Project

General

Profile

SysAlly Logo
PiServe Technologies Private Limited

With nDeploy your business critical infrastructure like websites and email will never go down again .
Eliminate downtime in your WebStack,SMTP, and Database while enjoying all the advantages of a Web-Based control panel like cPanel*

  • nDeploy does no modifications in any system or cPanel files . It moves cPanel httpd to an alternate port and works by generating nginx configuration based on your cPanel settings .Thus the plugin can be enabled or disabled seamlessly without having any side effects

Load Balanced cPanel

ndeploy plugin view in cPanel

Features

  • Supports CentOS6 CentOS7 CloudLinux6 CloudLinux7 on x86_64 arch
  • Multiple backends - Apache HTTPD PHP-FPM HHVM ColdFusion/Java Python Ruby on Rails NodeJS
  • Supports caching/conditional cache purging in proxy and FastCGI(ngx_cache_purge)
  • Google pagespeed support
  • limit_req limit_conn support
  • NAXSI Web Application Firewall *Disabled by default due to Incompatibility with NAXSI and http2
  • IPv6 support
  • SSL support
  • HTTP2 support
  • Fast installation,upgrade and uninstall via yum
  • Enable PHP-FPM SAPI for Apache ( requires httpd 2.4.10+ ) *This feature is removed in nDeploy 3.x as its natively supported by cPanel58
  • Choose PHP54,PHP55,PHP56,PHP70 per account for nginX
  • LetsEncrypt integration
  • High Available WebStack
  • High Available SMTP service
  • High Available DataBase (MariaDB/MySQL)
Comparison Apache nDeploy-nginx LiteSpeed
Model Process based Event Driven Event Driven
Memory Usage High Low Low
http next gen SPDY HTTP2 HTTP2
Security mod_security NAXSI mod_security
htaccess YES NO YES
Apache Config YES NO YES
Anti-DDOS NO YES YES
Asynchronous IO NO YES Enterprise Version only
PHP mod_php,CGI,php-fpm php-fpm LSAPI
Zero Downtime management NO YES YES
Concurrent connections Limited by capability Unlimited License Dependant
Open Source YES YES NO
Cost (8 core cpu) FREE FREE 92 usd/month

Find instructions for multi server high available setup here >> DuET cPanel - Downtime Eliminated cPanel

Find instructions of standard single server setup below:


Installation

Requirement : cPanel 11.48+ server with Centos6/Centos7/CloudLinux6/CloudLinux7 64 bit OS installed, EasyApache4 for PHP backend

nDeploy 3.x is available via yum and requires EasyApache4 for PHP support. Apache+php-fpm is not supported
nDeploy 2.0.65 is available as an RPM package for manual install .It can work with EasyApache3 -
CentOS6/CloudLinux6 - https://rpm.piserve.com/CentOS/6/x86_64/
CentOS7/CloudLinux7 - https://rpm.piserve.com/CentOS/7/x86_64/

We recommend nDeploy 3.x for all new installation .

Installation instruction for CentOS6/CentOS7/CloudLinux

Step1 : Install nDeploy and nginX

#Install EPEL repo 
yum -y install epel-release 

#Install nDeploy yum repo
rpm --import https://rpm.piserve.com/RPM-GPG-KEY-ndeploy
yum -y install https://rpm.piserve.com/nDeploy-release-centos-1.0-2.noarch.rpm
#Install nDeploy plugin and nginx .Be patient as this may take sometime to complete
yum --enablerepo=ndeploy install nginx-nDeploy nDeploy

Step2 : Install or enable Application servers .You can skip any step below as per your app server requirement


#Install PHP-FPM Application server for PHP 
/opt/nDeploy/scripts/easy_php_setup.sh

#Enable Phusion Passenger Application Server backend. This is required for Ruby/Python/NodeJs 
/usr/nginx/scripts/nginx-passenger-setup.sh

Step3 : Enable the plugin. This will make nginX your frontend webServer

      
/opt/nDeploy/scripts/cpanel-nDeploy-setup.sh enable

Step4(Optional) : Setup NAXSI learning .This is required to generate NAXSI whitelist rules

#Note that this step will install JAVA and ElasticSearch daemon for NXAPI
/usr/nginx/scripts/nxapi-setup.sh


Need a PHP-fpm restart? Need Additional PHP modules?


