Means to Access Your Server

SSH

Your server is accessible trough SSH by default. To ensure uniformity between SSH and web actions, there are no personal SSH login users created. Log in with the desired websites user name instead.

Tip

For security reasons, we allow key based logins only. See SSH Key Handling for details about creating new keys.

Every aspect of the configuration is controlled through our configuration management software. There is no root access possible neither for the customer or ourself.

Shortcuts and sudo configuration

Depending on the installed services, some shortcuts are available to execute certain commands with root privileges.

Command

Description

apache-reload

reload Apache webserver

apache-apply

validate and apply ~/apache.conf

autossl-status

show autossl certificates status

custom-service-start

start custom service, use 1-64 as param if you have multiple workers

custom-service-stop

stop custom service, use 1-64 as param if you have multiple workers

custom-service-restart

restart custom service, use 1-64 as param if you have multiple workers

custom-service-status

show custom service status, use 1-64 as param if you have multiple workers

docker-restart

restart Docker daemon

mysqlrestore

start a second mysql server to restore from snapshots

nodejs-restart

restart current nodejs daemon

nodejs-start

start current nodejs daemon

nodejs-stop

stop current nodejs daemon

php-reload

reload PHP daemon

php-restart

restart PHP daemon

puppet-agent

re-run puppet

snapshot-create

create snapshot

waf-apply

apply waf configuration

waf-why

show which rules blocked a certain request

waf-filtered

show blocked requests from the error log

You will also find this list if you type help.

Generic Admin User

A user named devop is created by default. You can log into the server with this user for debugging purposes and to execute global tasks which are not allowed to the website users:

  • read access to all system log files in /var/log/

  • read access to Apache vhost configuration files in /etc/apache2/vhost/

  • read access to the global modsecurity configuration in /etc/modsecurity/

  • mysql: show all processes with SHOW PROCESSLIST

Command

Description

diskusage

shows system diskusage of files and snapshots

diskusage-websites

shows diskusage per user

nft-list

list current nftables configuration

nft-check

validate current nftables configuration

letsencrypt-show

Show Let’s Encrypt keys and certificates

service-summary

shows the status of all services

service-restart

restart a services

puppet-disable

temporary disable puppet agent run

puppet-enable

re-enable puppet agent run

snapshot-delete

delete snapshot

reboot

restart server

varnish-reload

reload Varnish daemon

varnish-restart

restart Varnish daemon

You will also find this list if you type help.

Tip

To display log files, use the Log File Navigator and GoAccess utilities.

SFTP

After adding your publickey to the server, is it possible to connect over SFTP. We recommend to use one of the following clients:

Tip

To store your key in the memory and not having to enter the password for every connection - use pageant (Windows) or use ssh-add to add it to the SSH agent (Linux)