I'm setting up a RHEL web server which will host static and dynamic content for several domain names. Multiple users will update files by SSH and SFTP.
Where should the files for each domain name be placed? On my default system, there is a single /var/www/, but no clue as how to locate multiple domains.
Looking at the Filesystem Hierarchy Standard (http://www.pathname.com/fhs/pub/fhs-2.3.html), it seems the best option is:
/srv/example.com/www/
/srv/example.org/www/
Any preferences?
Apache default is usually /var/www/example.com/ but you may as well follow FHS guidelines which I find quite good. The important thing is that you keep consistency between systems, that's why FHS are a good reference to follow.
In any case, I recommend to have it in a different partition because:
Remember to be very careful with the directory permissions to avoid users from one site accessing other sites.
We have very good experiences with a structure of
/srv/www/example.com/html
/srv/www/example.com/sub-d/www
/srv/www/example.com/sub-d/beta
/srv/www/example.com/sub-d/logs (if preferred)
if the server is used by one company. If you have client domains to serve, you might want to consider
/srv/www/client1/doma.in/html
/srv/www/client1/secon.nd/html
/srv/www/client2/foob.ar/html
I like the /var/www/example.com convention.
I like to have the conf in /etc/httpd/vhosts.d/example.com.conf and included in the main apache conf. I don't let the customer edit this. This way if you add a new domain and the configtest, reload or restart detects an error then it's really easy to back out.
With: /var/www/example.com/html /var/www/example.com/cgi-bin /var/www/example.com/log
I use posix acls to add default acls on the above dirs, so that any files they create are created with rwx for their server user(the one used in suexec)/group, so that no matter what user they are when they create the file, the user the webserver can access them and so that members of the VritualHosts user's group can access all of the files.
/var/www/example.com/private I use private as the place for password and group files to go.
/var/www/example.com/conf/example.com.include.conf If I want to allow the site owner to make config changes I also create a file such as: /var/www/example.com/conf/example.com.include.conf which is included in the VirtualHost in the main config for the domain i.e. /etc/httpd/vhosts.d/example.com.conf.
You need to be careful with this though as it means the user can break your entire config so you want to be pretty careful the user knows what they are doing. I tend to do it when there is a server with multiple VirtualHosts all owned by the same customer, so if the break the config, they only break their own sites.
I'd also suggest using suexec which allows processes to run as a user other than apache and also allows dynamic content to be run as users other than the apache user.
See: http://httpd.apache.org/docs/2.2/suexec.html
You may also want to look at the various RLmit directives, which allow you to lmit resource usage on a VirtualHost, etc basis. See:
We use the following layout
/var/www/domains/$DOMAIN/$HOST/{htdocs,logs}
So, taking www.google.com as an example
<VirtualHost *:80>
ServerName www.google.com
DocumentRoot /var/www/domains/google.com/www/htdocs
ErrorLog /var/www/domains/google.com/logs/error_log
CustomLog /var/www/domains/google.com/logs/access_log combined
</VirtualHost>
