Apis Networks

New CP Launched

apnscp was launched in 2007 as part of our data center migration from Texas to Georgia. Technology has continued to evolve, as well as the devices from which we engage technology. I am elated to announce a new CP interface designed to look great on any device, whether it be desktop, laptop, tablet, or phone.

CP Login Interface

Hello new CP!

apnscp is now based off Bootstrap 4, which is still very much a work-in-process, but still achieves a very high consistency across browsers. Basing scaffolding off v4 allows better future-proofing than v3 or even *scoff* v2, which has been deprecated since 2013. Further, Bootstrap provides several utilities that afford better presentation of data, namely button-group dropdowns and a collapsible interface, which moving forward, will offer a better opportunity to present data in a rich and intuitive way.

Secondly, if you read this from the cp…

Open a ticket to request a server migration. You’re on a very old platform that dates back to 2007. The newer platforms have an integrated dashboard with process management + Google Analytics, updated software, and will continue to stick around for at least the next 2-4 years. These older servers will be gradually decommissioned over 2016/2017, so you can migrate either at your leisure (which is painless + automated with zero data loss) or be forced to migrate when the time comes. Open a ticket in the CP now to request a migration to one of the newer platforms.

Besides, who can say no to such a beautiful dashboard?

New dashboard is a beauty!

New dashboard is a beauty!


This is an accumulated log from the last major release on June 10:

