Simple Application Server FAQ - regions, billing, security, images-Simple Application Server(SAS)-阿里云帮助中心

Supported regions

Available regions differ between the Alibaba Cloud China site and International site. Supported regions.

Simple Application Server statuses

Simple Application Server has two status types: console status and API status (returned by the ListInstances operation).

Statuses are stable or intermediate (transitional). A server stuck in an intermediate status likely has an error.

The following table describes the server statuses.

Console status	API status	Status property	Description
Starting	Starting	intermediate status	Transitional state during server creation, startup, or restart. Transitions to Running.
Running	Running	stable status	The server is running normally and accessible only in this status. Note Expiring instances also show this status. Monitor your remaining subscription duration.
Stopping	Stopping	intermediate status	Transitional state while the server stops. Transitions to Stopped.
Resetting	Resetting	intermediate status	Transitional state during a system reset.
Upgrading	Upgrading	intermediate status	Transitional state during a configuration upgrade.
Stopped	Stopped	stable status	The server is stopped.
Disabled	Disabled	stable status	The instance is locked, typically for overdue payments or security risks. If locked for overdue payments, renew through renewal. You can also submit a ticket to request that the server be unlocked.

Upgrade instance configuration

Yes. Upgrade when your current plan no longer meets your needs. Upgrade configurations.

Resource transfer

Simple Application Server does not support resource transfer.

Data retention and server release

After a simple application server expires, it automatically shuts down. For 15 days after expiration, the server status is Disabled. During this period, your data is retained and you can restart the server by renewing it. If you do not renew the server within this 15-day period, the system releases the server, and you cannot recover its data. To renew the server, see Renew a server.

Memory and system disk usage not displayed

The CloudMonitor agent collects memory and system disk usage data. A system reset may cause the agent to fail. If data is missing from the Server Monitoring Information section, manually install the agent. Install and uninstall the CloudMonitor agent.

Reasons for a disabled server

A Simple Application Server instance becomes Disabled if it expires, is stopped for an overdue payment, or is locked for a security risk.

If your instance is at risk of being stopped due to expiration or an overdue payment, renew it promptly to avoid disruptions. Overdue payments.
If the instance is locked, submit a ticket to have it unlocked.

Server availability in China (Hong Kong)

A limited number of Simple Application Server plans for the China (Hong Kong) region, priced at CNY 24/month and CNY 34/month, become available each day at 00:00 (UTC+8). If you see a message that the daily sales limit has been reached, please try again the next day.

Data security

Simple Application Server protects data with triplicate technology and snapshots.

Triplicate technology

Cloud disks use triplicate technology on a distributed file system, delivering 99.9999999% data reliability. Triplicate technology of cloud disks.
Snapshots

Snapshots let you create point-in-time backups and restore cloud disk data at any time. Manage snapshots.

Network security

Simple Application Server secures your network with a default VPC and a built-in firewall.

Default network configuration (Virtual Private Cloud)

All servers in the same account and region share one VPC and communicate internally. This VPC is isolated from other Alibaba Cloud services by default, so servers cannot connect directly to services like ApsaraDB RDS.
Firewall

The built-in firewall allows inbound traffic on ports 22, 80, and 443 by default, blocking all others. Add or modify rules as needed. Manage firewalls.

Operating system hardening

Manage access control, harden the system, and apply security measures. operating system security.

Network attack defense

Simple Application Server uses Alibaba Cloud Security for DDoS defense. Unusual traffic is automatically scrubbed; excessive attacks trigger blackhole routing. For added protection, install security software and close unused ports. Network Security.

Alibaba Cloud security services

Security Center provides vulnerability detection, web trojan detection, host intrusion detection for ECS users, and DDoS protection.

Alibaba Cloud offers additional Security Products.

Detecting mining on a server

Use these methods from Best Practices for Handling Mining Programs to check for mining activity.

Check whether your server's CPU is operating as expected.

Note
If CPU utilization exceeds 80% and an unknown process continuously sends outbound packets, the server is likely being used for mining.
Log in to the Security Alerts page of the Security Center console and check for attack alerts in the processing list.

Best Practices for Defending Against Mining Programs and Best Practices for Handling Mining Programs.

Handling cryptomining programs and unblocking servers

Solution 1: Remediate cryptomining programs

Check for cryptomining programs in Security Center and cryptomining worms in Cloud Firewall. Best practices for defending against cryptomining programs and Best practices for handling cryptomining programs.
Solution 2: Request to unblock a server

If a cryptomining virus or an attack locks your server, you can request an unblock from the Penalty List page.
Unblocking restrictions:
- You can request self-service unblocking only once.
- After your unblocking request is approved, the system automatically checks the server again in three days. If additional cryptomining activity is detected, the server is locked again and cannot be unblocked.
- Back up your data as soon as the server is unblocked.

