General features

A complete webhosting solution - for service providers or users with many sites

Dynamic programming languages support (currently: PHP, Python)

File management via FTP, SFTP and web based file manager

E-mail management (accounts, aliases, virus/spam filtering and more)

Database management

Domain administration along with document root settings and DNS record management

TLS certificates (with Let's Encrypt and Comodo)

Version control integration (Git based services providers like Github.com and Bitbucker.com are supported)

Integrated application installer (Installatron)

Multi-language support

Current translations: English, Hungarian

Including the full administration panel and e-mail templates

Microservices architecture

Light-weight backend services written in Node.JS

Fully manageable via REST API

Feedback about asynchronous and long-running operations via raw HTTP queries

Infrastructure as Code: Easy orchestration based on Ansible playbooks

Segregation of environments (via Docker containers)

Automatic upgrade of components (third party as well) with zero downtime

Support for multiple hosts in the plant

Security by design

Principle of least privilege: Even requests between the microservices are authorized via a role-based model

A compromised node can not have any effect on any of the other hosts in the plant

Integrity and replay protected requests/responses

Administration panel

Single Page Application (AngularJS)

White-labeling support

The full admin functionality is covered - no need for any dirty work over SSH (As there are actually really that much, there is even a text based search for admin controls)

(Almost) everything is fine tunable and resource-consumption can be restricted

Miscellaneous

CPU governor: resource-heavy user-processes are detected immediately and reniced

Multiple PHP versions are supported on the same host

PHP scripts are executed as fastcgi scripts via the built-in process manager

Per webstore backup/restore feature with settings (docroot settings, email accounts, certificates, etc.); can also be used to transfer webstores between servers and/or customers; databases are being exported/imported on-the-fly over the network via OS process pipes

E-mail notifications in case of webstores relocations

No propagation delays in case of most of the services, like FTP and e-mail accounts can be created synchronously (in case of some other services, like DNS and Docroot, operations are aggregated and executed in no later than 60 seconds)

Integrated webshop

Integrated solution for selling webstores, domain names and certificates

This is a legacy module currently that is to be refactored

Pluggable modules for upstream providers (eg. for domain registration)

Pluggable modules for payment gateways (eg. for credit card, Paypal, Bitcoin transactions)

Pluggable modules for processing wired transaction of banking systems

Expiration notices

Proformas, invoicing

Webhosting service

Management of webstores

A webstore a is a logic unit for which the separation is enforced in the shared environment

Creating webstores based on the package template offered by Account API

All parameters of the package template can be tweaked on a per webstore basis

Collecting tally of raw files, mailboxes and databases, showing accumulated views

Warning e-mail notifications when limit is close

[planned] File system level hard quota

Each webstore has a dedicated OS-level user id being owner of files created

Hooks around the lifecylce of webstores when additional integration is needed: init, unit, activate, deactivate, create and remove

Multiple backing file system storages

Web applications support

PHP 5.3 - 7.2 (e.g. Wordpress, Laravel, Joomla)

NodeJS (e.g. Express)

Python 3 (e.g. Flask, Django)

Download library dependencies (by npm/pip)

Running in low-privileged Docker containers

PHP

Multiple PHP versions on the same host; assigning the desired PHP version on the control panel

Generating PHP-FPM pool configuration, tweaking is supported

Rehashing selected PHP-FPM instance

PHP slow logs are processed real-time

Aggregated PHP access logs are exposed

SZAR: Regular remote backup archives

Based on the szar-backup project

Per storage snapshots created to a remote server as scheduled (daily default)