  • NEW: empty_mysql_database() – retain schema structure, but purge all records in db (SQL)
  • NEW: export databases (MySQL Manager)
  • NEW: EOL selector on file edit (File Manager)
  • NEW: Let’s Encrypt multi-domain (SAN) support (SSL)
  • NEW: CP frontend scaffolding built on Bootstrap v4, responsive design compatible with all device sizes
  • NEW: various component redesigns (postback, help, menu, etc)
  • NEW: wield Zeus-like power, see and kill processes from the dashboard (Dashboard)
  • NEW: Let’s Encrypt for v6 platforms
  • NEW: export zone data via Toolbox (DNS Manager)
  • NEW: Let’s Encrypt support for v6.5+ platforms (SSL Manager)
  • NEW: Let’s Encrypt module (letsencrypt)
  • NEW: download files on clipboard or entire directory (File Manager)
  • NEW: set process priority (Util_Process)
  • NEW: storage amnesty – increase storage by 50% for 24 hours
  • NEW: add_pgsql_extension() – add a permitted PostgreSQL extension on a database. Currently supports hstore and pg_trgm (SQL)
  • NEW: set_acls() – ACL driver for file manager (File)
  • NEW: reap abandoned shellinabox instances (SSH)
  • NEW: shellinabox reaper
  • FIX: broken mailbox editor
  • FIX: escape chroot argument (Util_Process::Chroot)
  • FIX: hostname param missing on user edit when remote hosts not displayed (MySQL Manager)
  • FIX: login option alignment on smaller screens
  • FIX: row improperly cleared (Summary)
  • FIX: support TXT records > 255 characters (DNS)
  • FIX: destination not set on edit (Manage Mailboxes)
  • FIX: install()- SSLCertificateChainFile is not set when replacing a certificate if custom HTTP config present from previous SSL install (SSL)
  • FIX: build CSS assets under subdirectories
  • FIX: get_processes() – Fatal error: Cannot access self:: when no class scope is active on PHP 5.3 (Pman)
  • FIX: add_user()- error if no username specified (User)
  • FIX: certificate chain excluded from backup (SSL)
  • FIX: count() called on incompatible objects during backtrace enumeration, assume if object count is 1 otherwise use count() (Error Reporter)
  • FIX: check if parent zone config present rather than DNS record when adding zone configuration (DNS)
  • FIX: bitrot, undefined reference “event” in Analytics halts load in Firefox (Dashboard)
  • FIX: verify_password() check for proper module initialization through site prop rather than domain which is deprecated (Auth)
  • FIX: lack of strict type checking allows domains that begin with numerics whose matching numeric span has an account with a matching site id present on the same server to inherit that erroneous site id rather than the account site id (Auth)
  • FIX: _edit() hook references old config, which is never populated on account creation, just new and cur, which are equivalent (Crontab)
  • FIX: show archived tickets implicitly shows all ticketswhen toggled off (Trouble Tickets)
  • FIX: populate “user” index if cpu cgroup missing (Cgroup)
  • FIX: allow custom port in constructor (Util_API)
  • FIX: recursively create parent directories as needed in the jail target (FTP)
  • FIX: missing inactive account warning modal in new dash (Dashboard)
  • FIX: permit multiple keys in data directory (ACME client)
  • FIX: sync user preferences (Transfer)
  • FIX: potential deadlock – restore default signal handler after fork completes (Util_Process::Fork)
  • FIX: ignore stale mountpoints in setquota too (user)
  • FIX: ignore stale mountpoints in user quota reporting too (User)
  • FIX: get_account_quota()- stale mountpoints emit warning in quota cmd (Site)
  • FIX: forked processes may result in zombies (Util_Process::Fork)
  • FIX: variadic args unparseable (Util_Process::Fork)
  • FIX: deferred run still runs application (Util_Process)
  • FIX: $tooltip invoked before initialization (jTip)
  • FIX: discard record if site_id missing, resolve error reporter spamming (Tabulate Bandwidth)
  • FIX: infinite redirect loop when deleted account accessed from any server other than former residence (Auth_Redirect)
  • FIX: disable ajax indicator on pending analytics login (Dashboard)
  • FIX: create_pgsql_database()- flip OWNER/TEMPLATE order in CREATE DATABASE clause (SQL)
  • FIX: remove_transport()- dropping an email transport always removes MX records due to bug. DNS lookup to compare if third-party fails because MX parameter lookup includes FQDN-qualifier (“.”) that is gibberish when sending a low-level DNS lookup via gethostbyname_t(). This bug affected dropping email from Mail Routing, which always took the MX along with it. (DNS)
