Problem with setting SSL, FTP, Document Root

2 posts / 0 new
Last post
#1 Fri, 03/02/2012 - 02:57
just_me

Problem with setting SSL, FTP, Document Root

Hi there,

i've run into several problems, where i wanted to ask for you advice please ;-)

  1. I want to use FTP for users to be able to upload. But i can only add one virtual FTP server to virtualmin per IP, but all websites share the same IP. So i decided to disable this feature, but create email&ftp users, which will work, but they can surf down to the root directory. The security setting in Virtualmin, to restrict the FTP users to their home directories won't apply as long as i haven't one virtual FTP server, but i need different FTP Users on different virtual servers to upload. Any idea, how to get this done?

  2. I created the first virtual server for examplea.com, and all went through, as well as setting up ssl. Then i was creating exampleb.com, which told me, that there would be a problem with the certificate, and that it might to present the cert of examplea.com. I will have certificates, which are not bound to the IP Address, so, will that apply? I will have certificates for each and every virtual server i will create, so i am wondering about this.

  3. I wanted to move in a multisite-installation of Drupal. On my old server i had one virtual user like exampleb.com and every website, being used for multisite installation pointed to the document root of exampleb.com. Therefore i only needed to maintain one Drupal installation with all required modules, and not 8 of them. If i try this under virtualmin, i gave it a try as a alias server, which ended up in showing examplea.com, not the examplec.com,which it had to be. Then i created a new virtual server and changed the .conf settings in /etc/apache2/sites-available accordingly, restarted apache and then i still receive examplea.com in firefox and in Safari i will see Index of / with awstats folders; so i am wondering what to do. it should be like this:

www.exampleb.com -> show exampleb.com, also with exampleb.com links www.examplec.com -> show examplec.com, also with examplec.com links, which will fetch all files from exampleb.com root and its own tables of exampleb.com's SQL database.

As i said before, i had it running under another server management software, but the other solution didn't run without suexec, so it wasn't an option to stick with that. With virtualmin i can disable suexec for that domains, where i cannot use it, so it is the better solution for that. But i would really appreciate, if someone can point me in the right direction.

I am pretty sure, there is something obvious to another user, but i tried different things, and didn't succeed, and i am wondering, what to do next. I think, you know this situation ;-)

Thank you and best

j_m

Fri, 03/02/2012 - 09:02
Locutus

ad 1:

You don't need the Virtual IP-based FTP feature, except you wish to use FTP over SSL. To prevent FTP users from traversing up to the filesystem root, you set up "Limits and Validation / FTP Directory Restrictions" where you add a rule to lock users in their home directories.

Note though that this restriction does not apply to SSH / SFTP. Aside from complicated fiddling with chroot, there's no feasible way to restrict SSH users to a specific directory. Which does not constitute a security issue though, since files on a Linux system which are world-readable contain no sensitive data. Each virtual server owner is responsible to set permissions properly so that no other users can enter their directories.

ad 2:

The problem is that the certificate to be used needs to be chosen BEFORE the webserver is told the hostname that the user wishes to fetch. But the hostname would have to be known to choose different certificates. Obviously an egg/chicken problem. There's "SNI" to work around this problem, but especially older browsers do not support that.

Without SNI, it is required to have one IP per certificate. Shared hosting on one IP will not work with individual SSL certificates.

Topic locked