Table of Contents

Creating a folder tree

Create a new folder tree for hosting web server resources and additional services. 

doas mkdir -p /home/www/acme
doas mkdir -p /home/www/bin
doas mkdir -p /home/www/cache
doas mkdir -p /home/www/cgi-bin
doas mkdir -p /home/www/conf
doas mkdir -p /home/www/htdocs
doas mkdir -p /home/www/logs
doas mkdir -p /home/www/run
doas mkdir -p /home/www/tmp
doas mkdir -p /home/www/usr

Setting directory owners

Next, you need to set the correct owners for the new folder tree. 

doas chown root:daemon /home/www/acme
doas chown root:daemon /home/www/bin
doas chown www:daemon /home/www/cache
doas chown root:daemon /home/www/cgi-bin
doas chown root:daemon /home/www/conf
doas chown root:daemon /home/www/htdocs
doas chown root:daemon /home/www/logs
doas chown root:daemon /home/www/run
doas chown www:www /home/www/tmp
doas chown root:daemon /home/www/usr

Copying service files

The next step is to copy the old files into the new folder tree. 

doas cp /var/www/bin/* /home/www/bin/
doas chown root:bin /home/www/bin/*
doas cp /var/www/cgi-bin/* /home/www/cgi-bin/
doas chown root:bin /home/www/cgi-bin/*
doas cp /var/www/conf/* /home/www/conf/
doas chown root:wheel /home/www/conf/*
doas mkdir -p /home/www/usr/sbin
doas chown root:daemon /home/www/usr/sbin
doas cp /var/www/usr/sbin/sendmail /home/www/usr/sbin/sendmail
doas chown root:daemon /home/www/usr/sbin/sendmail

Stopping services

You need to stop the web server and its additional services. 

doas rcctl -d stop httpd
doas rcctl -d stop php73_fpm

Making changes to the configuration

The next step is to make changes to the configuration files of the web server and its services.

/etc/httpd.conf: 

chroot "/home/www"

/etc/php-fpm.conf: 

listen = /home/www/run/php-fpm.sock
chroot = /home/www

Email security settings

Setting the minimum rights for the mail system 

doas chmod 640 /etc/mail/domains
doas chmod 640 /etc/mail/vusers
doas chmod 640 /etc/mail/hosts
doas chmod 640 /etc/mail/passwd
doas chmod 640 /etc/mail/vusers
doas chmod 640 /etc/mail/smtpd.conf
doas chown _dovecot:_dovecot /etc/dovecot/dovecot.conf
doas chown _dovecot:_dovecot /etc/dovecot/users.txt
doas chmod 640 /etc/dovecot/dovecot.conf
doas chmod 640 /etc/dovecot/users.txt