Most readers in geminispace will already be familiar with the term "tilde" as synonymous with a shared/multi-user unix environment. I've recently reconfigured my personal server to be more like these traditional systems, because it's a configuration that works well for me. In doing so I went from using nginx to using apache, because it seemed the better choice for the job. Nginx is better optimized for high load and easier to configure as a proxy for application servers, but apache has a lot of advantages for a shared environment:
You'll need to enable the suexec and userdir mods for apache, but after that the configuration is quite straight forward. Here's what mine looks like for the vhost in question:
ServerName warmedal.se ServerAlias www.warmedal.se Redirect permanent / https://warmedal.se/ ServerName warmedal.se ServerAlias www.warmedal.se SSLEngine On SSLCertificateFile /etc/letsencrypt/live/warmedal.se/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/warmedal.se/privkey.pem # I have several vhosts all using the same folder for letsencrypt acme challenges Alias /.well-known/acme-challenge /home/www-data/acme-challenge/.well-known/acme-challenge DocumentRoot /home/www-data/warmedal.se # I disallow access to all hidden files and directories Deny from All Allow from All # This part is all it takes to serve files from ~/public_html of any user UserDir public_html # And this executes all files ending in .cgi instead of serving their contentsOptions +ExecCGI AddHandler cgi-script .cgi
Please tell me if you see any obvious mistakes here. I'm specifically uncertain about the difference between "Deny from All" and "Require all denied".
-- CC0 ew0k, 2021-01-07
text/gemini; lang=enThis content has been proxied by September (ba2dc).