apnscp 3.1 released!

nem

@NanoG6 said:
I don't know what that is but sounds awesome. Keep up the good work @nem!

• Distributed = data is collected per site + server
• Analytics = we're studying data collected
• Predictive = given the data trends, what can we project
• Hot = no need to restart services, it's online optimization
• Naive = formula is simple
• Isostatic = we can't add resources, so it's a reoptimization that maintains resource equilibrium
• Economizer = this system optimizes resource allocation

"naive" will change to "neural" once the math behind it becomes a little more advanced than simply looking at thresholds.

---

As a tangible example, let's talk concurrent HTTP connections. By default, ApisCP is fixed at 100 which will cover 95% of use cases. If you had an enormous server beyond 1000 clients, 100 concurrent connections might not be adequate. We can look at both worker count and connections/second to confirm it isn't a DoS/slowloris. Let's say that worker count is maybe at 75% capacity, then if run-queue size is below 1 per CPU boost the concurrent connection limit to 150 and reassess. Likewise if you've got a pretty quiet server pushing 2 connections/second at peak it may be worthwhile to reclaim 2 workers and free up 50 MB memory or so for use elsewhere.

The goal is to deliver a platform that can configure itself automatically. Whether you have 1 or 10,000 accounts, it will run just as efficiently without any further tweaking. Upside to this focus is that it reduces support costs and creates a more navigable product; less complexity increases productivity.

nem

ApisCP now includes Remi PHP support for seamless any-version PHP (see PHP-FPM.md). It's as simple as adding the Remi repository, installing the packages, and a quick edit via systemd (<3 systemd).

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y php72-php-ioncube-loader php72-php-pecl-mysql php72-php-opcache

Then override the pool service,

[Service]
ExecStart=
ExecStart=/usr/bin/scl enable php74 -- php-fpm --daemonize --fpm-config=/etc/php-fpm.d/sites/apis.com.conf

Where phpXX is the Remi version. Simple as that! Any PHP-FPM instances spawned through this method still report back performance statistics as well as obey resource limits and prescribed security. Remi also provides turnkey installation for exotic modules via PECL. ApisCP is designed - from my role as a hosting provider since 2002 - to provide a build environment to address most modules. Shortcuts take the guesswork out of builds,

# Install mailparse off PECL, inotify 2.0.0, and the release de jour for memcached
cd /usr/local/apnscp/resources/playbooks
ansible-playbook --tags=php/install-pecl-module --extra-vars 'pecl_extensions=["mailparse","https://github.com/php-memcached-dev/php-memcached.git","https://pecl.php.net/get/inotify-2.0.0.tgz"]' bootstrap.yml

With shortcuts come tradeoffs: it's not as fast as the monolithic builds delivered through source. From a couple rounds of benchmarks, it's about 9-15% throughput drop for a WordPress site (OPCache enabled). It's still faster than cPanel-based panels and leaps and bounds faster than Plesk's top heavy, convoluted stack.

If you need to juggle a variety of PHP builds to satisfy needs, then Remi is a great option. If you want to support just a version or two for pending modernization, then standby for native multiphp in ApisCP. You'll have the same capability to override whatever configuration parameters per interpreter (and delegate to site owners) in addition to the nice performance boost from native builds.

---

A 10% improvement in throughput means 10% more customers all things being equal Trade your inexhaustible resources where it's relevant.

.22 is pending which will showcase native multiphp + Remi PHP and possibly the preferences rewrite. Preferences will move over to LMDB or Redis; the current serialization/unserialization routine is prone to race conditions and unsuitable for ensuring consistency in high traffic environments. Rewriting to either which has no direct concept of multidimensional arrays means we have to flatten things.

I've moved ER macros (errors originating from the API) into a translation wrapper too, so we'll have a translation library soon enough of the flavor,

Hello %(forum)s: Hallo %(forum)s
There are %(num)i votes: Es gibt %(num)i Abstimmungen

With a translation abstraction layer smart enough to parse out numerical markers (d, u, f/F) and apply appropriate separators.

shillshocked

How does this perform on dedicated hosting? I get the impression this is more suited for resellers of shared hosting and vps's.

nem

What's your use case and hardware? Hosting a single site on bare metal?

If you're using it for the platform buildouts and consistency checks, a DNS-only license through the licensing portal is free and gives you access to the platform infrastructure. Only catch is it cannot host sites, but may run a backup service or PowerDNS server.

