Advanced Guides

It looks like your Javascript isn't working. This website requires you to have Javascript enabled. However we have an old documentation where you might be able to find your answer.

Using Passenger when providing shared-hosting

Relevant selection for this article:

There are special considerations that must be made when designing a multi-tenant shared hosting system.

This guide assumes that you are already familiar with installing and using Passenger. And serves as a prompt to consider issues particular to shared hosting.

The information in this section applies equally to the open source version and to the Enterprise version.

Table of contents

Conceptual overview

The main concerns to consider when setting up a shared hosting environment are as follows:

Which configuration options allow customers to elevate privileges.
Which configuration options will be provided to customers.

Step 1: Review the configuration options for Nginx:

Some options such as (but not limited to) passenger_user_switching allow a user to control what system user their app process runs as, and as such can be used to elevate privileges fairly trivially, or to interfere with other customers' processes. Therefore it is necessary to evaluate all of the configuration options provided by Passenger and whether they are safe to allow customers to control.

Step 2: Limit customer configuration to safe options:

We highly recommend whitelisting the configuration options that a user can set by not including any user controlled files/contents into your server's config.

Edit page

Passenger 6

Passenger 6 has arrived!

Learn about the new features: Generic Language Support. Or jump straight to the GLS guides.