Install more of PHP in remi
-----------------------------
yum --disableexcludes=all --enablerepo=remi search php56
yum --disableexcludes=all --enablerepo=remi search php56|grep memcache

php56-php-pecl-memcache.x86_64 : Extension to work with the Memcached caching
php56-php-pecl-memcached.x86_64 : Extension to work with the Memcached caching

To install one of this plugin
yum --disableexcludes=all --enablerepo=remi install php56-php-pecl-memcached

Install more of PHP in EASYAPACHE4
--------------------------------------

Follow documentation at https://documentation.cpanel.net/display/EA4/EasyApache+4+Home
If you face any issue;you can contact cPanel support as nDeploy just use cPanel provided RPM's in EA4

PHP Upgrade
---------------------
Since PHP is installed via yum . yum upgrade will take care of PHP upgrades .

To restart PHP-FPM
--------------------
service ndeploy_backends restart || systemctl restart ndeploy_backends

if you see an error in the command above; do

service ndeploy_backends stop
service ndeploy_backends start

Must know after installation

nDeploy provides the following scripts for emergency situations .These are your first lines of defense

1. When something goes wrong or something isnt working as expected

/opt/nDeploy/scripts/attempt_autofix.sh

2. When you are under a layer-7 (application layer ) DOS attack targeted on the web service

To mitigate 
/opt/nDeploy/scripts/ddos_mitigate.sh enable

To return config to normal mode
/opt/nDeploy/scripts/ddos_mitigate.sh disable

Must do after installation

mod_remoteip
stats processing

High-Performance Web application Firewall
NAXSI

server side scripting language support

Setting up HHVM

Setting up ColdFusion

Setting up Ruby on Rails

Setting up Python

Setting up NodeJS

Other info

gzip

LetsEncrypt setup

http to https redirection

High Performance Wordpress setup

Monitoring nginX and php-fpm

Securing nginX

Where are my php logs?

ZendOpCache related

Default configuration

The default config generation in nDeploy is governed by

/opt/nDeploy/conf/domain_data.yaml.tmpl    ===> For non-SSL domains
/opt/nDeploy/conf/domain_data_SSL.yaml.tmpl   ==> for SSL domains

nDeploy doesnt want to disrupt existing users ;so it follows a very sane default of proxy everything to cPanel's httpd . So end users will not even know that nDeploy was installed . But experienced admins can change this behavior and provide a custom domain_data template which will affect config generation of all domains

For example; the below will show how to use Proxy +cache as the default behavior

cp -p /opt/nDeploy/conf/domain_data_SSL.yaml.tmpl /opt/nDeploy/conf/domain_data_SSL.yaml.tmpl.local
cp -p /opt/nDeploy/conf/domain_data.yaml.tmpl /opt/nDeploy/conf/domain_data.yaml.tmpl.local

change profile: '1000'   to profile: '1005' in /opt/nDeploy/conf/domain_data.yaml.tmpl.local
change profile: '1004'   to profile: '1006' in /opt/nDeploy/conf/domain_data_SSL.yaml.tmpl.local

rm -f /opt/nDeploy/domain-data/*   #will remove all domain-data files

for CPANELUSER in $(cat /etc/domainusers|cut -d: -f1)
    do
        echo "ConfGen:: $CPANELUSER" && /opt/nDeploy/scripts/generate_config.py $CPANELUSER
    done
    service nginx restart

Similar to above ;if you change the backend to PHP and use Wordpress template; all your domain will be served by nginx+php-fpm bypassing apache . Of course, all your web apps must be WordPress in such cases .

Automatic Configuration

While cPanel users can always change the vhost configuration for nginX anytime from their cPanel login ;sometimes the server administrator want to automatically switch supporting applications to be directly served by nginX instead of apache.

/opt/nDeploy/scripts/auto_config.py CPANELUSER

does this.