  • FIX: ensure set_user_preferences() is called with elevated permissions
  • FIX: incorrect path traversal in housekeeping routine (Ssh)
  • FIX: when creating a mysql user patterned after prefix(prefixuser), don’t add another prefix to the username (SQL)
  • FIX: hooks, if invoked from backend, do not properly initialize instance variables (Hooks)
  • FIX: migration log not attached to initial ticket (Transfer)
  • FIX: handle JS error reports without loading all assets (Error)
  • FIX: compile() – named arguments to format string incorrectly interpreted when duplicate parameters specified in format string (Regex)
  • FIX: compile() – multiple unnamed arguments to format string incorrectly counted (Regex)
  • FIX: invalid string offset when single argument fed to compile() (Regex)
  • FIX: locality/state parameter swapped (SSL)
  • FIX: self-signed certificate incorrectly calculates from wrong purpose (timestampsign), should be sslclient (SSL)
  • FIX: add pattern recognition for Dovecot bandwidth usage on v6+ platforms
  • FIX: only fetch a context backtrace if a context is provided with an exception (Error Reporter)
  • FIX: user, once jailed, cannot be unjailed (FTP)
  • FIX: “or” is non-commutative in assignment, causes a domain, reattached to an account, to fail if previously attached to a separate user account (Aliases)
  • FIX: disabling a bool option in list config fails to update (Majordomo)
  • FIX: phpMyAdmin 4.4 compatibility (phpMyAdmin)
  • FIX: custom HTTP configuration fails to migrate (Transfer)
  • FIX: IfModule, not IfDefine clause (cgroup)
  • FIX: add_virtual_transport() queries, incorrectly, published nameserver records to determine whether to add local DNS records to satisfy a MX record. Change this to verify local records and make changes locally if the record does not already exist (Email)
  • FIX: logic error, dump before preflight myisamchk (Transfer)
  • FIX: rename crond spool on user rename (Crontab)
  • FIX: missing subdomain when checking for existence of subdomain before removing during account sync (Transfer)
  • FIX: /etc/httpd/conf ignored in transfer (Transfer)
  • FIX: remove site_id in restrictor clause. Server migrations do not guarantee the same site_id value. Consequently, these tickets are obstructed (CRM)
  • FIX: erroneous IP address substitution in TXT records (Transfer)
  • CHG: unoptimized codepath if calling stat() from UI (File)
  • CHG: remove .php exposure on soap endpoint (Net_WSDL)
  • CHG: display amnesty request if storage within 98.5% capacity, instead of 99.5% (Dashboard)
  • CHG: modify_mailbox() make parameter list less cumbersome, drop catchall ability entirely (Email)
  • CHG: cache payments for only 24 hours (Billing)
  • CHG: send HUP, not USR2 to flush Dovecot auth cache on user creation (User)
  • CHG: move auth flush from user to user creation hook in email module
  • CHG: record_exists() drop timeout from 5 to 1 second (DNS)
  • CHG: expand upload block if previous action is upload (File Manager)
  • CHG: copy()- use non-shadow path on copy for overlayfs-backed platforms, which have issues invalidating the page cache on direct branc manipulation without performing a costly remount (File)
  • CHG: convert backup routines to Util_Process (backup DBs)
  • CHG: install()- ensure http config is rebuilt (SSL)
  • CHG: make postcss available on v6.5+ platforms
  • CHG: use postcss for CSS minification
  • CHG: switch JS build from YUI to UglifyJS
  • CHG: upgrade TinyMCE to 4.3.2
  • CHG: add PEAR5.php compatibility library for Util_HTML_BBCode
  • CHG: split_host()- include hostname that failed splitting (Web)
  • CHG: general JS fixups (DNS Manager)
  • CHG: jail_user()- use the referent if jailed path is a symlink (FTP)
  • CHG: kill SIGUSR2 dovecot/auth on v6.5+ platforms to flush dovecot auth cache (User)
  • CHG: minor analytics appearance tweaks
  • CHG: move open ticket position for admin (Trouble Tickets)
  • CHG: Dovecot on 6.5+ platforms use systemd, which lacks non-LSB commands. Instead of dovecot flush/reload send SIGUSR2 directly to auth process to flush cache on user addition (User)
  • CHG: delete_user()- remove user-specific subdomain during user deletion if only subdomain present (User)
  • CHG: include server name in X-Server header
