TinyCP – Review, Duo Auth, AWS SES, WP Nginx Config


It has yet again been a very long time since I felt compelled to write a blog post. In fact I’m not even sure I can justify calling this my blog anymore rather it’s more “collection of Johnathans random thoughts every 2-3 years”. Still. Here we are and off we go.

Backdrop – ServerPilot.io

I wasn’t looking for a new Hosting CP for my server. I had been using a grandfathered free installation of ServerPilot.io for about 4 years (possibly 5?). It did everything I needed with minimal fuss. Allowed me to create sites, centralised configuration and did most of what I wanted without issue. I started running into issues when I wanted to enable SSL on one of my sites. They do offer a paid upgrade to take care of this for you but I thought I could work around it because I’ve used https://letsencrypt.com in the past. It wouldn’t be too difficult?

Sadly it proved otherwise, trying to force my way around ServerPilots automatic reconfiguration of things any time you save something made it awkward and difficult to the point that I managed to brick the installation. I had been running it on a t2.small instance from AWS for ages and had been meaning to rebuild it anyway and this was the catalyst.

Enter TinyCP

I stumbled across https://tinycp.com/ whilst Googling for a new panel. I’ve used Plesk, cPanel, Webmin and a host of others in the past but they’ve all grown so clunky and complex for what I needed. Host about four websites, all running WordPress and maybe the odd project or two that I work on in the background. I don’t need to run a hosting business from the panel, I just needed something simple that took care of the Web Server, Databases and Email.

TinyCP covers all of those requirements perfectly. I was up and running within about 5 minutes which is testament to how easy the installation was on a fresh install of Ubuntu 18.08. As far as reviews go – I can’t sum it up any more succinctly than that. This is a great little hosting panel that takes care of a range of common tasks, and also has built in automatic configuration with LetsEncrypt. WIN.

Duo Auth

I’m a big fan of Duo Auth, I use it on all of my personal servers. For those not familiar, it gives a Push-To-Client 2FA solution for connectivity via Remote Desktop and SSH. It can do a bunch of other things but those are my main uses. Combining with Private Key SSH on an IP restricted port provides a really strong remote access security posture for your personal projects. Configuration on an Ubuntu 18.08 install with TinyCP is super straight forward too.

I won’t regurgitate it in full but there are a couple of points I want to make.

  • The fact that AWS deploys with Private Key SSH by default you’ll want to use this guide for installation – it should “just work”: https://duo.com/docs/duounix 
  • When following that guide, when you reach the section titled ‘PAM Examples’ and you select the Ubuntu tab, be aware that these are two different options! I made the mistake of thinking both were required and ended up with odd behaviour including Duo prompting for a local password and also prompting me twice for the Duo Push.
  • https://emtunc.org/blog/01/2016/setting-duo-security-ubuntu-server-2fa/ is also a useful resource – it’s written for Ubuntu 14.04 but not much has changed.

TinyCP Deployed with AWS Simple Email Service (SES)


Networks in AWS by default have port 25 blocked as standard. This is very sensible behaviour from them and one I’m fully supportive of. It’s still possible to have this restriction lifted but generally speaking there’s no real need to since SES provides an in-effect-free SMTP Relay/SmartHost target. Yes you will need to pay for it if you’re sending thousands of emails a day but if you’re doing that … you’re probably not reading this blog for tips are you? For my purposes (WordPress password resets, the occasional notification email) the free tier is perfect and was a good opportunity to see how flexible TinyCP could be in terms of configuration.

TinyCP Base Setup

TinyCP utilises a combination of Exim4 and Dovecot for it’s email platform and right out of the box, it’s very simple to setup and use. I did have one small issue with getting Outlook to connect on IMAP using STARTTLS but that was resolved by enabling plaintext auth:

doveconf disable_plaintext_auth = yes
service dovecot restart

Note here that the connection is still forced over TLS so plaintext isn’t as scary as it sounds. I don’t plan on using the Mailbox element of TinyCP at all really but I did want to make sure it worked.

Modifications to make it work with SES

Again, I’m not going to regurgitate the already plentiful instructions out there on how to do initial setup in SES. I used this guide specifically: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-exim.html

Where I got confused, was when you dive into your servers Exim4 configuration as it’s done by TinyCP you’ll find two locations of interest:


The confusing part here for me was that when you dive into the conf.d directory you’ll find a whole bunch of config which I spent ages rabbit-holing thinking all the config in there was relevant. It isn’t. All of the config you care about should be done in the latter file. /etc/exim4/exim4.conf. Follow the instructions on the link above, and make sure you put it all in the exim4.conf file and you should be golden after a restart of the service.

