I’m working on a replacement for an old apache2 config. That installation is based on apache mpm-itk - thanks to that each vhost runs on a separate uid/gid.
That security measure actually prevented an attack from spreading on our server a month ago. If my new config is caddy based, I would like to put something similar in place. But so far, I could not find anything in the documentation about isolating vhosts.
Is there a way to isolate vhosts on different uid/gid with caddy? If so, I’m dumb and didn’t find the documentation, can you help me?
Does it even make sense to do that nowadays ? (I’m clearly not an expert in web hosting security)
That’s not possible. Caddy runs as a single process, so it’s not clear how that would work either. That seems exclusive to Apache and inherent to how it runs.
Please fill out the help topic template as per the forum rules. Without seeing your config or how you installed Caddy, we can’t know what options to suggest.
Hi ! I didn’t follow the template because it didn’t really make sense given the open nature of my question. But your answer is helpful nonetheless, thanks!