GridPane Caveats, Limitations and Issues

Content Error or Suggest an Edit

Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!

I’ve created this page to track the caveats I’ve found in the GridPane platform. This is an opinion piece and based on my own interactions and experiences, I’m a user of GridPane and it’s a great product. Always do your own research.

Limitations

No Support for non-WordPress PHP Applications

Currently, there is no method to create a PHP-only website that has no WordPress management features enabled. This is something other competitors support. A PHP-only website would allow for installing popular PHP applications and frameworks. Such as WHMCS, Uptime Kuma, Moodle, Drupal and others.

This is a miss here for GridPane, they’re already supporting Nginx and SSL and don’t have to support any application level requests.

Unable to change Password Protection for Sites

GridPane offers the option of HTTP password protection for sites. Unfortunately, the username and password can’t be changed and it’s used for every site on the server. If you have SSH access you can change the password and add more users and passwords to the /etc/nginx/.htpasswd file. The file is immutable at the OS level, which means you can’t add more users or change the password.

To make the file writable, you have to use the following command.

chattr -i /etc/nginx/.htpasswd

Then you can make changes to the file. It’s suggested you then make the file immutable again using the following command.

chattr +i /etc/nginx/.htpasswd

Any changes to this file is not supported by GridPane support.

Issues

UI

Sync Settings Issue

There is a Sync Settings button on a number of pages, this will ensure that the UI and Server settings are synced. Sometimes the UI settings aren’t accurately reflecting how your server is configured.

No Action or Command Queue

When going through the UI and via the command line, you can only send one action or command at a time and you have to wait for that action or command to complete before doing another action. Granted, the interface might lock out, but if you have another tab open or a command line tasks either manual or automated by the GridPane system runs at the same time you could have issues.

You also can’t batch commands, which sucks.

Backups

The GridPane backup system uses Duplicacy, which is an excellent deduplication software. Here are the pain points with the GridPane backup system.

Setup and Management

The setup of GridPane backups is per-site via the UI, not per server. When you have 50 or 100 sites, that’s quite the undertaking. There’s the CLI, which is excellent and allows single or all-site configuration of backups.

https://gridpane.com/kb/gp-cli-quick-reference#backups

The issue…you’ve now forced people to use the CLI to save time versus having this within the UI.

Ideally, you create a backup strategy on the server and then have single site exclusions that run their own strategy. Once GridPane backups are set up, you don’t need to do much until you create a new site. You have to enable backups for each new site you create, and you can’t configure backups for a new site during the creation process. You have to wait for the site to be created and then you can go into the site and set up the backups which is a multi-step process for remote backups.

Notifications

The notifications are Slack or UI based, with no option for email. Not everyone uses Slack, quite often, they set up Slack just for GridPane and then never log in. Backups are critical and should be front and center for most people, so email seems logical here.

I will be publishing a GridPane Slack Notifications to Email script for Cloudflare Workers and PHP at https://github.com/lmtca/gridpane-slack2email

Resource Usage

The GridPane backups are based on Duplicacy, a great piece of deduplication backup software. Deduplication does take up significant CPU to calculate what to backup, and there is a thread on the Duplicacy forum to limit CPU for backups.

https://forum.duplicacy.com/t/feature-suggestion-limit-cpu-usage/1146/23

The solution is to have more frequent backups or utilize cpulimit in Linux to throttle the backup.

There should be an option to allow for full backups as a performance option to reduce CPU load on smaller servers or larger services with multiple websites.

The ultimate solution would be to deploy a backup server in GridPane where Duplicacy resides and is used to run backups for all the account’s servers, effectively offloading resources and not affecting production workloads.

Leftover Backups

If you delete a site from GridPane and have local or remote backups, they will not be purged or deleted. You have to purge them before deleting the site or re-add the site you deleted and then purge them.

Backup Alternatives

There are several options available to backup a GridPane server.

Cloning

Server Cloning

  • Doesn’t copy over log files from any sites.
  • Server level configs.
  • Doesn’t copy over the staging site’s databases or files, only creates them.