  • CHG: reduce IP ARP announcement from 5 to 2 minutes on assignment (DNS)
  • CHG: modify_mailbox()- default to /home/NEWUSER/Mail if no inbox format specified (Email)
  • CHG: request()- verify hostname matches hosting IP address before requesting certificate. LE challenge will hangup a request if the IP matches elsewhere and potentially terminated elsewhere, e.g. behind CloudFlare (Letsencrypt)
  • CHG: signal()- ctype_digit() workaround, integer fails ctype_digit() test if constant, e.g. SIGKILL, specified (Pman)
  • CHG: map_domain()- clear stat cache before testing whether to create domain symlink (Aliases)
  • CHG: purge() – flush overlayfs cache on v6.5 platforms. Necessary when operating directly on the shadow layer (File)
  • CHG: expand Let’s Encrypt support to Helios (v5) platforms
  • CHG: request()- domain_hosted() queries domain lookup database, which upon new account creation, may not have the requisite account information populated, use domain_exists() instead (Letsencrypt)
  • CHG: add service_template_path(svc)
  • CHG: initialize module as backend service during _housekeeping() (lservicelib)
  • CHG: create parent directories if not exist during certificate install (SSL)
  • CHG: break parts of letsencrypt module into a separate support class, auto-renew pending full implementation (Letsencrypt)
  • CHG: refactor gethostbyaddr_t() and gethostbyname_t() into a separate utility class (DNS)
  • CHG: stop instantiating a dns module to perform gethostbyname lookup on auth redirect. Instantiation on unautheticated user leaves module attributes unset patterning to potential privilege escalation. Instead of making an exemption, disallow and organize code better (Auth::Redirect)
  • CHG: prevent unnecessary exception handling in dependent DNS lookup methods. Move exception thrown from unhosted zone from private method _get_zone_information_raw() to exposed method
  • CHG: move shellinabox supplementary Service class, couple with ssh module
  • CHG: be more compliant with logrotate, ensure config is owned by root (Logs)
  • CHG: drop cp. notation from ticket meta data (Crm)
  • CHG: automatically detect + convert shell scripts to Unix EOL (File Manager)
  • CHG: flush overlayfs after migration on v6.5+ platforms (Transfer)
  • CHG: verify server is resolvable before applying redirect (Auth::Redirect)
  • CHG: colorify RR types (DNS Manager)
  • CHG: remove site_id restriction from tickets; allow cross-server migration tickets to carryover at the expense of allowing tickets to share across multiple accounts that share the same invoice (old system of multi-hosting) (CRM)
  • CHG: cache load_preferences() (Common)
  • CHG: staple vendor paths into autoload (apnscpFunctionInterceptor)
  • CHG: remap old to new package names (Billing)
  • CHG: new Manage Mailboxes format
  • CHG: populate httpd-conf/.ssl if directory does not exist (Ssl)
  • CHG: during synchronization, remove transport iff transport exists (Addon Domains)
  • CHG: add -f|–file argument to acme issue (ACME)
  • CHG: during DB creation, populate overlay composition rather than shadow path to reduce chance of corrupted fs cache (SQL)]
  • CHG: install() – accept chain as third argument (Ssl)
  • CHG: create /var/spool/crond as necessary on v6.5 platforms (Crontab)
  • CHG: new CP layout, server.apisnetworks.com:2082 (Auth::Redirect)
  • CHG: delegate pgsql + mysql database creation to apnscp (SQL)
  • CHG: Luna (v6.5) migration changes: drop frontpage, recognize platform ver
  • CHG: API endpoint now :2082 (Util_API)
  • CHG: add storage amnesty option to Account > Summary (Summary)
  • CHG: disable proxy when downloading fs contents for the time being (File Manager)
  • CHG: style changes, adapt to variable width (Core CSS)
  • CHG: replace wiki links in File Manager > Properties action with KB articles (File Manager)
  • CHG: automatically expand ticket help section if subjectid/symbol/subject field populated in GET request (Trouble Tickets)
  • CHG: minor refactoring (Tabulate Bandwidth)
  • CHG: turn off host verification for servers older than v5 that do not support sha-256 certs (Auth_Redirect)
  • CHG: forwardNoProxy()- set No-Proxy header to force Location header to pass through to browser. Used with phpMyAdmin, phpPgAdmin, and webmail (Util_HTTP)
  • CHG: use X-Forwarded-Host if upstream host is trusted when determining HTTP_HOST value
  • CHG: deduplicate HTTP_HOST and HTTPS checks
  • CHG: lower intensity of missing analytics (Dashboard)
