couple of questions

nhybgtvfr

not sure if this should actually be here or under general...

couple of hopefully, simple to answer questions...

Redis / NGINX fastcgi cache
are these completely separate and isolated for each individual website?
so no need to specify username/password or redis DB because nothing no other sites on the same server would/could access that redis / fastcgi cache instance?
i can see the redis.conf file, are both redis and nginx fastcgi cache fully configured when enabled?..
should wordpress plugins (redis object cache/wp-redis, nginx helper/ nginx cache etc ) still be used in wordpress,
so the caches can be managed/cleared from the wp backend rather than the enhance panel - i assume many wp backend users won't have direct access to the enhance panel.
with nginx fastcgi cache enabled on a new WP install, the site health page shows:
Page cache is not detected but the server response time is OK
which is why i'm assuming wp plugins are still needed to fully utilise redis and nginx fastcgi caching, just as litespeed cache would still be installed in WP if using OLS as the webserver.
ModSecurity - is it reccommeded to use this or not?
when enabled it seems to break a lot of the wordpress backend, so i assume to use it a lot of the default rules need changing, but i can only see a way to do that per server. i can enable/disable per website/domain, but not customise the rules per website/domain.
SSH - can password access be disabled? i'd rather only allow access via ssh-keys.
I know i can edit /etc/ssh/sshd_config, or put an override in /etc/ssh/sshd_config.d, but i don't know if the enhance panel would override that elsewhere, or reset any changed configs on updates.

what's going on with the dns status for locally managed dns (servers with dns role applied, not cloudflare). it seems ok for the panels main domain, and any subdomains of that, but for any other completely different domains, it seems to be a 50/50 coin toss on whether it'll show the tick in a green circle or the yellow warning triangle.

rdbf

1 - Yes. Each website gets its own redis instance launched and each enabled fastcgi cache uses its own folder structure.

2 - If enabled in the panel, they are ready to be used. FastCGI will work automatically, through the Nginx vhost config (you can check this with repeated curl requests). Redis will need to be used by a plugin. Redis can be purged by wordpress plugins, fastcgi can not. PHP and Nginx run under different users, so wordpress cannot purge fastcgi cache with any plugin.

3 - It is recommended. However, the default setup will cause countless issues and will require daily whitelisting and finetuning to avoid basic stuff from breaking on wordpress. If you're using a managed setup (like cPFence for example), the whitelisting is taken care of.

4 - You can disable it by setting the options in these 2 files, there's no other overrides or resets happening.

5 - Not sure, we never had any issues with this, it works as expected here.