Electric Embers: Handcrafted hosting, powering the fires of change

Private Web

Our Private Web hosting places your account inside its own virtual private server, with any number of MySQL databases and free SSL encryption, and is suitable for hosting sites built on open-source applications including WordPress, NextCloud, Drupal, Joomla, CiviCRM etc.

Your account information page

Your SFTP/SSH connection settings, MySQL database settings, and site access statistics are available at your own account information page, accessible at the web address of the form:

        https://username.electricembers.net:444

Substitute your own username in the URL, and enter your Web username and password when prompted.

Uploading/accessing your files with SFTP

To upload files, connect to your account using SFTP (SSH File Transfer Protocol) or SCP (Secure Copy) on your custom private port. Connection settings are available on your account information page.

Many free and commercial programs support SFTP.  FileZilla is a great option.

Logging in via SSH

Using an SSH (Secure SHell) client, you can connect directly to the UNIX shell to do many things with your account such as move, rename, edit, or delete files, change permissions or your password, view logs, create cronjobs, etc. Connection settings are available on your account information page.

SSH clients are built into Mac OS and other UNIX-like operating systems, while for Windows we recommend Putty. In Mac OS, you can find Applications–>Utilities–>Terminal, then substitute your custom SSH port and username in this command:

        ssh -p port username@web.electricembers.net
Changing your password

You have two different passwords associated with your Web hosting:

  1. To change your SSH/SFTP login password, log into your account via SSH and issue the command passwd.
  2. To change your MySQL database password, log into PHPMyAdmin and click the SQL tab. Enter a query like
     ALTER USER 'your-username-here'@'10.%' IDENTIFIED BY 'new-strong-password';

Next, you must also change the password in all installed database-backed applications to the same new password – until you do so, those applications will have the old password and won’t work.

To change your password for any other service (eg. Mail or Groups), see the instructions for that service. In all cases, we strongly recommend choosing a multi-word passphrase.

Changing your shell

Alternative shells (bash, zsh, etc) are installed in /usr/local/bin/. To change your default shell for SSH sessions to bash for example, you can issue this command (and then enter your password when prompted):

chsh -s /usr/local/bin/bash
Databases

If you need another MySQL database, simply contact us and we’ll create one for you. You can then work with your database(s) using PHPMyAdmin, or the command line tools (via an SSH connection.) MySQL settings are available on your account information page.

Statistics and logs

You’ll find statistics for your website’s traffic on your account information page.

After connecting via SSH or SFTP, you can access the current Apache access and error logs at weblogs/your-domain.org and weblogs/error/your-domain.org, or the PHP error log at weblogs/error/php.log. (7 days’ access log archives are stored at weblogs/old/your-domain.org.[1234567].gz.) These record the IP address, date, time, and filename of each request. It can often be useful when debugging your site to keep an eye on the error logs with a command like

       tail -f weblogs/error/your-domain.org
SSL and httpS://

Secure Sockets Layer or SSL (also known by its newer name Transport Layer Security or TLS) is a way of encrypting communications over a network, changing the old plain text protocol http:// to httpS://. Securing HTTP traffic is vital if you want to protect login usernames and passwords, but is also become de facto as a way of generally enhancing privacy and security on the Internet.

Free SSL Certificates from Let’s Encrypt!

We are pleased to integrate Let’s Encrypt into our Web service, offering unlimited free SSL certificates upon request – no more purchasing https certificates from third-party Certificate Authorities! This means if you want your site protected by SSL, all you have to do now is let us know, and we’ll make it happen.

Backups

To protect your data from catastrophic events, and to some extent from human error on your side or ours, we back up all user data (files and databases) every night. The backups are stored both on a separate server in our main data center in San Francisco and on a remote server near Sacramento, CA. We can recover data from any of the following points in time:

  • 1-6 nights ago
  • 1-6 weeks ago
  • 1-6 months ago

Please let us know immediately if you discover a need for restoring any data from our backups.

Making your own backups in addition can still be useful for some purposes, but often represents wasted disk space, disk churn, and CPU time, so we suggest not using any automated backup tool within your account. If you do have a specific need to make your own backups under your direct control, please do not store more than one backup of the same data here at any time. If you’d like to make multiple backups of the same data, you should transfer them offsite to your own PC or another storage system, which will be much more effective and secure anyway, and delete the EE-hosted copies.

