Continuing with the Open-Source theme, I’ve been working on a new control panel called VestaCP, that is an up-and-coming control panel.
With Steve Tan’s blog, I was able to get e-mail working properly to accept SSL/TLS connections after the initial install. It was surprisingly easy to ensure that the control panel was properly secured via SSL for all control-panel functions. You want a valid SSL certificate, especially if you have the control panel set up on a virtual private server in the Internet.
Naturally, the server has Fail2ban and other methods of ensuring that it was as secure as I could make it. Of course, it isn’t a bullet-proof solution, but I hope I’ve managed to cut down all or most of the attack surfaces in a given server.
I’ve been using VestaCP on my personal server and it was working rather well, so I decided to move it onto the Internet for more real-world experience. Sad to say, I encountered some interesting issues with getting VestaCP working properly for a friend’s WordPress and PrestaShop install… to the point that I had to call in a friend of mine to take a look at the setup, because I just could not see what was wrong, even though it was clear that something was wrong. Why could I not see it? Because I was tired and was having trouble thinking through the solutions and what to do to get the information I needed to properly resolve it.
Turns out it was a problem consisting of several different issues.
- Incorrect group permissions. It needed nginx to be added to the user’s group, e.g. user:x:100x:nginx
- PHP-FPM wasn’t properly set up. VestaCP was using its own compiled version of php-fpm. We switched to the Ubuntu repository version of php-fpm for easier compatibility and updates. We also made sure that all VestaCP configs with regards to php-fpm were updated to point to the right location for php-fpm while retaining VestaCP settings.
- nginx wasn’t quite properly configured well for WordPress and PrestaShop.
Unfortunately, PrestaShop is still not quite working as it should. I’ll be investigating that today, as we now have a working apache2+nginx installation for WordPress but not PrestaShop…