Hi all. I’m looking to make a backend in my NGINX server, for a website that only gets a few views. Right now I’m managing the files of the site using Git, with /var/www/ as the folder on github. I’m looking to create an ip logger to plot onto a map, and I’m wondering if there are any problems with hosting it on /var/www. My main concerns are if it’s accessible to other users or if it’ll slow down NGINX. I’m absolutely able to do it in another folder, but I am wondering if there are any problems with keeping any files in /var/www. To my knowledge, only past /var/www/html is viewable by a connection.
Thanks!
Sorry, by accessible to users I mean visitors. Some sort of example.com/../.git shouldn’t be possible up to my knowledge.
If you have a git folder anywhere, always put files accessible to public to /var/www/project/public and have document root point to the public directory.
nginx won’t let users traverse upwards. Even if you only have static files, exposing /var/www/project as document root makes .git folder accessible.
If you have any server side processing, you put only the barest minimum in the project/public, as the server can load dependencies from project/src, but nginx won’t let outsiders access those files.
You’re right, unless there’s some vulnerability,
/var/wwwisn’t accessible by visitors when/var/www/htmlis configured as the web root in nginx. However if they are files that visitors shouldn’t access I probably wouldn’t put them in/var/www, but I guess at least you could chmod them like the previous commenter said, so that nginx can’t read them.Ahh I see. I never considered the config file. Thank you for the help!