Hello,
I am setting up a public non-profit service which is using a bit outdated open source PHP code to run actions using a bit outdated open source Python app. And I need Your suggestion on a secure way to run both secure way - regarding permissions, file ownership and a webserver. The load will be very low, no multi threading needed. But HTTPs is necessary.
My system is Debian 12 and the Python app is already missing modules in apt (coincurve and merkletools), but in virtual environment, i can install these using pip, though not tried if i can run py. script within Pythonv VENV from PHP). Currently I am having Nginx with www root at /var/www/html and I was thinking to chown www-data:www-data the python app and place it to /var/www/ (one level up from site files root) or should i isolate using special user and bother with permissions:
sudo chown -R user:www-data /home/user/.local/share/app-datafolder /home/user/app*;
chmod -R g+rw /home/user/.local/share/app-datafolder /home/user/app*/
One .php and one .json file contains important private key.
Thank you