One-clicks are back

Effective immediately, one-clicks are gradually making their return to the control panel after an 8 year hiatus, but in a limited release on version 4.5+ platforms. Specifically, one-clicks are coming for WordPress, Drupal, Magento, and some basic Node/Ruby/Python scaffolding. Webapps may be managed within the control panel under Web > Web Apps or preloaded on subdomain/addon domain creation under the Advanced options dropdown.

Application install via Web > Add Subdomains
Application install via Web > Add Subdomains
Simple updates within the CP
Simple updates within the CP

Why now?

Simply noted, the control panel is now mature enough and provides enough internal functionality to support one-clicks in a coherent, optimized flow without nasty hacks. These one-clicks are also drastically different from what was once provided in the CP. These rely upon programs developed by the authors of the software to provide functionality. For WordPress there’s wp-cli, Drupal is drush, npm for Node, and gem for Ruby. No, this isn’t reinventing the wheel. It’s taking a perfectly fine wheel and putting it on a vehicle. This is how we are able to bring one-clicks back to the CP in limited capacity.

What about other apps?

These won’t be supported within the control panel until sufficient trust is established.

There is a lot to say about code quality. Why does an app crash? Bad coding. Why does an app have a security flaw? Oversight, bad coding. Why does an app become abandoned? Lack of dedication by the author, and your output is a product of your inputs, so let’s safely assume there is some bad coding involved in that decision making process. There are thousands of PHP applications out there. There are hundreds of Node and Ruby apps out there too, but they all lack a sufficient level of competency to safely and securely run. Having handled a couple dozen PHP7-specific adaptations for clients migrating to Luna, which uses PHP7 by default, I can say confidently that beauty runs skin deep. Often times, apps with less money behind them simply fail to attract necessary talent to produce software that works today and will continue to work tomorrow. Yes, some apps do some really stupid things, like use continue/break outside of loop structures (SimpleMachinesForum comes to mind as a repeat offender). PHP7 has clamped down on these mind-boggling incorrect uses of programming syntax.

Security is paramount, especially in an era where virtualization has enabled thousands more machines access to the Internet. These machines are often manned by unqualified personnel that remain neglected for so long only to succumb to third-party control through an exploit. Your hosting servers routinely block over 2,000 brute-force attacks per day. These blocks are based on egregious patterns (5+ logins within 3 minutes), but hundreds more fly under the radar trying only a handful of logins ever hour. Consequently, clients with weak passwords eventually fall victim to these drive-by hackings. It’s unfortunate. Clients are charged a service fee for cleanups. My time is often diverted, as an emergency, to clean up residual damage to ensure other clients conduct business uninterrupted. Moving forward, I want to continue to focus on building a secure platform. One-clicks help realize this vision through a few awesome components:

Fortification mode

Fortification mode is, by far, the most unique component to web apps deployed within the CP. Fortification bestows a secondary level of permissions through access control lists that permit mutual access by the web server, which runs as a separate user from your account. Before, this was accessible only by opening a ticket. Fortification allows the web server to write and modify files only to which it receives explicit authorization. In the event of a hack, a hacker can only modify files to which the web server has access. Beneficially, if a web site were hacked, the hacker is unable to access your email, SSH keys, and other confidential information. Fortification strikes a perfect balance between ease-of-use and security. Just toggle fortification via Web > Web Apps within the control panel. With fortification on, the web server cannot modify any files on your account. Comments and posts continue to post as normal. With fortification off, you may upload media to posts. Although, you’ll still need your control panel password to install new plugins!

Fortification mode enabled vs disabled on a WordPress install
Fortification mode enabled vs disabled on a WordPress install. Write permisisons enabled/revoked on /wp-content/uploads.

Recovery mode

Circling back to a previous topic, crappy programmers beget crappy code. Recovery mode allows you to disable all third-party plugins and access a plain jane installation. Ideally, this will allow you to iteratively enable each plugin until you can safely determine which third-party programmer shouldn’t be a programmer.

Automatic updates

Coming soon. All one-clicks are enrolled into automatic updates to protect clients from zero-day exploits. These updates will roll out every night at 3 AM EDT during nightly CP updates. Tentatively, this will also extend to Ruby and Node.

