Not Production Ready: Limitations and suggestion
Not Production Ready: Limitations and suggestion
Hi:
1. Currently when you create a reseller(i.e. a <user> who can create more than one domains and related services under a package), it creates conf files in /home/<user>/conf/ directory. And if the reseller <user> creates multiple domains, all point to the same web directories.
I meant if a reseller creates.
domainA.tld for customer A
domainB.tld for cutomer B
both point to the domainA.tld, thus disallowing the domainB.tld to customize his/her own site (see 2 below about separation of power).
2. This may also create permission mess to files uploaded to public_html files by those two users as their permissions are not separated. ISPConfig uses a different topology which is worth a suit. They give different ownerships and permissions to each client and domain (clientID and webID), meaning separation of powers among different players (ACL). Else vestacp shall become unmanageable in the long run.
The above (ACL based on resellerID and domainID) is a must for any *nix.
/gtzen
1. Currently when you create a reseller(i.e. a <user> who can create more than one domains and related services under a package), it creates conf files in /home/<user>/conf/ directory. And if the reseller <user> creates multiple domains, all point to the same web directories.
I meant if a reseller creates.
domainA.tld for customer A
domainB.tld for cutomer B
both point to the domainA.tld, thus disallowing the domainB.tld to customize his/her own site (see 2 below about separation of power).
This can be avoided if admin creates a separate users for all domainN.tld, but that is not how it works in real life as the multitenacity is admin>>resellers>>customers./home/<RESELLER_USER>/conf# ls web/
apache2.conf nginx.conf snginx.conf ssl.domainA.tld.key ssl.domainB.tld.crt ssl.domainB.tld.pem
awstats.domainA.tld.conf sapache2.conf ssl.domainA.tld.crt ssl.domainA.tld.pem ssl.domainB.tld.key webalizer.domainB.tld.conf
2. This may also create permission mess to files uploaded to public_html files by those two users as their permissions are not separated. ISPConfig uses a different topology which is worth a suit. They give different ownerships and permissions to each client and domain (clientID and webID), meaning separation of powers among different players (ACL). Else vestacp shall become unmanageable in the long run.
The above (ACL based on resellerID and domainID) is a must for any *nix.
/gtzen
Last edited by gtzen on Thu Dec 05, 2013 7:08 am, edited 1 time in total.
Not Production Ready
Hi again:
There is a glitch:
1) If admin creates his own site by deleting default.domain (say hosting.tld), all child domains of users defaults to hosting.tld.
2) The webserver configs does not reload on it's own.
3) In order to test, I created a minimal package capable of creating single domain and other minimal utilties. Then created two users subscribing to the minimal package created earlier. Then separate domains are created for each users. And lo and behold, both domains lead to the first domain I created under first user. This is a serious glitch.
It seems like the first domain becomes default pointing to all other domains created whether under admin or other users.
There is a glitch:
1) If admin creates his own site by deleting default.domain (say hosting.tld), all child domains of users defaults to hosting.tld.
2) The webserver configs does not reload on it's own.
3) In order to test, I created a minimal package capable of creating single domain and other minimal utilties. Then created two users subscribing to the minimal package created earlier. Then separate domains are created for each users. And lo and behold, both domains lead to the first domain I created under first user. This is a serious glitch.
It seems like the first domain becomes default pointing to all other domains created whether under admin or other users.
Re: Not Production Ready: Limitations and suggestion
Does it work if you manually restart the apache and nginx? If no then check domain ip address it should match the setup in control panel.
-
marcelorider
- Posts: 7
- Joined: Thu Dec 05, 2013 4:39 pm
Re: Not Production Ready: Limitations and suggestion
You always need to host the child domain in the Web guide.
Also, if it redirects all pages to the child domain, suspend it and unsuspend, it will gonna work correcly, for me worked so, just give it a try ;)
Also, if it redirects all pages to the child domain, suspend it and unsuspend, it will gonna work correcly, for me worked so, just give it a try ;)
Re: Not Production Ready: Limitations and suggestion
1. I suspended and unsuspended both domains as admin. After this operation the browser shows "Suspend" in both domains.
2. When I logged in as a user who owns the domain and tried to suspend, it gives "Error Code: 12"
3. Thereafter, I tried to restart the servers and it failed to do so with error:
4. Restarting nginx also failed:
In any case whatsoever, I do not plan to use vestacp for production until the permission and user domain allocation issues are addressed. Does not sound *nixy to me.
