1. My Caddy version (
Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=)
2. How I run Caddy:
Through a system.d file…
a. System environment:
systemd on Ubuntu server
3. I’m not having a problem!
*Hey guys - I’m not having any problems with caddy, in fact I love it - makes https so easy to use. My question is, what are the gotchas of having a setup where users can have a ~/web/ directory, with their server content in a protected (www-data/755/&etc.) subdirectory on that tree.
I want my users to be able to ssh files into their private home directories and serve them over the web through caddy - but of course I want to be sure this is ‘safe’ to do so - I’ve turned off ProtectHome so that users can do this, but I’m just wondering about any gotcha/s with this config that I surely should be aware of … ?*
4. Error messages and/or full log output:
Please DO NOT REDACT any information except passwords/keys.
5. What I already tried:
6. Links to relevant resources:
Hi @ibisum, welcome to the Caddy community.
As long as you ensure that each user’s site is configured with a web root (the
root directive) specifically located in their
~/web/ directory, a potential attacker won’t be able to traverse upwards and get files from outside of this directory.
Ensure your users are educated on the risks of putting sensitive files in their
~/web/ directory - anyone can shoot themselves in the foot simply by moving the wrong files in there.
Outside of that, there’s no real tricks or “gotchas”, per se. It just serves a site out of the web root directory.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.