VestaCP Multi Cluster Setup
Posted: Tue Dec 17, 2019 4:15 pm
Dear people
I have been running a VestaCP on a droplet within Digital Ocean, and I am quite satisfied with VestaCP. However, I am looking into creating a multiserver setup for VestaCP to be able to manage multiple servers and have a dedicated mail server for my clients. Looking into the Parent + Slave/Child scenarios it seems intuitive. However, before I attempt such practices I want to discuss the steps with the community, to ensure that my VestaCP setup does not have longterm Issues. And possibly I would like to discuss firewall practices and properly securing my servers.
At the moment by what I understand, I can have multiple instances of VestaCP and controlling them through one. I have the current idea:
[VESTACP MAIN] ---> [VESTACP MAIL-SERVER]
---> [VESTACP SITES-SERVER]
---> [VESTACP FUTURE-SITE-SERVER]
---> [Separate SQL server]
I was wondering do I need all the components because what I need for this server is to just serve my VestaCP application along with VWI. So my setup would include:
[For the VESTACP MAIN]:
Web: Apache | FTP: vsftpd | Email: none | DNS: named | Firewall: iptables + fail2ban | SOFTACULOUS: yes | Additional Repo: remi | File System Quota: Yes | Database: none
[For VESTACP MAIL-SERVER]:
Web: Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
[For VESTACP SITE-SERVERs]:
Web: Nginx + Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
Would it be possible for someone to give me more details in terms of what is possibly the best approach and what should be done in this specific scenario?
In addition, I would like to add additional BruteForce and DDoS attacking using cloudflair.com service. However, I am not sure in terms of how to properly do DNS while I have my own ns1.domain.name, ns2.domain.name.
Finally, what are some of the best-practices to prevent users from accessing their FTP accounts through other URLs, example that I can provide is samplewebsite.com can be used instead of panel.domain.name to access FTP accounts and I would like to create a specific FTP port through URL ftp.domain.name and prevent other domains registered to be able to use FTP protocol over those URLs.
If my questions seems a bit simple, please bear with me, as I am still learning everything that I can in terms of server administration skills. :-D
Many thanks in advance
I have been running a VestaCP on a droplet within Digital Ocean, and I am quite satisfied with VestaCP. However, I am looking into creating a multiserver setup for VestaCP to be able to manage multiple servers and have a dedicated mail server for my clients. Looking into the Parent + Slave/Child scenarios it seems intuitive. However, before I attempt such practices I want to discuss the steps with the community, to ensure that my VestaCP setup does not have longterm Issues. And possibly I would like to discuss firewall practices and properly securing my servers.
At the moment by what I understand, I can have multiple instances of VestaCP and controlling them through one. I have the current idea:
[VESTACP MAIN] ---> [VESTACP MAIL-SERVER]
---> [VESTACP SITES-SERVER]
---> [VESTACP FUTURE-SITE-SERVER]
---> [Separate SQL server]
I was wondering do I need all the components because what I need for this server is to just serve my VestaCP application along with VWI. So my setup would include:
[For the VESTACP MAIN]:
Web: Apache | FTP: vsftpd | Email: none | DNS: named | Firewall: iptables + fail2ban | SOFTACULOUS: yes | Additional Repo: remi | File System Quota: Yes | Database: none
[For VESTACP MAIL-SERVER]:
Web: Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
[For VESTACP SITE-SERVERs]:
Web: Nginx + Apache | FTP: none| Email: exim + devcot + spamassasin + clamav | DNS: no| Firewall: iptables + fail2ban | SOFTACULOUS: no| Additional Repo: none | File System Quota: Yes | Database: none
Would it be possible for someone to give me more details in terms of what is possibly the best approach and what should be done in this specific scenario?
In addition, I would like to add additional BruteForce and DDoS attacking using cloudflair.com service. However, I am not sure in terms of how to properly do DNS while I have my own ns1.domain.name, ns2.domain.name.
Finally, what are some of the best-practices to prevent users from accessing their FTP accounts through other URLs, example that I can provide is samplewebsite.com can be used instead of panel.domain.name to access FTP accounts and I would like to create a specific FTP port through URL ftp.domain.name and prevent other domains registered to be able to use FTP protocol over those URLs.
If my questions seems a bit simple, please bear with me, as I am still learning everything that I can in terms of server administration skills. :-D
Many thanks in advance