15

I would like to add a condition in an adduser script to update nginx.conf for it to load ~/www as http://ipaddress/~user whenever I create a new user.

And when a user is named www.domainname it will host that domain name in the ~/www folder.

Is there a script that already does this?

Joseph Le Brech
  • 267
  • 1
  • 2
  • 6

2 Answers2

30

You don't need to add anything to nginx upon user creation. Simply use something like this in your server block:

location ~ ^/~(.+?)(/.*)?$ {
    alias /home/$1/www$2;
    autoindex on;
}

Check your distributions /etc/skel

if you mkdir /etc/skel/www all userdirs created by adduser (or your distributions adduser-script) will have this directory by default.

Brian Ballsun-Stanton
  • 115
  • 5
Franz Bettag
  • 927
  • 8
  • 7
  • now what if i want the users to override this once then have pointed their dns to that server? – Joseph Le Brech Oct 10 '11 at 11:42
  • I dont understand the question/issue :/ – Franz Bettag Oct 16 '11 at 10:22
  • if a user has a site hosted on ~username is there a way for the user to change it to domainname – Joseph Le Brech Oct 17 '11 at 07:26
  • 1
    You could give the user the possibility to have his own nginx.conf, something like (not 100% correct, but the direction is there): if (-e /home/$1/.nginx.conf) { include(/home/$1/.nginx.conf); } there the user could do his own setup, but also break the server-restart. this is a bit of a compilcated issue. – Franz Bettag Oct 17 '11 at 10:56
  • cheers, I did also have a look at using map with a soft restart. but i would have to create a program for changing the map file so that the use can't crash the server. – Joseph Le Brech Oct 17 '11 at 10:59
  • you could basically wrap an editor (like vi/vim/emacs) around it, unless nginx configtest works, it will always copy back the original (temporary backupfile before editing) – Franz Bettag Oct 17 '11 at 11:40
  • oh that's interesting. so you have to check if the config file is valid though? – Joseph Le Brech Oct 17 '11 at 20:53
  • yes. nginx already has a config-test parameter where you can check. if that command returns with an error you know whats happening. sample shellscript would be: cp $HOME/.nginx.conf $HOME/.nginx.conf.back && vi $HOME/.nginx.conf; nginx config-test-syntax... && if [ $? -ne 0 ]; then cp $HOME/.nginx.conf.back $HOME/.nginx.conf; fi something like that, should give you start – Franz Bettag Oct 17 '11 at 21:32
  • 1
    that actually rocks :) – Joseph Le Brech Oct 18 '11 at 13:52
  • I know, it's from me :> I'm the shellscript king! :P – Franz Bettag Nov 07 '11 at 12:42
  • how do you fix the permissions problem? nginx runs as nginx user and it simply have no access to /home/$username/ folder. – andrej Dec 18 '12 at 17:04
  • you actually chmod your $HOME go+x (not +r, x -> just access, r -> reading/listing contents), inside your home you leave everything it is and only set your public_html 0755. that way other processes can "stat" that directory (through the +x) and run ls on public_html (remember 755) – Franz Bettag Jan 05 '13 at 14:07
  • 2
    Doesn't this make your server vulnerable to path traversal attacks? Eg. if you request `example.com/~../foo`, you'll get the path `/home/../www/foo`, which is outside of the user directories. – Nick ODell May 25 '20 at 18:08
  • @NickODell : It *seems* that way, but in practice the traversal attacks don't work. I get a 404 on every traversal attack attempt I have made. – 7yl4r Jun 24 '22 at 22:13
3

I just stumbled upon this and the accepted answer looks VERY suspicious to me. As Nick ODell pointed out in the comments of the accepted answer, it is probably susceptible to directory traversal attacks.

A better solution is to have a main web root in the server block and then use a symlink from the web root to the user directory. You can have multiple symlinks point to the same target directory:

/var/www/user1 -> /home/user1/www
/var/www/domainname -> /home/user1/www

This type of approach also works better with try_files.

QwestyGuesty
  • 31
  • 2