Virtualization overhead is maybe 2-3% now, but the cost of BIOS initialization is heavy. There's an escape hatch built into the platform for example if you exceed a run-queue depth (load average) greater than 25x per processor, it'll perform an automated system recovery which is quicker than waiting for the spike to abate. Taking a production server of mine, Epsilon, for example, it's back up and serving sites in ~45 seconds. BIOS hardware initialization/memory tests on modern hardware add a few if not several minutes to the routine.

Same is said about cache sizes and monolithic configurations with diminishing returns in cache efficiencies past a certain threshold. Ginormous configurations can also impair the ability to recover quickly. The platform is derived from Ensim which used a modular per-site, per-service configuration for Apache that had significant scalability issues after the first hundred sites. ApisCP collapses Apache configuration into a monolithic one, which speeds up restarts considerably, but there are feasibility limitations. Smaller servers yield higher agility. Agility allows faster recovery from defects.

I keep servers around 150-300 clients and spread hardware across multiple VMs. The platform is smart enough to keep itself constantly configured through Bootstrapper. Argos will alert you of anomalies such as load average, memory, or CPU spikes thus allowing you distribute clients across a mixture of servers rather than building a single point of failure.

nem

New documentation portal is available via docs.apiscp.com. This streamlines production quite well, mirroring what is released alongside source. Excellent layout, quite searchable.

A variety of new license classes are now available via my.apiscp.com:

• Dev (FREE) functionally equivalent to a monthly Pro license with the exception that only TLDs ending in .test may be hosted. It makes it easy now to run your own development server with production for added peace of mind.
• DNS-only (FREE) gives access to platform management utilities but may not host sites. Stripping the platform down from auxiliary services, it's an easy way to run a PowerDNS cluster/backup server without incurring additional costs.
• Startup ($50/year) 20 domains. Excludes direct support tiers.
• Mini ($30/year) 10 domains. Excludes direct support tiers.

Lastly, snapshots work great and baked into Web Apps. It's a convenient user alternative to full system backups, especially when venturing down uncharted territory when changing a production site around.

Now that licensing and documentation are addressed, Dashboard is getting gutted. It's time to make use of the telemetry module that has been quietly collecting statistics of the last couple months.

quangthang

@nem said:
New documentation portal is available via docs.apiscp.com. This streamlines production quite well, mirroring what is released alongside source. Excellent layout, quite searchable.

A variety of new license classes are now available via my.apiscp.com:

• Dev (FREE) functionally equivalent to a monthly Pro license with the exception that only TLDs ending in .test may be hosted. It makes it easy now to run your own development server with production for added peace of mind.
• DNS-only (FREE) gives access to platform management utilities but may not host sites. Stripping the platform down from auxiliary services, it's an easy way to run a PowerDNS cluster/backup server without incurring additional costs.
• Startup ($50/year) 20 domains. Excludes direct support tiers.
• Mini ($30/year) 10 domains. Excludes direct support tiers.

Lastly, snapshots work great and baked into Web Apps. It's a convenient user alternative to full system backups, especially when venturing down uncharted territory when changing a production site around.

Now that licensing and documentation are addressed, Dashboard is getting gutted. It's time to make use of the telemetry module that has been quietly collecting statistics of the last couple months.

Now looking for new release and new lifetime promo )

NanoG6

nem said: Lastly, snapshots work great and baked into Web Apps. It's a convenient user alternative to full system backups, especially when venturing down uncharted territory when changing a production site around.

@nem Can't see this feature in Web Apps. Or maybe I was looking at the wrong place? Rev: 9b8c5ce9

kaz050457

hmm > @quangthang said:

@nem said:
New documentation portal is available via docs.apiscp.com. This streamlines production quite well, mirroring what is released alongside source. Excellent layout, quite searchable.

A variety of new license classes are now available via my.apiscp.com:

• Dev (FREE) functionally equivalent to a monthly Pro license with the exception that only TLDs ending in .test may be hosted. It makes it easy now to run your own development server with production for added peace of mind.
• DNS-only (FREE) gives access to platform management utilities but may not host sites. Stripping the platform down from auxiliary services, it's an easy way to run a PowerDNS cluster/backup server without incurring additional costs.
• Startup ($50/year) 20 domains. Excludes direct support tiers.
• Mini ($30/year) 10 domains. Excludes direct support tiers.

