Including the full administration panel and e-mail templates
Microservices architecture
Light-weight backend services written in Node.JS
Fully manageable via REST API
Feedback about asynchronous and long-running operations via raw HTTP queries
Infrastructure as Code: Easy orchestration based on Ansible playbooks
Segregation of environments (via Docker containers)
Automatic upgrade of components (third party as well) with zero downtime
Support for multiple hosts in the plant
Security by design
Principle of least privilege: Even requests between the microservices are authorized via a role-based model
A compromised node can not have any effect on any of the other hosts in the plant
Integrity and replay protected requests/responses
Administration panel
Single Page Application (AngularJS)
White-labeling support
The full admin functionality is covered - no need for any dirty
work over SSH (As there are actually really that much, there is even a
text based search for admin controls)
(Almost) everything is fine tunable and resource-consumption can be restricted
Miscellaneous
CPU governor: resource-heavy user-processes are detected immediately and reniced
Multiple PHP versions are supported on the same host
PHP scripts are executed as fastcgi scripts via the built-in process manager
Per webstore backup/restore feature with settings (docroot
settings, email accounts, certificates, etc.); can also be used to
transfer webstores between servers and/or customers; databases are being
exported/imported on-the-fly over the network via OS process pipes
E-mail notifications in case of webstores relocations
No propagation delays in case of most of the services, like FTP and
e-mail accounts can be created synchronously (in case of some other
services, like DNS and Docroot, operations are aggregated and executed
in no later than 60 seconds)
Integrated webshop
Integrated solution for selling webstores, domain names and certificates
This is a legacy module currently that is to be refactored
Pluggable modules for upstream providers (eg. for domain registration)
Pluggable modules for payment gateways (eg. for credit card, Paypal, Bitcoin transactions)
Pluggable modules for processing wired transaction of banking systems
Expiration notices
Proformas, invoicing
Webhosting service
Management of webstores
A webstore a is a logic unit for which the separation is enforced in the shared environment
Creating webstores based on the package template offered by Account API
All parameters of the package template can be tweaked on a per webstore basis
Collecting tally of raw files, mailboxes and databases, showing accumulated views
Warning e-mail notifications when limit is close
[planned] File system level hard quota
Each webstore has a dedicated OS-level user id being owner of files created
Hooks around the lifecylce of webstores when additional integration
is needed: init, unit, activate, deactivate, create and remove
Multiple backing file system storages
Web applications support
PHP 5.3 - 7.2 (e.g. Wordpress, Laravel, Joomla)
NodeJS (e.g. Express)
Python 3 (e.g. Flask, Django)
Download library dependencies (by npm/pip)
Running in low-privileged Docker containers
PHP
Multiple PHP versions on the same host; assigning the desired PHP version on the control panel
Generating PHP-FPM pool configuration, tweaking is supported
Events can be browsed/filtered/searched easily via the admin panel
Events that need special attention are escalated via Account API
GeoIP service
IP to country lookup microservice
Ultra light memory consumption
Automatical database update
Used by the Event service to lookup country info for events
Installatron service
A third party application installer solution
API for the guixfer operation (to acquire a token that exposes the backend service API and web frontend)
Docroot service
Responsible for managing Nginx and Apache configuration files
Nginx acts as a reverse-proxy; static content is served by it directly
Raw configuration of the backing webservers can be retrieved
Custom request timeout per virtual host
Custom config snippets can be configured for virtual hosts
Primary virtual host can be selected
Various maintenance operations via the admin panel, like rebuilding
the configuration files, manually building Awstats statistics,
rehashing the servers
Primary features
Subdirectory of the storage can be assigned to a hostname so the webservers will look for content there
Mapping multiple hostnames to the same directory are supported (even including wildcard specification)
Superusers can suspend a virtual host configuration, so that
end-users can't change it (this way it is possible to serve a different
site forcefully)
Displaying a custom site for expired webstores
HTTP-level redirection; when no query string is specified explicitly for the target, it is appended automatically
HTML-based redirection (frames)
Logging payload of POST requests (optional, controllable over the admin panel by superusers)
Password protection (http basic authentication) can be turned on for subdirectories
Per storage credential management for the protected subdirectories
X.509 certificate can be attached/detached to/from virtual hosts (uploaded via the Certificate service)
Awstats configuration is generated automatically
Awstats statistics are built according to the schedule
Statistics pages are not public; they are only accessible for storage owners
Transfer logs provided by nginx-vts are periodically saved into database
Virtual hosts can automatically be suspended/released based on contraints configured for bandwidth consumption
Git service
