Skip to content

Sonassi

Setup

Server Access

Access to the server(s) within Sonassi are well restricted and require either setting up a VPN with OpenVPN or by adding an IP restricted port forwarding rule for SSH access.

Before server access can be granted, 2FA needs to be set up fully.

VPN Setup

You must setup and enable OpenVPN for your stack to be able to visit the different control panels for the services in the stack.

The official Sonassi documentation covers the retrieval of the VPN files but does not go into a good level of detail on how to enable the connection once it is ready.

For the sake of keeping this short, we will assume that OpenVPN is installed on your local machine.

If you haven't already, make sure you have issued a VPN bundle and have the zip contents on your local machine.

# All the client connections will be stored here.
cd /etc/openvpn/client;

# Unzip your bundle, enter the password for the bundle
unzip ~/mybundle.zip -d /tmp/sonassi;

# There will be a Linux directory in the unzip output, this has what we need
mv -i /tmp/sonassi/Linux/*.conf /etc/openvpn/client
mv -i /tmp/sonassi/Linux/*.p12 /etc/openvpn/client

# Starting the connection is done with SystemD, the conf file name is used after the "@"
systemctl start openvpn-client@myconfname

# For example, if the conf file is my_open_vpn.conf the command would be
systemctl start openvpn-client@my_open_vpn

The VPN should not affect any other connections with the exception of there being multiple Mage Stack VPNs on a system.

Stack

  • Dedicated Server (dh)
  • Firewall (fw)
  • Load Balancer (lb)
  • Web Server (web)
  • Database Server (db)
  • Mail Server (mail)
  • Access Server (acc)
  • Monitoring/Management Server (monitor)

Urls

As everything is behind a VPN, these urls are the same for all clients of Sonassi and un-accessible without a working VPN

More Information

Setting the PHP version

By default, Sonassi runs with PHP5.4 which is now end of life.

All PHP versions from PHP5.4 up to the latest stable release are available to use on the command line. The default PHP version can be set for the command line using the alternative system.

To set the PHP version used by PHP FPM when serving applications you need to set this when creating/editing your domain group.

Domain Groups and Virtual Hosts

Sonassi uses the concept of domain groups to wrap one or many virtual hosts within it. These domain groups share the same PHP-FPM and Nginx process and cannot access the file system of other domain groups.

Domain groups can be used to segregate live, staging and development environments.

Virtual hosts represent individual domains that host an application, they are given a directory and assigned a domain to server content for. Virtual hosts can also be assigned an environment type (E.g. Magento 2) to pre-configure the Magestack for that application.

Virtual Hosts

Directories

Domain groups, and the virtual hosts within them can be found like so:

/microcloud/domains/DOMAIN_GROUP/domains/VIRTUAL_HOST

Within the virtual host directory there is a http directory that stores the application code.

Bashrc and path

Magestack does not come with some of the creature comforts of other Linux distributions such as ll. This can be fixed by adding a .bashrc file and running it from the .bash_profile.

  1. Create your .bashrc file in the home directory 
    echo "alias ll='ls -latr'" > ~/.bashrc
  2. Edit your .bash_profile to load the .bashrc file by appending source ~/.bashrc to the end of the file

User Path

Unless you have root access you will not be able to add globally accessible binaries, you can however expand the $PATH variable to include a new directory for your session.

In your .bash_profile in the home directory, append the following 

export PATH=~/bin:$PATH

If you have the .bashrc file in place, you can alternatively place this in there.

Finally, create the directory for your binaries mkdir ~/bin and place your binaries to allow them to be run without a full path.

Composer

Magestack does not come with Composer installed by default, by completing the guide below.

Installing Composer

To make Composer globally available, it needs to be moved to the ~/bin directory.

To do this, move the composer binary to ~/bin/composer.

Magerun

Place the binary in ~/bin to allow global access for the current user.