Listing available snapshots

Any of the snapshots can be restored via the web interface

Backup archives can be browsed via a web interface

Differential storing model, low disk usage

E-mail notification when changes detected in the dynamic scripts

Automatic cleanup of old difflogs

DNS service

Distributed domain name service

Based on Tinydns/djbdns

Multi-server support with real-time replication of changes

Supported DNS record types: A, AAAA, CAA, CNAME, MX, NS, PTR, SOA, SRV, TXT

Support for other DNS record types via user-supplied record payload

Wildcard hostnames

Extending record set or replacing zones at once

Zone templates for easy reset of zones

Clone DNS record set from another zone

Deleting records with count limit

Uppercased hostnames are accepted and automatically converted to lower-case

Max number of records/zone can be limited

Zone can be locked (aka. read-only mode) so users cannot edit it

Size of zones can be limited

Global SOA contact - customizable e-mail address

Prevent editing NS records

Admin tool to mass change of records

Import/export to/from TGZ file

Synchronize zone data between servers

Comparision logic to find potential discrapancies quickly

FTP service

FTP account management microservice

Based on ProFTPD

Credential based FTP and SFTP logins

Accounts can be bound to a sub directory inside the storage

Soft quota for limiting file system usage

Tallies are back-synced to the administration panel with a short delay

Live scoreboard

Security features

Passwords hashes are generated via the PBKDF2 algorithm

On-the-fly parsing of the ProFTPD logs, login events are emitted to the Event service

IP whitelist based login restriction

Login restricted to the same IP where the admin panel was accessed from the last 24 hours

On the fly virus scanning with Clamav

Mailer service

Microservice responsible for sending out e-mail

Requests are coming from the other services

Template based e-mails (can be customized); with some logic support

Multi-language capable

When the recipient is a customer, public data is looked up via Account API

Iptables service

Firewall management

Temporarily ban IP addresses

Whitelist can be defined for safety

Management of per webstorage firewall rules

Persistent

Network connections initiated by the web applications can be filtered

Real-time, low-level monitoring of firewall events

Event service

Storing logs about system events

GeoIP country lookups of the log events

Login events are stored in a dedicated table as well

Banning abuser IP addresses via the Iptables API (configurable)

Login events are also forwarded to Account API

Automatic cleanup of old events (configurable)

Events can be browsed/filtered/searched easily via the admin panel

Events that need special attention are escalated via Account API

GeoIP service

IP to country lookup microservice

Ultra light memory consumption

Automatical database update

Used by the Event service to lookup country info for events

Installatron service

A third party application installer solution

API for the guixfer operation (to acquire a token that exposes the backend service API and web frontend)

Docroot service

Responsible for managing Nginx and Apache configuration files

Nginx acts as a reverse-proxy; static content is served by it directly

Raw configuration of the backing webservers can be retrieved

Custom request timeout per virtual host

Custom config snippets can be configured for virtual hosts

Primary virtual host can be selected

Various maintenance operations via the admin panel, like rebuilding the configuration files, manually building Awstats statistics, rehashing the servers

Primary features

Subdirectory of the storage can be assigned to a hostname so the webservers will look for content there

Mapping multiple hostnames to the same directory are supported (even including wildcard specification)

Superusers can suspend a virtual host configuration, so that end-users can't change it (this way it is possible to serve a different site forcefully)

Displaying a custom site for expired webstores

HTTP-level redirection; when no query string is specified explicitly for the target, it is appended automatically

HTML-based redirection (frames)

Logging payload of POST requests (optional, controllable over the admin panel by superusers)

Password protection (http basic authentication) can be turned on for subdirectories

Per storage credential management for the protected subdirectories

X.509 certificate can be attached/detached to/from virtual hosts (uploaded via the Certificate service)

Awstats configuration is generated automatically

Awstats statistics are built according to the schedule

Statistics pages are not public; they are only accessible for storage owners

Transfer logs provided by nginx-vts are periodically saved into database

Virtual hosts can automatically be suspended/released based on contraints configured for bandwidth consumption

Git service

Integration with git based service providers

Tested against Github, Bitbucket and Gitlab

Pulls a remote repository

Support for selecting branches

SSH protocol supported, strict host checking

RSA public key is exposed

Support for Blue-green deployment: two distinct subdirectories are synced in a round-robin manner, upon successful pull the docroot is swapped

Changes to the remote origin are detected via webhooks

Relayer service

Authorization and routing logic layer

This component is present on each server of the cluster

Entry point of the REST API

Relays requests to the underlying microservices

Can distribute the same request to multiple microservices at once (for replication, used eg by Account API>)

Requests betweeen microservices are also routed and authrozized through this layer

Multi-server support; when needed it transparently proxies requests to Relayer services running on other hosts

Some operations that involve multiple microservices are implemented here (eg. removal of a webstore)

Since URLs are structured in a restful way, this layer is relaively thin

Time machine feature: capturing a current snapshot about the usage of the different components (eg. MySQL and ProFTPd scoreboard is saved) - which can be looked back later over the admin panel