Dual-user security

PHP apps run as a secondary user for myriad reasons. The most important reason is auditing; if an account gets hacked, we need to know what may be infected, what is infected, and what’s not. If the web server lacks write-privileges, then it is safe to say no. If the web server created the file within 24 hours of the incident, it’s safe to say yes. And if the web server had mutual write-access, then these require further auditing. Most hosting providers run PHP under your username, which is ludicrous, stupid, and irresponsible. It’s also the reason why major hosting providers bundle SiteLock service (which runs $100/mo plus a cleanup cost per infraction) service, their parent company owns UnitedWeb/IPOWER who in turn owns SiteLock, oh and their stock is (or was) doing very well! I base profit on providing a service, not holding clients who get hacked ransom. A $15 cleanup fee is charged to cover the 10 minutes it takes to do a quick audit and that’s it. We also scan uploads for malware, because once again we are in business to do good, not hold your account hostage due to negligence. In fact, the crux of this release is to make it impossible for you to be a victim. An online presence today is just as important, if not more important, than your physical presence; look at the power Yelp has to create or destroy businesses. Having a prospective client pull up a placeholder to the Syrian Electronic Army is a pretty damning display of incompetence. Look at the Panama Papers hack: outdated WordPress + single-user security. Let’s stop hacked sites. Let’s start by progressively providing secure platforms from the start.

Plugin stacks

WordPress comes with a couple stacks handpicked by my confidence to provide an uninterrupted and uneventful use of service. The security stack includes WordFence, renown for their investigative eye; XML pingback disabling; and comment disabling. The performance stack includes W3 Total Cache, which is used aggressively on the Knowledge Base and periodic database optimizations through WP Optimize. You can install both, either, or none depending upon what works best for your setup.

App enrollment

Got an existing WordPress app and want to enroll it into the new system? Easy as clicking Detect from within Web > Web Apps > Hostname selection. Got WordPress installed within a folder on your domain name? Click the dropdown menu and select Edit Subdir. Select your location from the filetree.

Detection mode
Detection mode

 

What’s next?

Drupal support through Drush is coming next (May 14 edit: Drupal is here), followed by Magento, which will include Let’s Encrypt support. We should see that sometime within the next week or so, followed by a lull as Passenger process management is planned for integration. Beyond this, I am always open to suggestions. Drop me an email at matt@apisnetworks.com with any idea whether big or small. After all, this control panel and platform wouldn’t exist without your voice!

 

Matt Saladna
Owner & Platform Developer

Updates

May 14, 2016: Drupal is now available
May 18, 2016: Magento 1.x is now available

New CP Launched

apnscp was launched in 2007 as part of our data center migration from Texas to Georgia. Technology has continued to evolve, as well as the devices from which we engage technology. I am elated to announce a new CP interface designed to look great on any device, whether it be desktop, laptop, tablet, or phone.

CP Login Interface
Hello new CP!

apnscp is now based off Bootstrap 4, which is still very much a work-in-process, but still achieves a very high consistency across browsers. Basing scaffolding off v4 allows better future-proofing than v3 or even *scoff* v2, which has been deprecated since 2013. Further, Bootstrap provides several utilities that afford better presentation of data, namely button-group dropdowns and a collapsible interface, which moving forward, will offer a better opportunity to present data in a rich and intuitive way.

Secondly, if you read this from the cp…

Open a ticket to request a server migration. You’re on a very old platform that dates back to 2007. The newer platforms have an integrated dashboard with process management + Google Analytics, updated software, and will continue to stick around for at least the next 2-4 years. These older servers will be gradually decommissioned over 2016/2017, so you can migrate either at your leisure (which is painless + automated with zero data loss) or be forced to migrate when the time comes. Open a ticket in the CP now to request a migration to one of the newer platforms.

Besides, who can say no to such a beautiful dashboard?

New dashboard is a beauty!
New dashboard is a beauty!

Changelog

This is an accumulated log from the last major release on June 10:

  • NEW: empty_mysql_database() – retain schema structure, but purge all records in db (SQL)
  • NEW: export databases (MySQL Manager)
  • NEW: EOL selector on file edit (File Manager)
  • NEW: Let’s Encrypt multi-domain (SAN) support (SSL)
  • NEW: CP frontend scaffolding built on Bootstrap v4, responsive design compatible with all device sizes
  • NEW: various component redesigns (postback, help, menu, etc)
  • NEW: wield Zeus-like power, see and kill processes from the dashboard (Dashboard)
  • NEW: Let’s Encrypt for v6 platforms
  • NEW: export zone data via Toolbox (DNS Manager)
  • NEW: Let’s Encrypt support for v6.5+ platforms (SSL Manager)
  • NEW: Let’s Encrypt module (letsencrypt)
  • NEW: download files on clipboard or entire directory (File Manager)
  • NEW: set process priority (Util_Process)
  • NEW: storage amnesty – increase storage by 50% for 24 hours
  • NEW: add_pgsql_extension() – add a permitted PostgreSQL extension on a database. Currently supports hstore and pg_trgm (SQL)
  • NEW: set_acls() – ACL driver for file manager (File)
  • NEW: reap abandoned shellinabox instances (SSH)
  • NEW: shellinabox reaper
  • FIX: broken mailbox editor
  • FIX: escape chroot argument (Util_Process::Chroot)
  • FIX: hostname param missing on user edit when remote hosts not displayed (MySQL Manager)
  • FIX: login option alignment on smaller screens
  • FIX: row improperly cleared (Summary)
  • FIX: support TXT records > 255 characters (DNS)
  • FIX: destination not set on edit (Manage Mailboxes)
  • FIX: install()- SSLCertificateChainFile is not set when replacing a certificate if custom HTTP config present from previous SSL install (SSL)
  • FIX: build CSS assets under subdirectories
  • FIX: get_processes() – Fatal error: Cannot access self:: when no class scope is active on PHP 5.3 (Pman)
  • FIX: add_user()- error if no username specified (User)
  • FIX: certificate chain excluded from backup (SSL)
  • FIX: count() called on incompatible objects during backtrace enumeration, assume if object count is 1 otherwise use count() (Error Reporter)
  • FIX: check if parent zone config present rather than DNS record when adding zone configuration (DNS)
  • FIX: bitrot, undefined reference “event” in Analytics halts load in Firefox (Dashboard)
  • FIX: verify_password() check for proper module initialization through site prop rather than domain which is deprecated (Auth)
  • FIX: lack of strict type checking allows domains that begin with numerics whose matching numeric span has an account with a matching site id present on the same server to inherit that erroneous site id rather than the account site id (Auth)
  • FIX: _edit() hook references old config, which is never populated on account creation, just new and cur, which are equivalent (Crontab)
  • FIX: show archived tickets implicitly shows all ticketswhen toggled off (Trouble Tickets)
  • FIX: populate “user” index if cpu cgroup missing (Cgroup)
  • FIX: allow custom port in constructor (Util_API)
  • FIX: recursively create parent directories as needed in the jail target (FTP)
  • FIX: missing inactive account warning modal in new dash (Dashboard)
  • FIX: permit multiple keys in data directory (ACME client)
  • FIX: sync user preferences (Transfer)
  • FIX: potential deadlock – restore default signal handler after fork completes (Util_Process::Fork)
  • FIX: ignore stale mountpoints in setquota too (user)
  • FIX: ignore stale mountpoints in user quota reporting too (User)
  • FIX: get_account_quota()- stale mountpoints emit warning in quota cmd (Site)
  • FIX: forked processes may result in zombies (Util_Process::Fork)
  • FIX: variadic args unparseable (Util_Process::Fork)
  • FIX: deferred run still runs application (Util_Process)
  • FIX: $tooltip invoked before initialization (jTip)
  • FIX: discard record if site_id missing, resolve error reporter spamming (Tabulate Bandwidth)
  • FIX: infinite redirect loop when deleted account accessed from any server other than former residence (Auth_Redirect)
  • FIX: disable ajax indicator on pending analytics login (Dashboard)
  • FIX: create_pgsql_database()- flip OWNER/TEMPLATE order in CREATE DATABASE clause (SQL)
  • FIX: remove_transport()- dropping an email transport always removes MX records due to bug. DNS lookup to compare if third-party fails because MX parameter lookup includes FQDN-qualifier (“.”) that is gibberish when sending a low-level DNS lookup via gethostbyname_t(). This bug affected dropping email from Mail Routing, which always took the MX along with it. (DNS)
  • FIX: ensure set_user_preferences() is called with elevated permissions
  • FIX: incorrect path traversal in housekeeping routine (Ssh)
