I use Digital Ocean about one year. I want create a a service to sell small websites using WordPress as CMS, alright a simple service/panel using Digital Ocean API to create a new domain in apache, database and some configurations.

But I have a HUUUGGGGEEEE question, how create isolated configuration for each domain? Example: Imagine one of this small website infected or hacked. This will create a huge problem for all users.

Exists any tool, to deny one user/website to access other directories/files from other user/website?

== My scenario

1 Droplet to MySQL
1 Droplet to Apache/PHP
1 Droplet to Webmail Domains

*Apache (virtual sever) and MySQL databases are created by API

Directories structure

/var/www/domain1.com/[website files]

/var/www/domain2.com/[website files]

/var/www/domain3.com/[website files]

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hello,

With the DigitalOcean API you could, for example, create separate droplets:

https://developers.digitalocean.com/documentation/v2/#droplets

But once the droplet is created you would need your own automation in order to make changes to your Apache config. For example, you could use Ansible or BASH scripts to automate the creation of Apache Virtual Hosts.

Here’s a step by step guide on how to host multiple websites on 1 droplet with Apache Vhosts:

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04

Hope that this helps!
Regards,
Bobby

by Brennen Bearnes
The Apache web server is the most popular way to serve web content on the internet. Apache has the ability to serve multiple domains from a single server by using a mechanism called "virtual hosts". If a virtual host is configured correctly for each domain, the web server can correctly route traffic to the appropriate files based on the domain name requested. In this guide, we'll demonstrate how to configure Apache virtual hosts on an Ubuntu 16.04 server.
  • Is possible using the same droplets? Example, lightspeed panel allow create several accounts for websites in only one droplet… I want something like that.

    • Hello,

      Yes with Apache you could create multiple virtual hosts and that way you can host multiple websites.

      Hope that this helps!
      Regards,
      Bobby

      • Already using virtual host, but when one website was hacked all others websites too infected and this is my problem “how isolates each website as unic?”

        • Hello,

          In this case I could suggest using an Apache module like RUID2 which lets you setup Apache to run as different users.

          That way you could have a separate user for each site, for example user1, user2, user3 and etc, then your the Vhost for each website would be pointed to the specific user:

          /home/user1/public_html
          /home/user3/public_html
          /home/user2/public_html
          ...
          

          That way thanks to RUID2 even if for example user1 gets hacked, it would not affect the rest of the users as the user1 would not have access and privileges to edit/view the other files.

          Hope that this helps!
          Regards,
          Bobby

          • lol Thanks.

            I read a few posts about and have some questions…

            In this posts https://serverok.in/apache-mod-ruid2 and https://github.com/mind04/mod-ruid2 we can see this entry

            RMode config
            RUidGid USERNAME_HERE GROUP_HERE
            

            USERNAME will be the username for each user created, like
            example1.com => example1
            example2.com => example2
            example3.com => example3
            Is right?

            GROUP will be a group create by me? Like “clients” or “websites”

          • Hi @johnhenrique,

            You could use the user as the group as well.

            You would still have sudo access and you would be able to su as the users and make changes.

            Regards,
            Bobby

          • Hi,
            I’m following this procedure for my new droplet. Do you think it is possible (and more importantly, safe) to do that inside /var/www/html and have there a folder for each site but of property of a different user?
            example:
            /var/www/html/user1/site1
            /var/www/html/user2/site2
            /var/www/html/user3/site3

            Just to have them all together in one place, makes easier to manage when you have lots of websites.

          • Hi there @ilariaroglieri,

            Yes, I believe that this should be OK, as long as you are using RUID2 and the ownership of the folders are set to the corresponding users.

            Hope that this helps!
            Regards,
            Bobby

Submit an Answer