Moving servers again

Cthulhu

Administrator
AKA
Yop
#1
Or well, sort of. I got an email from our hosting provider today offering a free upgrade to newer server hardware for the same monthly price; I knew that since we've got a physical server, it wasn't going to last forever, so it's not entirely unsurprising.

The good part is that it'll be an upgrade; the 'points' next to CPU is according to https://www.cpubenchmark.net:

Current:
Intel T5500, dual-core, 1.66 GHz, 920 points
2 GB memory
1x160 GB hard drive

New:
Intel G850, dual-core, 2.90 GHz, 2.682 points (almost 3 times as fast)
4 GB memory
2x250 GB hard drive

The bad part is that it won't be automagic, and I'd have to set it up. Shouldn't be too much of a problem this time, I've got configuration that should work on the latest server software and such. We'd get a month to set up the new environment and move stuff, which should be more than enough; I expect the setup to take a few hours at most, the final moving over and downtime to take about an hour (depending mostly on backup, transfer, and restore speed), but few people should be impacted because I'll probably do it on a saturday when not a lot of people are around anyway.

IDK if the speed increase will be noticeable, I think we're already pretty fast.

I'd like to experiment with new software, too - like using nginx instead of Apache for a web server, and setting it up so you can access the site using https and/or http 2, which should be more secure and possibly faster (although iirc https can be like €100 / year or thereabouts)

Another thing that could be done is to finally go to a different forum software, but as the previous discussions have already shown, that would be difficult to get used to for a lot of people, I'm sure; it'd be more appropriate for a new website.

erm, TL;DR: we're going to move to a new server if I give the okay to our host, downtime will be, if all goes well, an hour at least, forever at most (give or take). :monster:. Can't say for sure yet when, I'd probably like to have a fiddle on the new server for a bit first.
 

Kionae

Pro Adventurer
AKA
Desha
#2
I'd like to experiment with new software, too - like using nginx instead of Apache for a web server, and setting it up so you can access the site using https and/or http 2, which should be more secure and possibly faster (although iirc https can be like €100 / year or thereabouts)
There's a group working to make it free, actually. They're supposed to be getting very close to launching (scheduled date of general availability is Nov. 16).

https://letsencrypt.org/
 

Lex

Administrator
#3
Exciting times with the server upgrade. Re: new forum software... would it be possible to trial some free software as a kind of test-TLSF, see if we can skin it the way we want and see if people can get used to it? I'm used to the forum as it is now like everyone else, but we can't stay like this forever.
 

Flintlock

Pro Adventurer
#4
I've frequently pushed for a proper review into forum software, and I don't really see much merit in turning this thread into another discussion about it, but I have done a fair bit of research myself, and I think Xenforo is our best bet for moving away from vBulletin. Unfortunately, it's not free.

Re: server move. In Yop we trust.
 

Cthulhu

Administrator
AKA
Yop
#5
* Let's Encrypt sounds promising; I approve of that move, and TBF I don't really understand why root certificates cost money, but then I don't know enough about HTTPS at all (should fix that)

* All forum software providers offer some kind of demo environment already - go forth and try. Once I figure out how virtual hosts work (i.e. hosting multiple sites on one webserver, or to be more exact, figure out which configuration to share and which to keep on a per-site basis) it'll probably be easier to set up. Alternatively, I should look into server management software so I don't have to dive into the eldritch depths of commandline server management, which on the one side is pr0 and 31337 h4x0r, but on the other is kind of an inconvenient pain in the arse (vim is not cool, despite what the hax0rz say)

* Agr'd on Xenforo, it's probably more of an evolution of vB 3 than vB 4/5 are. Need to fiddle with it though. Could probably set up a test environment for that.

Also, I got confirmation of the new server; it's not actually a month, but closer to six months :monster:. We'll be able to use both servers without extra charge until then, apparently:

Your new server CXQF003 is scheduled to be deployed today. The start date for
this server will be 01-03-2016 and it will be free of charge until then.

