Hi,
You can also add this in Apache configuration to avoid qgs file access
by Apache :
<FilesMatch "\.(qgs)">
Require all denied
</FilesMatch>
Nicolas
Le 05/10/2017 à 11:01, Andreas Neumann a écrit :
Hi Axel,
You don't need these symbolic links. They are unnecessary.
It is also bad (security wise) to copy or link .qgs file into a
directory that is reachable on the web - be it in a regular web
directory or in a CGI directory.
What I do is:
* .qgs Files reside in a path NOT REACHABLE by a webbrowser. This is
important, as .qgs files contains sensitive information about
datasource you don't want to reveal to the public. An example path
is /home/xyz
* Use Postgis databases as a datasource (preferably use service name
definitions and no hardcoded server/port/db combinations)
* scp the .qgs files to the server (or if it is on the same LAN you
can use SAMBA and a Windows network share)
* Make sure the directory where the .qgs files reside can be read
(not written) by the user that is used by the web-server (on
Ubuntu: www-data)
* Copy SVG files or images needed by a QGIS layout or QGIS symbology
if necessary either to the central svg directory or into the
directory of the project
* In Apache (this has to be done by the sysadmin) I create Apache
rewrite rules to hide the actual path where the .qgs files reside.
There are plugins around for QGIS cloud or Lizmap that ease the
deployment for the user. They take care about copying the .qgs file
and necessary linked resources to the server. You may want to have a
look at these plugins to see what they do.
Hope this helps a bit,
Definitely you don't need any symbolic links.
Andreas
On 2017-10-05 10:03, Axel Schaefer wrote:
Hi.
How do you deploy your QGIS Server projects from your desktop to the
server? Let's collect the possibilities. This should not deal
directly with the installation but the deployment of your projects
between two different machines (QGIS Desktop client-machine and QGIS
Server server-machine).
Background: Out of some talks, I know that there are some
possiblities to get your QGIS qgs-files to the server and to let for
example Apache do some work to facilitate an easy way. People are
doing that in different ways, and I would like to know how. And it
seems like all the ways provide a good mechanism to distinguish
between the GIS-expert doing the work on the QGIS project and the
sysadmin.
First way, the easy way:
What I'm presenting right now is Level 1 and follows the way Anita
Graser has described in her blog for Ubuntu:
https://anitagraser.com/2012/03/30/qgis-server-on-ubuntu-step-by-step/
in Chapter "Adding a QGIS project file".
After the installation I have the directory "/usr/lib/cgi-bin" with
the 2 files qgis_mapserv.fcgi and wms_metadata.xml. For every new
project (in this example called "bonn") I do the following steps.
1.) Create a directory in /usr/lib/cgi-bin called "bonn":
/usr/lib/cgi-bin/bonn.
2.) Make two symbolic links: First to the "qgis_mapserv.fcgi" file
and second to the "wms_metadata.xml" file.
$ /usr/lib/cgi-bin/bonn % sudo ln -s ../qgis_mapserv.fcgi
$ /usr/lib/cgi-bin/bonn % sudo ln -s ../wms_metadata.xml
$ /usr/lib/cgi-bin/bonn % ls
qgis_mapserv.fcgi wms_metadata.xml
$ /usr/lib/cgi-bin/bonn %
3.) I create a third symbolic link to the QGIS-Project-file. But that
resides in my home-directory.
$ /usr/lib/cgi-bin/bonn % sudo ln -s ~/qgisserver/bonn/bonn.qgs
$ /usr/lib/cgi-bin/bonn % ls -l
lrwxrwxrwx 1 root root 40 Sep 27 09:43 bonn.qgs ->
/home/aschaefer/qgisserver/bonn/bonn.qgs
lrwxrwxrwx 1 root root 20 Sep 27 09:38 qgis_mapserv.fcgi ->
../qgis_mapserv.fcgi
lrwxrwxrwx 1 root root 19 Sep 27 09:38 wms_metadata.xml ->
../wms_metadata.xml
$ /usr/lib/cgi-bin/bonn %
The interesting part is the last one. I can handle my qgis-files in
my own home directory. All I have to do is to call the admin to a)
create the directory, b) create the two symbolic links to the upper
directory content and c) create the symbolic link to my project in my
home. If I chnage the qgs file, the content of the service has changed.
How do I update the content of the qgs-file? In this case via scp or
some similar technique. I have to copy the file to the server. I do
it in the beginning, call my admin to do his 3 steps and after that I
can update my file.
URL to access the WMS:
http://localhost/cgi-bin/bonn/qgis_mapserv.fcgi?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetCapabilities
Basic condition: I use a central database for my geodata and don't
hassle with local files.
Advantage: Quick and easy and clearly to arrange. Work of GIS-expert
can be done without work of admin.
Disadvantage: Still communication and work to do. Might be sufficient
for small departments with good communication between GIS guy and
admin guy. The URL goes directly to the qgis_mapserv.fcgi file.
So, how do you do it? Do you use rewrites to hide the unneccessary
stuff from the URL and to make it look nicer? Do you use automatisms?
Best regards
Axel
--
Axel Schaefer
WhereGroup GmbH & Co. KG
Eifelstraße 7
53119 Bonn
Germany
Fon: +49 (0)228 / 90 90 38 - 23
Fax: +49 (0)228 / 90 90 38 - 11
axel.schae...@wheregroup.com <mailto:axel.schae...@wheregroup.com>
www.wheregroup.com <http://www.wheregroup.com> | www.mapbender.org
<http://www.mapbender.org> | www.meldemax.com <http://www.meldemax.com>
Amtsgericht Bonn, HRA 6788
-------------------------------
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
-------------------------------
_______________________________________________
Qgis-user mailing list
Qgis-user@lists.osgeo.org <mailto:Qgis-user@lists.osgeo.org>
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
_______________________________________________
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
_______________________________________________
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
