Learn about Centmin Mod LEMP Stack today
Become a Member

Just upgraded my VPS

Discussion in 'Install & Upgrades or Pre-Install Questions' started by alex_cmm, May 28, 2019.

Tags:
  1. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7.6.1810 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.15.12
    • PHP Version Installed: 7.3.5
    • MariaDB MySQL Version Installed: Ver 15.1 Distrib 10.3.15-MariaDB, readline 5.1
    • When was last time updated Centmin Mod code base ? : Few moments ago.
    • Persistent Config: Yes
      Code (Text):
      LETSENCRYPT_DETECT='y'
      VHOSTCTRL_CLOUDFLAREINC='y'
      NGXDYNAMIC_BROTLI='y'
      NGINX_LIBBROTLI='y'
      PHP_BROTLI='y'
      NGXDYNAMIC_NGXPAGESPEED='y'
      NGINX_PAGESPEED='y'
      CLOUDFLARE_ZLIBPHP='y'
      MARCH_TARGETNATIVE='n'
      DISABLE_IPVSIX='y'
      DUALCERTS='y'
      NGINX_GEOIPTWOLITE='y'
      NGXDYNAMIC_GEOIPTWOLITE='y'
      
    Hi to all, I just upgraded my VPS to 2CPU, 4GB of ram and 50GB SSD. I am using MVPS 7 EUR plan now and I am really happy with them. I am wondering do I need to re-install CentMin Mod or do any additional steps?

    Also whats best to add to persistent config file to get best performance?
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    42,311
    9,557
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,724
    Local Time:
    4:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    no need to reinstall Centmin Mod. You can however re-run centmin.sh menu option 4 and 5 to recompile nginx and php versions to ensure they get auto optimized accordingly
     
    • Like Like x 1
  3. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    Thanks for your answer eva2000 :)

    One more question, is it safe to upgrade to nginx-1.17.0 mainline version? Will it all work fine with my persistent config? I love to be always up-to-date :)
     
  4. eva2000

    eva2000 Administrator Staff Member

    42,311
    9,557
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,724
    Local Time:
    4:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes it's safe :) just run = cmupdate command first to ensure on latest 123.09beta01 code before hand
     
    • Like Like x 1
  5. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    How about this custom_config, should I keep all or need to remove something? Does it look good to you, just made it and still didnt apply changes:

    Code (Text):
    LETSENCRYPT_DETECT='y'
    NGXDYNAMIC_BROTLI='y'
    NGINX_LIBBROTLI='y'
    PHP_BROTLI='y'
    NGXDYNAMIC_NGXPAGESPEED='y'
    NGINX_PAGESPEED='y'
    MARCH_TARGETNATIVE='y'
    DISABLE_IPVSIX='y'
    DUALCERTS='y'
    NGINX_GEOIPTWOLITE='y'
    NGXDYNAMIC_GEOIPTWOLITE='y'
    PHP_PGO='y'
    ZSTD_LOGROTATE_NGINX='y'
    ZSTD_LOGROTATE_PHPFPM='y'
    NGINX_ZERODT='y'
    PHP_LZFOUR='y'
    PHP_LZF='y'
    PHP_ZSTD='y'
    AUTODETECPHP_OVERRIDE='y'


    I will remove AUTODETECPHP_OVERRIDE='y' after compile :)
     
  6. eva2000

    eva2000 Administrator Staff Member

    42,311
    9,557
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,724
    Local Time:
    4:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    if you run into problems just let me know but nothing should need changing
     
    • Like Like x 1
  7. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    Upgrading nginx to 1.17.0 right now, will see what will happen when finishes. Hope all goes well lol xD
     
    • Like Like x 1
  8. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    Seems all working fine :) Love Centmin Mod :kiss:(y)
     
