Discover Centmin Mod today
Register Now

Install Nginx Dedicated Servers ONLY. Change nginx vhost domains to be served from /srv

Discussion in 'Feature Requests & Suggestions' started by Cheetah Black, Jan 29, 2022.

  1. Cheetah Black

    Cheetah Black Premium Member Premium Member

    4
    0
    1
    Jan 26, 2022
    Ratings:
    +0
    Local Time:
    12:31 PM
    1.9.11
    10.0
    Hi Guys

    Intended for dedicated servers ONLY.

    This is a suggestion that Centminmod should be FHS compliant for dedicated servers.

    Setting up your web directory in a few words.
    Now that we have a working virtual host for our Centminmod installation, you should be happy, right?

    Why do we care?

    It’s about security!

    I recommend storing your web files in /srv/http. Naturally, with Centminmod, it's not, and you don't have to do it that way. You are free to store your installations wherever you want.
    It will just require some additional work on your part to set everything up if you use a different location.

    So why does this matter? Simply put, security.

    Why not /var/www?
    /var/www is a commonplace for http data to be stored, mostly because it is usually the default configured path for Nginx and Apache.
    However, while this is often the usual place for web data, it's not actually a standardized configuration. /var is best reserved (as its name implies) for variable files which change over time, such as log files.

    Why not /home/nginx/domains/yourdomain.com?
    This setup is actually fine for shared hosting environments and may make the most sense in such a situation. However, there's no reason to use it outside of that.

    From a security perspective, I would also strongly advise against hosting your dedicated installation under your primary user account.


    In the absolute worst-case scenario, say your SSH credentials are compromised, your installation files and data would still be unprotected. Let's not mention your complete server……..

    Why /srv/http?
    I use and recommend /srv/http as it is FHS compliant. The /srv directory is the only standardized directory specifically made for hosting service files like this.

    If you are already used to another way of doing things and don't want to change, you are again free to use whatever kind of configuration you like.

    Thoughts? Suggestions? Idea's?
     
  2. eva2000

    eva2000 Administrator Staff Member

    49,300
    11,296
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,575
    Local Time:
    1:01 PM
    Nginx 1.21.x
    MariaDB 10.x
    Thanks for the suggestions. I haven't really looked at FHS https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard. Centmin Mod is actually a fork of another persons work on original Centmin and the file system hierarchy in Centmin Mod was inherited from original Centmin. There hasn't been a reason for requiring to change this.

    For instance, in 20yrs of using Linux and dedicated servers, I have not seen one server/client use /srv directory as outlined in FHS! I've literally worked on 1000s of servers/clients' servers too. I'd be curious how many users would actually know and look for such site data at /srv/http?

    Though I have seen some Centmin Mod users, manually change where their site's web root/public data is located and edit their Nginx vhost root path accordingly. So if folks want to do that they can. But for a default install, probably will keep Centmin Mod's hierarchy the way it is for now. By my estimates, there's between 30,000 to 100,000 Centmin Mod installations out there and up to 3,000+ new installations each month. So making such drastic changes would also confuse a lot of folks :)
     
  3. cloud9

    cloud9 Premium Member Premium Member

    319
    86
    28
    Oct 6, 2015
    England
    Ratings:
    +154
    Local Time:
    4:01 AM
    1.21.5
    10.3.32
    I havent worked on as many as you however I have never seen the /srv directory used