Lastly, snapshots work great and baked into Web Apps. It's a convenient user alternative to full system backups, especially when venturing down uncharted territory when changing a production site around.

Now that licensing and documentation are addressed, Dashboard is getting gutted. It's time to make use of the telemetry module that has been quietly collecting statistics of the last couple months.

Now looking for new release and new lifetime promo )

they working on new theme also..

nem

@NanoG6 said:

nem said: Lastly, snapshots work great and baked into Web Apps. It's a convenient user alternative to full system backups, especially when venturing down uncharted territory when changing a production site around.

@nem Can't see this feature in Web Apps. Or maybe I was looking at the wrong place? Rev: 9b8c5ce9

Web > Web Apps. Enable Snapshots. Once snapshots are enabled, from the Snapshot dropdown, you'll be able to create a new checkpoint to rollback from. Alternatively you can enable on install time as well in the installation dropdown.

There's an issue open on expanding Web Apps to support Fortification/database integration for third-party apps. We'll have something to what is discussed in this issue in a couple months, so you can snapshot applications (database included) for apps beyond what is provided in the panel.

@quangthang said:

Now looking for new release and new lifetime promo )

3.2 may not begin work until late this year. PostgreSQL logical replication into Redis is the last major feature I want to incorporate before beginning the next release. Logical replication is necessary for configuring email restrictions/features in rspamd without relying on a messy text file for configuration. I'll let you folks know once it's time .

NanoG6

--edit

Got it! thank you

nem

@NanoG6 said:
Hmm looks different

Select the site first to drill down into options.

RecD

Is there any tutorials for noobs like me to set up the domain and server?
Reading the whole document is painful, to be honest.
I think I need to get familiar with the system by setting up a little project (for example, a free wordpress service for users? is it possible that only allows users use specific program?)
Please forgive my greedy.

And.. the url here direct to https://docs.apnscp.com/getting-started/installation/ which is a 404 error page.

nem

@RecD said:
Is there any tutorials for noobs like me to set up the domain and server?
Reading the whole document is painful, to be honest.
I think I need to get familiar with the system by setting up a little project (for example, a free wordpress service for users? is it possible that only allows users use specific program?)
Please forgive my greedy.

Run the Customizer on a CentOS 7 machine. If you set an email address, and email is working correctly, the panel will send a confirmation with login information once installed. Otherwise you may access the panel through its shortcut.

Web Apps can be blacklisted to disallow everything but WordPress through a tuneable: cpcmd scope:set cp.config webapps blacklist '*,!wordpress'

And.. the url here direct to https://docs.apnscp.com/getting-started/installation/ which is a 404 error page.

Old cached copy of the HTML build. A hard refresh should load the new copy.

nem

Few updates,

Site Optimizer is a new feature that bolts into Pagespeed to provide a series of turnkey optimizations for your web sites. There's even a testing interface that uses Lighthouse to provide an assessment of your page performance. Lower Speed Index values are better.

Rampart is now integrated into the Dashboard for the server administrator. View performance and quickly unban an address if listed.

WHMCS module update now checks against Rampart and provides customers an opportunity to unban/whitelist their addresses upon login.

Lastly, Metrics are now available! It’s a space-efficient storage/query system based on TimescaleDB that covers a swath of features about your system and your hosted sites. From testing, it outperforms InfluxDB and adds no additional memory overhead beyond what’s already in place; a perfect union.

upcp will pull down the latest code and populate the “telemetry” module that exposes the endpoints. Enable telemetry if you haven’t yet:

cpcmd scope:set cp.config telemetry enabled true

A quick rundown of usage:

metrics: list all available metrics by name, ex: cpcmd telemetry:metrics
get: get last recorded metric for a given name, e.g. cpcmd telemetry:get memory-available
range: get sum of records in a range (begin, end), an optional sum parameter disables rollup behavior, e.g. show all memory points logged since inception cpcmd telemetry:range memory-available 0 null null false.
If you want to sum records, such as with monotonic queries, omit the fourth ($sum) parameter: show aggregate query count since inception cpcmd telemetry:range mysql-q 0 null null

And if you need to zero a metric because something went awry, drop_metric , e.g. cpcmd telemetry:drop-metric mysql-q

Moving forward, successive releases will begin incorporating data into different aspects of the platform starting with automatically resizing OPCache as needed to always ensure your sites are served at optimal performance. Memory is to be utilized, not idolized

jh

Any more owned licences?

kaz050457

luckly im one of the few got a free lifetime license.. I hope this license can add to my.apiscp.com also. for ownership protection(ip locking of license) then just make it non transferable...

bula

@jh said:
Any more owned licences?

