View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Which directory on server to upload webapp to?
Log in to Ask a Question

Which directory on server to upload webapp to?

development

Greetings Linode Forum!

I've installed a LAMP stack and gotten WINSCP connected to my host, but I'm having trouble determining where to upload a set of folders and files I downloaded for the application, "Tinyboard."

There's an Install.php I need to use to get things rolling and I'm not sure where to house this file, and the rest of the relevant folders.

The best I got from a Linode guide was to look for a "public" folder but I could not find this - and I guess I don't understand if this is shorthand for another folder that's staring at me right in the face.

Where would you install this?

~~![](<URL url=)http://i.imgur.com/tMaigdN.png" />

Thank you in advance and please let me know if I'm not approaching this properly.~~

7 Replies

Most likely in /var/www/ but it depends on how your web server is set up.

@derfy:

Most likely in /var/www/ but it depends on how your web server is set up.

Thank you for that! I was caught up in analysis paralysis!

Just curious - why are you using a UNMANGED VPS service?

If you don't know the basics of installing a web app, how will you ever hope to secure your server?

It's not rocket surgery, but it is a skill that takes some time and effort to learn, and while you're learning (assuming you make the effort) your server will be wide open for hackers/crackers to take it over.

If you're interested in learning how to be a system administrator, then you're on the right track, but if you're just trying to host something and not have to worry about the details (and security is ALL about the details) you'd probably be better off with either a shared host & control panel, or a managed VPS where someone else worries about the details.

@vonskippy:

Just curious - why are you using a UNMANGED VPS service?

If you don't know the basics of installing a web app, how will you ever hope to secure your server?

It's not rocket surgery, but it is a skill that takes some time and effort to learn, and while you're learning (assuming you make the effort) your server will be wide open for hackers/crackers to take it over.

If you're interested in learning how to be a system administrator, then you're on the right track, but if you're just trying to host something and not have to worry about the details (and security is ALL about the details) you'd probably be better off with either a shared host & control panel, or a managed VPS where someone else worries about the details.

Its a really good point! :oops: I knew this would be the best way to learn the details of securing a server. There's definitely a learning curve, but I'm working my way through the documentation provided by Linode. I'm pretty nervous about something malicious happening, but figure the worst case scenario I can dump everything and start over. :shock:

Keep in mind the "worse case" is that your server gets compromised, it's used to send out spam/porn/malware, and your IP and Domain name is black listed.

If you don't know how to secure it, how will you know how if it's been compromised (until it's way way way too late)?

Learning on a PRIVATE SERVER is a much safer route.

But if you continue with a unmanaged VPS - the first thing to learn is how to setup the FIREWALL so that ONLY TCP80 is open to the public, and ONLY your IP is allowed for SSH (and only via certificates not passwords).

After that, you need to keep your OS patched to date ALWAYS, and your web apps (like tinyboard) updated and you need to subscribe to that app's security mailing list so you know if there's any security loopholes.

Remember that security is an ongoing process not a single procedure (i.e. it never ends, you're never done).

Im in a similar boat to OP. I've never been a sysadmin, but I'm attempting to run a linode server hosting some basic joomla sites. I'm using the linode guides which have already had me secure the server using iptables and remove default accounts.

However, I'm very interested in more about intrusion detection. What are some monitoring tools that people use? I've been reviewing my access and error logs and can see people attempting to find holes constantly. Any good guides on the next steps besides what you've mentioned (TCP80 and SSH without passwords)?

IDS (intrusion detection system) are usually way more effort (both in time and system resources) then they're worth.

They're like examining your cars windshield after driving thru a summer night looking for that one (and only one) golden mosquito.

If you're on the internet, you're going to get a bazillion probe attempts, and IDS will be happy to scream "Wolf" at the top of it's lungs for each and every one of them. What does that tell you - nothing, the danger is lost in the noise.

System and Application log monitoring, is a better indication of what's happening on/to your system.

Personally, instead of futzing around with IDS/IPS cry-wolf-ware, I spend my time keeping everything up to date, removing services I don't need, locking down what I do need, and making sure (via verification and testing) that my backup/restore procedures are complete, uptodate, and KNOWN good (and stored off system).

Of course, opinions vary, so the YMMV certainly applies here.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct