With 3.0 out the door it’s time to begin discussing 3.1 and the feature requests accumulated since beginning work on taking apnscp public.
My proposed order is:
- 2FA for panel access. Not all services have a means to use 2FA, so the panel would temporarily whitelist an IP that in turn would allow login to other services. Downside is if you have an IP address that moves, it’s a good way to get yourself accidentally banned.
- SSH key management
- TimescaleDB, logging of storage/bandwidth quota.
haproxy, enables SNI support for Dovecot/Postfix
- PHP-FPM. There’s diminishing marginal return on high density servers. For example open_basedir is a must to prevent traversal elsewhere. These iteratively perform lstat() syscalls all the way back to root to make sure the path is within the directory. It also disables realpath cache. OPCache is one way to reduce this (cached lookups bypass open_basedir resolution), but even with a 6 GB cache it quickly fills up with 500 domains falling back to its uncached behavior.
- Block support. Freeze an account, perform an online migration to the new storage block, unfreeze account. Allow accounts to use storage attachments.
- NextCloud 1-click support
Now’s an excellent time to make any suggestions or hold your peace until 3.2 is released later this year. I’ll have more information on switching over to the experimental
master-31 branch at a later date. For now I would recommend against switching if you’re on edge builds.