Slow download speed and throttling

The public bandwidth of a Simple Application Server plan is a peak value, not guaranteed. During peak hours, resource contention can cause throttling and packet loss. For guaranteed network quality, consider an ECS instance that uses the pay-by-bandwidth billing method.

Connect simple application server and RDS via VPC

Yes. Servers in the same account and region share a VPC for internal communication, but cannot connect to other cloud services by default. Enable service interconnection to connect to services like ApsaraDB RDS over VPC. Manage service interconnections.

High network latency

Your server's region and local network can cause high latency or prevent access. The network speed of a Simple Application Server is slow and does not match the expected bandwidth.

Missing network card in a Windows server

Temporary solution for a missing internal network interface card on a Windows instance.

Find the public IP address

The public IP address is shown on the Simple Application Server card. View Simple Application Server information.

Change the public IP address

No. Each instance has one public IP address by default. You cannot change it or retain it after the server expires.

Incorrect public IP geolocation for Hong Kong region

Third-party IP databases (including game providers) may not reflect current IP assignments. Your instance's actual location is the region selected at purchase.

Port 25 on simple application servers

No. Port 25 is blocked for security reasons. Use port 465 to send emails. Manage firewalls.

IP inaccessibility to Simple Application Server

Possible causes:

A required firewall port is closed. For example, connecting to MySQL without port 3306 open causes a timeout. Manage firewalls.
Security Center may block the IP address if it detects attack behavior, such as frequent access or other suspicious operations. If the IP is safe and the block affects your business, submit a ticket to have it unblocked.

Upgrade the PHP version for WordPress 4.8.1

If the PHP version on your WordPress 4.8.1 instance is outdated, upgrade it. Upgrade the PHP version for a WordPress simple application server.

Note

Content in the Alibaba Cloud Developer Community is contributed by registered users, and the copyright belongs to the original author. Alibaba Cloud Developer Community does not own this copyright and is not legally responsible for the content.

Use FTP with the WordPress 6.0 application image

FTP is pre-installed on the WordPress 6.0 application image. To configure it:

Connect to the instance. Connect to a Linux instance.
Run the following command to switch to the root user:
```
sudo su root
```

Run the following command to view the FTP username and password:

sudo cat /root/ReadMe

[admin@iZbp157kl0nyl2****d411Z ~]$ sudo cat /root/ReadMe
####################################################################
#       OneinStack for CentOS/RedHat 7+ Debian 8+ and Ubuntu 16+  #
#       For more information please visit https://oneinstack.com   #
####################################################################
MySQL root password: xxx
Wordpress admin password: xxx
FTP account: ftpuser
FTP password: xxx
Online documentation:
https://oneinstack.com/docs/wordpress-lnmpstack-image-guide/

Run the following commands to open pure-ftpd.conf and change the port:
```
cd /usr/local/pureftpd/share/doc/pure-ftpd
vi pure-ftpd.conf
```
Enter /5000 to search for the # PassivePortRange 30000 50000 parameter.
Press i to enter edit mode. Change # PassivePortRange 30000 50000 to PassivePortRange 20000 30000.
Press Esc, type :wq, and press Enter to save the file and exit.
Open ports 20000-30000 and port 21 in the firewall. Firewall settings.
Connect to the instance using an FTP client. Test the connection to an FTP server using an FTP client.

Server creation failure from a custom image

To avoid creation failures, do not perform these operations until server creation completes:

Deleting the corresponding custom image.
Deleting the source snapshot of the custom image.
Resetting the system or replacing the image of the source Simple Application Server.
Releasing the source Simple Application Server.

Change the operating system

Simple Application Server provides application images and OS images.

Application image: Pre-configured application environments or websites.
OS image: Clean Windows Server or mainstream Linux runtime environment.

You can change the operating system. Reset the system.

Cannot change the operating system

Resetting the system reinstalls the application or OS. If you cannot change the operating system in the console, verify the instance meets the reset requirements. Limits on resetting the system.

System reset in the mobile app

Yes. However, the available images for a system reset differ from those in the console:

Console: Supports resetting to other images. You can change the server's operating system (for example, from Windows to Linux) or switch to a different application image.
Alibaba Cloud App: Supports only resetting to the current image. You can only restore the server to the initial state of its current image. You cannot switch to a different operating system or application image in the app.

Set Windows preferred language

Set the preferred language for a Windows operating system.

Download a simple application server image

You cannot download a custom image directly. Instead, share it to ECS, copy it, and export it:

Share the image with ECS. Share a custom image to ECS.
On the Share Image tab in the ECS console, copy the image. Copy a custom image.
On the Custom Images tab in the ECS console, export the image. Export a custom image.