Integration with git based service providers
Tested against Github, Bitbucket and Gitlab
Pulls a remote repository
Support for selecting branches
SSH protocol supported, strict host checking
RSA public key is exposed
Support for Blue-green deployment: two distinct subdirectories are synced in a round-robin manner, upon successful pull the docroot is swapped
Changes to the remote origin are detected via webhooks
Relayer service
Authorization and routing logic layer
This component is present on each server of the cluster
Entry point of the REST API
Relays requests to the underlying microservices
Can distribute the same request to multiple microservices at once (for replication, used eg by Account API>)
Requests betweeen microservices are also routed and authrozized through this layer
Multi-server support; when needed it transparently proxies requests to Relayer services running on other hosts
Some operations that involve multiple microservices are implemented here (eg. removal of a webstore)
Since URLs are structured in a restful way, this layer is relaively thin
Time machine feature: capturing a current snapshot about the usage
of the different components (eg. MySQL and ProFTPd scoreboard is saved) -
which can be looked back later over the admin panel
Database management service
Management layer for database engines, databases and credentials
Abstraction providing pluggable module support for different DBMS systems; currently supported: MySQL
Support for multiple DBMS'es per instance, even with the same type
Account passwords are stored by the backing DBMS only via their official way
Real-time scoreboard
Managed phpMyAdmin application
[planned] Master-master or master-slave replication can be configured
Restore from regular backups or any custom file (backup archive is
piped to mysql native binary directly via the same manner as described
in Fileman API)
Old backups are removed automatically (configurable)
MySQL slow logs are processed real-time
Disk usage statistics
Disk space sort quota support
Warning e-mail notification when tally is close to the limit
Revoking grants for write operation when quota is exceeded
Account service
Service for managing customer accounts
(Optionally) replicated to achieve HA
TGZ based export/import for backup purposes
Relayer enforces authorization logic based on info retrieved from this service
Main features
Open account registration (configurable)
During registration offering phone callback (configurable, turned off by default)
Passwords hashes are generated via the bcrypt algorithm
Support for Google Recaptcha - Simple built-in captcha for fallback
Managing e-mail accounts along with their category (tech, promo, billing, etc.)
Ownership over the provided e-mail addresses are validated
Telephone numbers
Ownership verification of the provided telephone numbers via SMS
Sending SMS messages for escalation (configurable)
Login log
Login log events (forwarded by Event API nodes) are acculuated here
Login log is exposed to the customers (filtered to their account)
E-mail notification about successful/unsuccessful login events (configurable)
Unsuccessful login events are cleaned up after a certain amount of time (configurable)
Authentication
Credential based authentication (end-users via web user interface)
Token based authentication (called by the Relayer service for requests of the API consumers)
Derived token mode: different hosts of the plant need a different
token, so a compromised server can't send any requests on behalf of the
user to any of the other hosts
Account supervisor feature allowing external account to switch and manage the subject one
Account switching feature for superuser (generating new token)
Authorization related data
Domains that the account has permission to manage for
Webstores that the account has permission to manage for
Additional credentials for the same account, limited to some sub-roles (eg. DNS admin only)
Info needed for the multi-server architecture
Info about the servers of the plant (what roles/components they have installed on...)
Webhosting package templates (20+ options)
SMS messages
Layer with pluggable modules to send SMS messages
A configurable way to send e-mail and/or SMS messages for events
that need escalation (events worth for escalation are submitted by Event API>)
Certificate service
Managing X.509 certificates
Uploading certificates along with their private key and intermediate elements of the CA chain
The private key and certificate are verified whether they belong together
The uploaded certificate can then be assigned to a virtual hosts via Docroot API. The webserver accepts connections over HTTPS and serves the correct certificate as requested via the TLS SNI extension
Private key, certificate and CSR parsing via the API
An alias name can be assigned to certificates (which is useful for other system softwares, like Dovecot)
Managing contact object to ease the activation process
Full certificate lifecycle management
New certificates can be acquired via the API
Abstraction provides pluggable support for different Certificate Authorities
The full lifecycle is covered: activation, reissuing, renewal and revocation
Notification e-mails are sent out when the certificate is enrolled or is close to expire
Currently supported providers: Let's Encrypt and Comodo
Certificates enrolled by Let's Encrypt are imported seamlessly and attached to the selected virtual host
Let's Encrypt certificates are automatically renewed
Complete automation for the Comodo DC validated certificate
enrollment process (including CSR generation and activation) as well;