Logging

Different Log Format for Openlitespeed and Nginx

You can see the feature request to address this issue here

https://roadmap.gridpane.com/b/stack-feature-requests/standard-log-output-for-nginx-and-ols/

Nginx and OLS do not output the same log format. This causes issues for software such as Fail2ban and GoAccess, requiring different configurations for each server type or just not working at all.

GridPane OLS Log Format

  • logFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
  • "192.168.1.1 - - [01/Sep/2022:20:16:55 -0700] "GET /favicon.ico HTTP/1.1" 200 103639 "https://domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"

GridPane Nginx Log Format

  • '[$time_local] $remote_addr $upstream_response_time $upstream_cache_status $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" "$http3"';
  • [01/Sep/2022:20:20:07 -0700] 76.70.117.243 1.360 - domain.com "GET /favicon.ico HTTP/2.0" 302 0 1.362 "https://domain.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"

Correct OpenliteSpeed LogFormat

  • `[%t] %h %T - %v "%r" %>s %b %T "%{Referer}i" "%{User-agent}i"

Secure Debug

Query Monitor

When enabling “Secure Debug”, WordPress debug is enabled and logged to a file, and Query Monitor is installed and enabled. This may cause issues on some WordPress instances, causing an increased load on the admin backend.

When you disable Secure Debug, the query monitor is disabled and left on the site. When trying to clone a site with Query Monitor installed but not activated, an error will occur.

Security

Blocking wp-version aka WordPress Version

This might seem like a logical feature to enable based on the definition.

This changes your WordPress version to WordPress 42. The change is purely cosmetic and won’t impact your ability to update core/themes/plugins etc, but will prevent bots from being able to access your actual WordPress version and attack you based on known vulnerabilities.

However, there are instances where this will break plugins. So just be aware before you enable this. Here’s the code GridPane uses.

remove_action('wp_head', 'wp_generator');
add_filter('the_generator', '__return_empty_string');

function the_answer() {
        global $wp_version;
        $wp_version = '42';
}
add_action('init', 'the_answer');

API

Limited API Commands

Currently, the API is not full-featured, and some items are missing. It’s ever-evolving, and make sure you check out Postman to see if what you require is available.

https://documenter.getpostman.com/view/13664964/TVssjU7Z

System User Access

No Management of SCP, SSH or Jailed/Minimal SSH (Updated)

UPDATE: GridPane now offers a Jailed/Minimal SSH Option

Currently, GridPane only offers SCP, which is limiting if you’re looking to use git, wp-cli, MySQL Workbench, or deploy using CI/CD. You can enable SSH manually using the following guide I’ve written, but GridPane support does not support it.

Enabling SSH, su from root and Visual Studio Code Remote SSH for System Users under GridPane – Managing WP
Notice
managingwp.io

It would be great if they implemented an option to enable or disable SCP, SSH and a Jailed/Minimal SSH. This would allow for all of the previously mentioned activities to occur, allowing for more secure access to system user accounts for Developers or Contractors.

MySQL

Improper Default Configuration

  • Using a connection size of 150 increases the maximum memory usage on more minor instances.
  • Default max_allowed_packet of 32MB increases memory usage and should be set to 16MB

No Configuration Profiles Based on Instance Size

Default MySQL configuration doesn’t consider the instance size (CPU/Mem) or database size as it’s a one size fits all. This isn’t performant for WordPress sites, there is no automatic or manual method to re-configure MySQL based on instance size profiles. You can change some common configuration options using the CLI.

Nginx

Nginx Helper Mis-configuration

Sometimes Nginx Helper can become mis-configured, this may be due to user error. These settings can’t be locked unfortunately, so when you switch between caching methods it’s possible for the plugin to be mis-configured.

Redis Full Page Caching and WSForms or Large HTML Content

When using the Redis Full Page Caching WSForms is delayed in loading by 60 seconds or not at all, rendering the page unusable. Switching to FastCGI Full Page caching renders the WSForms form right away and is the solution in this case.