Note
Due to copyright restrictions, you cannot export custom images created from application images or Windows Server images.

Migrate data between Simple Application Server instances

Yes. Migrate website data when an upgrade is insufficient or you need a different region. Migrate data between Simple Application Servers.

Migrate Simple Application Server to ECS

Yes. Migrate to ECS for more flexible configuration. Migrate data from a Simple Application Server to an ECS instance.

ECS to Simple Application Server migration

Yes. You must migrate the data manually. Migrate data from an ECS instance to a Simple Application Server.

Migrating a server to mainland China

Yes. You cannot directly change a server's region, but you can migrate it to mainland China. Migrate data between simple application servers.

Transfer a simple application server to another account

No. You cannot transfer a simple application server or its data directly to another Alibaba Cloud account.

Common application software management commands

Commands vary by OS, runtime, and software version. Example for CentOS 7:

If MySQL is added to system services, you can log in to MySQL with the command mysql -uroot -p.
If MySQL is not added to system services, you must navigate to the bin directory in the MySQL installation path and run the executable file. For example, to log in to MySQL, use the command ./mysql -uroot -p.

Consult official documentation for maintenance:

If you used an application image, the console shows the image version, basic operations, and installation path after the server is created. Manage applications (for application images).

Abnormal CPU usage from cryptomining

Remediate cryptomining.

Also perform security compliance checks and hardening on your Linux server. Operating system security.

Server fails to access GitHub

Servers in mainland China may be unable to access GitHub due to cross-border network issues. As a workaround, try again later or use third-party tools.

Hide IIS version information in Windows

HTTP responses can reveal server version information, posing a security risk. Hide the IIS version in a configuration file. How to hide the server version information of IIS.

KEYEXPIRED error on an Ubuntu server

The apt-get update command on Ubuntu may return The following signatures were invalid: KEYEXPIRED 1544811256 when the source signing key has expired. How to update an expired software source signature.

"IE Enhanced Security Configuration" error in Windows

Error "Internet Explorer Enhanced Security Configuration is blocking content from the following website" when opening a website with Internet Explorer.

Cannot access a site created with BT-Panel

Without proper configuration, BT-Panel shows a Site not found error (Your request did not find a corresponding site on the web server!). Common causes: unbound domain/IP or unapplied changes. Bind the domain, reload the web service, verify the port, and purge CDN cache if applicable.

To resolve this:

From a browser on your local computer, navigate to the public URL for your BT-Panel and log in.
In the navigation pane, click Website.
On the Website Management page, click Add Site.
In the Add Site - Batch Creation Supported dialog box, complete the configuration, and click Submit.
Configure the following settings:
- Domain Name: Enter the server's public IP address. Alternatively, if a domain name already points to the server, enter that domain name.
- Other settings: Keep the default settings or configure them as needed.
From a browser on your local computer, access the site using the public IP address or domain name you configured.

The website is displayed. For example, if the browser shows a default page with the title Congratulations, site created successfully! and the message "This is the default index.html. This page is automatically generated by the system.", this means you are viewing the default index.html file. You must upload your actual website files to the FTP root directory and overwrite this default page.

Modify file upload limit in BT-Panel

Access the public URL of BT-Panel and log in.
In the navigation pane, click App Store.
In the App Classification section, click Installed.
In the software list, find PHP and click Settings in the Operation column.
In the navigation pane, click Upload Limit.
Set the maximum file upload size and click Save.

Resolve feature issues caused by the Cloud Assistant Agent

The Cloud Assistant Agent is installed by default. Uninstalling or stopping the Cloud Assistant Agent breaks features like HTTPS settings, load balancing, system reset, and remote connection. Do not uninstall or stop the Cloud Assistant Agent on your instance.

To resolve this:

Connect to the instance. Connect to a Linux server or Connect to a Windows server.
Verify that the Cloud Assistant Agent process is running.
- For a Linux server, run the following command:
```
ps -ef |grep aliyun-service
```
  Output similar to the following indicates that the Cloud Assistant Agent process is running.
```
root     30758 30703  0 16:38 pts/0    00:00:00 grep --color=auto aliyun-service
root     31161     1  0  2021 ?        00:34:31 /usr/local/share/aliyun-assist/2.2.3.256/aliyun-service
```
- For a Windows server, open Task Manager and verify that the aliyun_assist_service process is running.
If the process is not running, start the Cloud Assistant Agent.
- For a Linux server, run the appropriate command:
```
# For Linux systems that support systemctl
systemctl start aliyun.service
# For Linux systems that do not support systemctl
/etc/init.d/aliyun-service start
```
- For a Windows server, start the AliyunService service in Service Manager.

Note

If the Cloud Assistant Agent still fails to start, reinstall it. Install the Cloud Assistant Agent.

