Every setup is different. For me I have a lot of users on a server that each hosts websites, for you, you likely won't need to create more than just one user on the system. However, if you manage multiple websites on this server this setup will help you to manage, configure, and debug each domain in a fashion easier than a standard LAMP setup. In order for that to happen I utilize several devices by Apache to get around permission errors.

First, this is the document structure I use:

/home/[USER]/domains/[DOMAIN]/html

/home/[USER]/domains/[DOMAIN]/logs

Each user has their own account with a domains folder (which I added to /etc/skel so it gets created every time. Each domain has it's own folder in the domains folder with an html folder (I have my reasons for this, primarily so domains can have web files outside of the public realm). Feel free to modify this structure as you see fit, just remember to carry those changes throughout this post.

Secondly, I host a lot of PHP sites so I use suPHP in my configuration. By default the standard archive package doesn't have the proper compile flag enabled resulting in a less secure version of suPHP. I've made my own suPHP package which I use on my servers, installation instructions below. suPHP allows you to define what user PHP scripts should be executed as (among other things including: custom php.ini for each site, etc). I also enable suExec for Apache - further removing the need to have any ownership to www-data user (a user which I despise).

First ensure you have Apache, and all other services installed on your server. Make sure they are at least working. After that I recommend installing suphp-common and the required libapache2-mod-suphp module (More information: What are PPAs and how do I use them?). Then, after those install, activate suPHP and suexec using a2enmod

sudo a2enmod suphp

sudo a2enmod suexec

sudo a2dismod php5



sudo /etc/init.d/apache restart

Next will come the configuration file. I've made various tools that automatically generate the configuration files everytime I add a new site; however, here is the basic template I use:

<VirtualHost *:80>

    ServerAdmin [EMAIL]

    ServerName [DOMAIN]

    ServerAlias www.[DOMAIN] [DOMAIN]

    DocumentRoot /home/[USER]/domains/[DOMAIN]/html



    <Directory /home/[USER]/domains/[DOMAIN]>

            Options Indexes FollowSymLinks MultiViews

            AllowOverride all

    </Directory>



    ErrorLog /home/[USER]/domains/[DOMAIN]/logs/error.log



    # Possible values include: debug, info, notice, warn, error, crit,

    # alert, emerg.

    LogLevel warn



    CustomLog /home/[USER]/domains/[DOMAIN]/logs/access.log combined



    SuexecUserGroup [USER] [USER]



    suPHP_UserGroup [USER] [USER]

    suPHP_ConfigPath /home/[USER]/etc

</VirtualHost>

This sets up logging for that domain, the document root, and all other basic necessities for the domain to operate. I place these files in /etc/apache2/sites-available/ typically named [USER]-[DOMAIN] and enable/disable them with a2ensite like so:

sudo a2ensite [USER]-[DOMAIN]

sudo a2dissite [USER]-[DOMAIN]

After each modification to configuration files Apache will need to be reloaded with

sudo /etc/init.d/apache reload

While it may seem like a lot to setup the amount of flexibility gained, in my opinion, far outweighs the setup time. Though you only need a single user webserver, in the future if you ever wanted anything other than a single user webserver, you would need to perform further actions (or just drop security all together) in order to do so.