I would like to use October CMS but as I see it, using it on shared hosting seems impossible because of the big security issues that arise with write access.

Does this mean that I shouldn't use October CMS on shared webshosting, or are there ways to do it safely?

I would appreciate to hear opinions on this.

Jan

Last updated 9 years ago

I did some reading the last two days and learned about Laravel Homestead and Forge. It's clear that I shouldn't use old-school hosting for Laravel but use cloud hosting + Forge.

Shared hosting can safely support writable filesystems using suPHP. With this extension, Apache will "sudo" as your user and have full access to everything. I would recommend finding a host that uses suPHP, such as a cPanel hosting provider.

Hm, sorry for bumping, but can somebody explain why it would be unsafe/ill advised to install this without suPHP?

I'm using a DO vps to run October (and all my other websites). Would this be a problem?

If you're using a Digital Ocean droplet (or a Linode or generally any VPS where you have SSH access), there is no need for suPHP. Instead, simply run Apache as its own user:group (www-data is the default web user and group on Ubuntu systems).

Then, instead of changing file permissions, you can run sudo chown -R www-data:www-data /var/www/ to get all your web files owned by the Apache user:group. Replace /var/www/ with the path to your Apache document root / October install.

If you want to edit the files on the server for any reason, you'll also want to add your user to the same group as Apache, otherwise you'll need to use sudo which will result in new files being owned by root, and that's not what you want.

Last updated 9 years ago

Ahh! That's how i've got it configured (using nginx though, but /care). Cool! Thanks for the answer :)