Database management service

Management layer for database engines, databases and credentials

Abstraction providing pluggable module support for different DBMS systems; currently supported: MySQL

Support for multiple DBMS'es per instance, even with the same type

Account passwords are stored by the backing DBMS only via their official way

Real-time scoreboard

Managed phpMyAdmin application

[planned] Master-master or master-slave replication can be configured

Create/delete databases

Create/delete database accounts

Accounts can be protected via IP based ACL's

Backup/restore/repair databases

Regular backups saved via the Fileman API

Restore from regular backups or any custom file (backup archive is piped to mysql native binary directly via the same manner as described in Fileman API)

Old backups are removed automatically (configurable)

MySQL slow logs are processed real-time

Disk usage statistics

Disk space sort quota support

Warning e-mail notification when tally is close to the limit

Revoking grants for write operation when quota is exceeded

Account service

Service for managing customer accounts

(Optionally) replicated to achieve HA

TGZ based export/import for backup purposes

Relayer enforces authorization logic based on info retrieved from this service

Main features

Open account registration (configurable)

During registration offering phone callback (configurable, turned off by default)

Passwords hashes are generated via the bcrypt algorithm

Support for Google Recaptcha - Simple built-in captcha for fallback

Changing password, forgotten password functionality

Managing e-mail accounts along with their category (tech, promo, billing, etc.)

Ownership over the provided e-mail addresses are validated

Telephone numbers

Ownership verification of the provided telephone numbers via SMS

Sending SMS messages for escalation (configurable)

Login log

Login log events (forwarded by Event API nodes) are acculuated here

Login log is exposed to the customers (filtered to their account)

E-mail notification about successful/unsuccessful login events (configurable)

Unsuccessful login events are cleaned up after a certain amount of time (configurable)

Authentication

Credential based authentication (end-users via web user interface)

Token based authentication (called by the Relayer service for requests of the API consumers)

Derived token mode: different hosts of the plant need a different token, so a compromised server can't send any requests on behalf of the user to any of the other hosts

Account supervisor feature allowing external account to switch and manage the subject one

Account switching feature for superuser (generating new token)

Authorization related data

Domains that the account has permission to manage for

Webstores that the account has permission to manage for

Additional credentials for the same account, limited to some sub-roles (eg. DNS admin only)

Info needed for the multi-server architecture

Info about the servers of the plant (what roles/components they have installed on...)

Webhosting package templates (20+ options)

SMS messages

Layer with pluggable modules to send SMS messages

A configurable way to send e-mail and/or SMS messages for events that need escalation (events worth for escalation are submitted by Event API>)

Certificate service

Managing X.509 certificates

Uploading certificates along with their private key and intermediate elements of the CA chain

The private key and certificate are verified whether they belong together

The uploaded certificate can then be assigned to a virtual hosts via Docroot API. The webserver accepts connections over HTTPS and serves the correct certificate as requested via the TLS SNI extension

Private key, certificate and CSR parsing via the API

An alias name can be assigned to certificates (which is useful for other system softwares, like Dovecot)

Managing contact object to ease the activation process

Full certificate lifecycle management

New certificates can be acquired via the API

Abstraction provides pluggable support for different Certificate Authorities

The full lifecycle is covered: activation, reissuing, renewal and revocation

Notification e-mails are sent out when the certificate is enrolled or is close to expire

Currently supported providers: Let's Encrypt and Comodo

Certificates enrolled by Let's Encrypt are imported seamlessly and attached to the selected virtual host

Let's Encrypt certificates are automatically renewed

Complete automation for the Comodo DC validated certificate enrollment process (including CSR generation and activation) as well; activation is done using the HTTP method

Supported DC validation methods are exposed via the API: email, HTTP and DNS CNAME records

Wildcard certificates are also supported

Email service

Management of the e-mail system

Based on Postfix, Dovecot, Amavis, SpamAssassin, Clamav, Cluebringer and RoundCube

Generic

Domains can be assigned to be part of the e-mail system or not

E-mail accounts and aliases can be created/tweaked/deleted via the API

Passwords hashes are stored as generated by the SSHA256 algorithm

Quota restriction can be assigned to the disk usage of mailboxes

Policy can be assigned to mailboxes to enforce a quota on the number of outgoing e-mails (rolling window, per hour and/or per day)

