Join the community today
Register Now

Site / PHP - Isolation?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by latwelve, Jan 30, 2018.

  1. latwelve

    latwelve New Member

    3
    1
    3
    Jan 30, 2018
    Ratings:
    +1
    Local Time:
    1:26 PM
    Hey, I've had a look at some progress articles on the forum from around 6 months ago on app isolation but I was just wondering if this is here now or still on the todo pipeline?

    Essentially I'm using ServerPilot at the moment (with user / app / php isolation) which is great but I'm wanting to move off subscription services and have a bit more flexibility and Centmin Mod with isolation will tick all those boxes for me!

    I have around 30 wp sites on a DO droplet but they do need isolation to protect against hacking. I'm not so fussed about server resource limiting but that would be interesting too!

    Thanks
    Alex
     
  2. eva2000

    eva2000 Administrator Staff Member

    32,251
    7,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,892
    Local Time:
    11:26 PM
    Nginx 1.13.x
    MariaDB 5.5
    Hi Alex, unfortunately not right now. You might want to start with a test site or 2 on a test CentminMod server just to get a feel for what's available.

    FAQ item 2 covers users accounts you can't lock site accounts down to user level like cpanel/WHM as there is no 100% user isolation between site accounts on Centmin Mod.

    Pure-ftpd virtual ftp users only isolates ftp Pure-FTPD Virtual FTP Users but isn't fully jailed like cpanel/WHM as Centmin Mod is not made or setup for shared hosting like cpanel/WHM but more for usage by trusted user (myself/yourself).

    So the pure-ftpd virtual ftp user can lock that ftp user to the nginx vhost directory but because files are owned by nginx user/group, it wouldn't stop a hacker using php/file based transversal of other nginx vhosts. If you want isolation, setup 1 server for each site your want to host. It's how I usually host my centmin mod sites/subdomain sites i.e. this forum is hosted on separate server from centminmod.com site and separate server from my other subdomain sites for *.centminmod.com subdomains.

    Full chroot/jailed user/site isolation is on the long term to do list but nothing immediate is planned. There's a preview of what isolation may look like here.
     
  3. latwelve

    latwelve New Member

    3
    1
    3
    Jan 30, 2018
    Ratings:
    +1
    Local Time:
    1:26 PM
    Hey thanks for the rapid reply - you really are as active as they say ;)

    That's a shame - I don't personally like a server per app as for me it feels like there'd be more to maintain and actually quite a bit more costly.

    I'll have a play around on a test server just for a geeky interest but I'll probably have to wait before using this in production until some isolation comes into place

    Thanks again
    Al
     
  4. eva2000

    eva2000 Administrator Staff Member

    32,251
    7,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,892
    Local Time:
    11:26 PM
    Nginx 1.13.x
    MariaDB 5.5