Not what I wanted

Discussion in 'Developers' Forum' started by steve I, Nov 12, 2019.

Tags:
  1. steve I

    steve I New Member

    I'm having a really bad time adjusting to ispconfig from centos CWP. I have seen nothing but high grades for ispconfig, but I don't see this cp ever catching on. There is just too much guessing involved. Panel is mostly user hostile. There are sooooooooo many things lacking with this cp.

    ISPconfig does not have :
    1. CSF firewall, the main reason I will never use ispconfig
    2. Standard path to documents. user/public_html
    3. Panel control switches for apache start, firewall start, FTP start, antivirus start, mysql start etc
    4. mod_sec
    5. File manager
    6. SSL cert manager with auto renew
    So many things that are just wrong.......I used your cp many years ago, and today it looks almost the same as 15 years ago. ISPconfig requires total re-design. I know that you have responded to 100,000's of support request personally. Till..You are a good programmer and dedicated man. But your effort will fail ultimately. And when you die, so does ispconfig.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig supports UFW and Bastille Firewall, but you can use CSF as well, just install it and use it, it does not conflict with ISPConfig.

    ISPConfig has its standard paths and the standard website folder is named web like several other panels use it, you might have used a panel that uses a different path but that is no reason why we should change anything in our path layout.

    One can add such a thing, but manual restarts are not needed for these services, so there is actually no need for such a function on an ISPConfig server as ISPConfig takes care on restarting and reloading services when required.

    Works perfectly on ISPConfig systems, I have it on several of my servers as well.

    ISPConfig is compatible with all major file managers, so why reinvent the wheel.

    Exists for several years in ISPConfig.

    To sum it up, so many wrong things in one post *lol*. Please go back to CWP and be happy with it. Btw. I recommend to read their forum to see why they encode their software http://forum.centos-webpanel.com/informations/cwp-why-is-it-encrypted/ I wont use a software with such a security philosophy on my server.
    That your ISPConfig server is not fully working is to be expected after you used a wrong third part guide which lacks most of the required installation steps: https://www.howtoforge.com/community/threads/ftp-filezilla-root-good-user-ng.83198/

    My effort in building a hosting control panel that is in use on several hundred thousand servers worked very well, so it can't fail anymore ;) Many companies are using ISPConfig and contribute to the code. That I'm more visible than other developers and contributing companies is simply because I manage the community.
     
    gOOvER and ahrasis like this.
  3. steve I

    steve I New Member

    My install works fine, its just not working the way I envisioned.

    Having a built in file manager is essential for anyone wishing to edit files quickly.

    Another big thing missing is fixing permissions for individual users with a simple click.

    A big downside to cwp is not be able uninstall it. A whole new droplet creation is necessary to reinstall.
    CWP lacks solid development progression. They are short handed and do not communicate well with the community. I tried ispconfig because I see that CWP is presently adrift at sea with no particular direction.
    My own opinion is that they are trying to build it good enough to be taken over by cpanel or plesk at a hefty price.

    So that is why I am looking once again for alternatives.
    ISPCONFIG looks very stable and bug free, but for now, it hasnt approached the userbility of cpanel plesk and cwp. 15 years in the works, you should have been there by now. IMHO
     
  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    There is one thing you forgot. ISPConfig is completely developed in the developers' free time. There is no direct income from the project so the money has to be earned by the main jobs of each developing member. Regarding Till's work: Having created a project of this size is quite a feat. Besides managing the community and replying to all sorts of (often real nonsense) posts, of course.
     
    ahrasis and webguyz like this.
  5. Steini86

    Steini86 Active Member

    If you want usability, than pay for it (plesk is not really "cheap"). IMHO.
    Buy the manual (much cheaper than a plesk licence) -> https://www.ispconfig.org/documentation/user-manual/
    No more guessing than. IMHO.

    I do not like the idea, that the control panels will enable users (not admins) to have their own servers in the wild internet. Even ispconfig is too userfriendly and lets people install servers that have no clue about what they are doing,. IMHO.
     
    ahrasis and Croydon like this.
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    If you want a gui for that, follow the additional tutorial to install monit. Personally, I spent quite some time creating a more secure monit setup which I was happy with, and ... have never used it a single time. Gui "click to restart" just doesn't fit my workflow, it would actually be an inconvenience. (Note that I do find monit running and monitoring/responding to things very useful, I just have never used the gui interface since it has been setup.)

    I would like to see integration with the gui here, so you can easily identify rules which false positive and disable them, for the site overall or even for specific paths/locations. As @till said, you can still use it. Head over to https://git.ispconfig.org/ispconfig/ispconfig3/issues/3031 and hit "thumbs up."

    Again, like a gui "restart services" button, it's probably personal preference, but I have rarely missed this, though I can certainly see where end users would find it convenient. Wordpress installs have a file editor (a feature as well as security issue), and you must go out of your way to disable it, which for me is inconvenient. Head over to https://git.ispconfig.org/ispconfig/ispconfig3/issues/4005 and hit "thumbs up" (or https://git.ispconfig.org/ispconfig/ispconfig3/issues/1520 but the thumbs up/down ration is higher on 4005).

