GridPane Caveats

Content Error or Suggest an Edit

Notice a grammatical error or technical inaccuracy? Let us know, we will give you credit!

I’ve created this page to track the caveats I’ve found in the GridPane platform. This is an opinion piece and based on my own interactions and experiences, I’m a user of GridPane and it’s a great product. Always do your own research.

Attention

I’ve created this page to track the caveats I’ve found in the GridPane platform. This is an opinion piece and based on my own interactions and experiences, I’m a user of GridPane and it’s a great product. Always do your own research.

Current Caveats

1. Backups

The GridPane backup system uses Duplicacy, which is an excellent deduplication software. Here are the pain points with the GridPane backup system.

a. Setup and Management

The setup of GridPane backups is per-site via the UI, not per server. When you have 50 or 100 sites, that’s quite the undertaking. There’s the CLI, which is excellent and allows single or all-site configuration of backups.

https://gridpane.com/kb/gp-cli-quick-reference#backups

The issue…you’ve now forced people to use the CLI to save time versus having this within the UI.

Ideally, you create a backup strategy on the server and then have single site exclusions that run their own strategy. Once GridPane backups are set up, you don’t need to do much until you create a new site. You have to enable backups for each new site you create, and you can’t configure backups for a new site during the creation process. You have to wait for the site to be created and then you can go into the site and set up the backups which is a multi-step process for remote backups.

b. Notifications

The notifications are Slack or UI based, with no option for email. Not everyone uses Slack, quite often, they set up Slack just for GridPane and then never log in. Backups are critical and should be front and center for most people, so email seems logical here.

I will be publishing a GridPane Slack Notifications to Email script for Cloudflare Workers and PHP at https://github.com/lmtca/gridpane-slack2email

c. Resource Usage

The GridPane backups are based on Duplicacy, a great piece of deduplication backup software. Deduplication does take up significant CPU to calculate what to backup, and there is a thread on the Duplicacy forum to limit CPU for backups.

https://forum.duplicacy.com/t/feature-suggestion-limit-cpu-usage/1146/23

The solution is to have more frequent backups or utilize cpulimit in Linux to throttle the backup.

There should be an option to allow for full backups as a performance option to reduce CPU load on smaller servers or larger services with multiple websites.

The ultimate solution would be to deploy a backup server in GridPane where Duplicacy resides and is used to run backups for all the account’s servers, effectively offloading resources and not affecting production workloads.

d. Leftover Backups

If you delete a site from GridPane and have local or remote backups, they will not be purged or deleted. You have to purge them before deleting the site or re-add the site you deleted and then purge them.

Backup Alternatives

There are several options available to backup a GridPane server.

2. Cloning

a. Server Cloning

  • Doesn’t copy over log files from any sites.
  • Server level configs.
  • Doesn’t copy over the staging site’s databases or files, only creates them.

3. Debugging

a. Logging

i. Different Log Format for Openlitespeed and Nginx

You can see the feature request to address this issue here

https://roadmap.gridpane.com/b/stack-feature-requests/standard-log-output-for-nginx-and-ols/

Nginx and OLS do not output the same log format. This causes issues for software such as Fail2ban and GoAccess, requiring different configurations for each server type or just not working at all.

GP OLS

  • logFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
  • "192.168.1.1 - - [01/Sep/2022:20:16:55 -0700] "GET /favicon.ico HTTP/1.1" 200 103639 "https://domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"

GP Nginx

  • '[$time_local] $remote_addr $upstream_response_time $upstream_cache_status $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" "$http3"';
  • [01/Sep/2022:20:20:07 -0700] 76.70.117.243 1.360 - domain.com "GET /favicon.ico HTTP/2.0" 302 0 1.362 "https://domain.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"

Correct OLS LogFormat

  • `[%t] %h %T - %v "%r" %>s %b %T "%{Referer}i" "%{User-agent}i"

b. Secure Debug

i. Query Monitor

When enabling “Secure Debug”, WordPress debug is enabled and logged to a file, and Query Monitor is installed and enabled. This may cause issues on some WordPress instances, causing an increased load on the admin backend.

When you disable Secure Debug, the query monitor is disabled and left on the site. When trying to clone a site with Query Monitor installed but not activated, an error will occur.

3. Security

a. Blocking wp-version aka WordPress Version

This might seem like a logical feature to enable based on the definition.

