- Web root
- Log folders
- Gaining root
Changing the Firewall¶
Log into the my UK fast panel and got to
Firewalls -> Dedicated Firewalls and then select the necessary fire wall for the server.
Opening a port¶
To open a port fist you will need to create a new
Port Group under the tab with the same name.
You should give this a clear name and leave a note of what the group is for, it will make it easier to change later.
Now in the
Access List tab add a new rule depending which way you want to open. Even if there is only one server it is sensible to add the source as the server groups should the expand in the future.
High Availability Cluster¶
UKFast offer a high availability cluster. This means that the web server and database can run on 1 of 2 servers (but not both at the same time). If one of the servers goes down then all the running services will be migrated to the remaining running server.
This is what manages the file system for the cluster.
You don't need to understand this. Just be aware that that's what they're talking about if you call support.
This is the first command you’ll want to run (as root) on the server. This will give you the current status of all the cluster nodes and services.
[root@*-WEBDB-01 shell]# clustat ... Member Name ID Status ------ ---- ---- ------ *-WEBDB-01 1 Online, Local, rgmanager *-WEBDB-02 2 Online, rgmanager Service Name Owner (Last) State ------- ---- ----- ------ ----- service:mysql *-WEBDB-02 started service:web *-WEBDB-01 started
UKFast have 2 sets of IP addresses for each server in the cluster. You need to contact UKFast to find out which one you should use when managing services.
When stopping the web service ensure you're not in the web users home folder. This needs to be
unmounted when the service is stopped and will cause the server to fail if you're in there
Relocate service. This will move the service to the other running node.
clusvcadm -r <service name>
Enable service. This is how you manually start services.
clusvcadm -e <service name>
Disable service. This is how you manually stop services.
clusvcadm -d <service name>
If you receive email from UKfast, that you have this and this time until server launch, and you want to customize some settings, here is what you should do.
- Boot size 1GB is too much. 512MB is suggest by engineer. (Contact)
- We need PHP 7, but there is no such option. (Contact)
- Yes we do want mysql backups to run everyday. (Contact)
- Yes we want updates (Security updates only)
- Created users
- developer-user-name (with sudo rights)
- Domain name, set to domain name
- Set Magento SSL certificate security as "Modern"
- Untick Monitoring boxes, leave only HTTP
Questionaire just lacks some things, for better firewall security, like giving SSH access for certain IPs. Therefore it should be done afterwards. As a base, just leave 80 (http), 443 (https), 53 (domain) open.
Points with (Contact) at the end, means you need to call or email them
Whitelisting Firewall access for development¶
Login to https://my.ukfast.co.uk and proceed with the steps below to whitelist our office IP.
- Click "PRODUCTS AND SERVICES"
- Click Servers
- On the left sidebar click "Firewalls"
- Click Wrench Icon for the firewall you want to configure. It is also called "Edit Access List"
- Click "New UKFast Group"
- Enter Name (Dev Access), Description, and Your Servers
- Go Back to IP Groups
- Create "New Non-UKFast Group"
- Choose type as a "Single IP" and enter our office address
To whitelist Ports click on the "Port Groups" tab
- Click "New Port Group"
- Choose service as "TCP"
- Specify whatever Ports you want to whitelist
Lastly create Access Rule
- Click on "Access List" tab
- Select Action as Permit
- Select source as "Dev Access"
- Destination as "All Servers"
- Ports (your created group)
- Click "Save changes" at the bottom
Server Config Repo¶
First, create the repo, copy all the files in (using --parents to keep folder structure)
cd /root git init --bare serverConfig-BARE git clone serverConfig-BARE serverConfig cd serverConfig cp /etc/varnish/default.conf . --parents cp /etc/nginx/conf.d . --parents cp /etc/my.cnf . --parents git add -A git commit -am 'initial commit'
Then go and replace the actual files with symlinks to the config repo
For example. This needs to be done for each of the files
cd /etc/nginx/conf.d/ rm default.conf -f; ln -s /etc/nginx/conf.d/default.conf;
By default we want to block all ports except 80 and 443.
To do this we create a Port Group with these ports and add an incoming rule to allow access from anywhere to these.
We can also allow access to certain ports only to development IPs.
To do this we create a port group like before with the ports we want to open for admin, i.e. 2020.
We then create an IP group with dev ips and add the access rule from this IP group to the new port group.
Removing a server from load¶
To remove a server from load we can set the weight to 0 in each server group.
PHP Version Changing¶
UKfast support can handle changing the php version or we can do it ourselves by following the UKfast docs.