Virtual Host Best Practices

Hey all,

I just got myself a brand spanking new Linode and I love it so far. I'm decently familiar with Linux so I've managed to set everything up but now that I'm managing my own server I have some questions about best practices.

Basically, I have a couple of domains and subdomains that I care about and I'm really the only person administering them. For security purposes, I want to setup an account I can SFTP and SSH from that is locked to my home folder.

What is the correct approach from a security and organizational standpoint?

1. Do I put all the sites into /srv/www as the Linode guide states and then make symlinks from my home folder?

2. How do I make sure this is scalable in case my friend wants to help me out with a website and I have to setup group permissions for specific sites?

3. I've disabled the default site at /var/www. It seemed strange to put one site there and all the others in /srv/www… What is the right way to organize this?

Thanks!

5 Replies

> Basically, I have a couple of domains and subdomains that I care about and I'm really the only person administering them. For security purposes, I want to setup an account I can SFTP and SSH from that is locked to my home folder.

Why if you're the only one administering it?

If you have a friend that wants access to a single site then give that site a user and use http://library.linode.com/security/sftp-jails/ to lock that user to their home folder.

@obs:

> Basically, I have a couple of domains and subdomains that I care about and I'm really the only person administering them. For security purposes, I want to setup an account I can SFTP and SSH from that is locked to my home folder.

Why if you're the only one administering it?

If you have a friend that wants access to a single site then give that site a user and use http://library.linode.com/security/sftp-jails/ to lock that user to their home folder.

I understand that, but I'm still confused about where the site data should live. Let's say I have a site example.com that me and my friend jointly work on.

All the data lives in /srv/www/example.com (like my other sites). I add myself and my friend to a group that then "chowns" that folder, correct? However, I don't want my friend to be able to go poking around the file system so I lock him down to the home folder (SFTP jail). However, now he can't access the site unless I put a symlink?

Lock him down to /srv/www/example.com instead of his home folder by setting ChrootDirectory /srv/www/example.com

@obs:

Lock him down to /srv/www/example.com instead of his home folder by setting ChrootDirectory /srv/www/example.com

I understand now, many thanks! :)

Anyother tip is it is sometimes work breaking you disk into two partitions, one for system and one for data, then symlink your www to that other partition. That way if you need to reinstall the OS or do something silly by accident ( yes I've been there ), you can keep your www data intact

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct