apnscp 3.1 released!
apnscp 3.1 (a/k/a "ApisCP") is out the door after 7 months of development! 3.0 focused on achieving widescale adoption whereas 3.1 is business as usual with innovation. Among the 1650+ commits rolled into this release,
- PHP-FPM, runs off socket activation to mitigate a thundering herd problem on large servers. Each worker pool spins up jailed to the account synthetic filesystem as part of BoxFS. For those used to the single-user behavior of cPanel, it supports running the worker pool as the account owner but from a security standpoint strongly discouraged.
- TimescaleDB, converts the panel database into an efficient time-series storage system with minimal overhead. It's stupid fast, bandwidth overage queries dropped from 20 seconds to ~150 ms on a hot view. As part of 3.1, TimescaleDB will provide continuous aggregation of resource monitoring to allow apnscp to react quickly to threshold surges. CPU, IO in particular will get 24-hour enforcement windows.
- Expanded resource throttling to I/O bandwidth + IOPS. apnscp now covers throttling memory, PIDs, CPU, and IO all without requiring third-party licensing.
- SSO into subordinate domains, domains that are parented to a domain may now be transitioned via SSO to the subordinate domain. It's a compromise on reseller support and opportunity for third-party vendors to integrate billing more readily into apnscp.
- IPv6 support + NAT/hairpinning auto-detection, apnscp will automatically configure your external IP on install.
- Delegated whitelisting grants site administrators the option of protecting one or more IP addresses from brute-force deterrence built into Rampart. It solves a problem of 1 user in an office updating their password and getting the entire SOHO blocked. Users still get notified on panel login, but it won't deny access to the affected service.
- Heightened protection on key URIs, apnscp throttles POST requests on xmlrpc.php and wp-login.php thus improving deterrence to common vectors of abuse.
- ACMEv2 support. Includes wildcard DNS provided you've connected apnscp to one of 6 supported DNS providers.
- PowerDNS integrated into mainline, as part of some excellent work by Lithium Hosting. apnscp can piggyback off your cPanel PowerDNS cluster without interference to facilitate migrations.
- cPanel migrations, introduced in 3.0 but expanded in 3.1. See Migrations.md for more info!
- FLARE helps get the word out when a critical update comes our way. FLARE checks every 30 minutes for a signal and when found, runs upcp obeying your update policy. It's an excellent solution to ensure you remain protected 24x7x365.
And many more. Be sure to check out the release announcement for all the tasty details. Next on the list with 3.1 is logical replication in rspamd to extend per-user preferences to its before-queue milter, y'know the part that rejects a message before it goes into the mail system and chews up CPU only to be spam.
Thank you everyone for feedback, grit, blood, sweat, and hopefully not too many tears whilst testing. Any other questions feel free to shoot me a message or hop on Discord.
Another 50 lifetime redemption codes have been added. Enjoy!