On Tue, Oct 30, 2001 at 12:56:18PM +1000, Andrew Pollock wrote: > I'm just wondering what methods different people are using to provision > multiple > websites under Apache? > I'm after a method that's scaleable, as neat as possible, and most of all as > secure as possible. > e.g. > Where do people shove their content roots? > How do you securely allow individual sites to have CGI access? > Directory structures, permission structures, account structures etc etc
I'm kinda new at commercal vhosting but... Since all the users on my main box are vhosts I'v kept my users in /home/LETTER/NAME and setup public_html for html/non-exec and added a directory inside of that named cgi for exec scripts. Below is my general ~/ layout for each user. I've added each user to the www-data group (but enabled other mesures to hopefully stop scripts from lurking around other dir's and chmoded their home dir's 770. I setup 3 vhosts (standard) for each user, www.domain.com/domain.com, webalizer.domain.com and mail.domain.com, the latter of witch is simply a pointer to my local TWIG install I've modded for vhosting. The webalizer domain points to the webalizer dir and a cronjob runs under each users account that updates their information. The logs for their www domain (both combined and errors) go into ~/logs and have the following format: Error log: /home/f/foo/logs/error.log Access Log (type Combined): /home/f/foo/logs/<domain> The reason for the <domain> as the name of the access log is that I have quite a few clients that have multiple vhosts. If the user wants an ftp server I set them up with a ProFTPD virtualhost and that domain and ProFTPD directive points to their ~/ftp directory. I'm working on a PHP script that will add my vhost directives for me but currently I'm adding them by hand. Take a look at the User/Group directives they come in handy. There is also a way to setup "macros" to use w/ vhosts that would cut the hand-workload down a bit I'm just opting for a script-based approach. example username "foo": layout of /home/f/foo -rw------- 1 foo foo 2888 Oct 28 12:54 README drwxrws--- 2 foo foo 4096 Oct 28 20:59 ftp drwxrws--- 2 foo foo 4096 Oct 28 15:55 logs drwxrws--- 13 foo foo 4096 Oct 28 15:12 public_html drwxrws--- 2 foo foo 4096 Oct 29 12:28 webalizer