# Recommended directory for website data?



## Nick-6 (Sep 30, 2021)

Checked hier(7) and didn't see mentioning it. Internet says /usr/local/www is the one. I'd used /srv/domain.com in Linux. I'd like to know the proper and recommended directory for website data in FreeBSD. I'll install www/wordpress with www/nginx on my server. Thanks.


----------



## Alexander88207 (Sep 30, 2021)

1+ for /usr/local/www 
I know this only that you put the web stuff in /usr/local/www


----------



## ShelLuser (Sep 30, 2021)

As always it depends on context, there really isn't a "best" solution here.

For a server you could opt for moving it into the homedirectory of users so that it'll be easier for them to access and easier for the administration to safeguard ("backup") said data.

For personal use you could consider the same approach, or perhaps use the default of /usr/local/www. Of course this could be considered a minor security concern because if you're using default locations and/or settings you're _also_ providing possible attackers with some basic options to try out. For example: pretty much everyone knows about /tmp and thus attackers often try to dump their scripts there in order to try and exploit local root glitches. Obvious solution: don't use /tmp or make sure it doesn't allow file execution.

But I digress.

In the end anything will do, as long as you don't start messing things up by using obviously bizarre locations such as, for example, /usr/src/www or such. When in doubt I often resort to  a location in /opt to move things outside of the regular hierarchy, I also often use this to store my jails.

Your milage may vary of course.

Hope this can give you some ideas.


----------



## mer (Sep 30, 2021)

If your system is using ZFS, create a new dataset to hold it.  Sets you up for good security  practices and backing up the data.


----------



## Tieks (Oct 3, 2021)

ShelLuser said:


> When in doubt I often resort to a location in /opt


Where in hier(7) can we find /opt? Used to Linux?




mer said:


> If your system is using ZFS, create a new dataset to hold it. Sets you up for good security practices and backing up the data.


Exactly. Security is especially important here because PHP/Wordpress will be targeted by script kids. You can find a recent example of it here. Make sure you pay attention to file permissions and use non-standard directory names whenever possible. Most of all, keep your software up-to-date. Scripted attacks mostly use known vulnerabilities, with up-to-date software you don't have to worry.


----------



## msplsh (Oct 3, 2021)

/var/www and /var/apache2 are also terrible options I have seen as defaults.

/usr/local/www is pretty good, but if you do the ZFS dataset thing, I did some poking about and the suggestion was to mount it in /media


----------



## ShelLuser (Oct 4, 2021)

Tieks said:


> Where in hier(7) can we find /opt? Used to Linux?


Nope, Sun Solaris. Learn your basics


----------

