ehcp development tips, notes, design considerations

This page is for developers of ehcp, either experienced or newbie.

I will write here some hings as I email with friends. Thanks for all developers.
Not all topics covered. I will write as I talk with other devs.

About ftp:
* while adding ftp, or something else, it would be better to use direct functions at end of checks and function, such as this->addFtpUserDirect , because they may do some additional task. adding to a table should exist in one location for one table. otherwise, synchronization may lost.

in past, I intentionally did not include this, as people may break their own servers,
or when mysql/ehcp hacked, full server would be under risk, if you freely allow ftp locations.
ftp locations should be limited, such as /var/www, /home/, or similars.

local variables should be minimized.
instead, object variables should be used.
instead of $errors, use $this->errors.
that way, that variable is reachable from all functions.

password() is a function of mysql, not ehcp or php. That is , it is part of a mysql query.

insert into….. …(‘username’,password(‘test’)…) ;

keep in mind that, for non-standard dirs, ehcp fuction syncftp should be called to identify those dirs to vsftpd.

About firewall rule & fail2ban:
Up to now, I consciously did not enter to the features related to firewall. Because, people are doing so many mistakes, miconfigurations, so that they cannot use many software components, webservers etc.. If they do any mistake in a firewall rule, they may even lost connection to their server; they will think ehcp caused them to loose the connection. So, entering firewall features requires extreme care. I am planning to implement them at a later time, in a more precise, more professional way.

ehcp_yeni.tgz should work. it is a testing version. at the same time, it is my latest development files. I am testing&fixing it as bugs appear.

while testing, you should tail -f /var/log/ehcp.log in a terminal, to see what daemon is doing, to debug things.. this is a good way.

git is not up to date, unfortunately, I am not confortable with such version control systems, I even do not know well how to use them…

fastcgi should not be used in apache2 templates, they are used in nginx templates.
if they are left in some files, that is wrong; we should fix them.

note that, some filenames are apachetemplate, but inside is nginx config, when nginx enabled. that is only a mis-naming. I will fix them later. they are actually, webserverconfigtemplate whichever the webserver is.

I will try to move fail2ban into php code,

as a principle, we should try to do:
* make as simple as possible, as it should be a basic, rarely changing installer. it is like a pre-installer. we should change it rarely, it should be quite stable
* we should try to make installer version-independent, so that we should not need to change installer as ubuntu version changes. Because, not everybody using latest version of Ubuntu. Some using 9.10, some 10.10, some 11.10 and so on. So, we should make installer working out of the box, independent of Ubuntu version, as much as possible.

these are just notes.
I will send you installer again after I integrated fail2ban into installer php; Actually, in new version, ehcp shows the user failed logins, as the user logs in successfully. this is done through log table, function check_failed_logins(){

fail2ban will be a second layer of fail logging..

you may track changes using meld diff viewer easily.

You may work on this.
a better way may be: a new opcode, like

this will directly ask for master IP, configuring dns according to that master IP.

A more better way may be:
Ehcp with multi-server support.
A central ehcp may manage multiple servers on different locations. this is still experimental and should be tested throughly. you may find info on this on the doc that I sent you before.

With this, you should do:
* Install ehcp on all server you want, assign each a role, one master, others slave.
* When you add a domain, add only in master ehcp; master ehcp does instructs other ehcp’s of new domain with required slave dns-domain features..
This sound more professional, but this is not tested yet.. And I have no much time to implement this. it is partly implemented now in ehcp.

About question at start of you email: no need to ask, just do necessary slave setting for apparmor.
more question, more confused people.

please keep indentation impact, use tab as indentation. try not use html inside classapp.php, like

or similar simple tags.