Go Back   SolidHost Forums Support Forums Control Panel Questions

Reply
 
Thread Tools Display Modes
Old Apr 9th, 2005, 15:15   #21
vista
Customer
 
Join Date: Mar 2005
Posts: 25
Default

Thanks Rickie, i'll take you up on that once a get this last bit sorted out

To get a different view on this, i wonder if a representative of solidhost could let me know how you guys allocate your ips to resellers?
vista is offline   Reply With Quote
Old Apr 9th, 2005, 15:20   #22
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

Hi Vista,

I was watching this thread already

By default we allocate two (2) IPs per reseller. It's usually setup like this:

IP1: nameserver 1 and shared IP for the reseller
IP2: nameserver 2 and optionally a dedicated IP for an account of the reseller

We can assign more IPs per account but since ARIN is becoming stricter with IP assigments (simply because IPs are running out in IPv4) we don't assign IPs if it's not necessary.

Additional IPs can (generally) be useful for two purposes:

- SSL certificates (each site with an ssl cert needs a dedicated IP)
- high risk sites (because when a site gets attacked you can only see the IP address that is getting attacked, so if you spread out your sites over multiple IPs it's easier to
isolate what account is being attacked). Keep in mind we don't allow high risk sites on regular reseller accounts though - these need to be placed in an isolated environment.

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Old Apr 9th, 2005, 15:48   #23
vista
Customer
 
Join Date: Mar 2005
Posts: 25
Default

Right, so if a reseller wants to install an SSL for their own site (say to take orders) they have to get another IP?

Just to be clear on the actual setting up of the shared IP, rather than granting a dedicated IP in the account creation you would select it in the IP delegation section of the reseller center and then set it up as a shared ip in the 'Managed Main Shared/Ipless IP' section, right?

Purely out of interest what constitutes a high risk site?
vista is offline   Reply With Quote
Old Apr 9th, 2005, 16:06   #24
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

Quote:
Originally Posted by vista
Right, so if a reseller wants to install an SSL for their own site (say to take orders) they have to get another IP?
Correct.

Quote:
Originally Posted by vista
Just to be clear on the actual setting up of the shared IP, rather than granting a dedicated IP in the account creation you would select it in the IP delegation section of the reseller center and then set it up as a shared ip in the 'Managed Main Shared/Ipless IP' section, right?
Quote:
Originally Posted by vista
Correct - you just setup a shared IP that way and if the reseller doesn't select to setup a dedicated IP for an account it will automatically use the shared IP.

Purely out of interest what constitutes a high risk site?
Any site that has a potential risk to receive DDoS attacks. Technically every site has this risk, but some sites have a bigger risk than others. For instance political sites and other sites where people express ideas/thoughts that offend others, and sometimes also adult sites. Also in some businesses competitors attack eachother to make the other look bad (this is very uncommon, but it happens). And also very large sites (for instance google and yahoo) are frequently being attacked.

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock

Last edited by SH-Andre; Apr 9th, 2005 at 16:12.
SH-Andre is offline   Reply With Quote
Old Apr 9th, 2005, 16:17   #25
vista
Customer
 
Join Date: Mar 2005
Posts: 25
Default

Thanks guys for your help, think i have it clear now

A slightly unrelated question as i don't need it for the script (at least not at the moment!) but if an account was created on the shared ip but you want to change it to a dedicated ip how would you do that? Would simply using 'Change Site's IP Address' in the account functions take care of everything (ftp/mail etc)?

Thanks again
vista is offline   Reply With Quote
Old Apr 9th, 2005, 16:25   #26
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

That would indeed be the way to go about that. Keep in mind that by doing so the site may be unavailable while the IP changes (that can even take up to 24 hours). When we do this we manually add a temporary entry to forward all requests to the new IP - but this cannot be done with a cPanel feature.

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Old Apr 29th, 2005, 12:08   #27
vista
Customer
 
Join Date: Mar 2005
Posts: 25
Default

Hey guys,

Unfortunately i've been very busy for the last 2 weeks and haven't had a chance to finish this off, i'm just about in final testing now though

There's a couple of things i've noticed that i'd like to ask the experts about...firstly if the resellers are setup as Andre (i'm assuming Admin is you Andre ) describes a few posts above although resellers create their client accounts on their shared IP, the resellers actual site remains on the main server shared IP (unless they add a dedicated IP obviously) - just wanted to make sure that is indeed how it is setup, or whether i missed a step somewhere?

My other problem is a little bit more serious, i use curl to administer WHM remotely and it works fine if the script is on the same server as WHM, but if you try to access a WHM installed on a different server it throws up a connection error. I've built quite a few curl scripts in the past that access remote servers so i'm quite sure it is not a coding problem - i'm wondering whether by default the server's firewall would block access to port 2086 from a remote machine? Any thoughts on this?

Thanks as always

Steve
vista is offline   Reply With Quote
Old Apr 29th, 2005, 12:29   #28
vista
Customer
 
Join Date: Mar 2005
Posts: 25
Default

hmmm, just tried connection through both sockets and even just using file() and sending via GET, connection timeout for both...it must surely be a network error trying to connect to port 2086 - once again this only happens if you try to access from remote machine, if script and WHM are local there's no problem.
vista is offline   Reply With Quote
Old Apr 29th, 2005, 12:37   #29
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

Hi Steve,

For your first question: the resellers main site is by default setup on the main shared hosting IP because it's basically a client of the root account. What we do is: we first setup a new reseller account (on the main shared IP). Then we enter all the necessary configurations for the reseller account, including the IP addresses that the reseller may use and including the shared IP for the reseller. When this is done we change the IP of the reseller account to its own shared IP.

Furthermore; we also change the dns zone of the reseller account manually, because by default it will be setup using the nameservers of the root account, while it's supposed to use private nameservers. So we update that manually as well.

All I described above can be automated.

Port 2086 is not blocked from remote locations. However I would recommend to use the method that cPanel offers, using their remote access key. I believe they have a complete tutorial available on how to do that. What you could do additionally is to let your script access SSH (best to do that on a non-default port).

If you need any help let us know

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Old Apr 29th, 2005, 12:47   #30
vista
Customer
 
Join Date: Mar 2005
Posts: 25
Default

Hi,

Thanks for the reply, i was just testing this out and by mistake i was testing remote access to a reseller account from a shared account, i just tried it from a reseller account and it worked fine, guess the problem was the request wasn't actually getting out of the first server, not as i initially suspected not reaching the second!! So i think this is now sorted. BTW i do use the access key, basically i have just written effectively my own version of the accounting module for more flexibility (also some hosts do not allow their clients to access the accounting module for security reasons!!?).

Anyway that's ok now, just to go back to your answer to the first question, sorry you lost me there...

So what your saying is that after everything is setup, you then use the changeip to set a dedicated ip (which is their shared IP)?

Quote:
Furthermore; we also change the dns zone of the reseller account manually, because by default it will be setup using the nameservers of the root account, while it's supposed to use private nameservers. So we update that manually as well.
This was something i was wondering about actually, but i don't understand what steps you take here...i thought some hosts allow you to use either the private nameservers or the standard ones - in which case this step wouldn't be taken, correct? What would be the reasons to do this?

Thanks
vista is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 10:46.