SES Gotchas

Bear in mind that for new setups, you’ll be in an SES Sandbox – i.e. you can’t email outbound, only to your own verified domains. You’ll need to raise a support case to be removed from the Sandbox.

TinyCP Gotchas

If your server restarts, TinyCP is going to overwrite the exim4.conf file and all your modifications will be lost. I’ve not yet found a sensible way to avoid this. It does have a concept of custom configuration which can be added to the /etc/exim4/exim-custom.conf file however I think this is intended more for run parameters like maximum attachment sizes and the like. To have your own custom Routers/Transports/Auths that you’ll need for AWS SES you really need to add these to the /etc/exim4/exim4.conf file.

I think (I’m not 100% sure) if TinyCP had made use of the split out config files inside /etc/exim4/conf.d/ it would have made this less of an issue but for the time being I’ve made a copy of my customised exim4.conf file, and setup a cron job to copy it in and restart the Exim4 service periodically.

Yes that’s an ugly hack but it works so …

WordPress permalink rewrites with TinyCP and Nginx

Most people will likely use the bundled Apache Web Server that TinyCP ships with, but I prefer Nginx personally, and luckily it ships with that too! That said, some things are inherently different. One of the key ones is that WordPress’ ability to automatically configure your Apache based .htaccess file to do your rewrites for you won’t work.

Thankfully, for each domain configured in TinyCP, they have a custom config section:

You can add the following to make it all tick (props to @brown in the TinyCP Discord for the fuller version of what I came up with):

gzip on;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
gzip_static on;
location ~* \.(jpg|jpeg|ico|png|gif|ico|css|woff2|js)$ {
expires 30d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";

In Closing

I honestly think TinyCP is perfect for everyone who needs a small, lightweight hosting panel for personal projects. There’s scope here I think for its use to explode into larger use cases and compete with the bloating that is becoming evident in the more established hosting panels but from a personal perspective, I’m really keen to see them remain focused on delivering the basics, and delivering it well.

Read More

A letter to my children about the future, and the past.

Hello boys.

As I write this, the date is the 6th February 2019. We are just over a month away from the largest decision this nation has ever taken, taking it’s toll with long term effects that we can only imagine. Seriously. We can literally only imagine them because nobody knows what’s going to happen.

Jack, you’re approaching your second year as a teenager in a few months. Joe you’ve just turned 10. You may never read this, or maybe you will at some point in the future. Before I truly begin, I want you to know how incredibly proud of you both I am. More than my body, soul and heart can ever truly express. When we spend time together, which is never really long enough but that’s another conversation, I see the joy and happiness in your eyes that only youth can bring. Carefree, unaware of the world around you. I wouldn’t change that for a second. You are both the greatest achievement in my life, and I doubt anything else will ever come close.

I’m writing you this letter because I’m concerned. I’m concerned about the way the world is heading, and more importantly I’m concerned about what world you will be left with when in the (hopefully) distant future I’m no longer on this earth. My belief as I’ve grown up, and as I’ve explored the world has been that we are better as a species when we can talk about our differences, share our similarities and celebrate the fact that we are all fundamentally human. We all reside on this rock, hurtling through space and time with a very limited lifespan. Your life right now feels like it will stretch forever. I am here to tell you quite categorically I’m afraid, that opinion will change. Probably not until like me you are in your 30’s and you’re pondering the bigger things in life … but sure enough, it will come to an end at some point.

I’m just old enough to remember the stories of those who were alive during our last truly global conflict, World War 2. Nowadays you see these stories romanticized in video games and movies, but I remember listening to the stories from the people who were actually there. There is no glamour, nothing about it is cool. The stories are raw, visceral, filled with sadness and pain. Which is why I’m so concerned about our future. I, and you at this point, have been lucky enough to live in relative peace and harmony with our friends in Europe. You aren’t forced into military service. We have food and water aplenty. We have warmth and a roof above our head with minimal risk of losing it. We can travel freely, as we have done together to France and Italy. We can trade goods freely. We can treat our European friends land as if it’s our own for periods of time before returning home. Increasingly we share a common language as more and more of them learn English (and we should never stop trying to learn theirs!). Some of their hardest workers come to these shores to do jobs which many of those who reside on this island would turn their nose up at. You are free from shackles your great grandparents and great great grandparents would have bitten your arm off to escape. You are free to make your life what you will.

We co-exist in peace and prosperity. 

