What is the best way to setup and secure a share hosting service with NGiNX?

Question

I am planning to create a share hosting server that I will use for my clients with NGiNX server. I was wandering if anyone had any pointers to help me get started. And how I can secure de different accounts so no one can hack anyones other accounts?

Answer 1

The issue has less to do with nginx and more to do with your shell permissions and backend scripts.

Will your users have ssh access? If so, you will definitely want to setup chroot jails for them to prevent them from executing scripts or modifying files outside of their own directory.

Similarly, chroot jails will affect scripts (i.e. PHP files) from having access to files outside of the user's own directory.

You cannot use nginx to prevent scripts from modifying files not belonging to the user, but if I understand you correctly, you should be able to accomplish this via jailshells.

If you are working solely with PHP, you might also be able to use the open_basedir directive.