LiteSpeed with Virtualmin ?

Hello,

I have a functionnal Webmin/virtualmin panel running ; and I have a litespeed webserver running. lsws should be apache compatible, but I don’t know how to make virtualmin detect it and use it.

I have tweaked the apache module options (see screenshoot : https://s23.postimg.org/t8ngre4jf/webmin.png ) and also LSWS (to tell it using apache configuration files).

However while the apache module doesn’t complain, virtualmin tell me : “No virtual servers using the feature Apache website were found.”

What may be the culprit ? How does virtualmin does its detection ?

So, while I don’t have any experience with Litespeed (we had a couple requests for it in the early days, but nginx won out in the popularity contest of “should we support another web server, and if so, which one?”), that looks like Virtualmin isn’t yet configured to work with your virtual hosts.

In the Webmin Apache module, are you able to modify the Litespeed configuration, add/remove virtual hosts, restart the server, etc.? That’d be the first step; Virtualmin will need to believe it is actually working with Apache, and it does that almost exclusively through the Webmin Apache module. If that’s working, then on to the next step…

Which is just to import your websites into Virtualmin, or create new ones. There is an import feature that will load virtual hosts from an Apache config file and create Virtualmin users for them, that are associated with the VirtualHost sections, and grant permissions to manage them. Again, all of this would require the Webmin Apache module to recognize the configuration and be able to work with it. If you get that far, I think Virtualmin will work pretty normally.

But, again, I have no idea. I dunno anything about Litespeed. I tinkered with it maybe a decade ago, but I don’t think it had Apache compatibility back then. If the Litespeed folks wanted to get in touch with us, we’d be happy to work with them to iron out any kinks in support…but, if it really is Apache compatible in terms of config files, it should be just a matter of telling Webmin where to find those files.

If the Litespeed folks wanted to get in touch with us, we'd be happy to work with them to iron out any kinks in support

You got similar offer from Cloudlinux but you never took it and for what i know Virtualmin still doesnt support CL. If this is still the case then i must say you guys made a huge mistake. I dont know if that was your arrogance or miscalculation, but you really cut out good amount of potential clients.

From CL forum:

We don't plan to develop native plugins for Virtualmin, due to very small number of people using it. I did provide Jamie couple of CL licenses years ago in case he would like to extend Virtualadmin to support CL. Otherwise -- it would still work, but all the controls would be command line.

Now reading what you said makes me question if this was just to say something or you are serious in your statement.

That’s the first I’ve heard of any contact from CloudLinux. Jamie never mentioned it to me (nor did the CloudLinux folks).

For Virtualmin support, I’d be the right person to talk to (Jamie handles Webmin OS support, but Virtualmin needs a lot more from the OS, in terms of specific packages and configuration and a software repo containing more than just Webmin itself; thus, Webmin supports dozens of operating systems and versions, Virtualmin currently only only 9 combinations on two architectures). Supporting a different service that has identical configuration to an existing one (like say MariaDB instead of MySQL, or in this case, Litespeed instead of Apache) is a few hours of work and testing. Supporting an OS is committing to several hours of work every month for literally years, so even if they had been willing to work with us on Virtualmin support, I’m not making an open invitation to support any OS. We’re very limited in our resources, and OS support is a big piece of it.

Anyway, I’m not sure I like their tone (“very small number of people using it”), and we’ve had only a couple of people (other than you) request it in several years of its existence, and supporting an entirely new OS is a much bigger commitment than supporting a web server that is compatible with Apache…but, if we had a contingent of Virtualmin Pro users that wanted to use it on CloudLinux, I’d look into adding it. As I understand it, it is just a fork of CentOS with grsecurity patches and maybe some other tweaks. It’d probably be reasonably easy to support; but still a big commitment, and from what I’ve read of their docs, I’m skeptical of some of their decisions.

Anyway: This offer to help support Litespeed is not comparable to supporting a new OS. But, if folks want CloudLinux support, they should let us know about it. I can only think of a couple of requests in several years. I may be forgetting some, but it’s definitely not been a big number. We’ve gotten more requests for Fedora support in that time, by far, and I’ve always said “no, but I’ll help if you want to work on it”. To refresh my memory, I just searched forums and issues for Cloudlinux and found three people other than you asking for it (and no Pro customers, which is not the only consideration, by any means, but it certainly helps to know people are willing to pay for software when it works the way they like). I won’t rule out CloudLinux support. but it’s gotta be something that will effect our bottom line in some kinda way (Virtualmin is currently active on tens of thousands of CentOS and Ubuntu servers to put it into perspective for the kinds of numbers we’re looking at here).

What does CloudLinux provide that makes you willing to pay for it, and yell at us for not supporting it?