According to your contract term, the end date for your current server CXQF002 is set to 28-02-2016. Please migrate all your data to the new server until then.
(FYI: CXQF001 was a virtual / 'cloud' environment, which wasn't strong enough for us at the time; iirc that was when we had trouble with the shoutbox. In retrospect, I'm fairly sure most of the server issues we've had in the past couple years were due to over-aggressive search engine spiders or (unintentional?) DDOS attacks)

Also also, I kinda feel like we're under-using our current server now we no longer have China spamming the shit out of us; we could optimize it even moar by putting CloudFlare or some other caching system in front of it, although idk how suitable that would be for the forums (wouldn't help if you didn't see new posts after you make them).

rant rant ramble
 

Kionae

Pro Adventurer
AKA
Desha
#6
Alternatively, I should look into server management software so I don't have to dive into the eldritch depths of commandline server management, which on the one side is pr0 and 31337 h4x0r, but on the other is kind of an inconvenient pain in the arse
You know... I honestly prefer to administer my server at work from command line as opposed to something like Nagios or Webmin. I actually didn't even install any such thing when I built the most recent incarnation of the company web server...

Though I can't live without PHPMyAdmin for mySQL database management... :)

vim is not cool
You are dead to me.
 

Cthulhu

Administrator
AKA
Yop
#7
I've got / used to have the MySQL server set up so I could connect to it from home (IP whitelisting), using MySQL studio or something I believe (this was a while ago); I don't trust publicly accessible web-based management tools, and I'm sure PMA had some security issues. Off course, that can be secured well enough (again with IP whitelisting for example), but still. I've also had bad experiences with PMA on our previous hosts when it came to making and restoring large not tiny databases, but that's because of PHP execution limits and a lack of batching from PMA's side, I'm sure. It's probably a moot point anyway, given sql injection attacks and the fact our server has had multiple attacks in the form of the php code and such getting changed. I should lock that shit down.

I don't mind working in the commandline, I just don't think it's the most convenient way to work with configuration files. I haven't mastered the Ways of managing multiple files easily. Screen works to a degree, and I've fiddled with tmux for a while, but it's still kinda fucking about. I should find a way to set up a scp session so I can use a normal editor editing files, or something.

/me tried to cram more tech wordz in a poast

Also okay, let me rephrase: I am unworthy of Vim. I only know $, 0, i, o, and ddkp though (I use vim to edit git commit messages and squashes; using vim for that is actually a lot less meh than any GUI client I've tried.)
 

Cthulhu

Administrator
AKA
Yop
#8
http://95.211.238.150/

Already have nginx and php set up (nginx is a more modern and probably better webserver than Apache what we're using right now). Tried to get naxsi working too, which is like a set of filters to stop SQL injection and XSS attacks (which Wordpress and vB have been found vulnerable to on a few occasions in the past), but I couldn't get it to work. That'll do for tonight.
 

Cthulhu

Administrator
AKA
Yop
#14
Dude, setting up a site with just one .gif can be complicated as fuck; I'd have to set up a global CDN, resize and convert the image to various formats for mobile and low-speed connections, convert it to web video for modern browsers because .gif is a shit format for videos, write my own webserver in pure assembly because it's just one .gif and you don't need a full webserver (or operating system for that matter) for that shit, etc.

I could be at it for a year, :awesome:
 

Cthulhu

Administrator
AKA
Yop
#16
I'd like to experiment with new software, too - like using nginx instead of Apache for a web server, and setting it up so you can access the site using https and/or http 2, which should be more secure and possibly faster (although iirc https can be like €100 / year or thereabouts)
There's a group working to make it free, actually. They're supposed to be getting very close to launching (scheduled date of general availability is Nov. 16).

https://letsencrypt.org/
As an update to this, certificates handed out by these d00dz are now accepted by all browsers as safe / valid / encrypted / etc, so, yay.

I'd like to install vB 5 on the new server too (again behind a separate login), see if it's any faster on a faster server. I have my doubts.
 

Cthulhu

Administrator
AKA
Yop
#18
aight I have the software sorta set up now; the new server is now running on the latest versions of Ubuntu Server, nginx (instead of apache) webserver, php, and mysql, and I've restored an older backup. Could you guys check to see if both http://95.211.238.150/ and http://95.211.238.150/forums work properly? Check if all pages, images, etc work. I know the stats on the forums don't work, but that's because it asynchronously tries to load shit off of the thelifestream.net domain, which isn't right. Make sure to keep an eye out on the url; if it's thelifestream.net, then there's a link that still goes to the existing server.

