Learn about Centmin Mod LEMP Stack today
Become a Member

Railgun RPM tries to install memcached

Discussion in 'Other Centmin Mod Installed software' started by BamaStangGuy, Jan 28, 2017.

  1. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    Hi,

    We are setting up Railgun on our new server but when we go to install the RailGun RPM it tries to install memcached as a dependency. How do I get around this since Centmin installs Memcached via source?
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    You went with Cloudflare business plan at $200/month ?

    are these the Railgun install instructions Installation — Railgun 5.3.0 documentation ?

    just find the cloudflare repo .repo file in /etc/yum.repos.d/ and exclude memcached from the file

    example for /etc/yum.repos.d/epel.repo EPEL repo i excluded a few yum packages from [epel] group
    Code (Text):
    [epel]
    name=Extra Packages for Enterprise Linux 7 - $basearch
    #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
    mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
    failovermethod=priority
    enabled=1
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
    priority=3
    exclude=varnish varnish-libs clamd clamav clamav-devel clamav-db galera nodejs
    

    so you do the same for cloudflare's repo .repo file
    Code (Text):
    exclude=memcached
    
     
  3. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    I did that but it still tries to install memcached.

    Code:
    [root@ns511806 /]# yum install railgun
    Loaded plugins: fastestmirror, priorities
    Loading mirror speeds from cached hostfile
     * base: mirror.csclub.uwaterloo.ca
     * epel: ca.mirror.babylon.network
     * extras: mirror.csclub.uwaterloo.ca
     * rpmforge: repoforge.mirror.constant.com
     * updates: mirror.csclub.uwaterloo.ca
    363 packages excluded due to repository priority protections
    Resolving Dependencies
    --> Running transaction check
    ---> Package railgun-stable.x86_64 0:5.3.0-1.el7 will be installed
    --> Processing Dependency: memcached for package: railgun-stable-5.3.0-1.el7.x86_64
    --> Running transaction check
    ---> Package memcached.x86_64 0:1.4.15-10.el7_3.1 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    =======================================================================================================================================
     Package                           Arch                      Version                               Repository                     Size
    =======================================================================================================================================
    Installing:
     railgun-stable                    x86_64                    5.3.0-1.el7                           cloudflare                    5.6 M
    Installing for dependencies:
     memcached                         x86_64                    1.4.15-10.el7_3.1                     updates                        85 k
    
    Transaction Summary
    =======================================================================================================================================
    Install  1 Package (+1 Dependent package)
    
    Total size: 5.7 M
    Total download size: 5.6 M
    Installed size: 24 M
     
  4. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    in that case just manually exclude it
    Code (Text):
    yum install railgun --exclude=memcached
    

    or add exclude=memcache line to existing one in /etc/yum.conf
     
  5. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    I got it to work. Christian Forums is live on Railgun on the new OVH server :)

    Will be live on SSL next week.
     
  6. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    Very nice.. might want to do before and after page speed tests via webpagetest.org :D
     
  7. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    I did one with India. 9 seconds+ before and .740 seconds after lol

    I can enable and disable when needed to test later. Going to let it run for a week or so and monitor for any issues.
     
    • Informative Informative x 1
  8. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    ooooh very nice - price tag $200/month though !

    devtools timings from my browser from Australia for your forum index page and times are fast for what i normally see for USA based hosting

    upload_2017-1-28_23-27-20.png

    from webpagetest.org dulles, VA cable 5mbps WebPagetest Test Details - Dulles : www.christianforums.com/ - 01/28/17 13:26:00
     
    • Like Like x 1
  9. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    For the last two years we have been paying mid $500 a month at ReliableSite for our dedicated server. Moving to OVH saved us over $200. We used the savings to improve the performance of the site ten fold for international visitors.

    That is how I justify it :)
     
    • Like Like x 1
  10. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    Ah, the perfect balance of performance and security it seems = cloudflare waf/ddos frontend + ovh ddos protection backend with excellent hardware + centmin mod lemp stack environment backend :D

    Quite possibly one of many configs I have thought about when Centmin Mod traffic gets to the stage of needing such a setup :) I am just hoping OVH rolls out their US west + east datacenters by then :D
     
    • Like Like x 1
  11. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    A bit off topic but there was a discussion about image proxy and leaking ip somewhere. I think that is our last leak to plug since we no longer pass ip address via email. Do you remember where it was talked about and the fix?
     
  12. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    see xenforo config variable $config['untrustedHttpClient'] at Config.php Options | XenForo and XF 1.5 - Untrusted Http Client

    You need to setup a HTTP proxy like tinyproxy or 3proxy on a ddos protected ip server. But you're already using OVH which has DDOS protection on it's ips anyway ;) But OVH DDOS protection is layer 3 and 4 and not web app layer 7 so might want to setup a separate DDOS protected ip server with the HTTP proxy setup. That's what i do for this forum with BuyVM.net DDOS protected VPS and Gre tunnel setup between that VPS and my Linode VPS and install HTTP proxy on buyvm ddos protected server.
     
  13. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    So if I am reading this right, you technically don't need a DDOS server to run the Tinyproxy on? It just means that with it setup using the config variable above, that the proxy ip will be revealed and that is the ip that will be vulnerable. Which when it is ddos it will take down your proxy images only?
     
    • Agree Agree x 1
  14. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yup exactly, HTTP proxy defined by untrustedHttpClient xenforo config.php config will leak that remote server's IP instead :)
     
    • Like Like x 1
  15. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    So I can set TinyProxy up on the same server as my LEMP stack, buy a new ip address and then use the new ip for TinyProxy?
     
  16. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    Ok I am going to do a test with Digital Ocean. From what I can tell, the only time the proxy will be used is when the image proxy downloads the image from the original source. After that, the image is on our server and then being served via CloudFlare?
     
  17. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    you could be would defeat the purpose somewhat as you want the leaked IP address that will be attacked to not bring down your live site/forum server :)
     
  18. eva2000

    eva2000 Administrator Staff Member

    31,001
    6,920
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,426
    Local Time:
    3:48 AM
    Nginx 1.13.x
    MariaDB 5.5
    see XF 1.5 - Untrusted Http Client

    all the possible features that can leak IPs
     
    • Informative Informative x 1
  19. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    Duh. Need more coffee. Its morning here :p
     
    • Funny Funny x 1
  20. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    11:48 AM
    Holy crap TinyProxy was easy to setup. Already got it going. No more ip leaks :)
     
    • Like Like x 1