  • FIX: when creating a mysql user patterned after prefix(prefixuser), don’t add another prefix to the username (SQL)
  • FIX: hooks, if invoked from backend, do not properly initialize instance variables (Hooks)
  • FIX: migration log not attached to initial ticket (Transfer)
  • FIX: handle JS error reports without loading all assets (Error)
  • FIX: compile() – named arguments to format string incorrectly interpreted when duplicate parameters specified in format string (Regex)
  • FIX: compile() – multiple unnamed arguments to format string incorrectly counted (Regex)
  • FIX: invalid string offset when single argument fed to compile() (Regex)
  • FIX: locality/state parameter swapped (SSL)
  • FIX: self-signed certificate incorrectly calculates from wrong purpose (timestampsign), should be sslclient (SSL)
  • FIX: add pattern recognition for Dovecot bandwidth usage on v6+ platforms
  • FIX: only fetch a context backtrace if a context is provided with an exception (Error Reporter)
  • FIX: user, once jailed, cannot be unjailed (FTP)
  • FIX: “or” is non-commutative in assignment, causes a domain, reattached to an account, to fail if previously attached to a separate user account (Aliases)
  • FIX: disabling a bool option in list config fails to update (Majordomo)
  • FIX: phpMyAdmin 4.4 compatibility (phpMyAdmin)
  • FIX: custom HTTP configuration fails to migrate (Transfer)
  • FIX: IfModule, not IfDefine clause (cgroup)
  • FIX: add_virtual_transport() queries, incorrectly, published nameserver records to determine whether to add local DNS records to satisfy a MX record. Change this to verify local records and make changes locally if the record does not already exist (Email)
  • FIX: logic error, dump before preflight myisamchk (Transfer)
  • FIX: rename crond spool on user rename (Crontab)
  • FIX: missing subdomain when checking for existence of subdomain before removing during account sync (Transfer)
  • FIX: /etc/httpd/conf ignored in transfer (Transfer)
  • FIX: remove site_id in restrictor clause. Server migrations do not guarantee the same site_id value. Consequently, these tickets are obstructed (CRM)
  • FIX: erroneous IP address substitution in TXT records (Transfer)
  • CHG: unoptimized codepath if calling stat() from UI (File)
  • CHG: remove .php exposure on soap endpoint (Net_WSDL)
  • CHG: display amnesty request if storage within 98.5% capacity, instead of 99.5% (Dashboard)
  • CHG: modify_mailbox() make parameter list less cumbersome, drop catchall ability entirely (Email)
  • CHG: cache payments for only 24 hours (Billing)
  • CHG: send HUP, not USR2 to flush Dovecot auth cache on user creation (User)
  • CHG: move auth flush from user to user creation hook in email module
  • CHG: record_exists() drop timeout from 5 to 1 second (DNS)
  • CHG: expand upload block if previous action is upload (File Manager)
  • CHG: copy()- use non-shadow path on copy for overlayfs-backed platforms, which have issues invalidating the page cache on direct branc manipulation without performing a costly remount (File)
  • CHG: convert backup routines to Util_Process (backup DBs)
  • CHG: install()- ensure http config is rebuilt (SSL)
  • CHG: make postcss available on v6.5+ platforms
  • CHG: use postcss for CSS minification
  • CHG: switch JS build from YUI to UglifyJS
  • CHG: upgrade TinyMCE to 4.3.2
  • CHG: add PEAR5.php compatibility library for Util_HTML_BBCode
  • CHG: split_host()- include hostname that failed splitting (Web)
  • CHG: general JS fixups (DNS Manager)
  • CHG: jail_user()- use the referent if jailed path is a symlink (FTP)
  • CHG: kill SIGUSR2 dovecot/auth on v6.5+ platforms to flush dovecot auth cache (User)
  • CHG: minor analytics appearance tweaks
  • CHG: move open ticket position for admin (Trouble Tickets)
  • CHG: Dovecot on 6.5+ platforms use systemd, which lacks non-LSB commands. Instead of dovecot flush/reload send SIGUSR2 directly to auth process to flush cache on user addition (User)
  • CHG: delete_user()- remove user-specific subdomain during user deletion if only subdomain present (User)
  • CHG: include server name in X-Server header
  • CHG: reduce IP ARP announcement from 5 to 2 minutes on assignment (DNS)
  • CHG: modify_mailbox()- default to /home/NEWUSER/Mail if no inbox format specified (Email)
  • CHG: request()- verify hostname matches hosting IP address before requesting certificate. LE challenge will hangup a request if the IP matches elsewhere and potentially terminated elsewhere, e.g. behind CloudFlare (Letsencrypt)
  • CHG: signal()- ctype_digit() workaround, integer fails ctype_digit() test if constant, e.g. SIGKILL, specified (Pman)
