Apache2 MPM ITK on debian 9
This is a secure solution for having a web server for many sites. With this you can specify which server user will be used for which site so apache will execute the code (mainly php) with that user preventing file system access to bad code.
On a fresh Debian 9 installation (with just SSH Server installed) let’s do:
apt-get install libapache2-mpm-itk libapache2-mod-php7.0
We’ll now enable that modules that could be useful and the one necessary:
a2enmod mpm_itk a2enmod rewrite
Now let’s configure a virtualhost:
cd /etc/apache2/sites-available touch my_website.conf nano my_website.conf
and put this inside the file (obviously you can change settings as you need):
<VirtualHost *:80>
ServerName my_website
ServerAdmin paolo@my_website
DocumentRoot /home/www/my_website/home/
<IfModule mpm_itk_module>
AssignUserId my_username my_usergroup
</IfModule>
<Directory /home/www/my_website/home/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Let’s activate my_website:
a2ensite my_website
At this point we need to create the user and the group we indicate into the file:
useradd -d /home/www/my_website -s /usr/sbin/nologin my_username
and the folders onto the path:
mkdir /home/www mkdir /home/www/my_website mkdir /home/www/my_website/home cd /home/www/my_website chown -R my_username:my_username home/
At this point we have a virtualhost that points to a folder path where apache will run scripts as my_username user.
Therefore it’s possibile to configure mysql o any other service to make this webserver richer of functions.