PiServe Technologies Private Limited
With nDeploy your business critical infrastructure like websites and email will never go down again .
Eliminate downtime in your WebStack,SMTP, and Database while enjoying all the advantages of a Web-Based control panel like cPanel*
- nDeploy does no modifications in any system or cPanel files . It moves cPanel httpd to an alternate port and works by generating nginx configuration based on your cPanel settings .Thus the plugin can be enabled or disabled seamlessly without having any side effects
- Supports CentOS6 CentOS7 CloudLinux6 CloudLinux7 on x86_64 arch
- Multiple backends - Apache HTTPD PHP-FPM HHVM ColdFusion/Java Python Ruby on Rails NodeJS
- Supports caching/conditional cache purging in proxy and FastCGI(ngx_cache_purge)
- Google pagespeed support
- limit_req limit_conn support
NAXSI Web Application Firewall*Disabled by default due to Incompatibility with NAXSI and http2
- IPv6 support
- SSL support
- HTTP2 support
- Fast installation,upgrade and uninstall via yum
Enable PHP-FPM SAPI for Apache ( requires httpd 2.4.10+ )*This feature is removed in nDeploy 3.x as its natively supported by cPanel58
- Choose PHP54,PHP55,PHP56,PHP70 per account for nginX
- LetsEncrypt integration
- High Available WebStack
- High Available SMTP service
- High Available DataBase (MariaDB/MySQL)
|Model||Process based||Event Driven||Event Driven|
|http next gen||SPDY||HTTP2||HTTP2|
|Asynchronous IO||NO||YES||Enterprise Version only|
|Zero Downtime management||NO||YES||YES|
|Concurrent connections||Limited by capability||Unlimited||License Dependant|
|Cost (8 core cpu)||FREE||FREE||92 usd/month|
Find instructions for multi server high available setup here >> DuET cPanel - Downtime Eliminated cPanel
Find instructions of standard single server setup below:
Requirement : cPanel 11.48+ server with Centos6/Centos7/CloudLinux6/CloudLinux7 64 bit OS installed, EasyApache4 for PHP backend
nDeploy 3.x is available via yum and requires EasyApache4 for PHP support. Apache+php-fpm is not supported
nDeploy 2.0.65 is available as an RPM package for manual install .It can work with EasyApache3 -
CentOS6/CloudLinux6 - https://rpm.piserve.com/CentOS/6/x86_64/
CentOS7/CloudLinux7 - https://rpm.piserve.com/CentOS/7/x86_64/
We recommend nDeploy 3.x for all new installation .
Installation instruction for CentOS6/CentOS7/CloudLinux¶
Step1 : Install nDeploy and nginX
#Install EPEL repo yum -y install epel-release
#Install nDeploy yum repo rpm --import https://rpm.piserve.com/RPM-GPG-KEY-ndeploy yum -y install https://rpm.piserve.com/nDeploy-release-centos-1.0-2.noarch.rpm
#Install nDeploy plugin and nginx .Be patient as this may take sometime to complete yum --enablerepo=ndeploy install nginx-nDeploy nDeploy
Step2 : Install or enable Application servers .You can skip any step below as per your app server requirement
#Install PHP-FPM Application server for PHP /opt/nDeploy/scripts/easy_php_setup.sh #Enable Phusion Passenger Application Server backend. This is required for Ruby/Python/NodeJs /usr/nginx/scripts/nginx-passenger-setup.sh
Step3 : Enable the plugin. This will make nginX your frontend webServer
Step4(Optional) : Setup NAXSI learning .This is required to generate NAXSI whitelist rules
#Note that this step will install JAVA and ElasticSearch daemon for NXAPI /usr/nginx/scripts/nxapi-setup.sh
Need a PHP-fpm restart? Need Additional PHP modules?¶
Install more of PHP in remi ----------------------------- yum --disableexcludes=all --enablerepo=remi search php56 yum --disableexcludes=all --enablerepo=remi search php56|grep memcache php56-php-pecl-memcache.x86_64 : Extension to work with the Memcached caching php56-php-pecl-memcached.x86_64 : Extension to work with the Memcached caching To install one of this plugin yum --disableexcludes=all --enablerepo=remi install php56-php-pecl-memcached Install more of PHP in EASYAPACHE4 -------------------------------------- Follow documentation at https://documentation.cpanel.net/display/EA4/EasyApache+4+Home If you face any issue;you can contact cPanel support as nDeploy just use cPanel provided RPM's in EA4 PHP Upgrade --------------------- Since PHP is installed via yum . yum upgrade will take care of PHP upgrades . To restart PHP-FPM -------------------- service ndeploy_backends restart || systemctl restart ndeploy_backends if you see an error in the command above; do service ndeploy_backends stop service ndeploy_backends start
Must know after installation¶
nDeploy provides the following scripts for emergency situations .These are your first lines of defense
1. When something goes wrong or something isnt working as expected
2. When you are under a layer-7 (application layer ) DOS attack targeted on the web service
