Stackrium Logo Stackrium Docs

Stackrium Official User Manual

Version 1.1.0 Architecture & Operations Guide

1. The Core Workflow (Order of Operations)

Stackrium utilizes a strict permission and isolation architecture. To successfully get a website or app online, you must bypass nothing and follow this exact sequence of operations to ensure proper Nginx routing and Let's Encrypt validation.

  1. Create a System User: Go to the Users & DBs tab and create a Linux user. This critically isolates your website's files from other users on the server, enforcing our jailed architecture.
  2. Add the Domain: Go to the Web & Git tab, click "New Domain", and assign it to the user you just created. Behind the scenes, Stackrium generates the Nginx vHost and provisions a dedicated PHP-FPM pool.
  3. Point Your DNS: Before proceeding, ensure your domain (or subdomain) has an A-Record pointing to this server's public IP address globally.
  4. Install SSL (HTTPS): Go to the Security & DNS tab and issue a Let's Encrypt certificate. (Note: This will fail if Step 3 is incomplete due to ACME challenge failures).
  5. Deploy Code: Return to Web & Git to deploy your specific framework (Laravel, Python, Node.js), clone a Git repository, or upload static files via the File Manager.

Critical Cloud Prerequisite: Port Opening

Stackrium strictly manages your server's internal firewall (UFW). However, if you are hosting on AWS, Google Cloud, DigitalOcean, or Azure, you MUST also open the following ports in your provider's external Security Group / Network Firewall:

  • TCP 80 & 443: Web Traffic (HTTP/HTTPS)
  • TCP 7443: Stackrium Dashboard Access
  • TCP & UDP 53: BIND9 DNS Routing
  • TCP 20, 21, & 40000-50000: Pure-FTPd Access
  • TCP 22: SSH Server Access

2. Domains, App Engines & Deployment

The Web & Git tab is the core engine for hosting applications. Stackrium automatically configures Nginx, FastCGI Process Managers, and PM2 background workers behind the scenes.

Framework-Specific Deployments

  • Laravel Environment: When you click "Deploy Laravel", Stackrium automatically reconfigures Nginx to point the document root to the /public directory. It also installs Composer dependencies. Note: Laravel 11 requires SQLite. Stackrium ensures php8.3-sqlite3 and php8.3-xml are automatically provisioned via the Software Center.
  • Python (WSGI/ASGI): Python apps run in isolated virtual environments (venv). Stackrium uses PM2 to keep the process running forever. Nginx is intelligently reconfigured as a Reverse Proxy, securely forwarding external port 80/443 traffic to your internal Python app.
  • Node.js (NPM): Deployed natively via PM2. You can specify your entry file (e.g., server.js) and internal port. PM2 ensures the app restarts automatically if it crashes or if the server reboots.
  • 1-Click WordPress: Auto-generates the database and installs the CMS. Requires an empty public_html folder.

The "Revert to PHP" Safety Mechanism

If you want to uninstall a framework application (Laravel, Python, or Node.js) and return to a standard PHP website, use the Revert to PHP tool. This performs a comprehensive "Scorched Earth" cleanup:

  • It securely targets and kills the specific PM2 background worker associated with the domain.
  • It strips the Reverse Proxy rules from Nginx and restores the standard FastCGI PHP execution blocks.
  • Safety Net: If your folder is empty after reverting, Stackrium automatically injects a default index.html template so your website doesn't show a blank "Invalid Response" error.

Git Repository Auto-Deployment

Stackrium allows you to link your domains directly to source control for automated CI/CD pipelines.

  • Strict Authentication: Stackrium enforces a "One User, One Identity" rule. Each system user gets one unique ED25519 SSH Deploy Key. If you are deploying different private repos to different domains, you must create a new System User for each project to maintain security boundaries.
  • Webhooks: Once cloned, the panel provides a unique Webhook URL. Add this to your GitHub or GitLab repository settings (set Content type to application/json). Every code push will automatically trigger Stackrium to pull the latest changes to your live server.

3. Advanced Web Settings & Redis

Optimize how Nginx handles incoming traffic and accelerate your database queries using highly optimized In-Memory caching.

Nginx Routing Rules

  • URL Redirects: Route old links to new destinations. Use 301 (Permanent) to tell Google to update its search index, or 302 (Temporary) if you are just doing maintenance.
  • MIME Types: Nginx needs a dictionary to understand file types. If users are trying to view a file but it forces a "Download" instead, you need to add a MIME type. Example: Ext: apk, MIME: application/vnd.android.package-archive.
  • Hotlink Protection: Stop other websites from stealing your bandwidth. When enabled, Nginx checks the Referer header. If another website embeds your images or videos, Nginx blocks them with a 403 Forbidden error.