And yet, despite all of that, there are those in this country who feel they have somehow been wronged by these freedoms. By this unprecedented stretch of time where we have not raised arms against one another. Life isn’t always easy for people, and I’m not here to tell you that those people are wrong to feel how they feel. One of the most important things I hope you learn as you grow older is that your viewpoint is not the only viewpoint. However you must ensure your viewpoints are led wherever possible, by facts, over emotion. Emotion is a powerful thing and has the ability to be a great force for good – but equally, it can be hurtful and will shade your view of the facts more often than not. Seek facts over all else wherever you can boys because I promise you – they will help shape your viewpoints far better than doing without.

The world is changing fast, and a date is approaching which right now you have little knowledge of. It’s the date that we are scheduled to depart the EU and I’m afraid of it. I’m afraid of the impact that it could have on our economy. I’m afraid of the impact it could have on our social stability. Our way of life. I don’t know how this will play out, and from my current viewpoint I’m not sure any of the main decision makers truly know either. It feels like a roll of the dice, where the odds are stacked against us – and irrespective of our nations ability and strength and grand history, we will struggle to come out the other side in better shape.

I could be wrong.

Another important lesson to remember. You will be wrong more than you will be right, during large swathes of your life. Those on the other side of this argument may well be right this time. There are people I love dearly with opposing viewpoints to my own, and it doesn’t make me love them any less. We may prosper, we may grow into a Utopian destination of the worlds dreams … although I’d bet that 80% of the worlds population who live on less than $10 US would already consider us the peak of that Utopia already. That’s what’s so infuriating about all of this boys. We live in one of the best countries in the world bar none. In an ecosystem where all of the good things I mentioned come naturally. Where if you work hard, you will truly be rewarded with a greater quality of life than any of my forebears could have hoped for.

I voted against it.

I needed you to know that. Regardless of which way the pendulum swings this year. I needed you to know that’s what I thought. I voted against leaving the EU – not because I thought the arrangement was perfect, but because I thought what was being promised wasn’t worth the risk of losing what we have. I suspect as you grow older you will come to see me as a cautious old fool. I am cautious. I generally dislike the taking of risks – I’ve watched you pair fall on your faces enough to know that risks can be painful! But. I’m willing to accept that on the flipside, taking risks can be wonderful. I’ve taken many in my time and a lot of the time they’ve worked out great. However those have been calculated risks. Where I’ve known, loosely, the odds of success. Right now boys, I don’t think anyone could accurately describe our odds of success if we crash out of the European Union.

It feels like such a large swathe of our country wants this based on emotion and rhetoric that any form of factual assessment is thrown to the wind.

So, I’m sorry.

I’m sorry that my voice thus far hasn’t been enough to dissuade us from this course of action. I’ve done what I can, in the time that I have. I’ve written to my MP. I’ve lobbied vociferously at times with friends and family who’s viewpoints are different to mine. I’ve engaged in social media repeatedly to try and make people see the risks that we are placing at your feet. Not ours. Not my parents. These risks are placed squarely at your feet. By the time the true effects of what may come are felt, the chances are you will be my age and you will be wondering: “What did you do to us Dad?” – and that question rips apart my soul like no other.

I love you both dearly, I hope – with every ounce of my soul – that we do not ruin your future. I’m confident you will make the most of your lives irrespective of the decisions of my time. Embrace others. Travel. See the world. Understand other cultures. Understand other ways of thinking. Realise that your views are not the only ones that matter. Reason. Debate. Fight emotion with logic. Inspire yourself to do wonderful things. Look back on this point in time, and if it goes horribly wrong, use it with a determination to ensure that your generation doesn’t make the same mistakes.



Read More

Striving to make better use of time

Time. We’ve only got so much of it right? I found myself wondering about that recently when sat in an airport with my two kids. I’d just spent a week in Spain with them and had a pretty wonderful time all around and at the end of it I was definitely yearning for more. As we munched through a burger waiting for our gate to come up they were both stuck in their iPads. Fairly standard behaviour in this generation of young people and let’s face it, with me as an  inspiration it’s hardly surprising.

Read More

Transitioning from Windows to Mac

This is more of an introspective blog post than anything else. I’m really just noting down my thoughts on the entire process which has been interesting (to me) to say the least.

