shootify's picture

hi there Jeremy, 

I got quick question.

I want to use the turnkey core to host a application and take advantage of the easy management, however i noticed for example that under the directory /var there is no www, should i safely create it and upload the desired application in there? please advice me. thanks 

Forum: 
Jeremy Davis's picture

Are you planning to use a webserver? If so, assuming you install from Debian apt repos, it should be auto created on install.

Having said that, there is no reason why you can't manually make a /var/www directory yourself. For that matter, any directory you like in /var. E.g. if you wanted to, you could create a /var/MY_APP dir if you wished (it's a little unconventional - but not strictly wrong). The only thing to be aware of if randomly creating dirs in /var is the risk of namespace clash with some existing or future installed application. Generally apt installed applications will use /var/lib/APPLICATION_NAME/ to store app data, so using /var/www is a safe bet - because it's a defined shared location, even if you install something later that wants to write files there, it shouldn't overwrite your existing files. As I mentioned above, whilst unconventional, /var/APP_NAME would be another safe bet.

To avoid all of that, another option often used by third party software (often distro agnostic stuff) is to just use /opt (e.g. /opt/APP_NAME). I don't like it that much, but there's nothing fundamentally wrong with it - and you can guarantee nothing from default Debian will touch it. Another common location for putting non package managed data is in /usr/local (generally /usr is reserved for system use, /usr/local is the exception). E.g. we put custom scripts that we distribute with appliances (when not packaged) in /usr/local/bin.

FWIW there is a defined FHS (Filesystem Hierarchy Standard) but like most standards, it's interpreted slightly differently and has drifted over time (e.g. /var/run is a legacy dir, which has been replaced by /run - usually /var/run is just a symlink to /run these days, /bin and /sbin are usually just symlinks to /usr/bin & /usr/sbin these days and so on). The Linux Foundation maintain one FHS" - although it's important to note that Debian aren't committed to strictly adhering to that particular one. You can read the Debian specific FHS policy and default filesystem layout for Bullseye (the basis of v17.x) online. A similar Bookworm document (the basis of the upcoming v18.0) is also available. Regardless of Debian not strictly abiding by the FHS, it is a good rule of thumb to keep in the back of your mind.

shootify's picture

I put the app on the actuall WWW folder, however i noticed this up uses a port number, ex: https://ip:port# so LE request fail. how to troubleshoot this ? 

thanks in advanced. 

Jeremy Davis's picture

As you've discovered, our Confconsole Let's Encrypt integration requires control of port 80. It is equipped to deal with anything that we provide that might be using port 80 (e.g. Apache, Nginx, LigHTTPd or Tomcat) but obviously that's not the case for whatever you are running.

Does your app run as a service? If so, then it should be pretty easy. If not, then probably the easiest thing would be to create one. If that's the case, please share a bit more info about the process and I'll give you some pointers.

Assuming that you do have a service, then you'll need to edit the dehydrated-wrapper script. You'll find it at /usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper.

Looking at the code, you'll want to add your server to the case statement in lines 285-306. To work out what your process is reporting as, run this command (while it's running and is using port 80):

netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 | sed -e 's|[[:space:]].*$||; s|[^a-zA-Z0-9]||g'

Then use that script. If it's something like python (which is already captured) you'll need to do some other test (e.g. check if service is running) to ensure that it's killing the right app.

Hopefully that's enough to get you going. And apologies my response was a bit slow (I've been pushing out v18.0 Core & TKLDev).

shootify's picture

thanks, ill give tat a try. 

Add new comment