Redis In-Memory Caching

Redis stores frequently accessed database queries directly in your server's RAM. Because RAM is exponentially faster than SSD storage, this drastically speeds up dynamic applications.

  • Guardrails: Stackrium hard-caps Redis at 128MB of RAM and uses an LRU (Least Recently Used) eviction policy. This ensures high performance while preventing Redis from causing an Out-Of-Memory (OOM) server crash.
  • WordPress Integration: Use the 1-Click "Enable Redis" button to automatically install the Redis Object Cache plugin and securely inject the credentials into your wp-config.php.
  • Custom Apps: Click "Developer Guide" in the Redis tab to reveal the auto-generated secure password and get boilerplate connection code for PHP, Node, and Python.

4. System Users & Databases

Manage Linux system users and MariaDB/MySQL databases with granular access control protocols.

  • Jailed Environments: Linux users are strictly jailed to their /home/user/web/ directories. Warning: Deleting a user destroys their entire home directory. You must delete their domains from the Web tab first.
  • Network Access Control: When provisioning a database, define security. Select Localhost Only for maximum security, or input a specific external IP if you are connecting remotely from a remote application.
  • SSO phpMyAdmin: Click the database icon next to any database to securely launch phpMyAdmin. Stackrium uses Single Sign-On (SSO), meaning you never have to type your database password.
  • Role-Based Access: When building custom apps, you can restrict database users to specific permissions (e.g., SELECT, INSERT only) using the Custom Role option for added security against SQL injections.

Security, WAF & DNS

Protect your server and route traffic using the built-in BIND9 and UFW engines.

  • WAF (ModSecurity): Toggle the Web Application Firewall on/off per domain. This protects against SQL injections, Cross-Site Scripting (XSS), and malicious bots by inspecting every incoming packet against the OWASP Core Rule Set.
  • Let's Encrypt SSL: Secure domains automatically. The script solves the ACME challenge and reloads Nginx seamlessly. Ensure DNS is fully propagated before attempting.
  • Initialize New DNS Zone: If you want Stackrium to act as your Master DNS server, click this to generate the baseline BIND9 records (A, MX, TXT) automatically. (Note: You must set ns1/ns2 at your registrar).

Domain Suspension & Lifecycle

Administrators can temporarily pause web traffic to a domain without destroying its underlying data.

  • How Suspension Works: Clicking "Suspend" modifies the Nginx vHost configuration to intercept all incoming requests and instantly return a 503 Service Unavailable header.
  • Non-Destructive Action: Suspension does NOT delete files, databases, or SSL certificates. The domain remains perfectly intact on the hard drive for a 1-click unsuspend later.
  • Custom Branding: While suspended, visitors are shown the stackrium_suspended.html template. You can customize this file located in /var/www/stackrium_errors/ to match your organization's branding.

5. Backups & Automation

Never lose your data. Stackrium handles automated compression and SQL dumping via dedicated Python daemon workers running in the background.

  • Manual Backups: Generate instant .tar.gz website file archives or .sql.gz database dumps on command.
  • Auto-Schedule & Retention: Set up Daily, Weekly, or Monthly automated backups. Set a "Retention Limit" (e.g., 3 days) and Stackrium will automatically delete older backups to prevent your server disk from filling up.
  • 1-Click Restore: Click the red restore button next to an archive in the vault to instantly overwrite the live site or database with the backup data.

Automated Tasks (Cron Jobs)

Automate repetitive server tasks like cache clearing, backups, or script execution without manual intervention.

  • Add Cron Job: Schedule commands to run as specific system users. Stackrium uses standard cron syntax * * * * * (Minute, Hour, Day, Month, Weekday).
  • Pro-Tip (Laravel): To run a Laravel scheduler every minute, set all time fields to * and use the command: php /home/user/web/domain.com/public_html/artisan schedule:run.
  • System Time Dependency: Remember that cron jobs execute based on the server's Master Time Zone, which you can configure in the Dashboard's System Settings.

Modular Mail Management

Stackrium uses a strict Modular Mail Architecture. By default, the mail engine is completely uninstalled to save your server's RAM and CPU resources.

  • Local Mail Engine: If you want to host physical emails on the server, click the Mail icon next to any domain and click "Install Mail Engine". This downloads Postfix and Dovecot in the background.
  • External Routing (Recommended): If you use Google Workspace or Microsoft 365, do not install the local engine. Simply use the "External Provider" tab in the Mail Modal for 1-Click DNS setup.
  • Webmail Access: If hosting locally, you can access your inbox securely by navigating to https://webmail.yourdomain.com.