Web Server Best Practices: Directory Structure & Security
I would like to utilize Ubuntu server as web server, but I want to make sure I follow best practices for setting things up. I want to ensure I set the directory up in the best location and understand how to configure the appropriate security on that folder. I would like to be able to FTP to the server and push files into the web folders, so I would like to under stand how to ensure that my PureFTPd user can manipulate files/directories within the web folders.
What I did on my server so that my user could sftp things straight into /var/www
is:
sudo chgrp -R www-data /var/www
sudo usermod -aG www-data $(whoami)
sudo chmod -R 775 /var/www/*
sudo chmod 2775 /var/www
This will put your user into a group that has group ownership on /var/www and all its child directories, set everything in /var/www recursively to allow your group write access, and set the setgid bit on the /var/www directory so that all files later created under /var/www maintain the same group ownership rather than having the group set to the creator's primary group.
This is a very general question.
Obviously, you don't want to run your web server as root. However, the Ubuntu install already does that in the right way.
Furthermore, on the apache website are some tips how to properly configure your directory.
In regards of ftp. You want to make sure you use a secure ftp server that does not send your usernames and passwords in plain text over the network. The Ubuntu help pages have a tutorial how to set up such an ftp server.
When I have just an Ubuntu server, with multiple users using the server as a web server I scrap the /var/www
directory because to me - /var/www
is where you put web files globally. I update the /etc/skel
directory and add a public
and private
folder with a symlink www -> public
and update all my virtual hosts DocumentRoots to point to /home/<user>/public
.
I don't see /var/www
as the place to put multiple user-level folders and files. That's what the /home/
directory is designed for! It keeps paths and directory structures clean.