Setting Up Your Enhance Server? Read These 20 Practical Tips First!: Page 2 - Enhance Control Panel

Setting Up Your Enhance Server? Read These 20 Practical Tips First!

JohnB

Kosta I think I need more than 10 severs to use it

Pretty sure you can use just 1 in theory. You may have read that if you're managing less than 10 servers its not worth setting up lol. But its great for disaster recovery unless of course Ansible is the issue lol. Personally I just use a bash script but if I had a more complex server setup I def would use it. Puppeter is another option you could look at but its more complicated. Has its pro and cons over Ansible.

Kosta

JohnB I will give it a try next month when i am doing some testing and recovery from various backup solutions etc, thanks

JohnB

Kosta For cp backups I never seen in my setup cp to be backed up in enhance backup server. Imagine all my cluster gets infected from some hacker I prefer to have something on the side I to recover completely from this kind of disaster. And from my research veem seems good option to me, just to have one backup server veem to backs up OS drives from main servers at least like DNS, CP etc. I am wrong with this ?

The vulnerability in your plan is that if a hacker infects your servers with time delayed malware. Its not uncommon that malware chills for a week or month so that images are affected. You're screwed if its ransomware and you haven't been testing the backups to see if they actually restore.

If you just install fresh Ubuntu, enhance, restore SITES, you don't have this risk. Backups of sites are more easily reviewed and tested than a full server image.

That said I 100% agree that you shouldn't rely on Enhance backups (or any vendor). Enhance backups use btrfs snapshots though and those can be exported into a tar file. The backups files are just the website files and a mysql dump so its not a proprietary format. You can make a script that restores the sites to a normal LAMP stack if you wanted to.

So backup to enhance backup server then export the btrfs snapshots to another server or S3 etc. Can be automated.

cPFence

Kosta the problem is only related to the database inconsistency, correct?

If you restore a snapshot backup for a busy Enhance server, you’ll end up with the main CP having no record of missing changes, new users added, removed, or canceled ..etc, leading to a complete mess that’s very hard to fix.

The best approach is to use a VM for your main CP and add as many dedicated servers to your cluster as you wish. For the main CP, rely on snapshot backups, and for other servers, if one goes down, simply deploy a new one and restore your websites from backups. In less than half an hour, you’ll have a fully replicated server with the same settings, thanks to Enhance’s clever unique backup system.

rdbf

cPFence

Kind of a tangent, but since it's a CPfence topic.....

I struggled a lot with adding OLS WAF whitelist rules, they simply didn't work.
While having fun with another issue, I noticed errors in the OLS error log about the whilelist rules in both /opt/cpfence/user-config/cpfwaf/whitelist_ols.conf and /opt/cpfence/app/cpfwaf/Whitelist_Rules.conf.

As per the knowledgebase, you can use comma's to separate rules. However, that gives the error and makes all but the first fail, so the rules keep being hit and logged. I had issues with that while debugging something a few days ago, and it didn't make sense.

So, they all need a separate line and ID, then they work and don't get hit anymore, and no more errors.

There's also notifications about several rewrite rules that CPfence places in .htaccess, like: Invalid rewrite directive: <Files "wp-config.php">

If there's a better place for these kinds of observations, please let me know.

8Dweb

Kosta We have found ansible to be valuable for us in handling our Enhance estate. It does take a tiny bit of hand-holding at times, but is far faster and more reliable than logging into a dozen servers to handle updates. In addition I get a concise (ok, terse) report of what took place.

However, you really have to love the command line to want to use Ansible, lol.

cPFence

rdbf

All your WAF whitelist rules should only be added to the following file, with each rule on a new line:
/opt/cpfence/user-config/cpfwaf/whitelist_ols.conf
This is outlined in our knowledge base.

If you’re encountering issues, please drop us a ticket, and our support team will assist you. Just to clarify, we have two team members dedicated to support, but they don’t have access to this forum account. Submitting a ticket is the best way to seek help or answers for this kind of issue.

rdbf

cPFence

I'll drop a ticket, but my issue is solved already.

The point was that the default rules, which should not be edited, give the error message. And adding rules manually as per the knowledge base, gives the same errors (and doesn't actually whitelist them).

SecRule REQUEST_HEADERS:Host "@streq example.com" "id:6002,phase:1,pass,nolog,ctl:RuleRemoveById=200007,225170,200002,210230"

This rule would only whitelist 2000007 and throw an error in openlitespeed

cPFence

rdbf

Please include more details about the issue in your ticket, and I’ll personally look into this for you.

Edit : I just saw that you edited your reply with more details about the issue. We will check this out and update the knowledge base if needed. Thanks for bringing it up.

8Dweb

@cPFence Thanks for an excellent product. We had purchased cpFence for one DEDI server in our Enhance cluster last year. After witnessing all the improvements, especially related to the WordPress hardening, we decided to purchase one of your license packs to cover all the web and DEDI servers in our cluster.

I was very impressed with the speed of your ticket responses, as well as clear instructions for our situation. We quickly updated a number of imported Wordpress sites, secured them and added them to monitoring. Despite this being a command-line product, the process was fast and efficient. We even tried out the newer multi server commands and that worked like a dream.

You are truly an enhancement to the Enhance community. I look forward to the further refinements, new features and integration in v. 12.

Thanks!

cPFence

8Dweb

Thank you so much for taking the time to share your feedback, we truly appreciate it. We’re thrilled to hear that cPFence has been a helpful part of your workflow. Stay tuned, there are exciting new features coming your way soon!

« Previous Page