activation is done using the HTTP method
Supported DC validation methods are exposed via the API: email, HTTP and DNS CNAME records
Wildcard certificates are also supported
Email service
Management of the e-mail system
Based on Postfix, Dovecot, Amavis, SpamAssassin, Clamav, Cluebringer and RoundCube
Generic
Domains can be assigned to be part of the e-mail system or not
E-mail accounts and aliases can be created/tweaked/deleted via the API
Passwords hashes are stored as generated by the SSHA256 algorithm
Quota restriction can be assigned to the disk usage of mailboxes
Policy can be assigned to mailboxes to enforce a quota on the
number of outgoing e-mails (rolling window, per hour and/or per day)
Real-time tally information (complete disk usage and number of messages in the mailbox)
Regular automatic cleanup of old messages
Spam emails below a certain score are still delivered, but directly
into the Junk folder (serving as a soft quarantine, customers can
review it easily)
Junk messages are quarantined (can be checked and released by superuser)
Support for e-mail aliases (aka. distribution lists)
Support for auto BCC (eg. a blind carbon copy for outgoing e-mails)
Summary view about all the e-mail accounts/aliases/bccs that are hosted on the same webstore
Route e-mails sent by the mail command in containers of dynamic
applications running on the webstores through the SMTP server so
outgoing limits could be applied
Parsing of mail logs for Postfix and Dovecot specific events;
feeding login logs, using email login as a second factor authentication
for whitelisting IP address for host ssh login
Built-in e-mail setup guide for multiple popular e-mail client
softwares (showing the relevant username/hostname also in the
screenshots)
Suspending accounts at domain and/or email account level
Postfix related features
Listens on SMTP (25) and SMTPS (465)
Outgoing messages are accepted for delivery after SASL authentication (mailbox e-mail address and password are needed)
Mailq is parsed and exposed for superusers, various cleanup
features (eg. regular auto-remove of messages with a certain
sender/recipient)
Dovecot related features
Listens on POP3 (110), POP3S (993), IMAP4 (143), IMAP4S (995) and ManageSieve (4190)
Agent responsible for delivering local messages (LDA)
Mailbox quotas are enforced here
Sieve engine for rule based, server-side e-mail processing filters
A local SMTP server to filter messages sent by Sieve
Regular cleanup of old messages residing in the Junk mailboxes
Amavis related features
PenPal feature (lower score for e-mails where the sender was in touch with the recipient earlier)
SpamAssassin integration with Bayes filter (convenient way to teach the filter with spam/ham messages via the webmail)
Clamav integration for virus scanning
Regular cleanup of old database entries
Cluebringer related features
Domain-level greylisting (for better protection against spam messages)
Per mailbox policy to apply limit on outgoing e-mails
Current counters and accounted history are displayed via the admin panel
RoundCube related features
Managed RoundCube webmail instance
Changing email account password
Sieve rules for server side pre-processing of messages (eg. forward a copy, send an out-of-office response)
Training Spamassassin by moving messages into/out from the Junk mailbox
Whitelists and blacklists
Mailbox specific settings
These features don't need access to the service level
administration panel, only the email address and the corresponding
password
Built-in into the Webmail interface, but also available directly here
Changing mailbox password
Cleanup of old messages
Whitelist/blacklist based on sender e-mail address
Training Spamassassin by pasting e-mail source code into a textbox
File manager service
File manager controlled via REST API
Status of asynchronous operations and progress messages can be retrieved via a secondary raw HTTP request
HTTP request/response payload are piped to/from the underlying native process
Copy files between webstores (even when they are on two different hosts or belong to different customers)
[planned] Temporary SSH shells
Supported operations
Directory listing
Switching read-only mode (chattr +i)
File upload (pure file or tar, tgz and zip with on-the-fly extraction)
File download (pure download or multiple files via on-the-fly tgz compression)
File removal (multiple files and recursive modes are also supported)
Find command (limited wrapper around the system command)
Directory creation
Relocating files
Built-in browser based file editor (based on ACE)
Secure
Each operation takes place chrooted to a read-only minimal Debian installation
The only writeable mount is the root of the webstore directory itself
Priveleges (and capabilities) dropped; executing as the target webstore
Directory traversal is impossible/meaningless by design
Example file upload and decompress at once operation
REST API call to /api/s/[servername]/fileman/[webstrore_ide]/untgz with JSON payload of where the archive should be extrcated to
A new, secure tar xzvf - process is executed (see above)
The tar.gz file is being uploaded via secondary HTTP channel as raw data
For better user experience, an additional raw HTTP channel is opened for status updates
The upload binary is piped into the tar process
The stdout/stderr of the tar process are piped to the response stream of the status HTTP channel
No temporary storage is used
The user receives a real-time feedback about extraction process:
file upload progress meter based on FileReader API and the files that
are currently being extracted through the status channel