Access to the server(s) within Sonassi are well restricted and require either setting up a VPN with OpenVPN or by adding an IP restricted port forwarding rule for SSH access.
Before server access can be granted, 2FA needs to be set up fully.
You must setup and enable OpenVPN for your stack to be able to visit the different control panels for the services in the stack.
The official Sonassi documentation covers the retrieval of the VPN files but does not go into a good level of detail on how to enable the connection once it is ready.
For the sake of keeping this short, we will assume that OpenVPN is installed on your local machine.
If you haven't already, make sure you have issued a VPN bundle and have the zip contents on your local machine.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
# All the client connections will be stored here. cd /etc/openvpn/client; # Unzip your bundle, enter the password for the bundle unzip ~/mybundle.zip -d /tmp/sonassi; # There will be a Linux directory in the unzip output, this has what we need mv -i /tmp/sonassi/Linux/*.conf /etc/openvpn/client mv -i /tmp/sonassi/Linux/*.p12 /etc/openvpn/client # Starting the connection is done with SystemD, the conf file name is used after the "@" systemctl start openvpn-client@myconfname # For example, if the conf file is my_open_vpn.conf the command would be systemctl start openvpn-client@my_open_vpn
The VPN should not affect any other connections with the exception of there being multiple Mage Stack VPNs on a system.
- Dedicated Server (dh)
- Firewall (fw)
- Load Balancer (lb)
- Web Server (web)
- Database Server (db)
- Mail Server (mail)
- Access Server (acc)
- Monitoring/Management Server (monitor)
As everything is behind a VPN, these urls are the same for all clients of Sonassi and un-accessible without a working VPN
- Centralised logging: kibana.magestack.com
- Database management (PHPMyAdmin): phpmyadmin.magestack.com
- Load balancer: haproxy.magestack.com
- Resource/historical graphing: munin.magestack.com
- Service management: mmonit.magestack.com
- SOLR management: solr.magestack.com
- Rabbit MQ Management: queue.magestack.com
Setting the PHP version¶
By default, Sonassi runs with PHP5.4 which is now end of life.
All PHP versions from PHP5.4 up to the latest stable release are available to use on the command line. The default PHP version can be set for the command line using the alternative system.
To set the PHP version used by PHP FPM when serving applications you need to set this when creating/editing your domain group.
Domain Groups and Virtual Hosts¶
Sonassi uses the concept of domain groups to wrap one or many virtual hosts within it. These domain groups share the same PHP-FPM and Nginx process and cannot access the file system of other domain groups.
Domain groups can be used to segregate live, staging and development environments.
Virtual hosts represent individual domains that host an application, they are given a directory and assigned a domain to server content for. Virtual hosts can also be assigned an environment type (E.g. Magento 2) to pre-configure the Magestack for that application.
Domain groups, and the virtual hosts within them can be found like so:
Within the virtual host directory there is a
http directory that stores the application code.
Bashrc and path¶
Magestack does not come with some of the creature comforts of other Linux distributions such as
This can be fixed by adding a
.bashrc file and running it from the
- Create your
.bashrcfile in the home directory
echo "alias ll='ls -latr'" > ~/.bashrc
- Edit your
.bash_profileto load the
.bashrcfile by appending
source ~/.bashrcto the end of the file
Unless you have root access you will not be able to add globally accessible binaries, you can however expand the
variable to include a new directory for your session.
.bash_profile in the home directory, append the following
If you have the
.bashrc file in place, you can alternatively place this in there.
Finally, create the directory for your binaries
mkdir ~/bin and place your binaries to allow them to be run without a full path.
Magestack does not come with Composer installed by default, by completing the guide below.
To make Composer globally available, it needs to be moved to the
To do this, move the composer binary to
Place the binary in
~/bin to allow global access for the current user.
Cloudflare and SSL¶
Sonassi openly state they recommend not using Cloudflare's proxy option with their hosting services.
Cloudflare can still be used with Sonassi in the proxy mode but will require a Cloudflare origin certificate installing on the web server. It is not currently possible to install SSL without using Sonassi support.
- How Nginx configuration works on Magestack
- Testing changes and restarting Nginx
- Securing Virtual Host with basic auth
- Using Pagespeed
Note - Basic auth will not work when Varnish is turned on
/etc/init.d/nginx configtest # Test Nginx config /etc/init.d/nginx reload # Graceful reload of config
Cron can be installed as normal by using the Magento
cron:install command, Sonassi however recommend using their
own cron runner for more safety.
Be sure to create a new virtual host for your queue configuration (e.g. live, prelive, staging) and add a new user in the Rabbit admin with a strong password that has permission to access the virtual host.
Separate virtualhosts are important as you don't want your live site to consume messages for the staging site, avoid using
/ virtual host.
The following command will setup Magento 2 to use the new queue.
1 2 3 4 5
php bin/magento setup:config:set --amqp-host="queue1.i" \ --amqp-port="5672" \ --amqp-user="USERNAME_IN_RABBIT" \ --amqp-password="USER_PASSWORD" \ --amqp-virtualhost="YOUR_VHOST"
The snippets below reflect the configuration described in the Sonassi article for setting up Redis with Magento 2.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
# Enable backend cache php bin/magento setup:config:set --cache-backend=redis \ --cache-backend-redis-server=redis11.i \ --cache-backend-redis-port=6379 \ --cache-backend-redis-db=0 \ --cache-backend-redis-compress-data=1 \ --cache-backend-redis-compression-lib=gzip; # Page Cache php bin/magento setup:config:set --page-cache=redis \ --page-cache-redis-server=redis31.i \ --page-cache-redis-port=6380 \ --page-cache-redis-db=0 \ --page-cache-redis-compress-data=1 \ --page-cache-redis-compression-lib=gzip; # Session Cache php bin/magento setup:config:set --session-save=redis \ --session-save-redis-host=redis1.i \ --session-save-redis-port=6379 \ --session-save-redis-db=0 \ --session-save-redis-compression-threshold=2048 \ --session-save-redis-compression-lib=gzip \ --session-save-redis-disable-locking=1