If I have not misunderstood the official installation instructions, including the specific section on locating directories with information
Adapting to an AlmaLinux server with Plesk to install GLPI on https://subdomain.yourdomain.com
Directory extracted from the installation file:
/var/www/glpi >> /var/www/vhosts/yourdomain.com/subdomain/
Directories moved out of the public folder (I have also tried using /public/ as vhost root)
/etc/glpi >> /var/www/vhosts/yourdomain.com/internal/config
/var/lib/glpi >> /var/www/vhosts/yourdomain.com/internal/files
/var/www/vhosts/yourdomain.com/internal/marketplace
Created file inc/downstream.php
<?php
define('GLPI_CONFIG_DIR', '/var/www/vhosts/yourdomain.com/internal/config');
if (file_exists(GLPI_CONFIG_DIR . '/local_define.php')) {
require_once GLPI_CONFIG_DIR . '/local_define.php';
}
Created file config/local_define.php
<?php
define('GLPI_VAR_DIR', '/var/www/vhosts/yourdomain.com/internal/files');
define('GLPI_LOG_DIR', '/var/www/vhosts/yourdomain.com/logs/subdomain'); // Plesk original log folder
Additional NGINX directives, without Apache proxy mode (I also tried activating and processing .htaccess with the same problems):
location / {
# Todas las solicitudes se redirigen a /public/index.php
rewrite ^ /public/index.php last;
}
location ~ ^/public/index.php$ {
fastcgi_pass unix:/var/run/plesk/plesk-php82-fpm.sock; # Ajustar segĂșn tu entorno
fastcgi_split_path_info ^(.+.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
#some tests
#location ~ ^/(?!public/).* {
# deny all;
#}
location /public {
try_files $uri =404;
}
location ~* .(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|otf|eot|map)$ {
try_files $uri =404;
}
// It is not documented, but I don't think it should be accessible
location = /status.php {
allow 127.0.0.1; # Permitir acceso desde localhost
deny all;
return 404;
}
Other additional information that could be interesting:
- PHP-FPM 8.3.14
- AlmaLinux 9.5 (Teal Serval)
- GLPI 10.0.17
open_basedir (PHP):
{WEBSPACEROOT}{/}{:}{TMP}{/}:/var/www/vhosts/yourdomain.com/subdomain/public:/var/www/vhosts/yourdomain.com/subdomain:/var/www/vhosts/yourdomain.com/internal/config:/var/www/vhosts/yourdomain.com/internal/files:/var/www/vhosts/yourdomain.com/internal/install
Still showing the error on the home screen about folder security…
Web server root directory configuration is not safe as it permits
access to non-public files. See installation documentation for more
details.
What should be the correct configuration in this scenario?
NOTE 1: Modifying the function that checks security is not an option… glpi/src/system/Requirment/safedocumentroot.php
NOTE 2: The official documentation refers to incbased_config.php files but the operation of the variables should be the same v10.x, (removed on beta v11.X).
