There are many things that I have fallen in love with over the last nearly twenty years of managing web servers. Whether I was working for a Medium sized ISP doing IIS migrations or working as a Lamp developer for a startup, there were a lot of things that were discovered and a lot of things that I am still looking for. The things that I miss the most are

  • The integration between Softaculous and VestaCP is a decent tool for development purposes in my opinion. I know that I can run VestaCP as a local Virtual Machine and that way I don’t have to pay the bucks a month for a Virtual Private Server. The money savings is nice, but the real important thing is that I don’t trust running VestaCp and Softaculous in a publicly hosted server, because it’s inevitable to me that any app that hasn’t been updated in 20 months will get owned online.
  • The ability for me to successfully run VestaCP on a local Virtual Machine is dependent on three things that have been a limiting factor so far
    • My Windows DNS Server needs to be rebuilt. This is going to be a requirement for me to be able to host most apps locally and be successful in actually being able to USE these apps, it drives me crazy that half the apps out there requires a FQDN to be able to login. I don’t know how people do this in a practical way without windows sever
    • My ability to run Virtual Machines has been severely limited because I don’t have enough Ram. But the good news is that I just ordered a 16gb stick it was only $52. Why couldn’t I have done this earlier ?
    • The whole point of me wanting to use VestaCp in this day and age is directly related to being able to run Softaculous. I mean without Softaculous the HestiaCP platform is wildly superior to VestaCp. And without some sort of public IP address and a public connection to my server I’m not able to run Softaculous locally. It just doesn’t work using an address of 192.168.x.x.

We like having development environments available online, but many times it is more secure to run the Web Server at our Office, and this allows better DNS customization. Domain Name Servers are a complex topic and most website migrations involve some work involving DNS Servers. Having a custom DNS Server in our office means that we can add virtual hosts without waiting an hour for DNS name changes to propagate.

Someday, finding a DNS Server that is publicly accessible would be nice, but for now, it is safer to be able to run this behind a NAT router and corporate Firewall. Being able to redirect a visitor from a legitimate website to a mock copy (which looks identical) is a very dangerous thing. For example, if someone redirected from Wells Fargo to a private server and having someone login to that fake website would give the bank website credentials to the fake for. If you get someone else’s bank credentials it is trivial to transfer their money out.

The other problem with providing a public DNS services is that there are a lot of things that can go wrong from a security perspective. It is possible to trust a SSL Certificate Authority that is malicious. There are many different ways to fall victim to a man-in-the-middle attack. This is sometimes abbreviated to MITM. The ability to get someone to trust the wrong SSL certificate would allow someone else to be able to decrypt and re-encrypt the traffic that passes over the internet via HTTPS. This would allow anyone to see your private passwords and to get into your email server, or even worse. It wouldn’t take me 30 minutes to demonstrate a MITM attack using a product called pfSense. I love that router pfSense because it allows things that I haven’t seen anywhere else. It is easy to block visitors from other geographic areas, and there is a router

%d bloggers like this: