VestaCP Multi Cluster Setup
VestaCP Multi Cluster Setup
Dear people
I have been running a VestaCP on a droplet within Digital Ocean, and I am quite satisfied with VestaCP. However, I am looking into creating a multiserver setup for VestaCP to be able to manage multiple servers and have a dedicated mail server for my clients. Looking into the Parent + Slave/Child scenarios it seems intuitive. However, before I attempt such practices I want to discuss the steps with the community, to ensure that my VestaCP setup does not have longterm Issues. And possibly I would like to discuss firewall practices and properly securing my servers.
At the moment by what I understand, I can have multiple instances of VestaCP and controlling them through one. I have the current idea:
[VESTACP MAIN] ---> [VESTACP MAIL-SERVER]
---> [VESTACP SITES-SERVER]
---> [VESTACP FUTURE-SITE-SERVER]
---> [Separate SQL server]
I was wondering do I need all the components because what I need for this server is to just serve my VestaCP application along with VWI. So my setup would include:
[For the VESTACP MAIN]:
Web: Apache | FTP: vsftpd | Email: none | DNS: named | Firewall: iptables + fail2ban | SOFTACULOUS: yes | Additional Repo: remi | File System Quota: Yes | Database: none
[For VESTACP MAIL-SERVER]:
Web: Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
[For VESTACP SITE-SERVERs]:
Web: Nginx + Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
Would it be possible for someone to give me more details in terms of what is possibly the best approach and what should be done in this specific scenario?
In addition, I would like to add additional BruteForce and DDoS attacking using cloudflair.com service. However, I am not sure in terms of how to properly do DNS while I have my own ns1.domain.name, ns2.domain.name.
Finally, what are some of the best-practices to prevent users from accessing their FTP accounts through other URLs, example that I can provide is samplewebsite.com can be used instead of panel.domain.name to access FTP accounts and I would like to create a specific FTP port through URL ftp.domain.name and prevent other domains registered to be able to use FTP protocol over those URLs.
If my questions seems a bit simple, please bear with me, as I am still learning everything that I can in terms of server administration skills. :-D
Many thanks in advance
I have been running a VestaCP on a droplet within Digital Ocean, and I am quite satisfied with VestaCP. However, I am looking into creating a multiserver setup for VestaCP to be able to manage multiple servers and have a dedicated mail server for my clients. Looking into the Parent + Slave/Child scenarios it seems intuitive. However, before I attempt such practices I want to discuss the steps with the community, to ensure that my VestaCP setup does not have longterm Issues. And possibly I would like to discuss firewall practices and properly securing my servers.
At the moment by what I understand, I can have multiple instances of VestaCP and controlling them through one. I have the current idea:
[VESTACP MAIN] ---> [VESTACP MAIL-SERVER]
---> [VESTACP SITES-SERVER]
---> [VESTACP FUTURE-SITE-SERVER]
---> [Separate SQL server]
I was wondering do I need all the components because what I need for this server is to just serve my VestaCP application along with VWI. So my setup would include:
[For the VESTACP MAIN]:
Web: Apache | FTP: vsftpd | Email: none | DNS: named | Firewall: iptables + fail2ban | SOFTACULOUS: yes | Additional Repo: remi | File System Quota: Yes | Database: none
[For VESTACP MAIL-SERVER]:
Web: Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
[For VESTACP SITE-SERVERs]:
Web: Nginx + Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
Would it be possible for someone to give me more details in terms of what is possibly the best approach and what should be done in this specific scenario?
In addition, I would like to add additional BruteForce and DDoS attacking using cloudflair.com service. However, I am not sure in terms of how to properly do DNS while I have my own ns1.domain.name, ns2.domain.name.
Finally, what are some of the best-practices to prevent users from accessing their FTP accounts through other URLs, example that I can provide is samplewebsite.com can be used instead of panel.domain.name to access FTP accounts and I would like to create a specific FTP port through URL ftp.domain.name and prevent other domains registered to be able to use FTP protocol over those URLs.
If my questions seems a bit simple, please bear with me, as I am still learning everything that I can in terms of server administration skills. :-D
Many thanks in advance
Re: VestaCP Multi Cluster Setup
Hi
I read a lite your post and dont understand somethings
But I can say about FTP, you cant just access FTP from domain1.com and not from domain2.com if both domains resolve to same IP
Because FTP just listen in IP
You may can do it, if you have two ips in the server, and configure your FTP server just to listen in one of those IP so people can access to FTP from domain point to that IP
If not, isnt posible do it
I read a lite your post and dont understand somethings
But I can say about FTP, you cant just access FTP from domain1.com and not from domain2.com if both domains resolve to same IP
Because FTP just listen in IP
You may can do it, if you have two ips in the server, and configure your FTP server just to listen in one of those IP so people can access to FTP from domain point to that IP
If not, isnt posible do it
Patch your ubuntu 16 or mysq5.7 -> viewtopic.php?f=20&t=13239
Transfer accounts from cPanel -> viewtopic.php?f=19&t=11075
Transfer accounts from cPanel -> viewtopic.php?f=19&t=11075
Re: VestaCP Multi Cluster Setup
So what I want to accomplish is technically dumbed down to this:
[Server 1 firewalls with VestaCP]
| -----> [Server 2 serves files and php]
| -----> [Server 3 serves MarinaDB]
| -----> [Server 4 serves Mailserver (RoundCube)]
Meaning that VestaCP handles my user inputs and is responsible to deploy sites on different servers containing DB or files where they communicate internally. And a server that communicates with the VestaCP server for mail delivery. Since VestaCP has it's own DNS manager it should be an easy task to do, in theory. But want to know if someone has managed to do this before. I currently looked at DNS clustering (which was not exactly what I was hoping to accomplish). But VestaCP already has methods to provide external Mysql communication from another server. Meaning that I can set up [MarinaDB] on a different computer/droplet and connect it internally to Vesta without exposing it via public IP to outside.
I would like to achieve the same thing with other servers.
[Server 1 firewalls with VestaCP]
| -----> [Server 2 serves files and php]
| -----> [Server 3 serves MarinaDB]
| -----> [Server 4 serves Mailserver (RoundCube)]
Meaning that VestaCP handles my user inputs and is responsible to deploy sites on different servers containing DB or files where they communicate internally. And a server that communicates with the VestaCP server for mail delivery. Since VestaCP has it's own DNS manager it should be an easy task to do, in theory. But want to know if someone has managed to do this before. I currently looked at DNS clustering (which was not exactly what I was hoping to accomplish). But VestaCP already has methods to provide external Mysql communication from another server. Meaning that I can set up [MarinaDB] on a different computer/droplet and connect it internally to Vesta without exposing it via public IP to outside.
I would like to achieve the same thing with other servers.
-
nadirnasir
- Posts: 1
- Joined: Thu May 07, 2020 10:16 pm
- Os: CentOS 7x
- Web: nginx + php-fpm
Re: VestaCP Multi Cluster Setup
Hi, I am new to server administration and came across your post after months and months of searching how to do almost exactly what you say you want to do. I was wondering if you were able to accomplish your scenario. Right now, I am such a noob that when you say the following.... I can't even figure out how that is possible.
I would appreciate if you can guide me.
Right now I just have 1 VPS on which I host multiple (very small) websites that I develop myself for my clients. I manage their accounts myself so backups and other stuff is not a problem. I have around 10 users (sites) hosted. The one VPS I have serves and hosts everything for those ten websites-- email, db, website and dns. I've had a couple of scenarios where 'named' dns went down for a couple of hours and all sites went down with it (I also have my own nameservers). I see how I can do DNS clustering with vesta cp, since I have another VPS which can be used for DNS clustering. Then I looked into ways I could do mirroring for the server, so mysql is also probably easily configurable out of the box with vesta cp. BUT what I can't figure out is how I can have one main Vesta CP to control all others. So if I create a user for my client on the main Vesta CP, how can it be done on the other servers as well?At the moment by what I understand, I can have multiple instances of VestaCP and controlling them through one. I have the current idea:
[VESTACP MAIN] ---> [VESTACP MAIL-SERVER]
---> [VESTACP SITES-SERVER]
---> [VESTACP FUTURE-SITE-SERVER]
---> [Separate SQL server]
I would appreciate if you can guide me.