Back to home

nine-manage-vhosts with multi-user

  1. Introduction
  2. User management
  3. Create a Virtual Host with a specified user
  4. Create a Super User with access to all Multi-Users

Introduction

To manage websites on nine.ch Managed (V)Servers, nine-manage-vhosts is used by default. It allows you to configure websites on our servers. nine.ch also supports the usage of FPM and correspondingly its users.

In this document, you will find an explanation on how to use the user management section of nine-manage-vhosts.

User management

To increase security for web applications, you can give each virtual host a separate system user. This is useful if one virtual host should get compromised. In this case, only this user is affected. Normally, server orders are configured with only one user called www-data, the user management option can be added upon request. Please do note however that changing to FPM may require bigger adjustments which may also cause downtimes.

With the user management section of nine-manage-vhosts, users are managed as follows:

www-data@server:~ $ sudo nine-manage-vhosts user <action>...

Instead of the placeholder “action” you can use: create, update, remove und list.

List gives a list of the currently existing users:

www-data@server:~ $ sudo nine-manage-vhosts user list

NAME        | HOMEDIR
------------|------------------
www-data    | /home/www-data
www-example | /home/www-example 

During the creation(create) of a user, or while updating one (update), you can choose between three password-related options.

www-data@server:~ $ sudo nine-manage-vhosts user create www-example --no-password
www-data@server:~ $ sudo nine-manage-vhosts user create www-example --ask-password
www-data@server:~ $ sudo nine-manage-vhosts user create www-example --password=<password>

By using the option --no-password the created user will have no password and cannot be accessed through SSH or SFTP. This can be advantageous if you want to disable login through the said services in favor of an FTP access. For security reasons, we recommend to only set a password if absolutely necessary as it enables shell-access.

With --ask-password, the script will prompt for a password after starting it. The option --password will allow you to type the password directly into the command line, which may be of use for creating multiple users with a custom script.

Create a Virtual Host with a specified user

To assign a virtual host to a specified user while creating it, you have to enter the username after the option --user, as shown here:

www-data@server:~ $ sudo nine-manage-vhosts virtual-host create example.org
--user=www-example

In this example, a virtual host with the domain example.org and the user www-example in the folder /home/www-example/example.org is created.

Create a Super User with access to all Multi-Users

Create a new SSH-Key

We use the user www-data as super-user in this example.
Generate a new Private- and Public SSH Key without a passphrase.

www-data@server:~ $ ssh-keygen -o -a 100 -t ed25519 -N "" -C "www-data@server"

Deploy the pub-key on all user-webroots

The resulting public key content should now be copied to all desired user webroots under ~/.ssh/authorized_keys.

The file’s content should look like this:

www-*@server:~ $ cat ~/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NBBBBAAAILeD/udlOxZZuNNNNNNNNNu5L1+wM/spA5JzYNKH www-data@server

Test the connection

By using the following command you can test the connection to all users that you have deployed the public key to:

www-data@server:~ $ ssh www-*@localhost

WARNING! The private key should be kept private especially because it has no password and is not encrypted! It could lead to a severe security issue when the private key gets stolen.

Special notes:

  • For use with PuTTY or WinSCP the open-ssh key has to be converted into PPK format using the PuTTYgen utility.
  • The private keyfile ~www-data/.ssh/id_ed25519 must have 600 access rights. Otherwise the ssh connections will fail.

Didn't find what you were looking for?

Contact our support:

+41 44 637 40 40 Support Portal support@nine.ch