I just browsed their site, and they list Webmin as being among the supporting products. I guess Jamie took them up on the offer of adding support to Webmin. But, again, I’m the one who handles Virtualmin support, and I add support for what people are asking for. Bring me more users than Fedora or FreeBSD or something would bring (both systems we don’t support for various reasons, but have had people request them over the years), and I’ll probably be willing to put in the work.

Also…I think Virtualmin 6 will bring some stuff that may satisfy you even without CloudLinux. It’s coming early next year with some major changes, including a couple of features that have been requested for years by tons of people (features I’ve been hesitant to offer due to the security implications, but most of my concerns have been resolved).

Man, I’ve rambled a lot here. Quick summary: Supporting a new OS is a lot of work, and maintaining it through the life of the OS (we support every OS for the full lifecycle of the OS…so, we’re committing to 5-7 years of maintenance for each OS), and we’re a very small team with a very small budget (serving a huge community of users). I support the distros that’ll make the most people happy. Right now, that is clearly CentOS, Ubuntu, and Debian, in that order (and the next runner up is so far distant that I’m not confident what OS it would be). I’ll run another poll sometime soon to see if there’s some clear leader in the alternative distro battle that people really want to run on their servers.

I’m not a big user of Cloudlinux as i have installed only on 2 servers but this are the servers i’m hosting clients who want to save some money. Its not like classic shared hosting because i split the server capacity evenly, lets say some sort of hybrid between shared and VPS. Still i like that one client cant so easily affect others on the same server. To be honest i would not dare to have Virtualmin with few dozen clients on the same server. This CP is good for single user per server and only reason i dont have Pro is because my clients dont like it. I tried to show them and majority of them just rejected the idea to use Virtualmin. Now like it or not this are the facts.

You said “Anyway, I’m not sure I like their tone…”, well that post was made back in 2014 and to be honest they tried to reach to you guys but looks like you rejected this idea. Today i dont know any serious and decent host with shared hosting and not using Cloudlinux. I dont have any numbers but i dare to say this market is huge. No one asking for Cloudlinux? Maybe the problem is with Virtualmin and your policies surrounding it, marketing, people perception…? I dont know and i’m not payed to make such analysis but looks like all those companies and individuals arent using Virtualmin. In other words, not supporting CL you cut yourself out of shared hosting market/business. But this isnt my CP, its your, and you have all rights to decide what route to take.

If Virtualmin 6 and Webmin 2 will bring so much needed changes and people actually can accept this control panel then i dont see any problem to buy pro, in mean time they speak with their wallet and so do i.

In the Webmin Apache module, are you able to modify the Litespeed configuration, add/remove virtual hosts, restart the server, etc.? That'd be the first step; Virtualmin will need to believe it is actually working with Apache, and it does that almost exclusively through the Webmin Apache module. If that's working, then on to the next step...

The virtual host I created with webmin is running when I check in my LiteSpeed control panel ; so I guess that it means yes to your questions 1 & 2. Also, the stop/start button of webmin do actually stop/start the server, I tested that also. The webmin module doesn't complain about anything, I fixed yesterday all the error messages it throwed.

it does that almost exclusively through the Webmin Apache module

It seems that this small part where it doesn't rely on it is the culprit which needs to be identified.

Which is just to import your websites into Virtualmin, or create new ones. There is an import feature that will load virtual hosts from an Apache config file and create Virtualmin users for them, that are associated with the VirtualHost sections, and grant permissions to manage them.

Well, I still have to import my website (I want to do that soon but it requires some work), however I doubt it will work if VirtualMin refuses to enable the Apache Module ?

If the Litespeed folks wanted to get in touch with us, we'd be happy to work with them to iron out any kinks in support...but, if it really is Apache compatible in terms of config files, it should be just a matter of telling Webmin where to find those files.

It should indeed. I'll also try to contacte Litespeed folks ; but this difference in detection between webmin's module and virtualmin should be easier to spot on your side.

“Still i like that one client cant so easily affect others on the same server. To be honest i would not dare to have Virtualmin with few dozen clients on the same server.”

I’m curious why you believe that to be true? Are there specific bugs in Virtualmin you’re aware of that allow a user to impact another user on the system?

I'm curious why you believe that to be true? Are there specific bugs in Virtualmin you're aware of that allow a user to impact another user on the system?

Can Virtualmin limit CPU, memory, IO, number of processes, concurrent connections... per account? Can we achieve complete isolation between each account? Can this limits be (pre)set from the control panel and then automatically applied during account creation?

If Virtualmin 6/Webmin 2 will bring this functionalities then you did great job and i think it would be the greatest improvement this software ever received. This is old and robust control panel and its not a question about his quality but its “old”. Technology and client requirements are so different now than it was before 10+ years. Hell, i still remember filling up the papers, then send by fax and after that by mail just to buy a domain what i payed 5-6 times more than now. But the times have changed, technology and clients too, and the software need to keep up or lose the battle and be left behind.

