Secure shared hosting environment basics

Hi There,

I know this question has probably been churned over and over in various
different variations, so i applogise in advance if its one of those
‘here we go again’ posts :slight_smile:

We are a hosting provider that is currently using the LAMP stack to host
our clients websites. 80% of these are on our shared hosting instance
that currently has PHP 5.3 using safemode to assist in keeping sites to
their own area. We are looking to build a new shared service and have
been playing with nginx/php-fpm (on debian squeeze) and love the easy
configuration and speed.

My question is: What is the best way to go about setting up a shared
hosting environment for 1000’s of customers, which is secure from the
point of view that the customers can’t access other sites.

Im not looking for a how-to, really just a “this is the correct way you
should look todo this” hint that will point us in the right direction.

Thank you for reading!

PS: Would like to stick with debian if thats possible

Simon

On 29/10/2012, at 3:11 PM, Simon [email protected] wrote:

Thank you for reading!
From what i have read so far nginx is just not really setup for truly
secure shared hosting (multiple owners) - is this the case?

Simon

???

I would be interested by knowing which elements you consider to reach
such
a conclusion.
AFAIK, whichever Webserver you use, the problem lies on the environment
&
server configuration.

B. R.