Configure multi-user logon for Windows

Multi-user logon allows multiple users to remotely connect to the same server concurrently. Configure multiple concurrent Remote Desktop connections for Windows.

Upload files to a Simple Application Server

Use WinSCP, FTP, or Workbench to manage files based on the server OS.

Windows server: Use Workbench to connect remotely and manage files. Remote connection.
Linux server: Use Workbench, WinSCP, or an FTP server. Use Workbench to remotely connect to a Linux server from the console, Use WinSCP to transfer files between a local Windows system and a Linux server, or Set up an FTP server (Linux).

Install software on a Simple Application Server

Application images include pre-installed software and runtime environments. For OS images, connect to the instance and install software manually.

This example shows how to install Python:

Connect to your instance. Connect to a Linux instance.
Run the following command to install the Python environment.

This example installs Python 2.7.
```
sudo yum install python2 -y
```
The command's output is similar to the following:
```
Loaded plugins: fastestmirror ... ...
```
Run the following command to verify the installation.
```
python -V
```
Output similar to the following confirms that Python 2.7 is installed.
```
[admin@iZbp176xsi6ct73elzq**** ~]$ python -V
Python 2.7.5
```

Failed to log in to BT-Panel

The default firewall allows only ports 22 (SSH), 80 (HTTP), and 443 (HTTPS). To access BT-Panel, add a rule for port 8888. Manage firewalls.

ICP filing service number support

Simple Application Server supports up to five ICP filing service numbers (SNs), which allow you to complete five website ICP filings. Each website can be associated with multiple domain names. For example, you file for two websites. The first website is associated with the domain name aliyundoc.com, and the second website with the domain names example.com and example.org. Once the filing is approved, you can use each associated domain name to access the website.

Note

If the second website is associated with multiple domain names, ensure these domain names serve the same website content. You cannot use example.org to point to another website after the ICP filing is approved.
ICP filings are required for root domains, not for subdomains. You can create a website on a Simple Application Server for blog.aliyundoc.com and another for new.example1.com. This method of creating websites is not restricted and does not count toward the limit of five website ICP filings. Top-level, second-level, and third-level domain names.

Prerequisites for ICP filing

Before hosting a public website on a server in a Chinese mainland region, apply for an ICP filing. What is an ICP filing?.
Simple application servers in regions outside the Chinese mainland do not require an ICP filing.
ICP filing process.
A service identification number is a verification code that you use to associate your simple application server when you submit your information in the Alibaba Cloud ICP Filing system. To learn how to apply for a service identification number, follow (Optional) Authorize another account for an ICP filing. When applying for a service identification number, note the following:
- Effective May 21, 2018, to be eligible for a service identification number, a simple application server must have a subscription period of at least three months (including renewals).
- A single server's public IP address can be associated with up to five service identification numbers, allowing you to complete five separate website ICP filings. Each successful website filing consumes one service identification number. A consumed number cannot be reused for another website filing. Even if you later unregister the website or stop using Alibaba Cloud as your service provider, the service identification number remains consumed and cannot be reused.
- The number of domain names you can submit per service identification number is as follows:
  - For a first ICP filing, you can submit up to five separate websites, and each website can be associated with multiple domain names.
  - If you are applying for a new ICP filing, you only need to submit one domain name for each website. You can submit multiple applications for multiple websites. For example, if multiple domain names are associated with the ICP filing number ICP Filing No. 1200000-1, when you add any one of the domain names for ICP Filing No. 1200000-1, the other domain names are automatically added. After you submit ICP Filing No. 1200000-1, you can continue to submit other ICP filing numbers.
- You cannot launch a public website using a domain name that does not have an ICP filing. In accordance with regulations, you must take the website offline before applying for an ICP filing.
- If your domain name already has an ICP filing from another service provider, you must complete an ICP filing transfer to Alibaba Cloud. Your website becomes accessible only after the transfer request is approved. You must complete the transfer process within 30 days, or your website will become inaccessible. ICP filing process.

ICP filing policy for Simple Application Server

Effective May 21, 2018, to be eligible for a service identification number, a Simple Application Server instance must have a subscription period of 3 months or longer, including renewals. All other rules remain unchanged.

For Simple Application Server instances purchased before May 21, 2018, the original rules for applying for a service identification number still apply.

Eligibility for an ICP filing service number after renewal

Yes. You can apply for an ICP filing service number once your total subscription is at least three months long. By renewing for two additional months, you meet this requirement.

Service identification number for an expiring server

Yes. If the server's subscription period is at least three months, you can apply for a service identification number before the server expires.

Important

During or after the ICP filing process, if the Simple Application Server expires and is released, the website associated with the completed ICP filing can no longer point to the server. As a result, the corresponding ICP filing number may be revoked, and the website may become inaccessible.