I first started using Windows when I was around eight years old with, of course, Windows 3.1. Up to that point I had only ever had experience with DOS systems (and that was mainly limited to ‘cd C:/Games’ and running .bat files to launch Test Drive II!). Windows at that stage of course was a heady mix of File Manager, Minesweeper and of course the old faithful MS-DOS Prompt. It felt like the future, and over the next 15-20 years I lived through each iteration of Windows like most people on the planet. Delighted by Windows 2000. Horrified by Millenium Edition. Main stayed on XP for longer than I care to admit. Avoided Vista. Loved 7. Disliked 8 (although 8.1 was marginally better). Whilst most recently I’ve come to the same conclusion as most technical people across the globe in that Windows 10 is … probably … the best and most well rounded Operating System for the masses that there has ever been. Probably. 🙂


Read More

OpenSSH 7 and ssh-dss keys

Quick one, because it’s the type of thing I tend to forget easily. I recently upgraded a VM of mine from Ubuntu 14.04 LTS to 16.04 LTS. I mainly use the VM as an SSH Web Proxy for tunnelling traffic that I’d rather not originate from my machines IP, and also to get past some fairly arcane URL blocks. Ubuntu’s upgrade is quite neat in that it recognises you’re running the upgrade from a shell and splits the process out to a screen session for you lest you become disconnected for Reasons(tm).

That said, the upgrade went smoothly and without issue and my shell session remained connected and everything was fine for a few days.


Read More

Open Relay Hunter

Sounds dramatic doesn’t it?

Inevitably as part of working for any Internet Service Provider, you’re going to run up against people who are using servers but maybe aren’t quite paying attention. It’s a bit like driving up the M6. The vast majority of people are in their lanes, they indicate, they maneuver sensibly. Then … every few miles … yeah, you know the type. They wobble, they admire themselves in a mirror, and before you know it you’re sitting in a queue of traffic whilst the rest of the world tries to figure out how it happened.

It happens to the best of us and anyone who says their servers are completely secure are kidding themselves on. Each and every day new vulnerabilities and insecurities are coming to light and it’s as important as ever that you’re patching your servers and sniffing them for open ports. Unsecured (or worse, deliberately mis-configured) services running on servers are responsible for some of the most significant Internet slowdowns in recent history. They’re innocuous too. SMTP. Everyone sends email how can that be worrying? DNS. The Internet doesn’t really work without it, that can’t be dangerous? SSL. It’s specifically to keep us safe isn’t it!?

You’d think so huh? Wrong. Have a read at some of the more interesting stories:


Read More

Datacentre Trolley of Awesome™

It’s been two years since I posted something on this blog. That is fairly abysmal in itself but let’s not focus on the negative things. I’m back! Sort of! Probably. It’s been a roller coaster couple of years for me with lots of really fun and exciting things going on and a few not so fun. However. I’m not here to write about any of that! No. I’m here to write about something far more mundane …

The affectionately penned #DCTrolleyofAwesome on Twitter made it’s appearance a week or so ago but in reality this little side project has been bumbling around for a few months now in the background at iomart’s DC5 in Maidenhead. I’m writing this post to mainly consolidate my thoughts on the entire process but I’ve also had a few people reach out from Twitter asking to get a little more detail than just the photos which I was taking at the time. So here we go. Strap yourself in to be thoroughly bored 😉


Read More

Insanity … The End. Or is it?

I’ve mulled over this post for a few days in my head. No cheesy pictures or straplines. I”ve not been quite sure how to write it up or indeed draw a line under one of the most dramatic periods in my life. As corny as that may sound it’s undeniable at this stage. I never expected to be where I am now.

The final few weeks

At time of writing my last post, I had around two and a bit weeks to go. Those were without a doubt two of the most physically draining and demanding weeks I’ve ever experienced. I dropped a further two kilograms between writing Day 47 and completing the workout schedule. I finished on 87.9 kilograms. Total weight loss? 11.9 kilograms. A little under two stone. By this stage people who didn’t know I was doing this were asking me if I was feeling OK or if I had been dieting. I can’t lie, I struggled to contain my delight on more than one occasion.

I’ve gone from a pot bellied weakling to … well … a still ever so slightly pot bellied weakling who can hold his own weight for around 5 seconds and can do 12-15 pushups without stopping. I couldn’t do 3 without falling in a heap before.

I’ve had to buy new jeans, t-shirts, work shirts … the whole lot. Around 4 inches off my waist, half an inch off my neck, 3 inches off my thighs.  To paraphrase the multi-billion dollar fruit shaped monster …

This Changed Everything.


Read More

Insanity Day 47: Master Yoga or was it Yoda?

Day 47 in the Big Insanity House.

Weight loss is continuing and I’m also experiencing some rather fun side effects. Amongst them are what I can only describe as “crunchy” knees. I’ve read a fair bit now about the knee, associated joints, tendons, cartilage and ligaments which support it. I’m fairly sure this is relatively normal for someone who has been overweight and my knees haven’t coped with the additional weight terribly well. Combining it with high intensive cardio exercise is effectively a recipe for pain. It’s incredibly short term pain, and is more uncomfortable really. The additional benefits are well and truly worth the hurt. Once they warm up a bit, it’s all good.

That said, doctors, soon.


Read More