You can purchased owned license when you login to ApisCP client portal.
However its $499

darb

Any planned date for centos 8?

nem

@jh said:
Any more owned licences?

These are a collector's item now. There will be an opportunity coming up for content publishers and license credits that can be redeemed for revolving licenses.

@darb said:
Any planned date for centos 8?

Support will be added once CentOS 8 matures, but it's not a top priority at this time. Any particular reason you want to dive into CentOS 8 other than it's new?

Much of the stack for ApisCP is provided outside CentOS/EPEL distribution channels (Apache, PHP, Redis, Ruby, Node, Python, MariaDB, Postfix, Postgres, fail2ban). Language runtime environments are always decoupled from the OS. Even too the kernel can be switched to 4.x or 5.x using the system.kernel Scope, cpcmd scope:set system.kernel stable. scl is supported by the platform, so you could install gcc7 if you'd like to as well.

cgroupv2 subdelegation/threading support in CentOS 8 looks fun, but I haven't built up the surrounding infrastructure to exploit that just yet.

Platform-to-platform migrations are quite straightforward with zero downtime. You could start today with CentOS 7 and migrate to 8 with little issue.

nem

Scopes are now part of the frontend! I've spoken much about Scopes, but until now required opening the hood to appreciate. Scopes provide a variety of assisted maintenance knobs. No one wants to hear "TIMTOWTDI" when it comes to reconfiguring the internals of your server. As technology ages and outdated documentation reigns supreme, guidance will become far more critical to ensuring security. Scopes are simplified management points that do the error checking and configuration reconciliation for you. Best of all, they're vetted by Bootstrapper, which is responsible for printing your server from the CentOS factory. Every time it runs these changes are acknowledged and woven into Bootstrapper's logic.

And let's take the mail/rspamd role for example that configures rspamd for a server (via cp.bootstrapper Scope):

Anything ApisCP tunes is now available from within the GUI either under cp.bootstrapper or cp.config. Other named Scopes are provided to simplify complex operations, even switching Apache's port if you choose. Poke around and have fun!

---

Nexus will report cgroup stats when telemetry is enabled. telemetry is still in its infancy stages.

Storage and bandwidth are always reported. Inodes and cgroup consumption may be reported by enabling the options under Settings > App Settings > Nexus.

cgroup reporting also requires telemetry to be enabled, cpcmd scope:set cp.config telemetry enabled 1 or use the Scopes app in the panel.

---

ApisCP now has support for creating your own Scopes + loggable metrics, another fun perk in its continuous evolution.

Finally, there's so much content to publish, which requires some tinkering to achieve. If you're on lockdown like I am, now is as good a time as ever to explore boundaries and learn a bit more - learning is for a lifetime after all. I want to give folks an opportunity to explore these limits, publish content, and of course get rewarded for their endeavors. I'm giving away Startup licenses for users that explore the platform and publish content.

Here's how it works:

Find something novel with ApisCP or informative, a how-to, then publish it on your blog. Alternatively, PRs to the ApisCP docs are much appreciated. There's quite a bit of content to cover and not enough hours in a day. Email me or send me a PM with the content, and you'll get a license key for each publication.

Topic ideas include:

• Creating new Scopes
• Migrating from cPanel to ApisCP, sharing PowerDNS clusters
• Building out DNS cluster with DNS-only licenses (free via my.apiscp.com)
• Configuring an rspamd cluster with ApisCP (DNS-only licenses work great for this)
• Remote ClamAV scanning
• Filling in documentation via PR
• Ideal Site Optimizer settings for WordPress behind a pull CDN
• Placing Varnish/NGINX in front (apache.ports helps with reconfiguring this)
• Building out new Web App modules
• Anything else, just ask and I'll OK it.

All conversations pose unique opportunities. If you have any questions with content, Discord is the best place to catch me.

Fine print: minimum content length of 350 words or at my discretion; code is hard to quantify. Limit 5 licenses per participant.