Real-time tally information (complete disk usage and number of messages in the mailbox)

Regular automatic cleanup of old messages

Spam emails below a certain score are still delivered, but directly into the Junk folder (serving as a soft quarantine, customers can review it easily)

Junk messages are quarantined (can be checked and released by superuser)

Support for e-mail aliases (aka. distribution lists)

Support for auto BCC (eg. a blind carbon copy for outgoing e-mails)

Summary view about all the e-mail accounts/aliases/bccs that are hosted on the same webstore

Route e-mails sent by the mail command in containers of dynamic applications running on the webstores through the SMTP server so outgoing limits could be applied

Parsing of mail logs for Postfix and Dovecot specific events; feeding login logs, using email login as a second factor authentication for whitelisting IP address for host ssh login

Built-in e-mail setup guide for multiple popular e-mail client softwares (showing the relevant username/hostname also in the screenshots)

Suspending accounts at domain and/or email account level

Postfix related features

Listens on SMTP (25) and SMTPS (465)

Outgoing messages are accepted for delivery after SASL authentication (mailbox e-mail address and password are needed)

Mailq is parsed and exposed for superusers, various cleanup features (eg. regular auto-remove of messages with a certain sender/recipient)

Dovecot related features

Listens on POP3 (110), POP3S (993), IMAP4 (143), IMAP4S (995) and ManageSieve (4190)

Agent responsible for delivering local messages (LDA)

Mailbox quotas are enforced here

Sieve engine for rule based, server-side e-mail processing filters

A local SMTP server to filter messages sent by Sieve

Regular cleanup of old messages residing in the Junk mailboxes

Amavis related features

PenPal feature (lower score for e-mails where the sender was in touch with the recipient earlier)

SpamAssassin integration with Bayes filter (convenient way to teach the filter with spam/ham messages via the webmail)

Clamav integration for virus scanning

Regular cleanup of old database entries

Cluebringer related features

Domain-level greylisting (for better protection against spam messages)

Per mailbox policy to apply limit on outgoing e-mails

Current counters and accounted history are displayed via the admin panel

RoundCube related features

Managed RoundCube webmail instance

Changing email account password

Sieve rules for server side pre-processing of messages (eg. forward a copy, send an out-of-office response)

Training Spamassassin by moving messages into/out from the Junk mailbox

Whitelists and blacklists

Mailbox specific settings

These features don't need access to the service level administration panel, only the email address and the corresponding password

Built-in into the Webmail interface, but also available directly here

Changing mailbox password

Cleanup of old messages

Whitelist/blacklist based on sender e-mail address

Training Spamassassin by pasting e-mail source code into a textbox

File manager service

File manager controlled via REST API

Status of asynchronous operations and progress messages can be retrieved via a secondary raw HTTP request

HTTP request/response payload are piped to/from the underlying native process

Copy files between webstores (even when they are on two different hosts or belong to different customers)

[planned] Temporary SSH shells

Supported operations

Directory listing

Switching read-only mode (chattr +i)

File upload (pure file or tar, tgz and zip with on-the-fly extraction)

File download (pure download or multiple files via on-the-fly tgz compression)

File removal (multiple files and recursive modes are also supported)

Find command (limited wrapper around the system command)

Directory creation

Relocating files

Built-in browser based file editor (based on ACE)

Secure

Each operation takes place chrooted to a read-only minimal Debian installation

The only writeable mount is the root of the webstore directory itself

Priveleges (and capabilities) dropped; executing as the target webstore

Directory traversal is impossible/meaningless by design

Example file upload and decompress at once operation

REST API call to /api/s/[servername]/fileman/[webstrore_ide]/untgz with JSON payload of where the archive should be extrcated to

A new, secure tar xzvf - process is executed (see above)

The tar.gz file is being uploaded via secondary HTTP channel as raw data

For better user experience, an additional raw HTTP channel is opened for status updates

The upload binary is piped into the tar process

The stdout/stderr of the tar process are piped to the response stream of the status HTTP channel

No temporary storage is used

The user receives a real-time feedback about extraction process: file upload progress meter based on FileReader API and the files that are currently being extracted through the status channel

Scheduled operations

Fetching URL's at scheduled (cron syntax)

[planned] Executing arbitrary commands