  • CHG: map_domain()- clear stat cache before testing whether to create domain symlink (Aliases)
  • CHG: purge() – flush overlayfs cache on v6.5 platforms. Necessary when operating directly on the shadow layer (File)
  • CHG: expand Let’s Encrypt support to Helios (v5) platforms
  • CHG: request()- domain_hosted() queries domain lookup database, which upon new account creation, may not have the requisite account information populated, use domain_exists() instead (Letsencrypt)
  • CHG: add service_template_path(svc)
  • CHG: initialize module as backend service during _housekeeping() (lservicelib)
  • CHG: create parent directories if not exist during certificate install (SSL)
  • CHG: break parts of letsencrypt module into a separate support class, auto-renew pending full implementation (Letsencrypt)
  • CHG: refactor gethostbyaddr_t() and gethostbyname_t() into a separate utility class (DNS)
  • CHG: stop instantiating a dns module to perform gethostbyname lookup on auth redirect. Instantiation on unautheticated user leaves module attributes unset patterning to potential privilege escalation. Instead of making an exemption, disallow and organize code better (Auth::Redirect)
  • CHG: prevent unnecessary exception handling in dependent DNS lookup methods. Move exception thrown from unhosted zone from private method _get_zone_information_raw() to exposed method
  • CHG: move shellinabox supplementary Service class, couple with ssh module
  • CHG: be more compliant with logrotate, ensure config is owned by root (Logs)
  • CHG: drop cp. notation from ticket meta data (Crm)
  • CHG: automatically detect + convert shell scripts to Unix EOL (File Manager)
  • CHG: flush overlayfs after migration on v6.5+ platforms (Transfer)
  • CHG: verify server is resolvable before applying redirect (Auth::Redirect)
  • CHG: colorify RR types (DNS Manager)
  • CHG: remove site_id restriction from tickets; allow cross-server migration tickets to carryover at the expense of allowing tickets to share across multiple accounts that share the same invoice (old system of multi-hosting) (CRM)
  • CHG: cache load_preferences() (Common)
  • CHG: staple vendor paths into autoload (apnscpFunctionInterceptor)
  • CHG: remap old to new package names (Billing)
  • CHG: new Manage Mailboxes format
  • CHG: populate httpd-conf/.ssl if directory does not exist (Ssl)
  • CHG: during synchronization, remove transport iff transport exists (Addon Domains)
  • CHG: add -f|–file argument to acme issue (ACME)
  • CHG: during DB creation, populate overlay composition rather than shadow path to reduce chance of corrupted fs cache (SQL)]
  • CHG: install() – accept chain as third argument (Ssl)
  • CHG: create /var/spool/crond as necessary on v6.5 platforms (Crontab)
  • CHG: new CP layout, server.apisnetworks.com:2082 (Auth::Redirect)
  • CHG: delegate pgsql + mysql database creation to apnscp (SQL)
  • CHG: Luna (v6.5) migration changes: drop frontpage, recognize platform ver
  • CHG: API endpoint now :2082 (Util_API)
  • CHG: add storage amnesty option to Account > Summary (Summary)
  • CHG: disable proxy when downloading fs contents for the time being (File Manager)
  • CHG: style changes, adapt to variable width (Core CSS)
  • CHG: replace wiki links in File Manager > Properties action with KB articles (File Manager)
  • CHG: automatically expand ticket help section if subjectid/symbol/subject field populated in GET request (Trouble Tickets)
  • CHG: minor refactoring (Tabulate Bandwidth)
  • CHG: turn off host verification for servers older than v5 that do not support sha-256 certs (Auth_Redirect)
  • CHG: forwardNoProxy()- set No-Proxy header to force Location header to pass through to browser. Used with phpMyAdmin, phpPgAdmin, and webmail (Util_HTTP)
  • CHG: use X-Forwarded-Host if upstream host is trusted when determining HTTP_HOST value
  • CHG: deduplicate HTTP_HOST and HTTPS checks
  • CHG: lower intensity of missing analytics (Dashboard)
  • CHG: add Access-Control-Allow-Origin header to login (Login)
  • CHG: accept X-Forwarded-Ssl header to force https protocol (Page Container)
  • CHG: password reset request policy changed from single-use to time expiry (Login)
  • CHG: add create_user hook (Hooks)
  • CHG: create Spam maildir on user/account creation if maildir does not exist (obviates Ensim hooks) (Email)
  • CHG: optimize move(), copy(), delete() operations to operate exclusively on shadow on newer (v4.5+ platforms). This bypasses uid/permission checks for the account admin and confers root status. delete 1.84x faster, move 2.4x, and copy 16x (File)
  • CHG: use cgdelete to remove the cgroup instead of rmdir (Cgroup)
  • CHG: kill_terminals.sh- add /sbin to PATH
