Welcome to Centmin Mod Community
Become a Member

Web Application Isolation

Discussion in 'Forum Feedback & Suggestions' started by ArisC, Jan 21, 2018.

  1. ArisC

    ArisC Member

    98
    25
    18
    Jun 1, 2017
    Ratings:
    +46
    Local Time:
    11:55 AM
    Nginx 1.13.10
    MariaDB 10.1.32
    Hello, It's been 8+ Months using CentMinMod! 0 Freaking Problems with it! Still cant believe how stable and rich is! but I would like to know if is any isolation on every website I Deploy so if one site is vulnerable won't take the whole server down. The reason is because i would like to cut costs as some sites are not using all the resources and host 2 - 3 instead of 1 on 1 server. Thanks
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    33,733
    7,466
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,479
    Local Time:
    6:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    FAQ item 2 covers users accounts you can't lock site accounts down to user level like cpanel/WHM as there is no 100% user isolation between site accounts on Centmin Mod.

    Pure-ftpd virtual ftp users only isolates ftp Pure-FTPD Virtual FTP Users but isn't fully jailed like cpanel/WHM as Centmin Mod is not made or setup for shared hosting like cpanel/WHM but more for usage by trusted user (myself/yourself).

    So the pure-ftpd virtual ftp user can lock that ftp user to the nginx vhost directory but because files are owned by nginx user/group, it wouldn't stop a hacker using php/file based transversal of other nginx vhosts. If you want isolation, setup 1 server for each site your want to host. It's how I usually host my centmin mod sites/subdomain sites i.e. this forum is hosted on separate server from centminmod.com site and separate server from my other subdomain sites for *.centminmod.com subdomains.

    Full chroot/jailed user/site isolation is on the long term to do list but nothing immediate is planned. There's a preview of what isolation may look like here.

    Thanks for the compliments. Centmin Mod is this way as I eat my own dog food and have 160+ servers running Centmin Mod LEMP stack :D
     
..