_module modules/
 LoadModule lbmethod_bybusyness_module modules/
 LoadModule lbmethod_heartbeat_module modules/
-LoadModule mpm_event_module modules/
-#LoadModule mpm_prefork_module modules/
+#LoadModule mpm_event_module modules/
+LoadModule mpm_prefork_module modules/
 #LoadModule mpm_worker_module modules/
 LoadModule unixd_module modules/
 #LoadModule heartbeat_module modules/
@@ -168,7 +168,7 @@ LoadModule autoindex_module modules/mod_
        #LoadModule cgid_module modules/
 <IfModule mpm_prefork_module>
-       #LoadModule cgi_module modules/
+       LoadModule cgi_module modules/
 #LoadModule dav_fs_module modules/
 #LoadModule dav_lock_module modules/

Add index.cgi to DirectoryIndex in httpd.conf.

$ diff -uprN /etc/httpd/conf/httpd.conf{.org,}
--- /etc/httpd/conf/      2016-06-04 21:19:30.453333336 +0000
+++ /etc/httpd/conf/httpd.conf  2016-06-04 21:19:34.489999999 +0000
@@ -280,7 +280,7 @@ DocumentRoot "/srv/http"
 # is requested.
 <IfModule dir_module>
-    DirectoryIndex index.html
+    DirectoryIndex index.html index.cgi


Add ExecCGI to Options in httpd-userdir.conf.

$ diff -uprN /etc/httpd/conf/extra/httpd-userdir.conf{.org,}
--- /etc/httpd/conf/extra/        2016-06-04 20:57:13.936666661 +0000
+++ /etc/httpd/conf/extra/httpd-userdir.conf    2016-06-04 20:57:29.709999999 +0000
@@ -15,7 +15,7 @@ UserDir public_html
 <Directory "/home/*/public_html">
     AllowOverride FileInfo AuthConfig Limit Indexes
-    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    Options ExecCGI MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
     Require method GET POST OPTIONS

Restart httpd.

$ sudo systemctl restart httpd

Create public_html/.htaccess as below.

AddHandler cgi-script .cgi

This article created public_html/index.cgi as below.

$ cat <<EOF > ~/public_html/index.cgi

echo "Content-type: text/html"
echo ""
echo "hello"
$ chmod a+x ~/public_html/index.cgi

Accessing to URL returned HTML generated by index.cgi.