Questions for specific deployment.

  • Hi please bear with me as I have some questions before a big deployment.


    Our business setup:
    * Our idea is to have 10.000 max. customers per LC-Server (with its many attached LC-Clients) with SQLite.
    * We want to harness the features of CloudLinux for better stability (we have already integrated it with LC).
    * We will not offer email service to our customers, only web hosting and domains.
    * We will be using 32-128GB RAM dedicated servers from OVH.


    Our questions:


    1) Is Debian preferred over other distros? I see Debian as a favorite by the LC developers in the forum. We have chosen CentOS for our deployment due to CloudLinux but we could consider dropping it if Debian is a *much* more safe and good choice for LC.


    2) Similar to the first question: Will LiveConfig work *as good* in CentOS as it does in Debian? Does it have the same importance and support in your development? Sorry for reiterate.


    3) Is it possible and recommended to create our own AppInstaller installers?


    4) In the manual you say "We always recommend to install LiveConfig on an empty (fresh installed) system." However we usually modify the fresh installation a bit by: changing the SSH default port to another privileged port, securing SSH (allowing access only via keys, etc), creating an administrative user with sudo privileges, and setting up the firewall. Does any of those modifications interfere with the installation of LiveConfig?


    5) Do these restrictions to Lets Encrypt still apply?


    6) What is the recommended way of installing a correct (not self-signed) SSL certificate for the LiveConfig control panel itself? Should I create it manually via Let's Encrypt certbot CLI and then save it as /etc/liveconfig/sslcert.pem and it is going to work? Would not that interfere with the certificate generation for the customers?


    7) CentOS (installed in OVH) by default sets the /etc/hostname file as server.example.com instead of only the shortname server. This differs from the recommendation in the LC manual. Should I follow the LC manual and set the hostname to the shortname? (maybe it is different for Debian)


    8) About SELinux. In the forum I have read (and everybody in the world agrees) that SELinux is complex, and I had decided to disable it. However, in the post-install message console prompt, LC informed me that "if you have SELinux enabled (or plan to do so), you need to adjust some permissions" meaning that is it indeed sensible and easy to enable it currently in LC?


    9) Otherwise, do you recommend another Mandatory Access Control like Tomoyo or AppArmor (if it is Debian)?


    10) Does LC manages clamav-milter in CentOS? Should I install it? (We are going to use the email server only for notifying the customers)


    Sorry for the wall of text, if you could at least answer every question with brevity it would be greatly appreciated. ;)

  • Hi,


    * Our idea is to have 10.000 max. customers per LC-Server (with its many attached LC-Clients) with SQLite.


    Don't use SQLite.


    Use a dedicated machine with mySQL and LiveConfig for the central LC business server (8GB RAM should be enough).





    Zitat

    1) Is Debian preferred over other distros? I see Debian as a favorite by the LC developers in the forum. We have chosen CentOS for our deployment due to CloudLinux but we could consider dropping it if Debian is a *much* more safe and good choice for LC.


    I won't see why there should be a difference: in the end, LiveConfig is just writing config files for the web/db servers.


    Use trial licenses to verify your setup - and report bugs to support@liveconfig.com :)



    Zitat

    3) Is it possible and recommended to create our own AppInstaller installers?


    it is possible, yes:


    > https://github.com/LiveConfig/apps-example


    Zitat

    4) In the manual you say "We always recommend to install LiveConfig on an empty (fresh installed) system." However we usually modify the fresh installation a bit by: changing the SSH default port to another privileged port, securing SSH (allowing access only via keys, etc), creating an administrative user with sudo privileges, and setting up the firewall. Does any of those modifications interfere with the installation of LiveConfig?


    LiveConfig does not interfere with the SSH server.


    Zitat

    5) Do these restrictions to Lets Encrypt still apply?


    Those are applied by Let's Encrypt directly, so please check there:


    https://letsencrypt.org/docs/rate-limits/



    Zitat

    6) What is the recommended way of installing a correct (not self-signed) SSL certificate for the LiveConfig control panel itself? Should I create it manually via Let's Encrypt certbot CLI and then save it as /etc/liveconfig/sslcert.pem and it is going to work? Would not that interfere with the certificate generation for the customers?


    Configure a regular domain in your account (e.g., config.example.com), get a certificate and configure the domain as a proxy to "https://localhost:8443".


    This way, customers don't need to access port 8443 at all.


    (yes, this is just a workaround)



    Zitat

    7) CentOS (installed in OVH) by default sets the /etc/hostname file as server.example.com instead of only the shortname server. This differs from the recommendation in the LC manual. Should I follow the LC manual and set the hostname to the shortname? (maybe it is different for Debian)


    not relevant.


    We configure the full hostname there as well and everything's fine.


    Zitat

    8) About SELinux. In the forum I have read (and everybody in the world agrees) that SELinux is complex, and I had decided to disable it. However, in the post-install message console prompt, LC informed me that "if you have SELinux enabled (or plan to do so), you need to adjust some permissions" meaning that is it indeed sensible and easy to enable it currently in LC?


    I personally have no experience with selinux and don't work with this.


    Zitat

    9) Otherwise, do you recommend another Mandatory Access Control like Tomoyo or AppArmor (if it is Debian)?


    why?


    LiveCOnfig already configures file owners and permissions appropriately.


    Zitat

    10) Does LC manages clamav-milter in CentOS? Should I install it? (We are going to use the email server only for notifying the customers)


    if you don't intend to provide mail hosting, LiveConfig does not configure the mailserver at all. ClamAV-milter is thus neither required nor configured.



    In case of questions, please contact also support@liveconfig.com directly.



    Best,
    Anton

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!