  • CHG: add Access-Control-Allow-Origin header to login (Login)
  • CHG: accept X-Forwarded-Ssl header to force https protocol (Page Container)
  • CHG: password reset request policy changed from single-use to time expiry (Login)
  • CHG: add create_user hook (Hooks)
  • CHG: create Spam maildir on user/account creation if maildir does not exist (obviates Ensim hooks) (Email)
  • CHG: optimize move(), copy(), delete() operations to operate exclusively on shadow on newer (v4.5+ platforms). This bypasses uid/permission checks for the account admin and confers root status. delete 1.84x faster, move 2.4x, and copy 16x (File)
  • CHG: use cgdelete to remove the cgroup instead of rmdir (Cgroup)
  • CHG: kill_terminals.sh- add /sbin to PATH
  • CHG: gethostbyname_t()- strip FQDN-qualifier (“.”) from end of hostname if provided to bring func to spec with PHP gethostbyname() (DNS)
  • CHG: only check for custom FTP jail if FTP configuration present for user to supress warning (Transfer)
  • CHG: disambiguate $auth param to set_user_parameters() (Module_Skeleton)
  • CHG: skip procfs mount/unmount on v6+ platforms. procfs is already integrated into the layer (Misc)
  • CHG: convert from old-style to new-style passwords on platform conversions if password present in client my.cnf (Transfer)
  • CHG: transfer user preferences during server migration (Transfer)
  • CHG: load_preferences and save_preferences are now wrapper functions to get_user_preferences and set_user_preferences, both require site privileges to call directly (Common)
  • CHG: enable openssl on the account only after populating certificate so that configuration may be properly rebuilt
  • CHG: add /apps/error generic error handler to template config to prevent error handling requests from also generating a secondary error (Template Config)
  • CHG: remove private smtp routing/dovecot config ips upon site deletion/edit
  • CHG: a domain is now blocking if the uid of the docroot matches the user being removed
  • CHG: hook-based system for account creation/edit/deletion
  • CHG: set ticket mail processor memory limit to 256 MB
  • CHG: add per-transaction notes to billing (Billing History)
  • CHG: allow installation of self-signed certificates (SSL)
  • CHG: only return certificate config present if host, key, and crt fields present (SSL)
  • CHG: add a 5-minute delay before announcing an IP address via arping (DNS)
  • CHG: include migration log in notification e-mails (Transfer)
  • CHG: trigger handle_error() with negative value to bypass error mask check (Error Reporter)
  • CHG: assign account group group ownership of cgroup container for cgroup assignment via shell without use of cgexec (Cgroup)
  • CHG: breakout edit/create/delete into separate Hooks utility (Util_Account_Hooks)
  • CHG: remove_virtual_transport()- superfluous attempt to purge remote MX records if MX records present during query (Email)
  • CHG: reload HTTP server on target server following completion of first stage migration (Transfer)
  • CHG: relax site_wipe() restriction
  • CHG: assert cgroup is accessible before pulling stats (Cgroup)
  • CHG: only release an IP address if previously allocated. Elicit a warning if not previously allocated (Transfer)
  • CHG: rename Insights to Analytics (Dashboard)
  • CHG: perform mysql_database_exists() check as privileged user (SQL)
  • CHG: set mb_detect_order iff PHP build supports function (File Manager)
  • CHG: use old dashboard for demo account (Dashboard)
  • CHG: verify API key provided is active in system before migration (Transfer)
  • CHG: include ftp jailing on migration (Transfer)
  • CHG: make wording less confusing (Migration Template)
  • CHG: skip myisamchk if no tables present in database (SQL)
  • CHG: SOAP nillable arguments are unconditionally passed to methods thereby preventing default parameter substitution. Add a transformation to remove those arguments that have been nilled prior to invocation (SOAP)
  • CHG: add option to set options as default for new user creation (Add User)
  • CHG: return initialized cgroup stats if cgroup controller not mounted (cgroup)
  • CHG: rollback blocking a disabled account from login (Auth)
  • CHG: add timezone support for platforms < 5 (Change Information)
  • REM: jquery.ui.css dependency (Terminal)
  • REM: cgroup debugging code (Cgroup)
  • REM: support for old-style MySQL 4 passwords on v6+ platforms (SQL)