    That was actually mentioned not too long ago, and not a bad idea (though I don't consider that a "big" issue to not have it). I don't see an issue created for it in the tracker, though you could sure go make one. It's not clear to me right offhand what are "correct" file permissions? Ownership is pretty straightforward, but permissions are not. When I change a file to not be readable by other users, I sure don't want the system coming along and "fixing" that.

    But maybe a brain-dead reset would work with a warning label about what it would do, eg. "This will reset permissions on ALL files within this document root. All your website files and directories will be readable by other users and processes! Be sure to secure permissions on any sensitive files or directories again after you have run this." In truth, all reasonable (and so far identified, though there is certainly need for continued thought/research) measures are taken to isolate access from one website to read the files of another, but it is a very real issue (hackers gaining access to one site, then spreading throughout a server is common). Eg. do you allow your users to run cron jobs outside of the website jail? If so, go see what fun you can have from accessing random /var/www/clients/client#/web#/web/wp-config.php files. Each individual website can secure their wp-config.php or similar files, of course, but you can guess how many do. Heck, as an experiment, go check your webserver for how many are world writable :). Then consider something like:

    Code:
    # cat <<'EOF' >/etc/cron.daily/wp-config-permissions
    #!/bin/sh
    
    # remove world access to wp-config.php
    find /var/www/clients/ -maxdepth 1 -type d -name 'client*' -print0 \
            | xargs -0 -i'{}' find '{}' -maxdepth 1 -type d -name 'web*' -print0 \
            | xargs -0 -i'{}' find '{}' -mindepth 1 -maxdepth 2 -name wp-config.php -print0 \
            | xargs -0 chmod o-rwx
    
    # find world writable files/directories
    writable=$(find /var/www/clients/ -maxdepth 1 -type d -name 'client*' -print0 \
            | xargs -0 -i'{}' find '{}' -maxdepth 1 -type d -name 'web*' -print0 \
            | xargs -0 -i'{}' find '{}' -type d -name tmp -o -name dev -prune -o ! -type l -perm /o=w -ls)
    
    if [ -n "${writable}" ]
    then
            echo -e "World writable files/directories: \n"
            echo "${writable}"
    fi
    EOF
    
    # chmod +x /etc/cron.daily/wp-config-permissions
    
     
    Last edited: Nov 12, 2019
    ahrasis, Croydon and till like this.
  7. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter


    I find it impossible to agree with this. I don't know anything about cwp, but cpanel and Plesk are not what I would consider user friendly. I find both cpanel and Plesk to be a byzantine mess. more time is spent locating the feature/setting you want to change than actually changing it. I also find Plesk in particular to be a monstrous resource hog.
    giving Plesk to an average web site owning end user is like giving the keys to a nuclear power station to a caveman, it's only a matter of time until they do something terminal to their site.
    ispconfig is both lightweight and simple. our end users have no problem working out where, or how to change things.
    most of the stuff you say is missing is already available and can be integrated into the panel, eg, as already mentioned, Monit.
    again, I've also never needed a manual service stop/start button for any monitored services.

    the only part I'd agree with you on is a file manager, it would be convenient to use that at times, and it would certainly reduce the number of calls from users who won't/can't work out how to use ftp or ssh, again there are plenty of third party options available you can try, although I've yet to find one that i'm personally happy with for various reasons.

    as for it not looking any different to 15 years ago, well theme it then. you can make it look as different as you like. no-one's forcing you to leave it looking the way it does. to give you some ideas, smartyscripts made some very good looking themes:
    https://www.howtoforge.com/community/threads/an-ispconfig-themes-to-share.82123/
    unfortunately, it looks like he, and his site are now awol, but it shows what can be done.

    for the amount charged they charge for Plesk or cpanel, I find their actual intuitiveness and usability disturbingly (and disappointingly) low.

    for me, the biggest missing feature in ispconfig is domain name registration/management. I know there was mention of something like this and a shop module a long time ago, hopefully those are both things that are in the pipeline and coming soon.... Till? ;)
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I was actually looking into creating a plugin or built in function to use Realtime Register within ISPConfig, but I don't have time to write and maintain it right now...

    For the theme, I and some others have done quite some work to enhance the current theme by fixing visual issues and putting errors and warnings in some fancy alert boxes. I have been looking into a new theme and even fiddled around with something, but a lot of planning is needed to create a new theme with the team.
     
  9. michelangelo

    michelangelo Active Member

    I'm not that sure that the project will die if the worst-case should ever happen. The code is licensed under the very liberal BSD-license. Anyone can fork the project and do his own business with it or contribute code to the project. ISPConfig lacks certain features, already since some longer time. Yes, this is... kinda annoying but under the bottom line I would still prefer ISPConfig all the time over other control panels. It is using a very liberal license and so the code is open, it doesn't compromise your system unlike Plesk and it is free.

    And yes, it would be really nice if there were more community members contributing code to the project or if one needs a feature badly one could simply sponsor this feature. Nagging about an open source project is easy and yet completely wrong if one just does nothing in return like sponsoring or contributing code.
     
    Croydon, till and ahrasis like this.

Share This Page