Problem Description
I have installed a Humo-Gen genealogy LAMP webserver, which uses php and mysql/mariadb.
I installed mariadb, php-pdo, and php-gd2 and unzipped the installation zipfile to /var/www/htmll/humogen then ran the setup from a browser. Everything works fine. I uploaded a GEDCOM file with around 9,000 people and the Olimex HK-Pioneer is handling the server load just fine.
Now that everything’s working, I would like to secure the webserver.
The Humo-Gen manual suggests moving a file “db_login.php” which contains
mysql credentials (hostname, user, password, dbname):
define("DATABASE_HOST", 'localhost');
define("DATABASE_USERNAME", 'username');
define("DATABASE_PASSWORD", 'password');
define("DATABASE_NAME", 'dbname');
The manual suggests moving the file outside the webroot and then
replacing it with a new file like:
<?php require_once(''/root/mydomain/db_login.inc.php");?>
Expected Results
After making the change, I should still be able to access the login screen.
Actual results
Just get a blank screen.
I’ve set ownership/permissions to www-data.www-data for the directory and file holding the sql connection credentials.
My best guess is that FreedomBox’s apache2 configuration files don’t allow this.
I’ve taken a look around /etc/apache2/apache.conf and /etc/apache2/conf-available/
but I would appreciate any help on getting this to work.
There’s a lot online about various ways of securing mysql connections in php, but simply putting the credentials in a file outside the webroot is probably the simplest.
Some other methods involve apache loading global php environment variables, then moving them to local memory and basically rewriting the code. I’d prefer to leave the upstream code alone, so I can keep the genealogy program upgraded easily.