---

Other news,

• v3.1.37 released today officially disables TLSv1.0 and v1.1. Use the following scopes to enable for services: apache.insecure-ssl, mail.insecure-ssl (Postfix, Dovecot, haproxy), ftp.insecure-ssl
• Got an anonymous lifetime license? Sign up for an account on the licensing portal. Email me the license along with your email on there if it's different to [email protected]. I'll invalidate that license thereby allowing you to generate a new license within the portal @kaz050457
• CentOS 8 support will arrive in Q2
• Next on the list is integrating Web App snapshots into updates. Check for a 200 before, check for a 200 after, and if there's a problem perform an automated rollback. Until then!

kaz050457

@nem done, thanks in advance...

update
thank u

edoarudo5

@nem said:

• Got an anonymous lifetime license? Sign up for an account on the licensing portal. Email me the license along with your email on there if it's different to [email protected]. I'll invalidate that license thereby allowing you to generate a new license within the portal @kaz050457

Thank you very much for this. I have successfully transferred my anonymous lifetime license to my account like kaz050457.

nem

CentOS 8 is now supported with v3.1.41 released today.

Two notable features, first TLS v1.3 is available, which accelerates SSL delivery.

Second, which requires more work for me to flesh out, cgroupv2 is here including a unified hierarchy. If you're running a server in excess of 600+ accounts you might notice a couple second slowdown adding sites because each cgroup controller pollutes /proc/mounts. Each site consists of a set of 4 controllers. Hierarchy unification allows ApisCP to deduplicate these controllers into 1 monolithic mount for each site, which means anything that parses out /proc/mounts has to enumerate 600 lines rather than 2400 (or 3600 if you add net_cls + freezer controllers). I'm running a build with 650 accounts on my desktop VM to find optimization opportunities. A unified hierarchy greatly improves service startup times for anything that has ProtectHome=yes or ReadWritePaths= set. I'll have a bit more work on this available in a later release.

Telemetry is enabled by default as well, (v3.1.40). WordPress also provides a backend package management feature in Web Apps. Accidentally bone your WP site with a bad plugin? You can disable it from within ApisCP if your WP admin portal is inaccessible. Moreover, it's possible now to configure update policies for themes/plugins. It's able to properly update commercial plugins/themes that rely on transients as well.

Now that the foundational stuff is out of the way and telemetry in full effect, next few releases will focus on Update Assurance, Web App screenshots (wide view), WP vulnerability scans, and glances that tie into telemetry. Stay tuned!

latic

Are you able to migrate from centos web panel to your control panel?

nem

@latic said:
Are you able to migrate from centos web panel to your control panel?

There's presently not enough demand to warrant building a migration facility around CWP. cPanel exists and having worked through a few dozen outliers, it's a very inconsistent mess. I couldn't imagine what follies something written with PHP5 and a litany of CVEs would look like.

Before building out a cPanel migration facility, I did migrations by hand. It takes about 5 minutes to import a site by hand. Here's a breakdown I have from about 3 years ago, still valid:

---

For each account, add in Nexus.

For each domain in each account,

• Download a copy of the web site document root
• Upload to /var/www/, connect subdomain (Web > Subdomains) or addon domain (DNS > Addon Domains) if it's to be parented to the main account
• If WordPress or MySQL-based PHP application, export the database
• Databases > MySQL Manager, create a new database. It will be prefixed with "xyz_". Click Advanced button to expand additional options, add export to "Use SQL Export". ApisCP will automatically decompress and negotiate SQL export as needed
• Edit configuration files, change MySQL connection details. Varies per application
• Setup write permissions. If WP, Web > Web Apps. Select domain. Click "Detect"[1]. Select Fortification > Max Fortification after app is detected[2]
• Preview domain via DNS[3]

For email:

• User > Add User. Create a new user. If using email for multiple domains, I recommend namespacing[4].
  If working with 1 mailbox:

• Login to SquirrelMail[5] on this server.

• Options > POP3 Fetchmail. Enter your old mail settings[5].

If working with multiple mailboxes:

• Transfer files for user to /home/USER/Mail. IMAP server will automatically incorporate messages into users mailbox.[6]

1: https://kb.apiscp.com/control-panel/detecting-a-web-application/
2: https://kb.apiscp.com/control-panel/understanding-fortification/
3: https://kb.apiscp.com/dns/previewing-your-domain/
4: https://kb.apiscp.com/email/separating-mail-user-different-domain/
5: https://kb.apiscp.com/email/migrating-mail-from-elsewhere/
6: https://kb.apiscp.com/email/email-filesystem-layout/

latic

I've just gone through this and testing it out now. Helped me to delete a lot of old websites i didnt need.

nem

@latic said:
I've just gone through this and testing it out now. Helped me to delete a lot of old websites i didnt need.

