Issues with using /home/user/web/site dirs?

1. My Caddy version (caddy -version):

Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=)

2. How I run Caddy:

Through a system.d file…

a. System environment:

systemd on Ubuntu server

3. I’m not having a problem!

*Hey guys - I’m not having any problems with caddy, in fact I love it - makes https so easy to use. My question is, what are the gotchas of having a setup where users can have a ~/web/ directory, with their server content in a protected (www-data/755/&etc.) subdirectory on that tree.

I want my users to be able to ssh files into their private home directories and serve them over the web through caddy - but of course I want to be sure this is ‘safe’ to do so - I’ve turned off ProtectHome so that users can do this, but I’m just wondering about any gotcha/s with this config that I surely should be aware of … ?*

4. Error messages and/or full log output:

Please DO NOT REDACT any information except passwords/keys.

5. What I already tried:

6. Links to relevant resources:

Hi @ibisum, welcome to the Caddy community.

As long as you ensure that each user’s site is configured with a web root (the root directive) specifically located in their ~/web/ directory, a potential attacker won’t be able to traverse upwards and get files from outside of this directory.

Ensure your users are educated on the risks of putting sensitive files in their ~/web/ directory - anyone can shoot themselves in the foot simply by moving the wrong files in there.

Outside of that, there’s no real tricks or “gotchas”, per se. It just serves a site out of the web root directory.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.