P.S. If the functionalities i mentioned earlier are available with Virtualmin then disregard everything i say and please accept my sincere apologies.

Joe, have you missed my previous comment, above ?

I’m ready to help iron out the issue if needed, but it’s you who may find where it comes from.

Sorry, Bianca, you’re right i did miss this. I got side-tracked on that tangent about CloudLinux.

I think I need more clarity about where you’re seeing this message. I think maybe you’re misinterpreting it (or I may be misunderstanding where it’s happening and what action you’re doing to trigger it).

The message seems to just be saying that there aren’t any virtual hosts configured yet; which is not an error…it’s just saying, “Hey, I don’t have any domains setup yet.” So, what happens when you try to create a new domain in Virtualmin, or import an existing one (by “import and existing one”, I mean use the Import form in Virtualmin to bring an existing VirtualHost under control of Virtualmin)?

"Can Virtualmin limit CPU, memory, IO, number of processes, concurrent connections… per account? "

Of course. For as long as I can remember (though it hasn’t always been in there, it’s been in there for many years). At least, in Virtualmin Pro, we’ve got a Resource Limits page for limiting CPU and memory usage. I’m pretty sure GPL at least has bandwidth (Pro definitely does, but I think it’s in GPL, too). Obviously, disk quotas have been supported from the very beginning. Number of connections would be a function of number of Apache/PHP processes, so that’s mostly covered indirectly by process limits applied to the user, since all kinds of applications run under suexec, by default (it’d require a third party Apache module to limit connections specifically…if we had a Pro customer asking for that, we’d look into it, but it’s never come up to my recollection).

None of this requires CloudLinux.

“Can we achieve complete isolation between each account?”

Define “complete isolation”? Users cannot see or modify other users data or network traffic. We configure suexec, by default, and directory permissions are quite tight by default (tighter than any other control panel I looked at when we were designing our permissions model). That’s always been true in both Pro and GPL. If you can see or modify another users data in a default Virtualmin install that would be a huge security bug…and, obviously, we’d drop everything and fix it right away. I don’t know of any such bugs. With more than 100,000 active installations of Virtualmin, I think we’d hear about a bug like that.

I’ve long been opposed to chroot jails for users as a “security feature”, as it was historically merely security theater, and actually introduced pretty major potential vulnerabilities into the system (where an accident in building the chroot could result in privilege escalation, and a bug in the tool setting up the chroot would also result in a root exploit, and it was previously necessary to disable privilege escalation in OpenSSH to use a chroot shell, among other problems). But, those issues have mostly been resolved, if you are careful and make use of capabilities in the kernel and have a new-ish openssh version. So, I’ve been working on chroot support for Virtualmin 6. I still think it’s a no-op for security, but I no longer think it is a disaster waiting to happen (capabilities allow the chroot shell to not be setuid, and OpenSSH no longer needs to have priv sep disabled, so the only issue remaining is getting the build of the chroot shell app right and the risk of an administrator error leading to root privilege escalation, and we can provide tools to help protect against that).

So…yeah, Virtualmin has had pretty much everything you’re asking for, for many years. And, it’s getting chroot jails in Virtualmin 6 (because it’s finally become reasonably safe to do so a year or two back). I don’t consider chroot jails a major improvement (and they are not a security improvement, though I can see how usability and user happiness might be improved by having them feel “isolated”), but it is something that has been requested a lot over the years, almost since the beginning.

We’ve shipped a few limited and restricted shells over the years, and of course, the File Manager can be locked down (the old one could, too; that’s not a new feature in the new HTML5 file manager), and FTP can be locked down to the users home. It is only ssh that has never been chroot-able, and for what I believe are valid reasons. We’ve always advised users who are really worried about their users being able to look at the filesystem (but still being prevent from causing harm or seeing any sensitive data by filesystem permissions) and who don’t trust Linux filesystem permissions to do their job to only enable FTP and file manager access for the users they don’t trust (but, we also think that’s an unnecessary fear). The reasons we’ve said no to chroot jails for all these years is because they were a bad idea; technically they’re easy to implement (hell, I’m the one building it; if it were hard, Jamie would do it). chroot jails for users are still not a great idea, but they’re no longer a bad idea, so we’re adding support for them (I’ve asked for help testing my jailkit package for CentOS over in the developers forum, but so far no one has taken me up on it).

We’ve also go some other (real) security features coming soon. Since I feel guilty about shipping chroot jails (and the inevitable assumption that many people will have that enabling them provides some remarkable improvement in security), I want to make some real strides forward on security, as well. Ilia recently added SELinux attribute handling to the file manager, for example, which will ship with Virtualmin 6. We’ll likely have a beta SELinux policy package for CentOS systems by the time Virtualmin 6 comes out, or, if not, it’ll come soon after.