  • CHG: gethostbyname_t()- strip FQDN-qualifier (“.”) from end of hostname if provided to bring func to spec with PHP gethostbyname() (DNS)
  • CHG: only check for custom FTP jail if FTP configuration present for user to supress warning (Transfer)
  • CHG: disambiguate $auth param to set_user_parameters() (Module_Skeleton)
  • CHG: skip procfs mount/unmount on v6+ platforms. procfs is already integrated into the layer (Misc)
  • CHG: convert from old-style to new-style passwords on platform conversions if password present in client my.cnf (Transfer)
  • CHG: transfer user preferences during server migration (Transfer)
  • CHG: load_preferences and save_preferences are now wrapper functions to get_user_preferences and set_user_preferences, both require site privileges to call directly (Common)
  • CHG: enable openssl on the account only after populating certificate so that configuration may be properly rebuilt
  • CHG: add /apps/error generic error handler to template config to prevent error handling requests from also generating a secondary error (Template Config)
  • CHG: remove private smtp routing/dovecot config ips upon site deletion/edit
  • CHG: a domain is now blocking if the uid of the docroot matches the user being removed
  • CHG: hook-based system for account creation/edit/deletion
  • CHG: set ticket mail processor memory limit to 256 MB
  • CHG: add per-transaction notes to billing (Billing History)
  • CHG: allow installation of self-signed certificates (SSL)
  • CHG: only return certificate config present if host, key, and crt fields present (SSL)
  • CHG: add a 5-minute delay before announcing an IP address via arping (DNS)
  • CHG: include migration log in notification e-mails (Transfer)
  • CHG: trigger handle_error() with negative value to bypass error mask check (Error Reporter)
  • CHG: assign account group group ownership of cgroup container for cgroup assignment via shell without use of cgexec (Cgroup)
  • CHG: breakout edit/create/delete into separate Hooks utility (Util_Account_Hooks)
  • CHG: remove_virtual_transport()- superfluous attempt to purge remote MX records if MX records present during query (Email)
  • CHG: reload HTTP server on target server following completion of first stage migration (Transfer)
  • CHG: relax site_wipe() restriction
  • CHG: assert cgroup is accessible before pulling stats (Cgroup)
  • CHG: only release an IP address if previously allocated. Elicit a warning if not previously allocated (Transfer)
  • CHG: rename Insights to Analytics (Dashboard)
  • CHG: perform mysql_database_exists() check as privileged user (SQL)
  • CHG: set mb_detect_order iff PHP build supports function (File Manager)
  • CHG: use old dashboard for demo account (Dashboard)
  • CHG: verify API key provided is active in system before migration (Transfer)
  • CHG: include ftp jailing on migration (Transfer)
  • CHG: make wording less confusing (Migration Template)
  • CHG: skip myisamchk if no tables present in database (SQL)
  • CHG: SOAP nillable arguments are unconditionally passed to methods thereby preventing default parameter substitution. Add a transformation to remove those arguments that have been nilled prior to invocation (SOAP)
  • CHG: add option to set options as default for new user creation (Add User)
  • CHG: return initialized cgroup stats if cgroup controller not mounted (cgroup)
  • CHG: rollback blocking a disabled account from login (Auth)
  • CHG: add timezone support for platforms < 5 (Change Information)
  • REM: jquery.ui.css dependency (Terminal)
  • REM: cgroup debugging code (Cgroup)
  • REM: support for old-style MySQL 4 passwords on v6+ platforms (SQL)

Let’s Encrypt is here!

Let’s Encrypt support has been integrated into the control panel on Luna, a new platform launched last month. You may issue an SSL certificate for up to 50 hostnames[1] . These certificates are issued at no additional cost, other than the $2.50/month IP address base charge. Certificates automatically renew within 10 days of expiration and no further action is necessary other than initial issuance. Visit Web > SSL Certificates in the control panel to get started. Because there is no additional cost associated with Let’s Encrypt and no advantage, self-signed certificate issuance has been removed from the control panel.

Have fun!

Let's Encrypt support added to Luna
Let’s Encrypt support added to Luna

NOTE: this feature is only available on Luna at this time. It may trickle to Sol and possibly Helios platforms at a later date.

1: Specification is 100 common names, but the generator automatically permutes a www variation effectively halving the allowable limit