I noticed that when creating a user with a tariff plan in which ssh access and jail limits are configured, a jail in the /srv/jail folder is not created for the user
I found a solution to the problem by running the script /usr/local/hestia/bin/v-rebuild-users via cron
But now after running the script, duplicates appear in the file /usr/local/hestia/data/queue/traffic.pipe every 30 minutes.
Ini grows endlessly.
And today, when I run the v-rebuild-users script, I get the error:
This issue was resolved by deleting the user and restoring from a backup. But the issue of creating a jail for the user when it is created remains open. It is not created by itself. How can this problem be solved?
Please help me understand cgroup limits and how it all works. Where can I see through the console whether the limits have been applied to the user or not?
Should quotas be written to the slice folder? /sys/fs/cgroup/system.slice/srv-jail-decor268-home-decor268.mount
Because in the folder /etc/systemd/system.control/user-1007.slice.d there are certain limits for the user. But for some reason when running the php script for the load test they are not visible. The server cores are loaded at 100 percent. But the limit is 10 percent for the user.
Do not exit open ssh terminal under user via ssh client putty. Jail is enabled. Perhaps there are developers here who made cgroup and jail. I would like to help to set up this function. My system is Debian 12
In general, I figured out the slices. The slice starts itself when there is a load and any requests from the user. And it does not start because there are no requests.
The slice does not limit the work of the same php-fpm from the user. That is, fpm works as a separate slice and is not included in the restrictions for the user.
Well, in fact, the entire logic of cgoup’s work collapses here
Nothing is limited at all
Yes. I think it is impossible to do it differently. But each slice will include general restrictions according to the package allocated to the user (resources)
I don’t know how applicable this is for mysql
The most important thing to limit is php fpm. Since it loads the processor and memory the most.
And don’t forget about [Bug] Jail is not created when creating a new user · Issue #4645 · hestiacp/hestiacp · GitHub I think this should be a pretty high-priority task - to figure out the restriction and creation of jail. This is purely my opinion. I’m ready to test it thoroughly after fixing it. The rest of the small bugs are not so important and can be fixed independently if you have the necessary knowledge)
I’m perfectly able to allow multiple sub-domains to interact on the same site.
I’m kinda not familiar with cross-database mysql calls. I wish I could use MSSQL instead of mySQL
I wish that the ‘auto-fill fields’ were able to persist a bit better. I don’t know how ‘autofill’ works on forms. I used to use Roboform to do this, but now every browser does it differently.
I think running mysql separately for each user is a very resource-intensive solution. It is not necessary.
In cloudlinux there is such a thing as MySQL Governor
It works yes.
In general, it is logical to do something similar but based on cgroup for mysql. Display the mysql limit settings for the entire server. You can specify how many resources to allocate to the database server. This will be quite enough
Example of implementation in the ispmanager 5+cloudlinux panel:
