I’m working on a replacement for an old apache2 config. That installation is based on apache mpm-itk - thanks to that each vhost runs on a separate uid/gid.
That security measure actually prevented an attack from spreading on our server a month ago. If my new config is caddy based, I would like to put something similar in place. But so far, I could not find anything in the documentation about isolating vhosts.
Is there a way to isolate vhosts on different uid/gid with caddy? If so, I’m dumb and didn’t find the documentation, can you help me?
Does it even make sense to do that nowadays ? (I’m clearly not an expert in web hosting security)