    • Like Like x 1
  9. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    Ok now I am relaxed a bit after all that happen :) Few hours ago I saw that after my VPS upgrade only SSD disc space left the same size, 25GB and should be 50GB so I contact MVPS support and see what happend and why is my disc space not resized. They gave me some of their command to enter but nothing happend so they asked me to provide them my root details which was not a problem at all for me. I just needed to enable root login and password auth inside sshd_config (have some things disabled, security reasons). Few moments after I changed those settings and service sshd restart I wanted to test my root login because I didnt used it for very long time, was not sure if is right password and somehow firewall locked me out. Could not login via PuTTY or FileZilla. Maybe reason was because I was already logged in as root and tryied to login as root again on another PuTTY window? Have no idea what happend. Support from MVPS helped me a lot and resized my disc. I made 3 support tickets with them till today and they reply within minutes which is really great. They tryied to flush the firewall but still could not get in. At the end they disabled it and now I am logged in and scared to turn firewall on again lol

    I need to ask what are my next steps? Dont want to get locked out again. When I try to enter any csf command I get this: csf and lfd have been disabled, use 'csf -e' to enable and if I enable it then I will probably lock out myself again :(
     
  10. eva2000

    eva2000 Administrator Staff Member

    42,311
    9,557
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,724
    Local Time:
    4:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    How many times did you enter an incorrect root user password ? as CSF Firewall has login failure daemon (lfd) which blocks brute force SSH login attempts from failed password login attempts CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS. So if you did many failed SSH root user logins, you could possible be blocked. Though on initial Centmin Mod install with CSF Firewall, the install routine whitelists your ISP IP address detected when you're logged into SSH for the first time, so you don't get accidentally blocked. Though can still happen if the ISP IP you are trying now differs from the ISP IP used on initial Centmin Mod install. So you can whitelist your ISP IP or ideally a VPN IP address in CSF Firewall from instructions at https://centminmod.com/csf_firewall.html to prevent future accidental blocks.
    Flushing iptables will wipe CSF Firewall's rules for whitelisting too so you end up blocking all access to your server. There's reason why when you SSH login to server Centmin Mod MOTD message says not to flush iptables
    Code (Text):
    ===============================================================================
    # ! This server maybe running CSF Firewall ! 
    #   DO NOT run the below command or you  will lock yourself out of the server: 
    # 
    #   iptables -F 
    
    

    CSF Firewall is not only responsible for protecting you but also responsible for configuration of which ports are whitelisted for access i.e. SSHD port 22, HTTPS port 443 and HTTP port 80. When you disable CSF Firewall, you also can potentially also disable which ports are whitelisted so default to blocking all ports. So ideally you want to re-enable CSF Firewall - just whitelist your ISP IPs in CSF Firewall first which is covered in Getting Started Guide step 4 and linked pages - back to https://centminmod.com/csf_firewall.html
     
    • Like Like x 1
  11. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    Ty eva2000, I never touched iptables -F but they didnt know it and its my fault I didnt told them :(

    I just setup dnsexit account, installed software on my pc and did commands you gave here without turning on CSF Firewall yet CSF - CSF Firewall info

    So is it safe for me to turn it on now? Do I need any additional steps after I turn on CSF Firewall, regarding iptables CSF Firewall's rules?

    Damn I am scared, did soo much work on my server :(
     
  12. eva2000

    eva2000 Administrator Staff Member

    42,311
    9,557
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,724
    Local Time:
    4:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    ensure you whitelist your ISP IP first and should be fine

    replace xxx.xxx.xxx.xxx with your ISP ip and then type these 3 commands in SSH session which sets IP variable to your ISP ip adress, whitelist all the IP defined in $IP variable and also excludes that IP in csf.ignore which is for CSF Firewall's lfd daemon (login failure daemon).
    Code (Text):
    IP=xxx.xxx.xxx.xxx
    csf -a $IP
    echo "$IP" >> /etc/csf/csf.ignore
    

    then re-enable CSF Firewall and restart CSF
    Code (Text):
    csf -e
    csf -ra

    while still SSH logged in, try opening a 2nd separate SSH session and see if you can log in
     
    • Like Like x 1
  13. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    Ah I just manually did that for csf.allow and csf.ignore, ty soo much for your help eva2000 :) I will go now and turn on and restart csf and see if all good :)
     
  14. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    7:23 AM
    All working fine now, even removed my ip from csf.deny and did csf -r :D
     
    • Like Like x 1
  15. eva2000

    eva2000 Administrator Staff Member

    42,311
    9,557
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,724
    Local Time:
    4:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Good to hear :)
     
    • Like Like x 1