Hi there,
Thank
you so much for your input. We value this kind of feedback from our
community, and are always looking for ways we can improve both the
security and usability of our application, and its documentation. We've
prepared some responses to your comments below.
Please provide Apache installation instructions in addition to Nginx (I suspect that the majority of people use Apache)
That's a great idea! We hope someone in our community hears you and contributes with some docs and is up to maintaining them.
At
Artefactual, we use Nginx because we have found that its configuration
is simpler and the consumption of resources is lower - however, we also
understand that Apache is a widely used web server. Our developers are
very familiar with Nginx, and it is what we use in both development and
production - for this reason, we are comfortable offering public
documentation and support in our user forum for it. Our developers are
less familiar with the Apache web server, and we worry about being
unable to offer support for a feature we document - or being able to
reliably document and test installation in multiple environments over
time.
We
have always strived to keep everything about AtoM open - the code is
open source, we supply comprehensive free documentation, and we provide
free user support via the User Forum. However, as a small company that
is still trying to encourage broader participation from skilled
developers in the community, we are limited in how much time and
resources we can commit to maintaining information about multiple
installation configurations and other deployment decisions.
However,
despite this, we would definitely like to see a place for this. At the
moment, we are in the process of preparing a new wiki for AtoM, which
will consolidate and replace several older and out-of-date wikis and
resources from our 1.x branch. In this new wiki, we hope to create a
Community Resources section, where community-created resources
(including documentation for alternate installation configurations) can
be shared, discussed, and collectively maintained. We hope that when we
have this resource ready, you might consider contributing installation
documentation using Apache!
In the meantime, we do take pull requests and our project is in Github (https://github.com/artefactual/atom-docs).
We have also prepared a section which outlines some best practices for
AtoM documentation, along with more information about Sphinx, the
documentation platform we are using. See:
Move
the php-fpm configuration to a separate section e.g., "Performance
tuning/further optimizations". This does not seem necessary for a basic
install.
Do you mean the whole php-fpm section or just the part of the configuration that relates to performance, e.g. opcache.*?
We
consider php-fpm to be an important dependency in AtoM at the moment.
php5-fpm can also play well with Apache, though perhaps because you are
trying to install in a different environment, you have a different
conception of what you need? php5-fpm
is also replaceable with mod_php if you prefer - though this will only
work with Apache, and we haven't tested this at Artefactual.
In
any case, again: if you have concrete suggestions you'd like to help us
implement, we welcome pull requests! This is probably the easiest way
to show us what you mean, and we can always discuss specifics directly
on the pull request.
In
general, related to the previous point, the system, and by extension,
the installation guide seems over-engineered for high volume sites. I
suspect that a very small number of people require such features, and
the majority of people just want a minimal, low-complexity system. You
can put the performance/optimization add-ons into another section.
What
features do you mean, specifically? If you're talking about components
like APC or Elasticsearch, I'm afraid to tell you that these are core
dependencies in AtoM at the moment. Other non-essential dependencies,
used for handling digital objects in AtoM, are already marked as
optional.
There
are two things we feel it is important to remember. One, we have some
users who are small archives with small holdings - but we also have
users who are trying to scale the application to handle hundreds of
thousands, or even millions, of records. We need to strike a balance
between the two. Experienced sysadmins can make their own decisions
about what they need to implement to support their intended usage, or
what they would like to change.
The
other thing to remember is that AtoM has evolved iteratively over the
last 7 years, in spurts. Our community-driven business model has been
successful in keeping AtoM as a viable and constantly improving project -
but it also means that it is very difficult for us to find sponsors who
are willing to help us fund work necessary for back-end clean-up and
code maintenance over time. There are many ways we would like to
optimize and improve AtoM at all levels - most notably, getting it off
of the Symfony 1x framework - but without sponsoring institutions to
help us make this possible, we are only able to do bits and pieces at a
time.
Because
of this, the code base is, at core, largely the same as it was in 2007 -
and as the software's features and functionalities have grown, these
have been appended on to the original code base. The resulting
environment and its dependencies does have much room for improvement, we
know! But without either sponsorship, or siginificant help from
developers in our community, we're unable to take on radical rewrites of
the code base to simplify the dependencies and clean up the code.
The
"Create the database" step recommends using the "root" username which
is a big security no-no. A separate user with minimal permissions should
be created.
We're
open to this possibility. One thing to point out is that many of our
users, including those doing the installation, are often archivists -
not experienced system administrators. There are people out there with
whole careers dedicated to MySQL analysis - we are sure that experts
could improve this process significantly. Our initial hope was to keep
these steps as simple as possible for a wide variety of users.
We
would like to point out that we are simply using root to create the
database - afterwards, we immediately recommend, for security purposes,
that another user be created:
Then, in the following section, we encourage the end user to use this new, non-root user when setting up the web installer:
Ultimately, the MySQL
user you end up using does need CREATE permissions, so they can create
new tables. Unfortunately, CREATE permissions include both creating
tables and creating databases.
If you have further suggestions on how we might improve this - again, we welcome a pull request!
Related
to point #4, the password should be given at a prompt instead of at the
command invocation to avoid adding it to the history (or other logs).
That's a great point. One
of our developers has prepared a pull request on that section of the
documentation, and we welcome your feedback on it before we merge it, so
we can be sure that we're addressing the points you've raised:
When
I unpacked the installation tar ball, a number of files and directories
were world read and writable, notably in the config dir, which contains
credentials. The default permissions should be adjusted, and users
should be guided through steps on how to establish basic secure, beyond
ensuring that the Firewall is properly configured.
Another
great catch, and something we intend to look into. This will take us a
bit longer to fully investigate and address, so we have filed an issue
ticket here:
Thank
you again for your input! We value this kind of feedback greatly. Let
us know if you have further comments, questions, or concerns. And please
do consider contributing back to our documentation!
Cheers,