Encrypted web projects

If you develop web applications and you want to easily run your applications locally, you might be running Linux on your laptop. This is great until your laptop gets stolen. And while it is never fun when your laptop is stolen, there is one thing that can make it worse: compromised data. Imagine somebody stealing your application source code, database and passwords. Insurance covers the value of your laptop, but not the costs of compromised data (assuming you would be able to put a price tag on that).

Fortunately Ubuntu 12.04 offers home folder encryption during standard installation (Full Disk Encryption requires the alternate installer). But when your home folder is encrypted Apache does not want to serve from your home folder anymore (giving Access Denied errors). If you want to make “ecryptfs” and “apache2” to play along nicely you can change the user Apache is running as. This is as easy as changing “www-data” in the “/etc/apache/envars” file to your username, like this:

#export APACHE_RUN_USER=www-data
#export APACHE_RUN_GROUP=www-data
export APACHE_RUN_USER={PUT YOUR USERNAME HERE}
export APACHE_RUN_GROUP={PUT YOUR GROUPNAME HERE}

It is important to realize that Apache can only serve the content when you are logged in. This is expected and desirable behavior, because the home folder should only be mounted when you are logged in.

Share