Preliminary benchmarks based on page generation time according to vB already indicate the new server is about thrice as fast in generating pages, :awesome:. 0.03 seconds vs 0.1 for the forums front page, 0.1 vs 0.3-0.4 seconds for a thread page. I'll fiddle with shit like gzip compression and cache headers a bit, to improve client-side performance too.
 

Mage

She/They
AKA
Mage
#20
First link seems to work fine, as does the second. I'm using Pale Moon still too. Might just be my shitbook, but viewing the forum as a guest took a while to load.

What determines which forum links are displayed on the frontpage in that first link? I just happened to notice that the link in the News section wasn't the most recent AFAIK.

(need to make sure it's me being a twat rather than anything else, lol)
 

Cthulhu

Administrator
AKA
Yop
#22
The backup I've put on there is a few weeks old by now, so the outdated news poasts make sense.

I'm going to be away next week, but given that it all seems to work just peachy, I think I'll do the actual switch weekend after next (i.e. 21/22 November); not sure what day yet, but eh.

One thing I should remember is to reinstall the IP bans for the spambots, and/or find some way to monitor it. I did fiddle with an application called fail2ban, which is supposed to block IPs showing suspicious behaviour (such as accessing the registration page thousands of times), but I couldn't get it to work last time. Why do these things not work out of the box like they should again?

I should also redo the backup strategy; right now it syncs backups with my personal Dropbox account, but that also means some of my personal stuff is copied onto the server (not publicly accessible though), and it's not very efficient (see also: cpu peaks on wednesdays). I'm thinking about having backups uploaded to Google's file servers, them or Amazon's. Should be cheap enough (<$1 / month, depending on how much space one uses).

I should also make sure FTP is working for those that need access. Should be easy enough to set up this time.

Anyway, basic approach will be just like last time; I lower the cache time for the domain name, turn off forums with a message, create backup and move it to other server, restore backup (a matter of copying files to the web directory, restoring the database backup, and fiddling with the config for vB and WP to reset the passwords used to access the database), then flip a switch on the domain so it points to the new environment. I can set up a domain name / subdomain to point to the old / current webserver if need be; the old one will stay online until somewhere next year. We could use it for testing shit if need be.

Once we're over, I'm going to look into some optimizations; I had mod_pagespeed working on the current server a while ago, but I turned it off again after a while, it didn't seem to do much (but that may have been my wrong perception). It won't be as easy to do on the new server though, mod_pagespeed is a drop-in plugin for the Apache webserver, but the new one (nginx) doesn't support plugins like that, and needs to be manually recompiled with that feature. Alternatively, I'll look into using CloudFlare, a CDN that should be free to use for us; they'll keep a cache of (optimized) static pages and spread them onto their servers all over the world for a faster browsing experience. IDK if it'll make any difference though, I'm probably over-optimizing, :monster:
 

Cthulhu

Administrator
AKA
Yop
#24
Orite: I'm thinking about doing this tomorrow morning (my time); I'll shut down the forums, do the thing, and it should be done within an hour or so, maybe two. I've set the DNS TTL to five minutes a few days ago, so once I hit the switch in that area it should take just a couple minutes for everyone to be sent to the new TLS server. To be safe though, and depending on your ISP and shit, that may take up to 24 hours - but I don't expect it.

I'll be around in IRC and / or Skype to give progress updates. Please don't send me messages about whether TLS is working yet, :monster:
 

Cthulhu

Administrator
AKA
Yop
#25
Annnnd that should be it. If you're reading this message, you're on the new, faster TLS server, yay :monster:.

Please do check if everything transferred over correctly; check things like older uploads (images, uploaded mp3's, etc), poasts, etc, and let me know if anything is amiss.

Oh also, old site is still available at http://85.17.139.160/ and will be for a couple more months; we can use that as a test environment. I'll re-enable the forums on there once everyone's here.
 
Top Bottom