Join the community today
Register Now

Xenforo Xenforo IP bans / problem

Discussion in 'Forum software usage' started by julliuz, Oct 27, 2019.

  1. julliuz

    julliuz New Member

    25
    2
    3
    Dec 20, 2018
    Ratings:
    +5
    Local Time:
    7:26 PM
    1.15
    Hi there

    I have a xenforo setup that has been running for a while on standard latest centmindmod install.

    Runs great, very fast, nothing wrong with it except the following problem I can't wrap my head around:

    It appears that upon uploading too many images or loading too many images at the same time it randomly completely blocks users for 30 minutes (we timed it) during which all they see is a blank screen "this site can't be reached", after the 30minutes are over, everything works normal again for them. I've tried so many options, at one time I was thinking it is our firewall but it even happens to completely whitelisted IP's so it has to be server side.

    Any ideas ?
     
  2. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:26 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    sounds like uploading images via PHP ends up queuing and using up all your available PHP-FPM max children processes - you can inspect your PHP error logs for max children processes reached etc in below instructions and starter threads linked below.

    Your php issues most likely are due to PHP-FPM needing tuning. So best to start read thoroughly the guide at PHP-FPM - How to troubleshoot & optimize PHP-FPM server? :)

    Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    Nginx 502 or 504 Bad Gateway Errors



    Bad gateway 502 /504 timeouts are usually related to Nginx timing out waiting on PHP-FPM to respond as PHP-FPM is overloaded or overwhelmed with requests, so may need to tune PHP-FPM values. It also maybe due to PHP-FPM in turn being queued and backed up waiting on MariaDB MySQL server to respond - so also need to look at MySQL.

    You'll need to tune your PHP-FPM settings with php-fpm main pool config file at /usr/local/etc/php-fpm.conf (overview of config files) and this is left up to end user to do but here's a thread for starters to enable PHP-FPM status page output outlined at
    Enabling PHP-FPM status also allows setting up 3rd party PHP-FPM status metric monitoring from services like:

    Checking PHP-FPM etc logs



    You'll also need to check into your PHP-FPM, Nginx and MariaDB logs which you can find as outlined at How to troubleshoot Centmin Mod initial install issues

    Server logs include Nginx, PHP-FPM, MariaDB MySQL error logs as well as others. You can find your Centmin Mod install/menu logs at FAQ 7 and server logs at FAQ 19 at Centmin Mod FAQ (most up to date info in FAQ so always read that first). Spoiler tag below has info too but may not be up to date.

    Some of Centmin Mod's installed software will have their own access and error logs which maybe useful for diagnosing errors or give info, notes, or warning notices.

    Note: There's no support provided by me for diagnosing such errors which may occur for various reasons including misconfiguration of installed php/mysql scripts or applications.

    In SSH2 telnet you can use tail command to view the last X number of lines in the file.

    For example for viewing last 10 lines in the file for:

    For Nginx access and error logs:
    Code:
      tail -10 /usr/local/nginx/logs/access.log
      tail -10 /usr/local/nginx/logs/error.log
    
    For specific domainname.com access and error log:
    Code:
      tail -10 /home/nginx/domains/domainname.com/log/access.log
      tail -10 /home/nginx/domains/domainname.com/log/error.log
    
    For other system error logs located at /var/log:

    list /var/log files in ascending time order so the most recently modified files are at the bottom
    Code:
      ls -lhrt /var/log
    
    Code:
    total 2.7M
    -rw------- 1 root  root    0 Aug 29 15:33 tallylog
    -rw------- 1 root  root    0 Aug 29 15:33 spooler
    drwx------ 3 root  root 4.0K Aug 29 15:35 samba
    drwxr-xr-x 2 root  root 4.0K Aug 29 15:35 mail
    -rw-r--r-- 1 root  500     0 Oct  8 18:13 dmesg.old
    -rw------- 1 root  500     0 Oct  8 18:13 boot.log
    -rw-r--r-- 1 root  500     0 Oct  8 18:14 dmesg
    drwx------ 2 root  root 4.0K Oct  8 18:14 httpd
    drwxr-xr-x 2 root  root 4.0K Oct  8 19:08 php-fpm
    -rw-rw---- 1 mysql root 2.3K Oct  9 12:38 mysqld.log
    -rw------- 1 root  root 9.2K Oct 26 10:48 yum.log
    -rw------- 1 root  utmp  94K Nov  7 22:59 btmp
    drwxr-xr-x 2 root  root 4.0K Nov  8 00:00 sa
    -rw------- 1 root  root 269K Nov  8 21:39 messages
    -rw------- 1 root  root 110K Nov  8 23:08 secure
    -rw-rw-r-- 1 root  utmp  43K Nov  8 23:08 wtmp
    -rw-r--r-- 1 root  root 144K Nov  8 23:08 lastlog
    -rw------- 1 root  root  69K Nov  8 23:08 lfd.log
    -rw------- 1 root  root 332K Nov  8 23:08 maillog
    -rw------- 1 root  500  1.6M Nov  8 23:10 cron
    
