Multi-User Web Server Best Practices

Development Web Development
1

If this has been asked before please link as I wasn’t able to find an equivalent in the search. I know that it’s fairly vague but I’m expecting to find out things that I didn’t know that I didn’t know to look for; I’m really just after recommended articles.

I’m looking to set up a server that has multiple ecommerce stores for demonstration purposes. This’ll be a mix of Magento and Woo, primarily. I’m quite familiar with setting up LAMP but not so much with the best practices. Is there a good resource to detail how to best configure for multiple (ssh) users?

As a prime example: if a user logs on to the server and adds new (or modifies) files I want to ensure that the files have the correct owner, preferably without having to su to a common user.

Commonly with articles that I’ve found they go through how to set up the bare basics for LAMP, the basics with setting up the firewall and the most common aspects like that. I’m essentially looking for “more reading” after the initial setup.

AFAIK Docker wouldn’t be well-suited as (if I’m not mistaken) multiple containers would slow down the performance. This server will most likely have less than 8GB RAM.

2

First, a few questions before we get started:

  1. Are you wanting each demo site to look something like this:
    • demo.example.com, demo2.example.com, etc. OR
    • demo.example.com/ex1, demo.example.com/ex2, etc.
  2. How many total users?
  3. Do the aforementioned users need to share any directories or will each user need to live in their own independent silo?
  4. Will the users need privileges to restart the Httpd (Apache) process or are you going to be administering the system?
  5. What is the host operating system? Is it Debian or RedHat based?
1 Like
3

May be a bit overkill, but you could try ISPconfig install (without all the crap you wont need, such as mail server module etc,…)

Each site will run as its own linux user/group and you can even add ssh users for them. A bit tricky to configure if its your first time experience tho

2 Likes
4

Thanks for following up.

  1. It’ll be a different directory each, rather than separate subdomains
  2. Not a specific number but I estimate about 10
  3. They’ll need access to common directories but likely only server admins would use files in their home dirs (other than bashrc, etc). This will be staff demonstrating features to clients so they might just re-use the same store.
  4. They will have basic troubleshooting steps to restart the services in a pinch without having to depend on a server admin to be available, though that’s not essential.
  5. Ubuntu.

Great stuff, thank you. I’ll have a read

5

Quick answer to best practices - all part you mentioned has those usually documented, and since it’s 2020 - I would never recommend not separating users/domains/functions.
SSH-jails are great, but …

Here comes the container-train… Even tho you set restrictions on less than 8gb ram.
I think you would benefit greatly from placing each setup within containers, limit it accordingly, place a reverse proxy in front and then enjoy that they can’t in a easy fashion escape.

Better yet, if you’re doing e-commerce things - PCI-DSS compliance and documents in regards to that will give you a bare minimum all well.

And - you can ofc also split things up into joint or not parts of containers that could be shared - even tho I would never ever recommend it.