====== Creating a folder tree ======

Create a new folder tree for hosting web server resources and additional services.

<code>
doas mkdir -p /home/www/acme
doas mkdir -p /home/www/bin
doas mkdir -p /home/www/cache
doas mkdir -p /home/www/cgi-bin
doas mkdir -p /home/www/conf
doas mkdir -p /home/www/htdocs
doas mkdir -p /home/www/logs
doas mkdir -p /home/www/run
doas mkdir -p /home/www/tmp
doas mkdir -p /home/www/usr
</code>

====== Setting directory owners ======

Next, you need to set the correct owners for the new folder tree.

<code>
doas chown root:daemon /home/www/acme
doas chown root:daemon /home/www/bin
doas chown www:daemon /home/www/cache
doas chown root:daemon /home/www/cgi-bin
doas chown root:daemon /home/www/conf
doas chown root:daemon /home/www/htdocs
doas chown root:daemon /home/www/logs
doas chown root:daemon /home/www/run
doas chown www:www /home/www/tmp
doas chown root:daemon /home/www/usr
</code>

====== Copying service files ======

The next step is to copy the old files into the new folder tree.

<code>
doas cp /var/www/bin/* /home/www/bin/
doas chown root:bin /home/www/bin/*
doas cp /var/www/cgi-bin/* /home/www/cgi-bin/
doas chown root:bin /home/www/cgi-bin/*
doas cp /var/www/conf/* /home/www/conf/
doas chown root:wheel /home/www/conf/*
doas mkdir -p /home/www/usr/sbin
doas chown root:daemon /home/www/usr/sbin
doas cp /var/www/usr/sbin/sendmail /home/www/usr/sbin/sendmail
doas chown root:daemon /home/www/usr/sbin/sendmail
</code>

====== Stopping services ======

You need to stop the web server and its additional services.

<code>
doas rcctl -d stop httpd
doas rcctl -d stop php73_fpm
</code>

====== Making changes to the configuration ======

The next step is to make changes to the configuration files of the web server and its services.

/etc/httpd.conf:
<code>
chroot "/home/www"
</code>

/etc/php-fpm.conf:
<code>
listen = /home/www/run/php-fpm.sock
chroot = /home/www
</code>

====== Email security settings ======
Setting the minimum rights for the mail system
<code>
doas chmod 640 /etc/mail/domains
doas chmod 640 /etc/mail/vusers
doas chmod 640 /etc/mail/hosts
doas chmod 640 /etc/mail/passwd
doas chmod 640 /etc/mail/vusers
doas chmod 640 /etc/mail/smtpd.conf
doas chown _dovecot:_dovecot /etc/dovecot/dovecot.conf
doas chown _dovecot:_dovecot /etc/dovecot/users.txt
doas chmod 640 /etc/dovecot/dovecot.conf
doas chmod 640 /etc/dovecot/users.txt
</code>