Reading time: 10 minutes
Web developers usually not only create websites but also support them. Even basic tasks like installing and configuring WordPress, creating web-domains and databases take time. However, it can be automated with ISPmanager! The control panel can help you with other complex tasks, for example: enable SSL-certificates, save resources for backup, or protect databases from viruses. These and other not widely known features of ISPmanager can save time for both beginners and experienced admins.
I. Security
When working on a website, the web developers tries to focus on creating the convenient interface and attractive design, making content and optimizing SEO. Website protection and security of user data is also an important task, but it’s not always possible to spend a lot of resources on it. ISPmanager allows providing security easily on several different levels: connection, website and kernel.
Connection-level security
Connection-level security is protection of transferred data with encryption; this guarantees that in case of stealing data a hacker won’t be able to use it.
For securing connection you can install an SSL-certificate: it allows using https-protocol and serves as a safety marker for browsers and search engines. If you don’t have one, Google will worsen your website position in search results, and browsers will block web pages with user data collection forms.
SSL-certificates are issued by digital certificate providers and can be installed by a website admin. It is necessary to make some changes in the configuration file of a Web server for installing the SSL.
ISPmanager simplifies all the operations with certificates. Let's Encrypt (automated certificate authority) integration module allows to order a free certificate in just a few clicks, installs it for a domain, tracks validity period and renews when it is necessary. Let’s Encrypt release certificates of a certain kind, that will work for small websites which do not collect passport and payment details. If you decide to order SSL from any other provider, ISPmanager can help to install it quickly as well.
Website level security
Website level security is server data protection. Some viruses damage files of the website using vulnerabilities in web scripts. Others steal passwords from the hacked computer or mailbox and use them for accessing SSH and FTP admin panels.
The infected website may send phishing emails, upload viruses in other users computers, show advertizing banners or redirect visitors to adult or gambling websites. Browsers will block infected domains once they discover it.
For protection, we recommend always use the antivirus for the website. ISPmanager uses Virusdie as the antivirus. It scans the website for redirects, trojans, backdoors and cures them without downtime for your website. ISPmanager has the built-in Virusdie module which allows to install the module automatically, scan websites and cure infected files. Virusdie can work for both simple landing pages and complex online-stores.
Kernel level security
Kernel level security is protection of a server’s Operating System (OS). This server may be used for personal needs or for hosting clients’ websites.
In Linux systems, a kernel vulnerability may be used by abusers for getting access to the whole system. Swindlers consciously look for such holes, share and sell information about them at forums and exchanges. Usually, after receiving information about a vulnerability, OS developers release a security patch for kernel - a package that will close that vulnerability.
In order to protect data located on a server, system admins should install security patches right after their release. However, installation of updates requires system reset and means downtime for the server. Even a small downtime may cause losses of business reputation, clients loyalty, and profits. Therefore, admins try to update the system at the minimal activity time of a day and sometimes postpone it until the last moment.
A good way to solve this problem is KernelCare, a tool for security patches installation for OS kernel in RPM and DEB versions of Linux. Every four hours the KernelCare agent connects with servers distributing security patches released by CloudLinux. KernelCare downloads them and installs on a client server. Everything is processed in the background mode so you don’t need to reboot the server after every installation. KernelCare module can be installed in ISPmanager. It allows to buy, install and configure the software.
II. Stability
Along with security, stability becomes the important topic after finishing the main works on the website. It doesn’t matter how beautiful and convenient the website is: if it goes down every few hours, your clients won’t appreciate it for sure. Backups and DDoS-protection are important for ensuring stability.
Backups
Backuping website data can be considered a panacea for the most problems starting from unsuccessful CMS updating to burning down hard drives of a provider’s server. Having an actual backup helps to recover your data even if it was completely destroyed.
During many years of developing ISPmanager we examined several backup systems and revealed two basic issues:
- Backups consume all CPU resources and a website slows down;
- Temporary files occupy a lot of space.
In the current version of the backup module, we try to reduce both: server computing resources and required disk space for storage. Backups are launched with the minimum priority while the ability to schedule it allows to create copies during the lowest attendance hours. In order to minimize disk space usage, ISPmanager cuts backups by 100 MB slices and deletes them right after saving them on the external storage. Amazon S3, Dropbox or external FTP server could be used as storage of such type.
DDoS protection
A DDoS attack usually threatens to mature websites. When your website becomes popular it may attract attention of competitors, criminals or network hooligans. They use network flood means to get it down. For website owners, it may result in loss of clients.
The sooner you configure due protection, the less damage may occur. Right after DDoS has started, you may limit the rate of processing requests from certain IPs using Nginx ngx_http_limit_req_module. However in some cases when DDoS is very strong and the server becomes unavailable, you need to install the DDoS-GUARD module from ISPmanager interface. It can reflect almost 99,5% of all attacks.
In order to protect websites, DDoS-GUARD uses Reverse Proxy technology. A proxy server transfers clients requests from an external network to servers in the internal one where all the traffic is inspected for suspicious activity. DDoS-GUARD company has their own infrastructure that consists of filtering computing nodes in US, Europe, China and other countries. They guarantee that in case if your server is under attack DDoS-GUARD will reflect it easily. And ISPmanager helps to purchase and install DDoS-GUARD protection.
III. Managing several websites located on the same server
Sometimes web developers use one server for hosting several websites, and this is not that easy to ensure stable work in this case. It is necessary to divide server resources and create certain environment for different websites. A good solution here is well-known CloudLinux, however ISPmanager has built-in tools for this as well.
Different PHP versions
A server’s OS may have only one PHP version installed, that is why all the websites hosted on this server should have the same version. However, some websites were created awhile ago using PHP 5.2 while PHP development never stops and the newer ones require PHP 7.0 and newer. It is hard to host these websites together on the same server.
ISPmanager allows solving this issue by using alternative versions of PHP. These are binary files and Apache modules assembled and updated by us regularly. It is the built-in functionality of ISPmanager that allows setting a necessary PHP version for every specific website (supported versions are: 5.2 - 7.1)
Different MySQL/MariaDB versions
Several websites may also have different versions of databases supported. It is impossible to reinstall a system’s MySQL version in ISPmanager as it may lead to the conflict of different libraries, but it is possible to configure alternative MySQL/MariaDB versions.
The control panel allows setting an unlimited number of MySQL/MariaDB servers within the same server. MySQL versions supported are 5.5, 5.6, 5.7; MariaDB — 10.0, 10.1. For creation of alternative database servers, we use Docker container virtualization.
Configuration files template engine
The last little-known ISPmanager tool in this review is necessary for the websites requiring a flexible configuration. For example, for the websites created with CMS WordPress.
By default, ISPmanager generates identical web server configuration files. It allows guaranteeing optimal, time-proven settings in most cases. But some of the modern CMS have own requirements for web environment configuration, and sometimes they don't correspond to the configurations created by default.
ISPmanager generates web domain configuration files according to the rules described in template files. A system administrator can specify the directives and their order to be added in web domain configuration files. After that, every new domain configuration file will be created according to the given template. It is possible to get access to template files using a console.
Configuration files template engine and plug-in system make it possible to solve merely any task. ISPmanager has the open API, which adds flexibility in using the control panel.