CMS Caching

Static page caching can be useful in making large, dynamically generated websites load faster while reducing the amount of resources required to serve them. However, it also introduces a layer of technical complexity and risk, and we believe that very few sites hosted here will see any real improvement with caching versus the baseline performance on our systems, due to plentiful resources and careful provisioning. We therefore suggest that Electric Embers clients not activate any caching behavior on their sites, unless they’ve seen a real and specific need for it.

CGI scripts

Executable CGI scripts written in perl, PHP, python, or any other language should be placed in the cgi-bin directory inside your home directory (alongside the public_html directory.) For reference in your scripts, the paths to common executables on our system are:

            /usr/local/bin/php
            /usr/local/bin/perl
            /usr/sbin/sendmail
Password protecting pages

If you want to keep a folder (or a whole site) private with a password we’ve created a script that will guide you and set up Apache authentication. To run this script, you will need to log in to your Web account via SSH (by following the directions above), then type the command protect-web.

Sending email from your website

There are three ways your website code can generate and send email:

  1. Your code can use the PHP function mail(), or another similar function in whatever language you’re using;
  2. Your code can directly call the sendmail binary at /usr/sbin/sendmail;
  3. Your code can submit mail over authenticated SMTP by connecting to your own email server, whether hosted here or elsewhere. This is usually the best option as real email accounts will have the best deliverability.
Hosting a Git repository
Please see this detailed tutorial on hosting a Git repository on EE’s web hosting service, graciously provided by Jonathan Kissam, formerly of Webskillet Cooperative.

Software Versions

We are currently running Apache 2.4, PHP 8.1, MySQL 8.0, Node 20 + npm, Perl 5.34, Python 3.9, and Ruby 3.2.

Using WP-CLI

If you run WordPress, and want to install the wp-cli.phar tool as instructed at https://make.wordpress.org/cli/handbook/installing/, the details will need some adaptation for your web hosting environment here. You don’t have write access to system directories (/usr/local/bin), so where that page says “To be able to type just ‘wp‘, instead of ‘php wp-cli.phar‘…”, change their instructions to the following:

chmod +x wp-cli.phar
mkdir ~/bin
mv wp-cli.phar ~/bin/wp

Note the tilde “~” at the start of the pathname in the last two commands – that is shorthand for “my home directory”. You will then be able to run ‘wp-cli.phar‘ by typing just ‘wp‘.

Using Python and Pip and virtual environments

Python comes with venv https://docs.python.org/3/library/venv.html so you can do things like this to set up a “Python virtual environment”, and then use Pip to install whatever Python modules you like to that environment:

python3 -m venv testenv
cd testenv
source bin/activate.csh (exact command here depends on which shell you use)
pip list
pip install --upgrade pip

Frequently Asked Questions:

I lost my password. How can I retrieve it?

An authorized contact on your account should email help@electricembers.coop to request a password reset.

Do you have cpanel?

We don’t have cpanel. For most purposes we believe you won’t feel the lack, as you can make any technical requests to us and have them fulfilled promptly and unfailingly, and with the benefit of our wide-ranging technical knowledge, which may save you from innocent mistakes.

Will my web site pass security/PCI scans required by my credit card processor or insurance company?

Unfortunately, we cannot always guarantee your web hosting environment here will be 100% PCI-compliant – or that it will get a passing grade on a scan even if it is compliant. For your site to reliably pass PCI compliance scans, you would have to have more control over the hosting environment than we are able to grant you as a hosting customer. And because of the way our FreeBSD operating system handles system software patches and version numbers, PCI scans will often incorrectly identify security patches as missing when in fact they have been applied here.

We run a fully updated and secured version of FreeBSD operating system, and we update all installed software with any available security fix as soon as we feasibly can. But sometimes a vulnerability rated as critical by PCI compliance vendors is given a much lower priority by the developers of the affected software, so there is no available fix for some time. In other cases, in order to preserve compatibility and usability for all our users, we have to move slowly and carefully in switching the version of a given piece of software in response to a very low-risk vulnerability. During any of these intervals, there is no way for us to offer PCI compliance.

But if you must accept credit card payments, we would strongly encourage you to avoid any such PCI requirement by accepting payments a different way. Your current credit card processor may offer a different type of software integration where 100% of payment info is accepted and handled (transparently to users) on the card processor’s server instead of yours, or you could try using a third-party payment gateway like PayPal, Square, etc. These services are required to be PCI compliant and may offer a much simpler solution for your organization.