This changes your WordPress version to WordPress 42. The change is purely cosmetic and won’t impact your ability to update core/themes/plugins etc, but will prevent bots from being able to access your actual WordPress version and attack you based on known vulnerabilities.

However, there are instances where this will break plugins. So just be aware before you enable this. Here’s the code GridPane uses.

remove_action('wp_head', 'wp_generator');
add_filter('the_generator', '__return_empty_string');

function the_answer() {
        global $wp_version;
        $wp_version = '42';
}
add_action('init', 'the_answer');

4. API

a. Limited API Commands

Currently, the API is not full-featured, and some items are missing. It’s ever-evolving, and make sure you check out Postman to see if what you require is available.

https://documenter.getpostman.com/view/13664964/TVssjU7Z

5. System User Access

a. No Management of SCP, SSH or Jailed/Minimal SSH

Currently, GridPane only offers SCP, which is limiting if you’re looking to use git, wp-cli, MySQL Workbench or deploy using CI/CD. You can enable SSH manually using the following guide I’ve written up, which is unsupported by GridPane support.

It would be great if they implemented an option to enable or disable SCP, SSH and a Jailed/Minimal SSH. This would allow for all of the previously mentioned activities to occur, allowing for more secure access to system user accounts for Developers or Contractors.

6. No Support for non-WordPress PHP Applications

Currently, there is no method to create a PHP-only website that has no WordPress management features enabled. This is something other competitors support. A PHP-only website would allow for installing popular PHP applications and frameworks. Such as WHMCS, Uptime Kuma, Moodle, Drupal and others.

This is a miss here for GridPane, they’re already supporting Nginx and SSL and don’t have to support any application level requests.

7. MySQL

a. Improper Default Configuration

  • Using a connection size of 150 increases the maximum memory usage on more minor instances.
  • Default max_allowed_packet of 32MB increases memory usage and should be set to 16MB

b. No Configuration Profiles Based on Instance Size

Default MySQL configuration doesn’t consider the instance size (CPU/Mem) or database size as it’s a one size fits all. This isn’t performant for WordPress sites, there is no automatic or manual method to re-configure MySQL based on instance size profiles. You can change some common configuration options using the CLI.

8. Openlightspeed

a. Default Site Broken

Setting a default site doesn’t work and breaks Multisite and Ultimo.

b. Lack of Litespeed Enterprise

There is no option to use Litespeed Enterprise, which is starting to become a huge competitor against Nginx, especially regarding caching.

c. Log Rotation on High Traffic Sites

Openlitespeed is configured to rotate logs when they reach 1MB, which once compressed is under 100k of storage. A high-traffic site will result in 30 files from the same day, effectively making any forensic analysis impossible. This should be raised to 10MB or 20MB.

https://community.gridpane.com/t/openlitespeed-log-rotation-on-high-traffic-sites/2394

9. SSL

a. Single SSL Certificate Authority

You can only generate LetsEncrypt SSL Certificates, there is no option to choose another provider. Ideally, you would want to be able to generate a certificate from other providers. Here are a couple of potential providers.

  • AWS
  • ZeroSSL
  • Cloudflare

Roadmap Request – Enable Third Party SSL Certificate Authorities

b. No Default Self Signed SSL Certificates

There is no self-signed SSL Certificate when you deploy a site on the GridPane platform. This causes a multitude of issues.

  • When deploying a site and SSL fails, you’re treated with a 404 not found or 403 error which is not helpful informationally. If you set up a default site on your server, you will be forwarded to this default site. Hence why it’s important to set up a default site, as you’ll then know when a site failed to generate a valid SSL certificate.
  • You will be unable to utilize Cloudflare if you don’t set up a SSL Certificate or disable

Roadmap Request – Enable SSL by Default for all New Sites using Self Signed Certificate

Addressed Caveats

I will list any addressed caveats here.

Changelog

  • 08/19/2022 – Added a section for Litespeed Enterprise and SSL’s.
  • 09/14/2022 – Updated all items with numbers, letters, then i(ii)iii
27 Shares:
You May Also Like
Read More

Cyberpanel Cheatsheet

Introduction This post is basically an ongoing cheatsheet for Cyberpanel! General Administration Accessing CyberPanel Admin You can access…
Read More

GridPane CLI Cheatsheet

General Commands Nginx Specific System Specific LiteSpeed Specific gpols site lmt.ca – regenerate ols configuration after modifying ols/headers.conf…