[Qgis-user] Deployment scenarios of QGIS Server projects?

Nicolas Boisteault boisteault at observatoire-environnement.org
Thu Oct 5 02:32:00 PDT 2017 

Hi,

You can also add this in Apache configuration to avoid qgs file access 
by Apache :

<FilesMatch "\.(qgs)">
         Require all denied
</FilesMatch>


Nicolas

Le 05/10/2017 à 11:01, Andreas Neumann a écrit :
>
> Hi Axel,
>
> You don't need these symbolic links. They are unnecessary.
>
> It is also bad (security wise) to copy or link .qgs file into a 
> directory that is reachable on the web - be it in a regular web 
> directory or in a CGI directory.
>
> What I do is:
>
>   * .qgs Files reside in a path NOT REACHABLE by a webbrowser. This is
>     important, as .qgs files contains sensitive information about
>     datasource you don't want to reveal to the public. An example path
>     is /home/xyz
>   * Use Postgis databases as a datasource (preferably use service name
>     definitions and no hardcoded server/port/db combinations)
>   * scp the .qgs files to the server (or if it is on the same LAN you
>     can use SAMBA and a Windows network share)
>   * Make sure the directory where the .qgs files reside can be read
>     (not written) by the user that is used by the web-server (on
>     Ubuntu: www-data)
>   * Copy SVG files or images needed by a QGIS layout or QGIS symbology
>     if necessary either to the central svg directory or into the
>     directory of the project
>   * In Apache (this has to be done by the sysadmin) I create Apache
>     rewrite rules to hide the actual path where the .qgs files reside.
>
> There are plugins around for QGIS cloud or Lizmap that ease the 
> deployment for the user. They take care about copying the .qgs file 
> and necessary linked resources to the server. You may want to have a 
> look at these plugins to see what they do.
>
> Hope this helps a bit,
>
> Definitely you don't need any symbolic links.
>
> Andreas
>
> On 2017-10-05 10:03, Axel Schaefer wrote:
>
>> Hi.
>>
>> How do you deploy your QGIS Server projects from your desktop to the 
>> server? Let's collect the possibilities. This should not deal 
>> directly with the installation but the deployment of your projects 
>> between two different machines (QGIS Desktop client-machine and QGIS 
>> Server server-machine).
>>
>> Background: Out of some talks, I know that there are some 
>> possiblities to get your QGIS qgs-files to the server and to let for 
>> example Apache do some work to facilitate an easy way. People are 
>> doing that in different ways, and I would like to know how. And it 
>> seems like all the ways provide a good mechanism to distinguish 
>> between the GIS-expert doing the work on the QGIS project and the 
>> sysadmin.
>>
>>
>> First way, the easy way:
>>
>> What I'm presenting right now is Level 1 and follows the way Anita 
>> Graser has described in her blog for Ubuntu: 
>> https://anitagraser.com/2012/03/30/qgis-server-on-ubuntu-step-by-step/ 
>> in Chapter "Adding a QGIS project file".
>>
>> After the installation I have the directory "/usr/lib/cgi-bin" with 
>> the 2 files qgis_mapserv.fcgi and wms_metadata.xml. For every new 
>> project (in this example called "bonn") I do the following steps.
>>
>> 1.) Create a directory in /usr/lib/cgi-bin called "bonn": 
>> /usr/lib/cgi-bin/bonn.
>>
>> 2.) Make two symbolic links: First to the "qgis_mapserv.fcgi" file 
>> and second to the "wms_metadata.xml" file.
>>
>>
>>   $ /usr/lib/cgi-bin/bonn % sudo ln -s ../qgis_mapserv.fcgi
>>   $ /usr/lib/cgi-bin/bonn % sudo ln -s ../wms_metadata.xml
>>   $ /usr/lib/cgi-bin/bonn % ls
>>   qgis_mapserv.fcgi  wms_metadata.xml
>>   $ /usr/lib/cgi-bin/bonn %
>>
>> 3.) I create a third symbolic link to the QGIS-Project-file. But that 
>> resides in my home-directory.
>>
>>
>>   $ /usr/lib/cgi-bin/bonn % sudo ln -s ~/qgisserver/bonn/bonn.qgs
>>   $ /usr/lib/cgi-bin/bonn % ls -l
>>   lrwxrwxrwx 1 root root 40 Sep 27 09:43 bonn.qgs -> 
>> /home/aschaefer/qgisserver/bonn/bonn.qgs
>>   lrwxrwxrwx 1 root root 20 Sep 27 09:38 qgis_mapserv.fcgi -> 
>> ../qgis_mapserv.fcgi
>>   lrwxrwxrwx 1 root root 19 Sep 27 09:38 wms_metadata.xml -> 
>> ../wms_metadata.xml
>>   $ /usr/lib/cgi-bin/bonn %
>>
>>
>> The interesting part is the last one. I can handle my qgis-files in 
>> my own home directory. All I have to do is to call the admin to a) 
>> create the directory, b) create the two symbolic links to the upper 
>> directory content and c) create the symbolic link to my project in my 
>> home. If I chnage the qgs file, the content of the service has changed.
>>
>> How do I update the content of the qgs-file? In this case via scp or 
>> some similar technique. I have to copy the file to the server. I do 
>> it in the beginning, call my admin to do his 3 steps and after that I 
>> can update my file.
>>
>> URL to access the WMS: 
>> http://localhost/cgi-bin/bonn/qgis_mapserv.fcgi?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetCapabilities
>>
>>
>> Basic condition: I use a central database for my geodata and don't 
>> hassle with local files.
>>
>> Advantage: Quick and easy and clearly to arrange. Work of GIS-expert 
>> can be done without work of admin.
>>
>> Disadvantage: Still communication and work to do. Might be sufficient 
>> for small departments with good communication between GIS guy and 
>> admin guy. The URL goes directly to the qgis_mapserv.fcgi file.
>>
>> So, how do you do it? Do you use rewrites to hide the unneccessary 
>> stuff from the URL and to make it look nicer? Do you use automatisms?
>>
>> Best regards
>> Axel
>>
>> -- 
>> Axel Schaefer
>> WhereGroup GmbH & Co. KG
>> Eifelstraße 7
>> 53119 Bonn
>> Germany
>>
>> Fon: +49 (0)228 / 90 90 38 - 23
>> Fax: +49 (0)228 / 90 90 38 - 11
>>
>> axel.schaefer at wheregroup.com <mailto:axel.schaefer at wheregroup.com>
>> www.wheregroup.com <http://www.wheregroup.com> | www.mapbender.org 
>> <http://www.mapbender.org> | www.meldemax.com <http://www.meldemax.com>
>> Amtsgericht Bonn, HRA 6788
>> -------------------------------
>> Komplementärin:
>> WhereGroup Verwaltungs GmbH
>> vertreten durch:
>> Olaf Knopp, Peter Stamm
>> -------------------------------
>> _______________________________________________
>> Qgis-user mailing list
>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>
>
>
>
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20171005/a2373a74/attachment.html>

More information about the Qgis-user mailing list