Cloudflare and SSL

Sonassi openly state they recommend not using Cloudflare's proxy option with their hosting services.

Sonassi Statement

Cloudflare can still be used with Sonassi in the proxy mode but will require a Cloudflare origin certificate installing on the web server. It is not currently possible to install SSL without using Sonassi support.

Configuration

Nginx

Note - Basic auth will not work when Varnish is turned on

/etc/init.d/nginx configtest # Test Nginx config
/etc/init.d/nginx reload # Graceful reload of config

Cron

Cron can be installed as normal by using the Magento cron:install command, Sonassi however recommend using their own cron runner for more safety.

Rabbit MQ

Be sure to create a new virtual host for your queue configuration (e.g. live, prelive, staging) and add a new user in the Rabbit admin with a strong password that has permission to access the virtual host.

Separate virtualhosts are important as you don't want your live site to consume messages for the staging site, avoid using the / virtual host.

The following command will setup Magento 2 to use the new queue.

php bin/magento setup:config:set --amqp-host="queue1.i" \
 --amqp-port="5672" \
 --amqp-user="USERNAME_IN_RABBIT" \
 --amqp-password="USER_PASSWORD" \
 --amqp-virtualhost="YOUR_VHOST"

MySQL

Varnish

Redis

The snippets below reflect the configuration described in the Sonassi article for setting up Redis with Magento 2. 

# Enable backend cache
php bin/magento setup:config:set --cache-backend=redis \
 --cache-backend-redis-server=redis11.i \
 --cache-backend-redis-port=6379 \
 --cache-backend-redis-db=0 \
 --cache-backend-redis-compress-data=1 \
 --cache-backend-redis-compression-lib=gzip;

# Page Cache
php bin/magento setup:config:set --page-cache=redis \
 --page-cache-redis-server=redis31.i \
 --page-cache-redis-port=6380 \
 --page-cache-redis-db=0 \
 --page-cache-redis-compress-data=1 \
 --page-cache-redis-compression-lib=gzip;

# Session Cache
php bin/magento setup:config:set --session-save=redis \
 --session-save-redis-host=redis1.i \
 --session-save-redis-port=6379 \
 --session-save-redis-db=0 \
 --session-save-redis-compression-threshold=2048 \
 --session-save-redis-compression-lib=gzip \
 --session-save-redis-disable-locking=1

Foregenix

If you're using Foregenix externally, Sonassi need to be made aware as they need to enable Foregenix Mode. If this is not turned on you will get intermittent 503 errors on the site. - This can only be enabled by Sonassi. - This will be enabled for all vhosts on the server and therefore all vhosts need to be connected to Foregenix.

You will also need to add a list of IP addresses to the Sonassi DOS filter to prevent 429 errors showing across the site, which can be found here Foregenix IP whitelist

Another caveat with using Foregenix with Sonassi is that the Log inspection feature won't work for server logs, as the filename has the date in.

CORS headers

This assumes that if you are using a CDN that its subdomain is set up as a separate vhost in sonassi. When this gets set up, Sonassi will automatically add in the extra cdn.include.conf file under ___general for that vhost.

For CDN's Sonassi has a default nginx conf file called cdn.include.conf that can just be included in your ___general/[domain].conf file as stated in this help document Implementing CDN on Magento.

There are cases where this does not work though and icons/font files do not download due to CORS errors, see the amended version to fix this.

The amended version: 

# CORS
set $cors "https://www.example.co.uk";

if ($request_uri ~* "\.(woff|woff2)") {
set $cors "*";
}

if ($request_uri ~* ^/static/version(.+)/adminhtml/(.+\.(html|svg|woff|woff2|otf|ttf|css|js))) {
  set $magestack_protect_admin false;
}

more_set_headers "Access-Control-Allow-Origin: $cors";
more_set_headers "Access-Control-Allow-Credentials: true";
more_set_headers "Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept";

if ($request_method = OPTIONS) {
  return 204;
}