Umm, if he needs to set up a site that accesses MySQL (e.g. Joomla, Wordpress, etc.), he may want to do it like @filippo_carletti advised me. “The best practice is to create a user (with its password) for every web site with limited access to its database. Using only one password, if one of the site is compromised, the attacker will access all sites.”
I currently have my site in /var/lib/nethserver/ibay/webserver/, but I should probably redo it as a regular user, instead of root. 
EDIT: @Menal_Habib This article may be helpful also: HowTo install Joomla on NethServer