Skip to content

Website Management (Sites)

Website management enables the complete configuration of websites, including PHP settings, Nginx directives, preview domains, access restrictions, and deployment options.

Overview

The site table shows all configured websites with thumbnail preview, status, and configuration details.

Displayed Columns

Column Description
Preview Thumbnail image of the website
Domain Primary domain of the website
Customer Assigned customer
Linux User System username
PHP Version Active PHP version
Status Active or Disabled
Document Root Path to the web directory

Create Website

  1. Click Create Website
  2. Fill out the form:
Field Required Description
Subscription Yes Associated hosting subscription
Domain Yes Domain of the new website
PHP Version Yes PHP version (loaded dynamically from the server)
Document Root No Subdirectory (default: domain root)
  1. Click Create

Dynamic PHP Versions

The PHP version dropdown is populated dynamically from the server API. It always reflects the PHP versions actually installed on the target server, so you never have to guess which versions are available.

The system automatically configures:

  • Nginx vhost with security policies
  • PHP-FPM pool under the Linux user
  • SSL certificate via Let's Encrypt (if enabled)
  • open_basedir restriction
  • Upload directory protection (PHP execution blocked)

Edit Website

Click the Edit button (pencil icon) of a website to open its configuration.

Tab: General

Field Description
Domain Primary domain of the website (changeable)
PHP Version Change PHP version
PHP Handler FPM or CGI
Document Root Adjust web directory
Status Enable/disable website

Change Domain

The primary domain of a website can be changed directly in the edit modal.

How to

  1. Open Websites and click the Edit button of the desired website
  2. Change the Domain field to the new domain
  3. Click Save

What happens automatically

Step Description
Nginx vhost Old vhost is removed, new one created with the new domain
WordPress URLs If WordPress is installed, siteurl and home are automatically updated via search-replace (all tables)
Panel database Domain in sites, wordpress_installations and domains tables is updated
PHP-FPM Pool remains unchanged (same Linux user)
Files All files remain in the same location — only the domain mapping changes

Validation

  • The new domain must have a valid format (e.g. example.com, shop.my-hosting.com)
  • The domain must not already be used by another website
  • The change takes effect immediately — no restart required

After the domain change

  • SSL must be manually activated for the new domain (under Domains → Enable SSL)
  • DNS must point to the server before SSL can be requested
  • Existing domain aliases and subdomains are preserved

Note

Make sure the DNS A record of the new domain points to the server's IP address before enabling SSL. Otherwise, certificate creation will fail.

Tab: PHP Configuration

PHP settings can be customized per website:

Setting Description
memory_limit Maximum memory per PHP process
max_execution_time Maximum execution time in seconds
max_input_time Maximum input time
post_max_size Maximum POST size
upload_max_filesize Maximum upload file size
max_input_vars Maximum number of input variables
max_file_uploads Maximum number of simultaneous uploads
display_errors Error display (for development only!)
error_reporting Error reporting level
session.gc_maxlifetime Session lifetime
opcache.enable Enable OPcache
open_basedir Path restriction
disable_functions Disabled PHP functions

disable_functions

The default security settings disable dangerous functions such as exec, passthru, shell_exec, system, popen, and proc_open. Only change these if you understand the security implications.

Tab: Nginx Directives

Custom Nginx configuration directives can be added in the text field. These are inserted into the server block of the vhost configuration.

Examples:

# Additional headers
add_header X-Frame-Options "SAMEORIGIN";

# Redirect rule
location /old-page {
    return 301 /new-page;
}

Syntax Validation

The system validates the Nginx configuration before saving. Syntax errors will cause the change to be rejected.

Tab: Performance & Security

Web Application Firewall (ModSecurity)

The WAF can be enabled per website. It uses ModSecurity with the OWASP Core Rule Set (CRS):

  1. Open the website details
  2. Navigate to the Performance & Security tab
  3. Scroll to the Web Application Firewall (ModSecurity) section
  4. Enable the Enable ModSecurity WAF toggle
  5. Click Save

What Is Protected?

The WAF protects against SQL injection, XSS (Cross-Site Scripting), Remote File Inclusion, and many other OWASP Top 10 attacks.

False Positives

Some web applications may have legitimate requests blocked by the WAF (false positives). Disable the WAF if the application stops working correctly after enabling it.

Requirement: The packages libnginx-mod-http-modsecurity and modsecurity-crs must be installed on the server. On new installations this is set up automatically.

Tab: Preview Domain

Each website receives a preview URL through which the website is accessible before the DNS settings of the actual domain are configured.

  • Format: <subdomain>.preview.<panel-domain>
  • Can be enabled or disabled
  • Useful for development and migration

Tab: Access Restrictions

  • IP Restriction: Allow access only from specific IP addresses
  • Password Protection: Protect directories via HTTP authentication

Tab: Logs

Access to the latest entries of the website logs:

  • Access Log — Access logs
  • Error Log — Error logs

Logs can be viewed directly in the browser or downloaded.

Enable / Disable Website

  • Click the Status toggle in the detail view
  • Disabled websites show a default error page
  • The Nginx configuration is automatically updated

Delete Website

  1. Click the Delete icon
  2. Confirm the deletion

Note About Files

When deleting a website, the Nginx configuration and PHP-FPM pool are removed. The website files in the home directory are optionally preserved.

Composer Management

For websites with PHP projects, Composer is available directly in the panel:

  1. Open the website details
  2. Navigate to the Composer tab
  3. Available actions:
  4. composer install — Install dependencies
  5. composer update — Update dependencies
  6. Output is displayed in real time

Git Deployment

For automated deployment via Git:

  1. Open the website details
  2. Navigate to the Git tab
  3. Configure:
  4. Repository URL — HTTPS or SSH
  5. Branch — Branch to deploy (e.g. main)
  6. Auto-Deploy — Automatic deployment on push (webhook)

  7. Deploy Key — SSH key for private repositories

  8. Click Deploy Now for manual deployment

Deploy Hooks

After the Git pull, commands can be executed automatically (e.g. composer install, npm run build).

Error Pages (Error Documents)

Custom error pages can be configured for standard HTTP error codes:

  • 403 — Forbidden
  • 404 — Not Found
  • 500 — Internal Server Error
  • 502 — Bad Gateway
  • 503 — Service Unavailable
Home Features Preise Partner Über uns Integration Impressum Datenschutz AGB

© 2026 NetCell IT · Felix Netzel · In der Wüste 23a, 51381 Leverkusen