This is related to the redis2-nginx-module from openresty, there is an open issue for the module on Github. It was posted in 2022 with no comments or actions until recently by GridPane.

redis2_query set fails with timeout · Issue #68 · openresty/redis2-nginx-module · GitHub
Hi, I think I hit the limitation of the library. Whenever I try to store the response in a size aprox. 120 000 characters and more, I get the timeout. The library is used in a srcache configuration, having the store endpoint configured a…
github.com

Ignoring Query Strings

There is no option to ignore query strings for Facebook and other commonly used ones. Query strings by design will break caching. Therefore, when your website is shared on Facebook, it will bypass the cache every time someone visits your site.

Option to ignore fbclid, utm_, etc. parameters on ngninx to avoid server cache misses – Stack Feature Requests – GridPane
The default config makes all the incoming traffic from FB, IG, Google Ads, Mailings – etc – miss the server cache because of the link parameters. It’s possible to strip them – but then it’s a problem for data analysis (my GA without utm_s can&#
roadmap.gridpane.com

You can ignore query strings using Openlitespeed, but not with Nginx.

There is an article on stripping query strings, which isn’t affective due to query strings being used to track visit data with analytics software.

Remove Query Strings from Requests to Load the Cached Version of a Page | GridPane
By default, GridPane excludes query strings from the cache, so anytime a visitor loads your website with a query string attached (e.g. yourwebsite.com?123)…
gridpane.com

Openlitespeed

Default Site Broken

Setting a default site doesn’t work and breaks Multisite and Ultimo.

Lack of Litespeed Enterprise

There is no option to use Litespeed Enterprise, which is starting to become a huge competitor against Nginx, especially regarding caching.

Log Rotation on High Traffic Sites

Openlitespeed is configured to rotate logs when they reach 1MB, which once compressed is under 100k of storage. A high-traffic site will result in 30 files from the same day, effectively making any forensic analysis impossible. This should be raised to 10MB or 20MB.

https://community.gridpane.com/t/openlitespeed-log-rotation-on-high-traffic-sites/2394

SSL

Single SSL Certificate Authority

You can only generate LetsEncrypt SSL Certificates, there is no option to choose another provider. Ideally, you would want to be able to generate a certificate from other providers. Here are a couple of potential providers.

  • AWS
  • ZeroSSL
  • Cloudflare

Roadmap Request – Enable Third Party SSL Certificate Authorities

No Default Self Signed SSL Certificates

There is no self-signed SSL Certificate when you deploy a site on the GridPane platform. This causes a multitude of issues.

  • When deploying a site and SSL fails, you’re treated with a 404 not found or 403 error which is not helpful informationally. If you set up a default site on your server, you will be forwarded to this default site. Hence why it’s important to set up a default site, as you’ll then know when a site failed to generate a valid SSL certificate.
  • You will be unable to utilize Cloudflare if you don’t set up a SSL Certificate or disable

Roadmap Request – Enable SSL by Default for all New Sites using Self Signed Certificate

Changelog

  • 08/19/2024 – Added Nginx Query Strings Ignore.
  • 08/06/2024 – Added issues with WSForms and Redis Full Page Caching.
  • 08/02/2024 – Updated formatting, updated SSH as Sytem user, added Nginx Helper plugin misconfiguration.
  • 08/19/2022 – Added a section for Litespeed Enterprise and SSL’s.
  • 09/14/2022 – Updated all items with numbers, letters, then i(ii)iii
0 Shares:

You May Also Like
Read More

GridPane CLI Cheatsheet

General Commands Nginx Specific System Specific LiteSpeed Specific gpols site lmt.ca – regenerate ols configuration after modifying ols/headers.conf…
Read More

Cyberpanel Cheatsheet

Introduction This post is basically an ongoing cheatsheet for Cyberpanel! General Administration Accessing CyberPanel Admin You can access…