aapanel_power
You cannot foresee each misuse of each user (who have to know at least where they can put their websites) restricting other's normal usage (default sites root folder is set by default for those who doesn't know where to put them). What if driving cars was forbidden for everyone because of some people driving too fast or drunk?!
This adds unusefull (at least unwanted) steps after creating a new website :
- creating another folder at the expected path,
- changing folder rights and owner,
- moving files,
- changing website root path in vhost config file,
- accessing website files from files manager instead of direct link in websites list,
- changing website root path in .user.ini.
Is it a real security threat?
Isn't there another way to secure this "breach"?
Isn't it already secured by anti-cross site conf?
Notice that all I wrote sometimes may be innacurate or I could be not aware of some aaPanel functionality, so I will still appreciate any help to use it correctly.
*****
I self-reply to my previous issue...
To aaPanel users : to make it work, once you moved back to your wanted folder, you also may have to change "openbasedir" path in "website-root-folder/.user.ini".
[UPDATE]
SSL Let's Encrypt file verification says : "Invalid site directory, please check if the specified site exists!"
I think that the folder which is given to Let's Encrypt is the path in database.
I had to use the DNS verification method to get a certificate.
[UPDATE 2]
The "push button" website backup does not work since the folder stored is not the right one...
Have to store the actual website's root folder when it's changed.