Please don't ask me to consider anything else; I choose CAcert even though it isn't "trusted". But what use is trust that can be bought with $$$? CAcert are certainly trustworthy in my opinion. If you think so too you might want to import their root certificate from this page. I also wrote an artic...

See this answer to a slightly different question: From what I understand, you want everyone in the users group to have write access to the data directory. That's accomplished by the following: setfacl -Rm g:users:rwX,d:g:users:rwX data/ I hope this will persist across user sessions & reboots? ...

This is a well-known problem for nginx users: an URL points to a directory, but misses the trailing slash, which results in nginx looking for a file, not a folder, and not finding it. But! It seems that this issue has been fixed long since: nginx does add trailing slashes automatically nowadays. So...

So you set up your server, it's open to the world, and everybody talks about what security risk that is. Your firewalls work, you probably use something like fail2ban, you check your logs every now and then, but that's not 100% protection. Really you'd need to be able to monitor the server over time...