More Open-Source Shenanigans

Continuing with the Open-Source theme, I’ve been working on a new control panel called VestaCP, that is an up-and-coming control panel.

With Steve Tan’s blog, I was able to get e-mail working properly to accept SSL/TLS connections after the initial install. It was surprisingly easy to ensure that the control panel was properly secured via SSL for all control-panel functions. You want a valid SSL certificate, especially if you have the control panel set up on a virtual private server in the Internet.

Naturally, the server has Fail2ban and other methods of ensuring that it was as secure as I could make it. Of course, it isn’t a bullet-proof solution, but I hope I’ve managed to cut down all or most of the attack surfaces in a given server.

I’ve been using VestaCP on my personal server and it was working rather well, so I decided to move it onto the Internet for more real-world experience. Sad to say, I encountered some interesting issues with getting VestaCP working properly for a friend’s WordPress and PrestaShop install… to the point that I had to call in a friend of mine to take a look at the setup, because I just could not see what was wrong, even though it was clear that something was wrong. Why could I not see it? Because I was tired and was having trouble thinking through the solutions and what to do to get the information I needed to properly resolve it.

Turns out it was a problem consisting of several different issues.

  1. Incorrect group permissions. It needed nginx to be added to the user’s group, e.g. user:x:100x:nginx
  2. PHP-FPM wasn’t properly set up. VestaCP was using its own compiled version of php-fpm. We switched to the Ubuntu repository version of php-fpm for easier compatibility and updates. We also made sure that all VestaCP configs with regards to php-fpm were updated to point to the right location for php-fpm while retaining VestaCP settings.
  3. nginx wasn’t quite properly configured well for WordPress and PrestaShop.

Unfortunately, PrestaShop is still not quite working as it should. I’ll be investigating that today, as we now have a working apache2+nginx installation for WordPress but not PrestaShop…