The script works by checking the presence of certain files like for example the wp-config.php in case of wordpress and switches the profile accordingly

root@cpanel [~]# cat /opt/nDeploy/conf/appsignatures.yaml 
SSLREDIRECT: "1" 
PHP:
  '/wp-config.php': '5001'
  '/libraries/joomla/version.php': '5002'
  '/sites/default/settings.php': '5017'
  '/app/etc/local.xml': '5003'


Admin can update the appsignatures.yaml file with file names and the corresponding profile that auto_config.py switch the domain to if the file exists. The default list provided by us is not extensive. Admins can also remove entries from the file above to negate auto-switching should there be a need for it . SSLREDIRECT is a switch that can have value 0 or 1 and if it is set to 1 .All the non-ssl vhost conf generated by Nginx will have the redirect http to https template .

The file

/opt/nDeploy/conf/auto_config.exclude

if present and contain the CPANELUSERNAME in it will prevent auto switching of profiles for any domain (addon,subdomain etc) of the cpanel user. This is useful while running the auto_config script in a for loop over a list of cpanel users and if the script should omit any user.

To make this all work

1. Edit /opt/nDeploy/conf/appsignatures.yaml . Add or remove filenames (relative to document root) and the corresponding profile names to switch to should the file be present in document root

2. set SSLREDIRECT to 0 or 1 depending on how you want the non-ssl vhost to behave .We recommend the value be set to 1 as https:// is the norm of the modern world and redirecting non-ssl domains to ssl ones are good.

3.Create a file named /opt/nDeploy/conf/auto_config.exclude and add any cpanelusername for which you wish to exclude auto_config. If the file is not present or is empty ;no user is excluded

4.run

for CPANELUSER in $(cat /etc/domainusers|cut -d: -f1)
    do
        echo "Auto ConfGen:: $CPANELUSER" && /opt/nDeploy/scripts/auto_config.py $CPANELUSER
    done
    service nginx restart

The first time auto_config.py runs it will ask your preference of PHP version that automatic switching should use. On cpanel servers you can safely use the same version as the default installed PHP as most of your domains will be running that version without issues

A very IMPORTANT thing to note here is that auto_config.py is doing an educated guess work and determining the application that is installed .It MAY NOT! be always accurate . The administrator must be aware of this .Of course, any change made by the auto_config can be reverted by the end user or the admin from the cPanel plugin UI.

Providing more config templates or profiles

To avoid clashes between user defined template and rpm provided ones . the following numbers will be reserved for user defined templates

N600 -N999 
9000 - 10000

Where N is an integer . So, for example, the rpm provided templates will never use the range 2600 - 2999

New config templates can be provided to end users by the admin by simply adding a file with all the location blocks, rewrite rules etc for an application .

The default template files can be found in

root@web [~]# ls -l /opt/nDeploy/conf/*.tmpl
-rw-r--r-- 1 root root   596 Jun 26 04:42 /opt/nDeploy/conf/1000.tmpl
-rw-r--r-- 1 root root  1452 Jun 26 04:42 /opt/nDeploy/conf/1001.tmpl
-rw-r--r-- 1 root root   148 Jun 26 04:42 /opt/nDeploy/conf/2001.tmpl
-rw-r--r-- 1 root root   152 Jun 26 04:42 /opt/nDeploy/conf/3001.tmpl
-rw-r--r-- 1 root root   152 Jun 26 04:42 /opt/nDeploy/conf/4001.tmpl
-rw-r--r-- 1 root root   210 Jun 26 04:42 /opt/nDeploy/conf/4002.tmpl
-rw-r--r-- 1 root root   359 Jun 26 04:42 /opt/nDeploy/conf/5001.tmpl
-rw-r--r-- 1 root root   806 Jun 26 04:42 /opt/nDeploy/conf/5002.tmpl
-rw-r--r-- 1 root root  1810 Jun 26 04:42 /opt/nDeploy/conf/5003.tmpl

Each programming language should begin with a specific number ( eg: 5xxx for PHP ) for clarity purpose