Let’s Encrypt is here!

Let’s Encrypt support has been integrated into the control panel on Luna, a new platform launched last month. You may issue an SSL certificate for up to 50 hostnames[1] . These certificates are issued at no additional cost, other than the $2.50/month IP address base charge. Certificates automatically renew within 10 days of expiration and no further action is necessary other than initial issuance. Visit Web > SSL Certificates in the control panel to get started. Because there is no additional cost associated with Let’s Encrypt and no advantage, self-signed certificate issuance has been removed from the control panel.

Have fun!

Let's Encrypt support added to Luna

Let’s Encrypt support added to Luna

NOTE: this feature is only available on Luna at this time. It may trickle to Sol and possibly Helios platforms at a later date.

1: Specification is 100 common names, but the generator automatically permutes a www variation effectively halving the allowable limit

Comments (1)


Luna Launched, Open Beta

Luna, the next generation hosting platform, is here! Luna is now open for early testing. Open a ticket in the control panel for early access!

Luna incorporates multi-tenancy and virtualization enhancements introduced with Sol, and introduces further refinement in the HTTP stack. Initial page response times (time-to-first-byte/”TTFB”) have improved nearly 5x and page loads 1.4x over Sol, its predecessor. What’s more interesting in these figures is that Luna shares the same hardware as Sol. That means it’s influenced by I/O noise to the same extent as Sol, but still yields these improvements.

A number of changes occurred under the hood to achieve this. Many of which would not be possible if not for a confluence of innovation over the last year. A big thank you to everyone who contributed to this platform.


Rebased off RHEL 7.2
Redhat Enterprise Linux 7.2 was released at the end of the year, and all software is built with at least RHEL 7.2 in mind, including TCP optimizations used to reduce TTFB. Likewise, any packages pulled off npm or rubyforge will compile without incident.

Event MPM
In an ongoing struggle to reduce TTFB, Apache has switched to a threaded model to handle incoming requests. Worker MPM adapts to demand better by keeping those lingering TCP sockets on a separate thread and, allegedly, will keep a consistent response time irrespective of load.

HTTP2 Support
Yep, it’s here! You’ll need an IP address + SSL certificate to utilize. Once those two prerequisites are satisfied, it’s automatic if the browser supports it. HTTP2 provides a tremendous boost over traditional SSL (10-80% depending upon content). Akami has more nitty gritty details if you are interested.

Depending upon benchmark, it’s 50%-290% faster over PHP 5.6. Regardless of which benchmark you follow, it’s a marked improvement.

aufs is out for filesystem layering, OverlayFS in. OverlayFS provides the same composition behavior, but around 5-40% faster over aufs with less CPU usage that can be utilized elsewhere.

Let’s Encrypt support
This will be implemented in February, there’s a PHP-based ACME client to make this a reality.
UPDATE February 1: Let’s Encrypt launched on Luna!

Phusion Passenger 5 introduced a caching layer called Turbocache – imagine sticking Varnish in front of your Ruby/Node/Python requests. Some configuration is necessary. Oh and our platform-specific changes in Passenger are public now, enjoy! It adds cgroup and jailing support.

sudo expansion
Account owners may now cp and chown as root with restrictions!

Multi-tenant Node
Complementing support for multi-tenant Ruby and Python, nvm has been included to allow you to use whatever Node interpreter you’d like!

Multi-host Benchmark

And for kicks, we compared Luna against Sol, GoDaddy, Dreamhost, and A Small Orange, because a healthy competition always drives innovation. Here are our results:

WordPress Load Time + TTFB Comparison

WordPress Load Time + TTFB Comparison

Luna not only blitzed through Sol, but its competitors. Hats off to GoDaddy’s SSD-based hosting, which held its own. Luna still edged out that platform by 3%, whereas subsequent viewings were 12% faster – and at half the cost on a month-to-month plan. All tests were conducted through webpagetest.org from Dulles, VA using Internet Explorer 11. Each test was run 9 times and the mean used in calculating the statistic. A repeat request leverages keepalives by reusing open connections to send a request thereby eliminating some overhead. A repeat request accurately describes the time to download other assets like images, JavaScript, and CSS files.

Host Request (ms) Request Repeat (ms) TTFB (ms) TTFB Repeat (ms)
GoDaddy 993 279 168 123
A Small Orange 1264 577 392 391
Dreamhost* 2453 1152 849 455
Sol 1352 505 391 295
Luna 962 246 80 79
* Dreamhost benchmark ran twice because of extreme results

Comments (2)