To mitigate /opt/nDeploy/scripts/ddos_mitigate.sh enable To return config to normal mode /opt/nDeploy/scripts/ddos_mitigate.sh disable
Must do after installation¶
server side scripting language support¶
The default config generation in nDeploy is governed by
/opt/nDeploy/conf/domain_data.yaml.tmpl ===> For non-SSL domains /opt/nDeploy/conf/domain_data_SSL.yaml.tmpl ==> for SSL domains
nDeploy doesnt want to disrupt existing users ;so it follows a very sane default of proxy everything to cPanel's httpd . So end users will not even know that nDeploy was installed . But experienced admins can change this behavior and provide a custom domain_data template which will affect config generation of all domains
For example; the below will show how to use Proxy +cache as the default behavior
cp -p /opt/nDeploy/conf/domain_data_SSL.yaml.tmpl /opt/nDeploy/conf/domain_data_SSL.yaml.tmpl.local cp -p /opt/nDeploy/conf/domain_data.yaml.tmpl /opt/nDeploy/conf/domain_data.yaml.tmpl.local change profile: '1000' to profile: '1005' in /opt/nDeploy/conf/domain_data.yaml.tmpl.local change profile: '1004' to profile: '1006' in /opt/nDeploy/conf/domain_data_SSL.yaml.tmpl.local rm -f /opt/nDeploy/domain-data/* #will remove all domain-data files for CPANELUSER in $(cat /etc/domainusers|cut -d: -f1) do echo "ConfGen:: $CPANELUSER" && /opt/nDeploy/scripts/generate_config.py $CPANELUSER done service nginx restart
Similar to above ;if you change the backend to PHP and use Wordpress template; all your domain will be served by nginx+php-fpm bypassing apache . Of course, all your web apps must be WordPress in such cases .
While cPanel users can always change the vhost configuration for nginX anytime from their cPanel login ;sometimes the server administrator want to automatically switch supporting applications to be directly served by nginX instead of apache.
The script works by checking the presence of certain files like for example the wp-config.php in case of wordpress and switches the profile accordingly
root@cpanel [~]# cat /opt/nDeploy/conf/appsignatures.yaml SSLREDIRECT: "1" PHP: '/wp-config.php': '5001' '/libraries/joomla/version.php': '5002' '/sites/default/settings.php': '5017' '/app/etc/local.xml': '5003'
Admin can update the appsignatures.yaml file with file names and the corresponding profile that auto_config.py switch the domain to if the file exists. The default list provided by us is not extensive. Admins can also remove entries from the file above to negate auto-switching should there be a need for it . SSLREDIRECT is a switch that can have value 0 or 1 and if it is set to 1 .All the non-ssl vhost conf generated by Nginx will have the redirect http to https template .
if present and contain the CPANELUSERNAME in it will prevent auto switching of profiles for any domain (addon,subdomain etc) of the cpanel user. This is useful while running the auto_config script in a for loop over a list of cpanel users and if the script should omit any user.
To make this all work
1. Edit /opt/nDeploy/conf/appsignatures.yaml . Add or remove filenames (relative to document root) and the corresponding profile names to switch to should the file be present in document root 2. set SSLREDIRECT to 0 or 1 depending on how you want the non-ssl vhost to behave .We recommend the value be set to 1 as https:// is the norm of the modern world and redirecting non-ssl domains to ssl ones are good. 3.Create a file named /opt/nDeploy/conf/auto_config.exclude and add any cpanelusername for which you wish to exclude auto_config. If the file is not present or is empty ;no user is excluded 4.run for CPANELUSER in $(cat /etc/domainusers|cut -d: -f1) do echo "Auto ConfGen:: $CPANELUSER" && /opt/nDeploy/scripts/auto_config.py $CPANELUSER done service nginx restart The first time auto_config.py runs it will ask your preference of PHP version that automatic switching should use. On cpanel servers you can safely use the same version as the default installed PHP as most of your domains will be running that version without issues
A very IMPORTANT thing to note here is that auto_config.py is doing an educated guess work and determining the application that is installed .It MAY NOT! be always accurate . The administrator must be aware of this .Of course, any change made by the auto_config can be reverted by the end user or the admin from the cPanel plugin UI.
Providing more config templates or profiles¶
To avoid clashes between user defined template and rpm provided ones . the following numbers will be reserved for user defined templates
N600 -N999 9000 - 10000 Where N is an integer . So, for example, the rpm provided templates will never use the range 2600 - 2999
New config templates can be provided to end users by the admin by simply adding a file with all the location blocks, rewrite rules etc for an application .
