Recommended directory for website data?

Nick-6

Member

Reaction score: 2
Messages: 20

Checked hier(7) and didn't see mentioning it. Internet says /usr/local/www is the one. I'd used /srv/domain.com in Linux. I'd like to know the proper and recommended directory for website data in FreeBSD. I'll install www/wordpress with www/nginx on my server. Thanks.
 

ShelLuser

Son of Beastie

Reaction score: 2,113
Messages: 3,793

As always it depends on context, there really isn't a "best" solution here.

For a server you could opt for moving it into the homedirectory of users so that it'll be easier for them to access and easier for the administration to safeguard ("backup") said data.

For personal use you could consider the same approach, or perhaps use the default of /usr/local/www. Of course this could be considered a minor security concern because if you're using default locations and/or settings you're also providing possible attackers with some basic options to try out. For example: pretty much everyone knows about /tmp and thus attackers often try to dump their scripts there in order to try and exploit local root glitches. Obvious solution: don't use /tmp or make sure it doesn't allow file execution.

But I digress.

In the end anything will do, as long as you don't start messing things up by using obviously bizarre locations such as, for example, /usr/src/www or such. When in doubt I often resort to a location in /opt to move things outside of the regular hierarchy, I also often use this to store my jails.

Your milage may vary of course.

Hope this can give you some ideas.
 

mer

Aspiring Daemon

Reaction score: 402
Messages: 636

If your system is using ZFS, create a new dataset to hold it. Sets you up for good security practices and backing up the data.
 

Tieks

Well-Known Member

Reaction score: 128
Messages: 307

When in doubt I often resort to a location in /opt
Where in hier(7) can we find /opt? Used to Linux?


If your system is using ZFS, create a new dataset to hold it. Sets you up for good security practices and backing up the data.
Exactly. Security is especially important here because PHP/Wordpress will be targeted by script kids. You can find a recent example of it here. Make sure you pay attention to file permissions and use non-standard directory names whenever possible. Most of all, keep your software up-to-date. Scripted attacks mostly use known vulnerabilities, with up-to-date software you don't have to worry.
 

msplsh

Aspiring Daemon

Reaction score: 226
Messages: 626

/var/www and /var/apache2 are also terrible options I have seen as defaults.

/usr/local/www is pretty good, but if you do the ZFS dataset thing, I did some poking about and the suggestion was to mount it in /media
 
Top