September 7, 2024
Modules

CloudPanelAdmin:Part 1

Users

Events

Instance

Proftpd Settings

Instance Settings

Remote Backups

Configuration

Security

CloudPanel Custom Domain

Users

Roles

You can create additional users with restricted access. Each role has specific permissions, explained in the following section.

Admin

Users with the Admin role have full permissions and are not restricted to the frontend, admin area, or a specific site.

Site Manager

Users with the Site Manager role have full access to manage all sites but no access to the admin area.

User

Users with the User role are restricted to specific sites. They only see the assigned sites and cannot see and manage other sites.

User

Adding a User

To add a new User do the following steps:

  1. In the left menu, click on Users and click on the button Add User.
  1. Fill the form and click on the button Add User.

Timezone

The Timezone is essential for showing the right time in the monitoring graphs on the dashboard in the frontend area.

Deleting a User

  1. In the left menu, click on Users and click on the User Name you want to delete.
  1. To delete the user, click on the button Delete bottom left.

Events

In the Events overview, you see which user has made changes in CloudPanel.

Instance

Reboot

To reboot your instance, click in the left menu on Instance and then on the button Reboot top right.

Services

To restart a service like NGINX, MySQL, or PHP-FPM, click in the left menu on Instance and select the Service to restart.

Settings

Proftpd Settings

For connecting via FTP you need to enter the Instance IP in the field MasqueradeAddress.

The MasqueradeAddress causes the instance to display the network information for the specified IP address or DNS hostname to the client, on the assumption that the IP address or DNS host is acting as a NAT gateway or port forwarder for the instance.

Instance Settings

Timezone Change

The timezone of your instance is essential for executing cron jobs and other scheduled tasks at the right time in your region.

Attention

Reboot the instance after changing the instance that all services are aware of the timezone change.

Remote Backups

With Remote Backups, also known as off-site backup, you can store copies of your sites to services like Amazon S3, Wasabi, Digital Ocean Spaces, Dropbox, Google Drive, SFTP, or any other storage provider supported by Rclone.

Setup

Storage Provider

Select the Storage Provider of your choice and click on Continue.

Configuration

Amazon S3

  1. Log in to the AWS Management Console.

  2. Create an S3 Bucket and create an AWS Access Key and Secret Access Key with restricted permissions to S3.

  3. Fill out the form and click on the button Save.

  1. Click on the button Create Button top right to create the first backup, and go to S3 to check if it’s working as expected.

Excludes

By default, all sites are backed up. The vhost and the entire home directory of each site, excluding the .ssh, logs, and tmp directory, are included in the backup. In the Excludes field, you can exclude directories and files.
If you want to exclude a site from the backup, put /home/$site-user/ in the excludes.

Restoring Files

To restore files or directories, go to your storage provider and download the backup file backup.tar of your site.

Via File Manager

Restoring files via File Manager is recommended for backup files smaller than 2 GB.

  1. Go to the File Manager of your site and upload the backup file backup.tar to the tmp directory.

  2. Make right-click on the file backup.tar and extract the file.

  1. Copy and replace the files you need.

Via SFTP/SSH

This method is recommended for backup files bigger than 2 GB which cannot be uploaded via File Manager.
  1. Upload the backup.tar file via SFTP into your tmp directory or your site.
  2. Login via SSH to the instance with your site user and extract the backup file.
tar xf ~/tmp/backup.tar
  1. Copy and replace the files you need.

Google Drive

Only for Google Workspace Users

Google Drive as storage provider can only be used if you use the paid Google Workspace service.

  1. To create an Service Account, follow the steps on the following site https://rclone.org/drive/.

  2. Fill out the form and click on the button Save.

  1. Click on the button Create Button top right to create the first backup, and check your Google Drive to see if everything is working as expected.

Excludes

By default, all sites are backed up. The vhost and the entire home directory of each site, excluding the .ssh, logs, and tmp directory, are included in the backup. In the Excludes field, you can exclude directories and files.
If you want to exclude a site from the backup, put /home/$site-user/ in the excludes.