Looking over cPanel migrations, a couple other useful commands:

letsencrypt:bootstrap (doc) will attempt to request SSL on the domain + wildcard if DNS permits. You can mix that command with admin:collect() to iterate over all sites and enable SSL, for example...

cpcmd -o json admin:collect null '[dns.enabled:1]' | jq -r 'keys[]' | while read SITE ; do 
    cpcmd -d $SITE letsencrypt:bootstrap
done

admin:collect() (doc) works with an assortment of account parameters with some documentation now available via docs.apiscp.com.

admin:locate-webapps (doc) will scour all accounts, looking for supported Web Apps. admin:update-webapps (doc) will apply updates to all detected Web Apps, so it's a bit easier to perform in one fell swoop:

cpcmd admin:locate-webapps
cpcmd admin:update-webapps

Likewise once you import and update these apps, you can apply Fortification to them to restrict write access (generally a good thing):

cpcmd -o json admin:collect | jq -r 'keys[]' | while read SITE ; do  
    cpcmd -o json -d $SITE common:load-preferences |  jq -r 'select(type == "object") | .webapps.paths[].hostname' | while read HOSTNAME ; do 
        cpcmd -d "$SITE" wordpress:fortify "$HOSTNAME" '' max
    done
done

hackerman

nem said: Got an anonymous lifetime license? Sign up for an account on the licensing portal. Email me the license along with your email on there if it's different to [email protected]. I'll invalidate that license thereby allowing you to generate a new license within the portal @kaz050457

I claimed 3 of these, can I do this for all of them? They've all been used offline/private use so far, for my clients (4 so far) I've got them to grab their own licenses and they're loving it over cPanel.

nem said: Telemetry is enabled by default as well, (v3.1.40). WordPress also provides a backend package management feature in Web Apps. Accidentally bone your WP site with a bad plugin? You can disable it from within ApisCP if your WP admin portal is inaccessible. Moreover, it's possible now to configure update policies for themes/plugins. It's able to properly update commercial plugins/themes that rely on transients as well.

How does it update commercial plugins? Does it use the WordPress update mechanism? Or is it using an internal repository? Some commercial plugins don't have automatic updates, so have to be manually updated.

On a separate note, any plans to support ARM servers?

nem

@hackerman said:
I claimed 3 of these, can I do this for all of them? They've all been used offline/private use so far, for my clients (4 so far) I've got them to grab their own licenses and they're loving it over cPanel.

Certainly. Just email them to [email protected]. Glad to hear

How does it update commercial plugins? Does it use the WordPress update mechanism? Or is it using an internal repository? Some commercial plugins don't have automatic updates, so have to be manually updated.

From discussing with others, as I understand if the plugin is capable of updating itself automatically in WordPress, by broadcasting its version, then WP-CLI will be able to sniff it out. PUC or TGMPA-based plugins don't always hook in correctly to set update_themes/update_plugins via pre_set_site_transient_.... The same issue exists on ManageWP and MainWP for these bogus plugins.

Easiest way to evaluate this is to flush transient data, then query status:

wp-cli transient delete update_plugins --network
wp-cli transient get update_plugins --network

Whichever plugins don't broadcast an update url may not be updated through automated means. I'm not sure there's an automated means to update them period, but open to feedback if another route exists.

On a separate note, any plans to support ARM servers?

No immediate plans yet.

hackerman

nem said: Whichever plugins don't broadcast an update url may not be updated through automated means. I'm not sure there's an automated means to update them period, but open to feedback if another route exists.

I saw someone link to https://github.com/captainhook/fu/ in reply to one of your tweets, so I am working on an 'internal repository'. This way I can push out an update across all domains, proactively protecting in the case of security vulnerabilities which is only becoming more common with WordPress plugins. I would contribute it to ApisCP but I don't yet have to skill to develop something so elaborate. But perhaps an idea for you; I believe Plesk are working on a solution for this but I've no idea what they're planning.

edit: actually, Plesk already has an 'internal wordpress plugin/theme repository'... I suspect they may expand this to more capabilities.

nem said: No immediate plans yet.

I had a ARM server with Scaleway - incredibly cheap yet powerful. Unfortunately they are discontinuing it due to stability concerns. Always got my eyes glued to your changelogs