Table of Contents
Content Error or Suggest an Edit
Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!
I’ve created this page to track the caveats I’ve found in the GridPane platform. This is an opinion piece and based on my own interactions and experiences, I’m a user of GridPane and it’s a great product. Always do your own research.
Limitations
No Support for non-WordPress PHP Applications
Currently, there is no method to create a PHP-only website that has no WordPress management features enabled. This is something other competitors support. A PHP-only website would allow for installing popular PHP applications and frameworks. Such as WHMCS, Uptime Kuma, Moodle, Drupal and others.
This is a miss here for GridPane, they’re already supporting Nginx and SSL and don’t have to support any application level requests.
Unable to change Password Protection for Sites
GridPane offers the option of HTTP password protection for sites. Unfortunately, the username and password can’t be changed and it’s used for every site on the server. If you have SSH access you can change the password and add more users and passwords to the /etc/nginx/.htpasswd file. The file is immutable at the OS level, which means you can’t add more users or change the password.
To make the file writable, you have to use the following command.
chattr -i /etc/nginx/.htpasswd
Then you can make changes to the file. It’s suggested you then make the file immutable again using the following command.
chattr +i /etc/nginx/.htpasswd
Any changes to this file is not supported by GridPane support.
Issues
UI
Sync Settings Issue
There is a Sync Settings button on a number of pages, this will ensure that the UI and Server settings are synced. Sometimes the UI settings aren’t accurately reflecting how your server is configured.
No Action or Command Queue
When going through the UI and via the command line, you can only send one action or command at a time and you have to wait for that action or command to complete before doing another action. Granted, the interface might lock out, but if you have another tab open or a command line tasks either manual or automated by the GridPane system runs at the same time you could have issues.
You also can’t batch commands, which sucks.
Backups
The GridPane backup system uses Duplicacy, which is an excellent deduplication software. Here are the pain points with the GridPane backup system.
Setup and Management
The setup of GridPane backups is per-site via the UI, not per server. When you have 50 or 100 sites, that’s quite the undertaking. There’s the CLI, which is excellent and allows single or all-site configuration of backups.
https://gridpane.com/kb/gp-cli-quick-reference#backups
The issue…you’ve now forced people to use the CLI to save time versus having this within the UI.
Ideally, you create a backup strategy on the server and then have single site exclusions that run their own strategy. Once GridPane backups are set up, you don’t need to do much until you create a new site. You have to enable backups for each new site you create, and you can’t configure backups for a new site during the creation process. You have to wait for the site to be created and then you can go into the site and set up the backups which is a multi-step process for remote backups.
Notifications
The notifications are Slack or UI based, with no option for email. Not everyone uses Slack, quite often, they set up Slack just for GridPane and then never log in. Backups are critical and should be front and center for most people, so email seems logical here.
I will be publishing a GridPane Slack Notifications to Email script for Cloudflare Workers and PHP at https://github.com/lmtca/gridpane-slack2email
Resource Usage
The GridPane backups are based on Duplicacy, a great piece of deduplication backup software. Deduplication does take up significant CPU to calculate what to backup, and there is a thread on the Duplicacy forum to limit CPU for backups.
https://forum.duplicacy.com/t/feature-suggestion-limit-cpu-usage/1146/23
The solution is to have more frequent backups or utilize cpulimit in Linux to throttle the backup.
There should be an option to allow for full backups as a performance option to reduce CPU load on smaller servers or larger services with multiple websites.
The ultimate solution would be to deploy a backup server in GridPane where Duplicacy resides and is used to run backups for all the account’s servers, effectively offloading resources and not affecting production workloads.
Leftover Backups
If you delete a site from GridPane and have local or remote backups, they will not be purged or deleted. You have to purge them before deleting the site or re-add the site you deleted and then purge them.
Backup Alternatives
There are several options available to backup a GridPane server.
- Snapshooter (Affiliate Link)
- MSP360 (Affiliate Link)
Cloning
Server Cloning
- Doesn’t copy over log files from any sites.
- Server level configs.
- Doesn’t copy over the staging site’s databases or files, only creates them.
Logging
Different Log Format for Openlitespeed and Nginx
You can see the feature request to address this issue here
https://roadmap.gridpane.com/b/stack-feature-requests/standard-log-output-for-nginx-and-ols/
Nginx and OLS do not output the same log format. This causes issues for software such as Fail2ban and GoAccess, requiring different configurations for each server type or just not working at all.
GridPane OLS Log Format
logFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
"192.168.1.1 - - [01/Sep/2022:20:16:55 -0700] "GET /favicon.ico HTTP/1.1" 200 103639 "https://domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
GridPane Nginx Log Format
'[$time_local] $remote_addr $upstream_response_time $upstream_cache_status $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" "$http3"';
[01/Sep/2022:20:20:07 -0700] 76.70.117.243 1.360 - domain.com "GET /favicon.ico HTTP/2.0" 302 0 1.362 "https://domain.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
Correct OpenliteSpeed LogFormat
`[%t] %h %T - %v "%r" %>s %b %T "%{Referer}i" "%{User-agent}i"
Secure Debug
Query Monitor
When enabling “Secure Debug”, WordPress debug is enabled and logged to a file, and Query Monitor is installed and enabled. This may cause issues on some WordPress instances, causing an increased load on the admin backend.