Restoring Files

To restore files or directories, go to your storage provider and download the backup file backup.tar of your site.

Via File Manager

Restoring files via File Manager is recommended for backup files smaller than 2 GB.

  1. Go to the File Manager of your site and upload the backup file backup.tar to the tmp directory.

  2. Make right-click on the file backup.tar and extract the file.

  1. Copy and replace the files you need.

Via SFTP/SSH

This method is recommended for backup files bigger than 2 GB which cannot be uploaded via File Manager.
  1. Upload the backup.tar file via SFTP into your tmp directory or your site.
  2. Login via SSH to the instance with your site user and extract the backup file.
tar xf ~/tmp/backup.tar
  1. Copy and replace the files you need.

Security

Firewall

The integrated Firewall in CloudPanel is based on UFW, also known as Uncomplicated Firewall.
Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall.

CloudPanel is being shipped with pre-configured rules to achieve higher security.

Recommendation

For higher security, whitelist the SSH Port (22) for your IPs only. The CloudPanel Port (8443) should only be whitelisted if you have a static ip.

Adding a Rule

  1. To add a new Rule, click on the button Add Rule.

  2. Select the Type, enter the Port Range, Source, and Description (optional) and click on Add Rule to apply the firewall rule.

Editing a Rule

  1. Click on the Rule you want to edit.
  1. Edit the Firewall Rule and click on the button Save.

Deleting a Rule

  1. Select the Rule you want to remove and click on Delete.

Basic Auth

If you don’t have a static ip to close port 8443, a Basic Auth in front of CloudPanel is recommended to restrict the access.

Enable Basic Auth

Via Web Interface

  1. To enable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.

  2. Enter a User Name and Password and click on Save to enable basic auth.

Via Command Line (CLI)

To enable Basic Auth via the command line, log in via SSH and execute the following command as the root user.

clpctl cloudpanel:enable:basic-auth --userName='john.doe' --password='password123'

Disable Basic Auth

Via Web Interface

To disable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.

Via Command Line (CLI)

To disable Basic Auth via the command line, log in via SSH and execute the following command as the root user.

clpctl cloudpanel:disable:basic-auth

Settings

General

CloudPanel Custom Domain

To run CloudPanel under your Custom Domain with a Let’s Encrypt Certificate, do the following.

  1. Click on Settings and then on General and enter the Domain Name.

DNS Record

A DNS Record pointing to this server is required to issue a Let’s Encrypt Certificate.

  1. Click on Save and wait seconds before the Let’s Encrypt Certificate can be issued.

CloudPanel Custom Domain via Reverse Proxy

An alternative way to run CloudPanel under your Custom Domain is to use a Reverse Proxy, e.g., if you want to use your own SSL/TLS Certificate, which is useful where Let’s Encrypt can’t be used.

  1. Go to Sites and create a Reverse Proxy.

  2. Enter the Domain Name, enter https://127.0.0.1:8443 as Reverse Proxy Url.

  1. Go to the SSL/TLS Settings and import your Certificate.

Database Servers

Using a separate Database Server to handle database queries has advantages like better performance and the possibility to restore to a specific time.

All major cloud providers offer MySQL Database Services like Amazon RDS, Digital Ocean Managed MySQL.

Supported Database Versions are: MySQL 5.7, MySQL 8.0, >= MariaDB 10.6

Add Database Server

  1. To add a Database Server, click in the left menu on Settings and then on the tab Database Servers.

  2. Enter the Host, User Name, Password and Port and click on Add Database Server.

  1. Click on Set Active to use the Database Server.
  1. The local MySQL Service is no longer needed and can be stopped and disabled to free up memory. Login via SSH as root and disable the service with the following command:
systemctl stop mysql && systemctl disable mysql

Delete Database Server

  1. To add a Database Server, click in the left menu on Settings and then on the tab Database Servers.

  2. Click on the Database Server you want to delete.

  1. Click on Delete to remove the Database Server.