Ok so you tell me if i buy Pro i can limit the user on 1/2 CPU core, XX amount of physical and virtual memory, limit IO and/or IOPS… and so on?

Virtualmin > System Settings > Features and plugins

When I had an error in “re-check configuration” about apache and was still changing configuration ; I unchecked apache there. I can’t re-enable it because of the above given error message.

However, you’re right : the virtual host in webmin’s apache module doesn’t seem to be the same thing than what is called virtual server in virtualmin > add server (where I still have nothing, causing I guess the error message). It’s pretty confusing right now, maybe adding a link in the error message to where to fix it would help.

I have tried to “import” but it hasn’t been clear what I imported and I couldn’t get to the end. I’ll try to migrate this evening and I’ll tell you if it works - hopefully it should.

Also, quick question : my website will be the only thing on my IP, but virtualmin doesn’t seem happy with that - “You indicated that the IP is unique to this domain, but it is the systems default address.” Does selecting “shared” have any downside ?

Limits are not based on cores (that’s more sensible in a virtual machine or container environment, where Cloudmin is the right tool for the job). Limits are “Maximum number of processes”, “Maximum size per process”, “Maximum CPU time per process”.

Trying to devote a core to a user in a virtual hosting environment would either be impossible or would require every service they use to be dedicated to them. So, instead of one Apache instance, you’d have one for every user (and, you’d either need a dedicated IP per user, or yet another web server in front to proxy to the right local address for each user’s website), and MySQL would need one server per user, Postfix, etc. At which point you’d be better off giving each user a container or VM (which is what Cloudmin is for, and Cloudmin does have more resource limit options, including limiting number of cores available to the user, etc.).

There’s probably some sort of hybrid model that makes sense, where Virtualmin can manage the hosting stuff inside of multiple Cloudmin guests, but that’s not something we’ve approached yet. Right now, you’d put Virtualmin inside the guests…and since each guest is quite isolated (it’s a VM or container, after all), Virtualmin GPL would work for some use cases. So, Cloudmin provides the isolated user environments, Virtualmin provides the web hosting configuration. Cloudmin Services (included in every Cloudmin Pro and Cloudmin Connect license) allows off-loading DNS, databases, and spam/AV scanning to one or more centrally managed servers, so you’d only serving the website and optionally mailboxes from the user container/VM.

Starting migration of *******.** from local file /home/backup-********.tar.gz ..

Checking for cPanel features ..
.. found Home directory, Administration user, Log file rotation, Webmin login, BIND DNS domain, Mail for domain, MySQL database.

However, the follow features are not supported or enabled on your system : Apache website, Webalizer reporting, virtualmin-awstats. Some functions of the migrated virtual server may not work.

Checking for clashes and dependencies ..
Log file rotation cannot be enabled unless a website is

Failed to migrate any servers!

So yes ; that Virtualmin doesn’t recognize my webserver does indeed block migrating.

Note that to find the issue you may easily and quickly get a free LSWS 15-day trial license. I suppose they would send you a full license if asked, but to test quickly this is probably easier.

I can’t do anything until you tell me what to do ; or until you take a look yourself.

I get you are busy, but I’d like to solve this soon - otherwise it may too easily be postponed after the new year.

I’m still not sure I understand what steps you’re taking and what problem is resulting from those steps.

You need a web server enabled in the Features and Plugins section. In this case, it needs to be Apache. So, go to Features and Plugins, and enable the Apache website feature (and disable nginx, if you have enabled it).

If that results in an error, I’d need to see that specific error.

Note that migrating and importing are different things. Migrating is loading a cPanel or Plesk (and some other less well-known contenders) backup files and migrating them to Virtualmin configuration. Importing is loading virtual hosts from the Apache config file on the local system and creating Virtualmin accounts for them.

Ok so :
1)When I try to enable apache in features & plugins (as I did at the start of this thread), I get this error message :

Failed to save enabled features : The Apache webserver does not appear to be installed on your system, or has not yet been set up properly in Webmin’s Apache Webserver module. If your system does not use Apache, it should be disabled in Virtualmin’s module configuration page."

2)The webmin’s apache server doesn’t complain (see screenshoot in 1st post for how I configured it ; here is another one of what it looks like when I open the webmin’s apache module : https://s23.postimg.org/786ajf5d7/webmin2.png)

3)As for migration ; I have uploaded my cpanel backup on my server before using the migrating tool (and getting the error indicated in message #6) ; and though it’s different from importing, it should also create a virtualmin virtual server, right ?

Do you need any other information to investigate this ?

Hello, now the end of the year holidays draw to an end, may you help me to solve this issue ? I gave above all the answer to all the questions you asked. I really need to get past this.