State of the doc: works.

PHP will run out of the box. If you need PHP8, see this doc

If user needs a MySQL database: See Manage MySQL databases and users.

If you just want to give an existing user access to their errorlog, check out this page.

  • Define:
    • $name: the FQDN of the website (ie. "mysite.squat.net")
    • $user, $group: the user and group that will own the files on the server (ie "mysite")
    • $altnames: alternatives FQDNs for the website, such as "www.$name"
  • Edit DNS:
    • add a CNAME record for the subdomain, pointing to "skwotcustom.squat.net."
    • add another CNAME for www.$name if you want
    • In the Comment field, add the date of the request to help track it
  • Create user:
    • # adduser --gecos "" $user (eg: adduser detox)
    • → Choose a random password that you'll give to the user
  • Force user to change password on first ssh login (might conflict with sftp?)
    • # chage -d 0 $user
  • Create the folder
    • # mkdir /var/www/$name (eg: mkdir /var/www/detox.squat.net)
  • Assign correct permissions and owner:
    • # chown -R $user:$group /var/www/$name (eg. chown -R detox: /var/www/detox.squat.net)
    • # chmod -R o= /var/www/$name
  • Create a symlink from users' home to /var/www
    • # ln -s /var/www/$name/ /home/$user (eg. ln -s /var/www/detox.squat.net /home/detox)
  • Edit Apache config:
    • /etc/apache2/sites-enabled/customsites.conf or customsites-logged.conf depending if user wants access to errorlog or not.
    • Add a line before UndefMacro (end of the file) that looks like this: Use squatSite $name $user $group $altnames
  • Edit /etc/dehydrated/domains.txt
    • Add a line with $name and $altnames
  • Have dehydrated create certs and request signature to Let's Encrypt:
    • # dehydrated -c
  • If user wants access to errolog (don't give them access to accesslog as it contains IP addresses):
    • Make sure you edited apache' customsites-logged.conf
    • Create logs folder: sudo -u $user mkdir /home/$user/logs
    • Force logs rotation once, to make it create log files with correct group: logrotate -vf /etc/logrotate.d/apache2-userlogs (this will rotate all user-accessible logs and create new files with correct perms)
    • Delete empty rotated logs, lying in /home/$user/logs
  • Reload Apache config:
    • # systemctl reload apache2
  • Add a line in /root/Changelog, and add specific stuff as well!