Question

Secure VPS and LAMP configuration

Posted September 4, 2014 3.4k views

Hi,

I need to set up a new Ubuntu server for hosting multiple websites. Which steps should I follow for maximum security and performance?

Specifically:

  • How can I configure Apache, so that each users won’t be able to access each other’s files?
  • And every virtual host runs with a separate user?
Add a comment
mstfldmr
By:
mstfldmr
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

4 answers
asb September 4, 2014

This can be done with a combination of Apache’s mod_userdir and SFTP chroots. To limit an SFTP user to their home directory, you can edit /etc/ssh/sshd_config to include:

Match User username
    ChrootDirectory %h
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then enable mod_userdir with:

sudo a2enmod userdir
sudo service apache2 restart

Now files in /home/username/public_html will be available at:

http://your.ip.address/~username

Reply Report
mstfldmr September 5, 2014

hi @asb,

that’s not what I want. I will set up a Virtual host for each client with custom domain name.

If Apache process runs as one single user, like www-data or apache, clients can read each other’s files.

Should I run an Apache process by a separate user for each client? Or should I use chroot jailing for Apache?

Reply Report
aguilar1181 September 6, 2014

I would save myself some trouble and install cpanel/whm. Yes is an extra cost but it will solve those problems for you.

Reply Report
mstfldmr September 7, 2014

@aguilar1181, thanks but it’s not an option now. I need to do it myself and I’m looking for helpful advices

Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help