Hello. thanks to @till for helping a lot in the installation of ISPConfig3 in my home-server (low-specs); From here that i have got enough expereicne and good knowledge. Am considering installing ISPConfig3 on the AWS. LightSail. Is it feasible to run ISPConfig3 on AWS LightSail's $5/month package Are there any limitations or challenges I should be aware of with this setup? Would you recommend any alternative setups that might be more efficient or cost-effective?
AWS is quite expensive for what it offers in terms of speed and system resources. Instead of using AWSLightSail, I would use a different cloud provider. E.g. I have my systems at Hetzner. There, you get a 2 CPU core system with 4GB RAM for 4.51 EUR, which is less than 5 USD.
I installed using https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ . I installed just the same way on Hetzner cloud host as I install on VM host or dedicated host. My setup has more memory and disk so it is not the 4.70 € host but I I would say that does not matter for installation. Do install Debian yourself and avoid using ready-made image from provider, those are sometimes iffy. I installed from official Debian install media.
for those using hetzner.... which does seem to be quite significantly cheaper than aws.. do they block port 25 outbound? can it be unblocked? if so, would i need to be a customer for a while before i can get it unblocked? also, on their website, it says: but doesn't actually say what that default limit is. does anyone know what it is?
They set the limits on request. There is an option in their ticket system where you can select this as a reason, write a short message about why you need which amount of resources. I don't know what the defaults are as I'm a customer for many years, but probably 10 VM or so. They just want to protect themselves from someone using their API to spin up and shut down hundreds of VMs to exhaust their resources.
cool. thanks @till i did manage to find the limits further into their faq's.. in case anyone else is interested: another thing i can't find info for on their site is if you can switch between a vps between sizes. ie, from their default shared cpu intel: upgrade a vps from their cx32 size (4vcpu 8gb) to cx42 (8vcpu 16gb), and maybe later back down to cx32. so i suspect not, and even if yes, probably only one-way to a larger vps. i fully expect switching between intel/amd/ampere (shared or dedicated vcpu) is completely off the cards.
You can scale up and down, but you have to stay within the same CPU architecture. So you can switch between AMD and Intel, but not to ARM if you have a Intel or AMD vServer. One thing to note is that when you scale up, it asks you if you want to keep the same HD size. You can scale down later only if you have kept the same HD size, as they can't decrease HD size when scaling down (as it would likely break the file system and at least something like this can not be automated in a safe way). Here is a screenshot from the rescaling page. This is currently the smallest System with Intel CPU, and you can scale to Intel and AMD, and you can also switch between shared and dedicated cores. (just to note, it's an old system, so this exact Server spec likely does not exist anymore).
By the way, I'm not sponsored by Hetzner. I've been using them for many years, though, and am quite happy with them. Plus, their cloud systems are fast and offer all I need and are still easy to use and not overly complicated.
thanks @till.. looks good so far.. going to give it a try with a standalone install and a copy of an existing live site from a clients 2vcpu/4gb server. want to compare speed between hetzner and aws. see how much the latency from having a vps in germany rather than london affects browsing speed.. pretty much all our clients sites visitors are in uk.. and also how much upscaling will affect that... can get 4x the cpu and 2x the ram from hetzner vs aws and still save money..
Thanks! i have purchased and now using ISPConfig3. I have a firewall confusion here. What port should be added to the OutBound Ports? if i add 53 UDP, or else the Web Server and FTP doesn't work. however i have successfully added ports in the inbound firewall (Hetzner). The second problem, the mail shows 2MB email size attachment. it is possible to make it 25Mb (Globally). via GUI or .. Is there ISPConfig3 by default need (security) hardening for protection, or jail-shell, This is the first time am asking as i was much busy understanding the entire setup of ISPConfig3. Can you also explain me JailKit if that is feasible for security.
For a start, it is better not to restrict outbound ports. Otherwise, functions like Linux system updates and others might fail. As you noticed already, a server which is not able to resolve names because you closed DNS ports can't work of course. You must increase the upload size in php.ini file for php-fpm of the default PHP version of the OS and then restart that php-fpm daemon. That#s not done from within ISPConfig. There is no need for any additional setup, just install ISPConfig using the auto installer.
I'm able to do it. it works fine. also in the Webmail, but for PHP Mail Is there additional setting required? Additionally, Client Info side [control panel related] - How to set the client can able to enable/disable the SSL & PHP Version in their profile. Additionally Info, ISPConfig3 [billing addon] - Does Billing is able to automate the process of creating the account downgrading and auto-off on over-due. @till block storage in Hetzner Cloud vs ISPconfig3 Does ISPConfig has the ability to recognize it as a primary storage? [smtp related - purchased static ip with Hetzner MOST IMPORTANT] do i require to purchase additional/external smtp relay for Services Config SMTP relay? At this moment Am using SMTP2GO SMTP rely. Yes it works good. but bit expensive :-( In a group conversation at reddit am able to see the following recommendation. Expand: Reddit You don't really need an SMTP relay for if you have a static IP address. Just set up proper reverse DNS, SPF, DMARC and DKIM records for all the domains you plan on sending email for/from and install e.g. a local Postfix. Reference : Link
The client can do that by default if he created the site or if you created it for him using the login as client function. no You can mount block storage as a file system at hetzner. That#s not ISPConfig related btw. A Cloud server always has a static IP. There is no need to buy a second IP as the first is already a static IP. What you should do though is that you ensure you have a IPv4 IP and not just a IPv6 IP.