2. When I logged in as a user who owns the domain and tried to suspend, it gives "Error Code: 12"
3. Thereafter, I tried to restart the servers and it failed to do so with error:
The first line is address listening to port 8080. I guess that is alright as nginx is listening to port 80 as a proxy to apache.Syntax error on line 1 of /home/domainB.tld/conf/web/apache2.conf:
The address or port is invalid
Action 'configtest' failed.
The Apache error log may have more information.
failed!
4. Restarting nginx also failed:
This does not sound normal.nginx: [emerg] no host in ":80" of the "listen" directive in /home/domainB.tld/conf/web/nginx.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
Restarting nginx: nginxnginx: [emerg] no host in ":80" of the "listen" directive in /home/domainB.tld/conf/web/nginx.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
In any case whatsoever, I do not plan to use vestacp for production until the permission and user domain allocation issues are addressed. Does not sound *nixy to me.
Last edited by gtzen on Sat Dec 07, 2013 8:32 am, edited 2 times in total.
Re: Not Production Ready: Limitations and suggestion
ipaddress matches perfect. Even when I removed the NAT part as I am testing it on a test machine. Yet no go.skid wrote:Does it work if you manually restart the apache and nginx? If no then check domain ip address it should match the setup in control panel.
However, until the permission issues are not addressed, I do not feel comfortable to go for production, fyi.
Re: Not Production Ready: Limitations and suggestion
Since it is an experimental machine, I removed the NAT from IP section of the admin user. When I try to change the IP of the domainB.tld in the domainB.tld user panel, it reports "Parsting Error".skid wrote:Does it work if you manually restart the apache and nginx? If no then check domain ip address it should match the setup in control panel.
In the next step, I tried to remove all domains under all users and tried to recreate with the internal IPs, but it statest that deleted "Error: domainB.tld exists". Hmmm.
Eventhough no domains exists, but it shows on top under "WEB" that 1 domain exists under user control panel. See http://i.imgur.com/xF8JG81.png
Re: Not Production Ready: Limitations and suggestion
no host in ":80" is easily fixed by editing that to: *:80gtzen wrote:1. I suspended and unsuspended both domains as admin. After this operation the browser shows "Suspend" in both domains.
2. When I logged in as a user who owns the domain and tried to suspend, it gives "Error Code: 12"
3. Thereafter, I tried to restart the servers and it failed to do so with error:The first line is address listening to port 8080. I guess that is alright as nginx is listening to port 80 as a proxy to apache.Syntax error on line 1 of /home/domainB.tld/conf/web/apache2.conf:
The address or port is invalid
Action 'configtest' failed.
The Apache error log may have more information.
failed!
4. Restarting nginx also failed:This does not sound normal.nginx: [emerg] no host in ":80" of the "listen" directive in /home/domainB.tld/conf/web/nginx.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
Restarting nginx: nginxnginx: [emerg] no host in ":80" of the "listen" directive in /home/domainB.tld/conf/web/nginx.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
In any case whatsoever, I do not plan to use vestacp for production until the permission and user domain allocation issues are addressed. Does not sound *nixy to me.
I had this issue the other day and quicklyt raced it down to port 8080. When I actually looked at the config, I facepalmed because the * not being there in the config was preventing Apache from working, so I imagine this should fix nginx as well.
Re: Not Production Ready: Limitations and suggestion
It looks like counter stalled at some point. You can update user counters on USER page. There is a select box for bulk operations, one of the available actions is to recacl counters.Eventhough no domains exists, but it shows on top under "WEB" that 1 domain exists under user control panel. See http://i.imgur.com/xF8JG81.png
Re: Not Production Ready: Limitations and suggestion
I did have to manually delete all configs, and rebuild all, recreated all domains.
Still the domains lands at the first domain that was created under any user.
Still the domains lands at the first domain that was created under any user.