Skip to content

UKFast

Support Contact

Shared Hosting

Paths

  • Web root
  • Log folders

Config

Control Panel

  • Plesk?

VPS/Dedicated

  • Gaining root

Changing the Firewall

Log into the my UK fast panel and got to Firewalls -> Dedicated Firewalls and then select the necessary fire wall for the server.

Opening a port

To open a port fist you will need to create a new Port Group under the tab with the same name.

You should give this a clear name and leave a note of what the group is for, it will make it easier to change later.

Now in the Access List tab add a new rule depending which way you want to open. Even if there is only one server it is sensible to add the source as the server groups should the expand in the future.

High Availability Cluster

UKFast offer a high availability cluster. This means that the web server and database can run on 1 of 2 servers (but not both at the same time). If one of the servers goes down then all the running services will be migrated to the remaining running server.

DRBD

This is what manages the file system for the cluster.

Phew

You don't need to understand this. Just be aware that that's what they're talking about if you call support.

Service Management

Clustat

This is the first command you’ll want to run (as root) on the server. This will give you the current status of all the cluster nodes and services.

[root@*-WEBDB-01 shell]# clustat

 ...

 Member Name     ID   Status
 ------ ----     ---- ------
 *-WEBDB-01          1 Online, Local, rgmanager
 *-WEBDB-02          2 Online, rgmanager

 Service Name   Owner (Last)   State         
 ------- ----   ----- ------   -----         
 service:mysql  *-WEBDB-02     started       
 service:web    *-WEBDB-01     started 

man docs

Clusvcadm

Warning

UKFast have 2 sets of IP addresses for each server in the cluster. You need to contact UKFast to find out which one you should use when managing services.

Warning

When stopping the web service ensure you're not in the web users home folder. This needs to be unmounted when the service is stopped and will cause the server to fail if you're in there (just cd /).

-r

Relocate service. This will move the service to the other running node.

clusvcadm -r <service name>
-e

Enable service. This is how you manually start services.

clusvcadm -e <service name>
-d

Disable service. This is how you manually stop services.

clusvcadm -d <service name>

man docs

Pre-Launch Questionnaire

If you receive email from UKfast, that you have this and this time until server launch, and you want to customize some settings, here is what you should do.

  • Boot size 1GB is too much. 512MB is suggest by engineer. (Contact)
  • We need PHP 7, but there is no such option. (Contact)
  • Yes we do want mysql backups to run everyday. (Contact)
  • Yes we want updates (Security updates only)
  • Created users
    • client-name
    • developer-user-name (with sudo rights)
  • Domain name, set to domain name
  • Set Magento SSL certificate security as "Modern"
  • Untick Monitoring boxes, leave only HTTP

Firewall configuration

Questionaire just lacks some things, for better firewall security, like giving SSH access for certain IPs. Therefore it should be done afterwards. As a base, just leave 80 (http), 443 (https), 53 (domain) open.

Note

Points with (Contact) at the end, means you need to call or email them

Whitelisting Firewall access for development

Login to https://my.ukfast.co.uk and proceed with the steps below to whitelist our office IP.

  • Click "PRODUCTS AND SERVICES"
  • Click Servers
  • On the left sidebar click "Firewalls"
  • Click Wrench Icon for the firewall you want to configure. It is also called "Edit Access List"
  • Click "New UKFast Group"
  • Enter Name (Dev Access), Description, and Your Servers
  • Go Back to IP Groups
  • Create "New Non-UKFast Group"
  • Choose type as a "Single IP" and enter our office address

To whitelist Ports click on the "Port Groups" tab

  • Click "New Port Group"
  • Choose service as "TCP"
  • Specify whatever Ports you want to whitelist

Lastly create Access Rule

  • Click on "Access List" tab
  • Select Action as Permit
  • Select source as "Dev Access"
  • Destination as "All Servers"
  • Ports (your created group)
  • Click "Save changes" at the bottom

Done!

Server Config Repo

First, create the repo, copy all the files in (using --parents to keep folder structure)

cd /root
git init --bare serverConfig-BARE
git clone serverConfig-BARE serverConfig
cd serverConfig
cp /etc/varnish/default.conf . --parents
cp /etc/nginx/conf.d . --parents
cp /etc/my.cnf . --parents
git add -A
git commit -am 'initial commit'

Then go and replace the actual files with symlinks to the config repo

For example. This needs to be done for each of the files

cd /etc/nginx/conf.d/
rm default.conf -f; ln -s /etc/nginx/conf.d/default.conf;

Firewall config

By default we want to block all ports except 80 and 443.

To do this we create a Port Group with these ports and add an incoming rule to allow access from anywhere to these.

Port Group

Allow Access

We can also allow access to certain ports only to development IPs.

To do this we create a port group like before with the ports we want to open for admin, i.e. 2020.

We then create an IP group with dev ips and add the access rule from this IP group to the new port group.

IP Group

Load Balancer

Removing a server from load

To remove a server from load we can set the weight to 0 in each server group.

Server 2 no load

PHP Version Changing

UKfast support can handle changing the php version or we can do it ourselves by following the UKfast docs.