The default template files can be found in
root@web [~]# ls -l /opt/nDeploy/conf/*.tmpl -rw-r--r-- 1 root root 596 Jun 26 04:42 /opt/nDeploy/conf/1000.tmpl -rw-r--r-- 1 root root 1452 Jun 26 04:42 /opt/nDeploy/conf/1001.tmpl -rw-r--r-- 1 root root 148 Jun 26 04:42 /opt/nDeploy/conf/2001.tmpl -rw-r--r-- 1 root root 152 Jun 26 04:42 /opt/nDeploy/conf/3001.tmpl -rw-r--r-- 1 root root 152 Jun 26 04:42 /opt/nDeploy/conf/4001.tmpl -rw-r--r-- 1 root root 210 Jun 26 04:42 /opt/nDeploy/conf/4002.tmpl -rw-r--r-- 1 root root 359 Jun 26 04:42 /opt/nDeploy/conf/5001.tmpl -rw-r--r-- 1 root root 806 Jun 26 04:42 /opt/nDeploy/conf/5002.tmpl -rw-r--r-- 1 root root 1810 Jun 26 04:42 /opt/nDeploy/conf/5003.tmpl
Each programming language should begin with a specific number ( eg: 5xxx for PHP ) for clarity purpose
You can easily base a new template on an existing template by adding or removing new location blocks, rewrite rules etc
Once a template file is added in /opt/nDeploy/conf/ .It needs to be registered using the following command which is an example of how we registered the Magento template
root@web [~]# /opt/nDeploy/scripts/update_profiles.py -h usage: update_profiles.py [-h] backend_category profile_code profile_description_in_doublequotes Register a nginX config profile for nDeploy positional arguments: backend_category profile_code profile_description_in_doublequotes optional arguments: -h, --help show this help message and exit root@web [~]# /opt/nDeploy/scripts/update_profiles.py PHP 5003 "Magento"
nDeploy-nginx is mated with a phusion passenger ruby gem .So we don't encourage unmanned upgrades and have therefore set enable=0 in the yum repository . The upgrade must be done manually by running the following commands
yum --enablerepo=ndeploy install nginx-nDeploy nDeploy /usr/nginx/scripts/nginx-passenger-setup.sh # Run only if you are using Phusion passenger for Ruby,Python and NodeJS
To fix most issues just run
#Ignore any systemctl: command not found error this script throws /opt/nDeploy/scripts/attempt_autofix.sh
If the above script didnt fix the issue you have to check relevant logs
#nDeploy logs for gui actions, automatic config generation etc /opt/nDeploy/watcher.log #log file is recreated on watcher restart #nginX web server logs which also includes php error messages ,Phusion Passenger logs and NAXSI logs /var/log/nginx/error.log #PHP-FPM master process log PHPROOT/var/log/php-fpm.log eg : /opt/remi/php56/root/var/log/php-fpm.log
/opt/nDeploy/scripts/cpanel-nDeploy-setup.sh disable yum remove nginx-nDeploy nDeploy
nDeploy is an open source product released under GPL Version 3 . The Project is hosted at GitHub https://github.com/AnoopAlias/nDeploy
To contribute to the project
1. Signup at github.com 2. Fork https://github.com/AnoopAlias/nDeploy and git clone it 3. Open the nDeploy directory as a project in a Python IDE. We recommend the free awesome https://atom.io/ 4. If you are using the Atom IDE ; I would recommend autocomplete-python and linter-flake8 be installed for python-devel friendliness 5. Modify/add to your fork 6. git commit to your fork; git push 7. Open a pull request https://help.github.com/articles/using-pull-requests/ That's it!
Building your own Nginx or nDeploy RPM's¶
While using the nDeploy RPM repository is the easiest and fastest way to get nDeploy on your server . You may sometimes wish to compile your own RPM's
The reason why one may wish to do this is
1. Add /extend nginX with more plugins
2. If you don't trust the nginX binary compiled on our server.
3. You notice an error and wish to debug nginX . https://www.nginx.com/resources/wiki/start/topics/tutorials/debugging/ , which requires that you compile Nginx with the –with-debug flag .
4. For the fun (and knowledge) of doing it
The instructions for creating your own nginX rpms are listed below. Run the following on your cPanel server
git clone https://github.com/AnoopAlias/nDeploy.git cd nDeploy/rpm_buildtree/ #Open nDeploy-nginx_build_script.sh (for CentOS6 rpm) or nDeploy-nginx_build_script.centos7.sh (centos7) in a text editor #The line starting with ./configure --prefix=/etc/nginx #is what you have to modify to add or remove configure arguments # comment out the line rsync -av nginx-nDeploy-* firstname.lastname@example.org:/home/rpmrepo/public_html/CentOS/7/x86_64 root@cpanel [~/nDeploy/rpm_buildtree]# ./nDeploy-nginx_build_script.centos7.sh It will take some time to build . Once this is complete you will have the nginx-nDeploy rpm inside nginx-pkg-64-centos7/ (for centos7) or nginx-pkg-64/ (centos6) folder . which you can install using rpm -Uvh command
Devel Support and Pull Requests
Priority Installation and Support Services ( Commercial )