You can easily base a new template on an existing template by adding or removing new location blocks, rewrite rules etc

Once a template file is added in /opt/nDeploy/conf/ .It needs to be registered using the following command which is an example of how we registered the Magento template

root@web [~]# /opt/nDeploy/scripts/update_profiles.py -h
usage: update_profiles.py [-h]
                          backend_category profile_code
                          profile_description_in_doublequotes

Register a nginX config profile for nDeploy

positional arguments:
  backend_category
  profile_code
  profile_description_in_doublequotes

optional arguments:
  -h, --help            show this help message and exit

root@web [~]# /opt/nDeploy/scripts/update_profiles.py PHP 5003 "Magento" 

Upgrade instruction

nDeploy-nginx is mated with a phusion passenger ruby gem .So we don't encourage unmanned upgrades and have therefore set enable=0 in the yum repository . The upgrade must be done manually by running the following commands

yum --enablerepo=ndeploy install nginx-nDeploy nDeploy 
/usr/nginx/scripts/nginx-passenger-setup.sh  # Run only if you are using Phusion passenger for Ruby,Python and NodeJS

Troubleshooting

To fix most issues just run

#Ignore  any  systemctl: command not found error this script throws
/opt/nDeploy/scripts/attempt_autofix.sh

If the above script didnt fix the issue you have to check relevant logs

#nDeploy logs for gui actions, automatic config generation etc
/opt/nDeploy/watcher.log   #log file is recreated on watcher restart

#nginX web server logs which also includes php error messages ,Phusion Passenger logs and NAXSI logs
/var/log/nginx/error.log

#PHP-FPM master process log
PHPROOT/var/log/php-fpm.log
eg : /opt/remi/php56/root/var/log/php-fpm.log

Uninstall instruction

/opt/nDeploy/scripts/cpanel-nDeploy-setup.sh disable
yum remove nginx-nDeploy nDeploy

Development

nDeploy is an open source product released under GPL Version 3 . The Project is hosted at GitHub https://github.com/AnoopAlias/nDeploy

To contribute to the project

1. Signup at github.com
2. Fork https://github.com/AnoopAlias/nDeploy and git clone it 
3. Open the nDeploy directory as a project in a Python IDE. We recommend the free awesome https://atom.io/
4. If you are using the Atom IDE ; I would recommend autocomplete-python and linter-flake8 be installed for python-devel friendliness
5. Modify/add to your fork
6. git commit to your fork; git push 
7. Open a pull request https://help.github.com/articles/using-pull-requests/

That's it!

Building your own Nginx or nDeploy RPM's

While using the nDeploy RPM repository is the easiest and fastest way to get nDeploy on your server . You may sometimes wish to compile your own RPM's

The reason why one may wish to do this is

1. Add /extend nginX with more plugins
2. If you don't trust the nginX binary compiled on our server.
3. You notice an error and wish to debug nginX . https://www.nginx.com/resources/wiki/start/topics/tutorials/debugging/ , which requires that you compile Nginx with the –with-debug flag .
4. For the fun (and knowledge) of doing it

The instructions for creating your own nginX rpms are listed below. Run the following on your cPanel server

git clone https://github.com/AnoopAlias/nDeploy.git
cd nDeploy/rpm_buildtree/
#Open nDeploy-nginx_build_script.sh (for CentOS6 rpm) or nDeploy-nginx_build_script.centos7.sh (centos7) in a text editor
#The line starting with ./configure --prefix=/etc/nginx 
#is what you have to modify to add or remove configure arguments
# comment out the line rsync -av nginx-nDeploy-* root@rpm.piserve.com:/home/rpmrepo/public_html/CentOS/7/x86_64
root@cpanel [~/nDeploy/rpm_buildtree]# ./nDeploy-nginx_build_script.centos7.sh

It will take some time to build . Once this is complete you will have the nginx-nDeploy rpm inside nginx-pkg-64-centos7/ (for centos7)
or nginx-pkg-64/ (centos6) folder . which you can install using rpm -Uvh command

Support

Community Support

Devel Support and Pull Requests

Priority Installation and Support Services ( Commercial )