Learn about Centmin Mod LEMP Stack today
Become a Member

Pre-Install question

Discussion in 'Install & Upgrades or Pre-Install Questions' started by denellum, Jan 14, 2017.

  1. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    first off, I've been using centminmod now for a few years. It's getting to the point however that on some of my sites I need a dedicated database server. Does centminmod support this?

    Maybe with 2 installs? Disable Nginx on one node and disable mariadb on the other?

    Let me know what you think if it's possible (and clean) to do this, thanks as always for this wonderful set of scripts :)
     
    • Like Like x 1
  2. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:42 PM
    1
    10
    You could probably just setup your new server, copy over your databases, switch your sites to them and stop mysql on the original server (or don't even bother, your original servers mysql won't be used so it won't take many resources at that point).
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod supports this but it ain't automated, you'd have to do some manual leg work :)

    Getting Started Guide Step 4 and CSF Firewall page cover how to whitelist your web and db server's ip respectively to allow web and db servers to connect to each other for MySQL 3306 port. Then you need to setup new mysql user grants on db server to allow the web server's ip address to connect to db server's mysql server.

    Yes that's best way 2x Centmin Mod installs and stop/disable php-fpm, nginx and memcached servers on db instance. This also makes it easy if your web server is down, to just start up the stopped servers and just update domain dns to db server ip to have a working site again.
     
    • Like Like x 1
  4. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    Easy peasy! Or atleast i think so :) starting it up now!
     
    • Like Like x 1
  5. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    So I just want to follow up with this, After everything is installed and the applications on each server are disabled. I will just need to run "csf -a IP" of each... is there a way to set the port to the mariaDB port 3306?
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  7. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    Ah! So I know I'd need to do a tcp "in" rule on the "DB" side... would I need to also do an "out" rule as well on the "app" side?
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yup web server (app) needs to be able to connect to remote server's port. Why I love CSF Firewall, fine grain control and security for your server(s) :)
     
    • Like Like x 1
  9. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    Hopefully last question...
    added this to the app server :
    tcp|out|d=3306|s=IP

    and this to the DB :
    tcp|in|d=3306|s=IP

    Restarted CSF :
    csf -r

    This SHOULD be all i need to do.. correct?
    PS Thank you so much for all this help:)
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  11. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    So i did just as the guy on that forum did, and im getting a MYSQL time out error. I noticed i added the TCP rules to /etc/csf.allow instead of /etc/csf/csf.allow so i made that change and reloaded the firewall... still a mysql time out error... rebooted... same error.
     
  12. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    now im trying a [root@app01 log]# telnet DB-IP 3306
    getting a time out :/
     
  13. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    Ugh nvm got it... i was being stupid.
    i was looking at # tcp/udp|in/out|s/d=port|s/d=ip
    without reading "s/d=ip : EITHER source OR destination IP address"
    so i was doing s/d instead of JUST s.

    Seriously thank you for all of the help. time to donate :)
    Enjoy a beer/coffee/something :p
     
    Last edited: Jan 17, 2017
  14. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    ah glad to see you managed to figure it out - learning is fun :D
     
    • Like Like x 1
  15. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    okay what am i doing wrong, i had to migrate to a KVM and now its borked...

    web tier :
    tcp|out|d=3306|d=DBIP
    DB tier :
    tcp|in|s=3306|s=WEBIP
     
  16. denellum

    denellum Member Premium Member

    79
    19
    8
    May 11, 2016
    Dallas
    Ratings:
    +24
    Local Time:
    5:42 AM
    1.11.10
    10.1.21
    nvm ...
    tcp|in|d=3306|s=WEBIP