    For PHP-FPM error log:
    Code:
      tail -10 /var/log/php-fpm/www-error.log
    
    and/or
    Code:
      /var/log/php-fpm/www-php.error.log
    
    For MySQL / MariaDB error log:
    Code:
      tail -10 /var/log/mysqld.log
    
    For CSF firewall LFD log:
    Code:
      tail -10 /var/log/lfd.log
    
    For Mail log:
    Code:
      tail -10 /var/log/maillog
    
    For Cron job logs:
    Code:
      tail -10 /var/log/cron
    

    How to edit php.ini and php-fpm configuration files ?



    Centmin Mod install created command short cuts outlined here to allow you to quickly edit your /usr/local/lib/php.ini file and your /usr/local/etc/php-fpm.conf file. Full list of command shortcuts below:
    • Edit php.ini = phpedit ( /usr/local/lib/php.ini )
    • Edit my.cnf = mycnf ( /etc/my.cnf )
    • Edit php-fpm.conf = fpmconf ( /usr/local/etc/php-fpm.conf )
    • Edit nginx.conf = nginxconf ( /usr/local/nginx/conf/nginx.conf )
    • Edit (nginx) virtual.conf = vhostconf - only edits /usr/local/nginx/conf/conf.d/virtual.conf not the additional vhost domain.com.conf files added later
    • Edit (nginx) php.conf = phpinc ( /usr/local/nginx/conf/php.conf )
    • Edit (nginx) drop.conf = dropinc ( /usr/local/nginx/conf/drop.conf )
    • Edit (nginx) staticfiles.conf = statfilesinc ( /usr/local/nginx/conf/staticfiles.conf )
    • nginx stop/start/restart = ngxstop/ngxstart/ngxrestart
    • php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart
    • mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart
    • nginx + php-fpm stop/start/restart = npstop/npstart/nprestart
    • memcached stop/start/restart =memcachedstop/memcachedstart/memcachedrestart
    • csf stop/start/restart = csfstop/csfstart/csfrestart

    Troubleshooting Tools



    However, there's many linux tools and scripts that can help you figure out what was causing the load issues and when.

    Tools and commands you will want to read up on and learn for basic system admin tasks and troubleshooting.
    Notes:
    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:26 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    also who is doing image uploads, regular forum members or staff members ? do the users reside in the same physical location i.e. sharing a local ISP IP network address as they're in the same house/office ? so that Centmin Mod sees more than one user using the same ISP IP address.

    Are you behind Cloudflare ? If you are did you setup real IP address detection in Centmin Mod Nginx ?

    If you use a reverse proxy like Cloudflare, Sucuri, or Incapsula in front of Centmin Mod Nginx, you need to setup nginx realip to be passed onto Nginx.

    See Getting Started Guide step 5 and setting correct real ip via nginx module config at http://centminmod.com/nginx_configure_cloudflare.html. The tools/csfcf.sh cronjob mentioned below helps maintain the whitelisted CSF Firewall IPs, but you still need to setup nginx realip in your nginx vhost.

    If using Centmin Mod 123.09beta01 and newer, there's an added tools/csfcf.sh script to aid in this. Details at:
     
  4. julliuz

    julliuz New Member

    25
    2
    3
    Dec 20, 2018
    Ratings:
    +5
    Local Time:
    7:26 PM
    1.15
    Great tips, I'll dig deeper on those things today and report back.

    Wouldn't running out of php-fpm workers result in everyone not having access ? This is purely the one person that was uploading that loses access for exactly 30minutes (timed).
    The people uploading are just regular people and people with moderator access alike.
     
  5. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:26 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Not running out but being backlogged/queued.

    forgot to answer if you're using cloudflare ???