Operating BOA
The complete root-operator reference for running BOA in production: architecture, control files, tuning, security, monitoring, and troubleshooting.
This is the complete operator reference for running BOA in production. It assumes you have root, you're fluent in Ægir's model, and you want exact, authoritative detail — every control variable, default, threshold and tuning knob — not hand-holding.
Pages here are dense and complete. Where a full variable or command table exists, pages link into the Reference appendix rather than repeating it, so the canonical values live in one place.
Changing BOA's code, not just operating it? The fork model, the Provision/Hosting APIs and the release/serial pipeline are in the Developing BOA guide.
Architecture & Ægir internals
The operating reference for BOA's internal model: the layered front-end and back-end split, the entity and task-queue engines, and the multi-Octopus layout.
Host control files & INI reference
The complete operator reference for BOA's four-layer config: the host .cnf files, the empty boolean marker files, the tenant-editable INI, and what wins.
PHP-FPM & performance
How BOA sizes and tunes the PHP execution tier: the RAM budget, master and tenant pool workers and memory_limit, the opcache/APCu shares, and the cache stack.
Web tier (Nginx) internals
How BOA assembles the web tier from four cooperating Nginx layers, from static config templates to the per-request edge-policy guard chain.
Database (Percona/MySQL)
The shared Percona Server on a BOA host: how it is installed and tuned, the my.cnf lifecycle, the nightly mydumper dumps, the browser DB tools, and graceful restarts.
Backups internals & operations
Off-site backup on a BOA host: a Duplicity-driven subsystem with three orchestrators — multiback, mybackup, and the legacy backboa — each with its own config and gate.
Security & isolation
BOA's multi-tenant threat model and every layer that enforces it — SYNPROXY, CSF, the Nginx edge, AppArmor, restricted shells, SSH and admin-path hardening.
Abuse Guard (nginx IDS)
BOA's application-layer web defence: real-time nginx map and geo guards that drop hostile requests, plus a post-hoc log scorer that feeds genuine offenders into CSF.
Self-healing monitor stack
How each BOA box watches and repairs itself from a single root crontab of short-lived scripts: service watchdogs, load auto-pause, process guards, and nightly maintenance.
Solr search (operator)
BOA's per-host, localhost-bound Solr stack: three coexisting versions, per-site INI-driven cores, and a reconciliation daemon that creates, optimises and archives them.
OS lifecycle & upgrades
The two independent upgrade axes of a BOA host: the barracuda and octopus software stack and the Devuan codename chain, plus the manual commands and cron-driven SELFUPGRADE.
Cross-host migration & cloning
Moving BOA sites and accounts: the in-host Ægir Clone and Migrate tasks, the root-side xoct, xcopy and xmass cross-host toolchain, migratefs, and site import and export.
Troubleshooting & recovery
Root-side diagnosis and recovery for the failure modes that recur on a busy BOA host: stuck tasks, cache faults, 502s, SMTP TLS, backups, firewall bans, and DNS drift.
Native files symlinking
How BOA keeps each site's writable files and private directories in the account's static store, symlinked back into the platform, with a warn-not-fail safety model.