Substitution of Plesk administrated Webserver?

I am currently thinking about switching my hosted webserver from Debian/Plesk to Nethserver and would like to hear your opinion. The main reasons for the change are the Plesk license and limited spam management. My manual SpamAssassin customizations are always overwritten when I update.

Initial situation:

• VServer / KVM hosted by Netcup
• Debian Buster, administrated by Plesk
• general used functions:
  • Firewall
  • fail2ban
  • modescurity
  • Let’s Encrypt-Certificates with auto renewal
  • apache combined with nginx-proxy and -caching
  • Mailserver (Postfix + Dovecot) with Amavis/ SpamAssassin, DMARC, DKIM; SPF, DNSBL,
  • DNS via external service provider
  • MySQL/PHP 7.3x
  • backup and restore
  • FTP-Server
  • Cron Jobs
  • File Sharing
• myDomain#1
  • Wordpress
  • Mail-Accounts
• myDomain#2
  • Mail-Accounts
• myDomain#3
  • Mail-Accounts
  • Mail-Server (mx-domain)
• myDomain#4
  • Wordpress
  • Mail-Accounts
  • webtrees-Server

possible migration strategy 1:

1. Ordering a new VServer (or root-server?)
2. Installation Nethserver from own image directly into the VServer
3. Provision of 4 different domain spaces
4. Migration of the Wordpress instances via Wordpress-Plugin
5. Manual Installation of webtrees with data migration
6. Reconfiguration of my A/AAA-Records at my DNS-Provider
7. Configuration of the Mail-Server

possible migration strategy 2:

1. Ordering a new VServer (or root-server?)
2. Installation of Proxmox (this is feasible and recommendable?)
3. Installation of different virtual servers for each domain
4. Migration of the existing domain spaces into each server
5. Reconfiguration of my A/AAA-Records at my DNS-Provider
6. Configuration of the Mail-Server

One of the questions that causes me the biggest headache and stomach ache is the backup and restore functionality.

Within Plesk I have very simple but flexible possibilities for backup and restore

A) Backup on server level (full or incremental) / manual or scheduled

It is not necessary to select the relevant assets manually (directories, config files, databases …). Apparently, the backup is configured during the software installation, so you can be sure that all required assets are backed up.

1. Restore each single domain space
   a. Only the configuration
   b. Only the database
   c. Only the files
   d. Only single or multiple Mail-Accounts
   e. Some combinations
2. Restore the complete server (all configurations and data)

B) Backup on domain space level (full or incremental) / manual or scheduled

It is not necessary to select the relevant assets manually (directories, config files, databases …). It is not necessary to select the relevant assets manually (directories, config files, databases …). Apparently, the backup is configured during the software installation, so you can be sure that all required assets are backed up.

Restore each single domain space
a. Only the configuration
b. Only the database
c. Only the files
d. Only single or multiple Mail-Accounts
e. Some combinations

All backups can be stored both inside the server and in the specified remote storage via SFTP or SCP.

Such a reliable backup and restore function is crucial for me and has already saved my neck several times.

I could not discover this comfortable backup under Nethserver yet. Neither do I see that a configuration of the backup is done in connection with the package installation, nor can I detect such flexible restore options. But maybe I just haven’t studied it enough?

What do you think about?
Should I trie or not?

Best regards, Marko

@capote

Hi Marko

A vServer with Proxmox? Might work, but I wouldn’t have virtualization inside virtualization for productive stuff.
If you rent a hardware server (eg Hetzner, they support Proxmox), then by all means use Proxmox.
This works quite performant.

NethServer Backup is quite flexible and reliable.

My 2 cents
Andy

Then I didn’t understand, how it works.
Thanks, Marko

NethServer Backup - if using Cockpit (I admit most of mine are set up with the old dashboard) you do have several options of Backup Engines, several options for Targets (SMB, NFS, AWS, etc) and the option for several different sets of backups.

For Example in your scenario above:

Daily Incremental Backups to your provider storage
Once a week a backup sent home…

My 2 cents
Andy

If you’re already using a vServer, by all means rent another vServer, setup NethServer directly if possible, else load a centos 7 minimal, then install NethServer on top of that. Make sure you create a virtual NIC if your vServer only has one NIC. Then you can use VPN to your NethServer from home, or from the road.

vhosts should cover most of your web requirements with NethServer.

Andy

These are the available UI restore options from a NethServer on a contabo vps. They provide snapshots via web UI and I just want to host Nethserver so I don’t need the virtualization layer but as @Andy_Wismer mentioned, there should be packages by many providers.

grafik1514×1274 68.2 KB

This way you could easily restore a folder from /var/lib/nethserver/. For example mails are in /var/lib/nethserver/vmail or the vhosts are in /var/lib/nethserver/vhost or the mariadb databases are in /var/lib/nethserver/backup/mysql.

Thank you @Andy_Wismeran @mrmarkuz
Yes I can install Nethserver directly. Netcup offers the option to use an own installation image.
Is it possible to host multiple web servers within a single one installation?

@mrmarkuz
In my perception it is a prerequisite to use Backup this way is to know exactly which software package uses which path.

It seems even more complicated to me to have to manually enter which data you have to restore.
For me, this is highly error-prone.

In my opinion, the backup and restore should be designed in such a way that you can select what should be backed up and restored on a software pact-specific or domain-specific basis. As described above.

If I have secured domain#1 (consisting of
Configuration data,
scripts for the software (e.g. Wordpress)
Database(s)
MAil account(s)

I just want to be able to select the backup:
-restore the Wordpress database
-restore only the Wordpress scripts
-restore only the MAilaccount abc@domain.tld
-restore the whole Wordpress installation including scripts and database

etc.

This is what Plesk offers me in an excellent way and this is exactly what I miss in Nethserver.

Best regards, Marko

@capote

Hi

With Webservers, if any get’s compromised / attacked, it’s usually the whole server, so you need a “disaster recovery solution”. This is covered by NethServer.

You need backups of all sites. Also covered.

Mail is not quite that comfortable, but also possible (to some extent).

Websites, with different PHP Versions is also possible. And you can always run a VM if you need something special. NethServer is not as comfortable as Proxmox, but can run VMs quite comfortably. You can also use Docker for special stuff…

So it should work well. I also have NethServers running a few domains with mail.

My 2 cents
Andy

ok, @Andy_Wismer. I will start an experiment.
best regards, Marko

The server is up and initial configured, Backup included

My first and certainly not last question concerns the network interface.
How I configure a local instance on the LAN is clear to me. But how is that for a web server at a provider with a public IP address?

Is my assumption correct that the server address must be configured as RED with the provider gateway? At least that’s what I have done now. But now I get to the dashborad of RED without being able to restrict authorized addresses. That somehow doesn’t feel good.

BTW:
During the installation I noticed a strange behaviour.

I always switch the keyboard to German and remove the US layout. The icon on the upper right side also signals this.

image908×566 77.3 KB

image908×202 46 KB

@capote

Hi

See this:

This dummy Interface becomes GREEN, and the real NIC becomes RED.

It works, I’ve used that myself for OpenVPN…

Andy

I used this how to and it worked well.
https://wiki.nethserver.org/doku.php?id=virtual_network_interface&s[]=dummy

But that does not really help me.

Once you have configured your server to your needs, disable access to the server manager from the red network by going to security → network services → httpd-admin and edit to disable access from the outside world.

Then add your home/office IP as a trusted network so only you can access the server manager. Go to security → trusted networks and add your home/office IP and subnet.

I cannot "add your home/office IP as a trusted network ", because my home IP is a dynamically assigned IP.

I would probably have to create a LAN on the green interface and dial in via a VPN. I have no other idea.

But I will put that on hold until everything else runs smoothly.
Best regards, MArko

Create a dummy Green interface is mandatory.
For accessing services, if you need only 1 computer to access NethServer OpenVPN is a quite fast setup; otherwise, IPSec allows better interoperability between NethServer and other devices like routers or firewalls.
Unless your home firewall is a Nethserver installation…

of course, it is
I use Nethserver as agteway and firewall at home.

Therefore OpenVPN as Net2Net connection between VPS and your home network is an option too.

on my home Nethserver I configured VPN for dial in some clients to use my pihole. I’m not sure if I can implement both use cases.

Yes you can.
A RoadWarrior OpenVPN server and a separated OpenVPN Server for Net2Net connection. In the same installation.

https://docs.nethserver.org/en/v7/vpn.html#tunnel-net2net

(be kind, share some love with @giacomo too, i think it was head developer of that feature )

Sounds great. But currently I’m trying to understand how to get mail to run and set up a Wordpress installation.
I have done this many times in the past, but this knowledge is of no use to me now.

Use the wiki, @capote!
https://wiki.nethserver.org/doku.php?id=wordpress
(more Jedi Knight quote than padawan but… whatever)