When you disable Secure Debug, the query monitor is disabled and left on the site. When trying to clone a site with Query Monitor installed but not activated, an error will occur.
Security
Blocking wp-version aka WordPress Version
This might seem like a logical feature to enable based on the definition.
This changes your WordPress version to WordPress 42. The change is purely cosmetic and won’t impact your ability to update core/themes/plugins etc, but will prevent bots from being able to access your actual WordPress version and attack you based on known vulnerabilities.
However, there are instances where this will break plugins. So just be aware before you enable this. Here’s the code GridPane uses.
remove_action('wp_head', 'wp_generator'); add_filter('the_generator', '__return_empty_string'); function the_answer() { global $wp_version; $wp_version = '42'; } add_action('init', 'the_answer');
API
Limited API Commands
Currently, the API is not full-featured, and some items are missing. It’s ever-evolving, and make sure you check out Postman to see if what you require is available.
https://documenter.getpostman.com/view/13664964/TVssjU7Z
System User Access
No Management of SCP, SSH or Jailed/Minimal SSH (Updated)
UPDATE: GridPane now offers a Jailed/Minimal SSH Option
Currently, GridPane only offers SCP, which is limiting if you’re looking to use git, wp-cli, MySQL Workbench, or deploy using CI/CD. You can enable SSH manually using the following guide I’ve written, but GridPane support does not support it.
It would be great if they implemented an option to enable or disable SCP, SSH and a Jailed/Minimal SSH. This would allow for all of the previously mentioned activities to occur, allowing for more secure access to system user accounts for Developers or Contractors.
MySQL
Improper Default Configuration
- Using a connection size of 150 increases the maximum memory usage on more minor instances.
- Default max_allowed_packet of 32MB increases memory usage and should be set to 16MB
No Configuration Profiles Based on Instance Size
Default MySQL configuration doesn’t consider the instance size (CPU/Mem) or database size as it’s a one size fits all. This isn’t performant for WordPress sites, there is no automatic or manual method to re-configure MySQL based on instance size profiles. You can change some common configuration options using the CLI.
Nginx
Nginx Helper Mis-configuration
Sometimes Nginx Helper can become mis-configured, this may be due to user error. These settings can’t be locked unfortunately, so when you switch between caching methods it’s possible for the plugin to be mis-configured.
Redis Full Page Caching and WSForms or Large HTML Content
When using the Redis Full Page Caching WSForms is delayed in loading by 60 seconds or not at all, rendering the page unusable. Switching to FastCGI Full Page caching renders the WSForms form right away and is the solution in this case.
This is related to the redis2-nginx-module from openresty, there is an open issue for the module on Github. It was posted in 2022 with no comments or actions until recently by GridPane.
Ignoring Query Strings
There is no option to ignore query strings for Facebook and other commonly used ones. Query strings by design will break caching. Therefore, when your website is shared on Facebook, it will bypass the cache every time someone visits your site.
- https://www.facebook.com/groups/selfmanagedwordpress/permalink/3919278274832750
- https://www.facebook.com/groups/selfmanagedwordpress/permalink/3587905677970013/
You can ignore query strings using Openlitespeed, but not with Nginx.
There is an article on stripping query strings, which isn’t affective due to query strings being used to track visit data with analytics software.
Openlitespeed
Default Site Broken
Setting a default site doesn’t work and breaks Multisite and Ultimo.
Lack of Litespeed Enterprise
There is no option to use Litespeed Enterprise, which is starting to become a huge competitor against Nginx, especially regarding caching.
Log Rotation on High Traffic Sites
Openlitespeed is configured to rotate logs when they reach 1MB, which once compressed is under 100k of storage. A high-traffic site will result in 30 files from the same day, effectively making any forensic analysis impossible. This should be raised to 10MB or 20MB.
https://community.gridpane.com/t/openlitespeed-log-rotation-on-high-traffic-sites/2394
SSL
Single SSL Certificate Authority
You can only generate LetsEncrypt SSL Certificates, there is no option to choose another provider. Ideally, you would want to be able to generate a certificate from other providers. Here are a couple of potential providers.
- AWS
- ZeroSSL
- Cloudflare
Roadmap Request – Enable Third Party SSL Certificate Authorities
No Default Self Signed SSL Certificates
There is no self-signed SSL Certificate when you deploy a site on the GridPane platform. This causes a multitude of issues.
- When deploying a site and SSL fails, you’re treated with a 404 not found or 403 error which is not helpful informationally. If you set up a default site on your server, you will be forwarded to this default site. Hence why it’s important to set up a default site, as you’ll then know when a site failed to generate a valid SSL certificate.
- You will be unable to utilize Cloudflare if you don’t set up a SSL Certificate or disable
Roadmap Request – Enable SSL by Default for all New Sites using Self Signed Certificate
Changelog
- 08/19/2024 – Added Nginx Query Strings Ignore.
- 08/06/2024 – Added issues with WSForms and Redis Full Page Caching.
- 08/02/2024 – Updated formatting, updated SSH as Sytem user, added Nginx Helper plugin misconfiguration.
- 08/19/2022 – Added a section for Litespeed Enterprise and SSL’s.
- 09/14/2022 – Updated all items with numbers, letters, then i(ii)iii