The unforeseen happened, the creators of the most popular Linux for making websites sent them all to hell and they did it some time ago, it’s just now that I felt it myself when I wanted to update something and neither repositories work. The problem with CentOS was its brotherhood with Red Hat – commercial Linux, they pulled the code from the community (returning to CentOS), but at some point vendors said “fuck everyone”, that was the end of CentOS. And another thing – Hetzner prices go up 10% from September for new customers, but for old ones only from 1 January… Everything, everything, everything is pro to migrate now, and there is only one Ubuntu option left!!!
It is not my first migration, of course, and in Hetzner is the second, here is the first described Installing http2 site on cloude(VPS) hosting HETZNER in Germany! I won’t write in detail about how to create a VPS there, I created a VPS just the same and migrated everything in one day!
Ubuntu in Hetzner its brand new 22.04.1.
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-46-generic x86_64)
They send me a password to the email and I enter the VPS with ssh
A common practice when root does not connect directly via ssh is to log in as a user and give it super rights.
useradd user1
passwd user1
we give this user the right to log in via ssh
vi /etc/ssh/sshd_config
add a line
AllowUsers user1
and forbid going as root, find this line and change it
PermitRootLogin no
restart ssh
service sshd restart
And now you can only login via ssh as user1
I had quite old versions of PHP and MySQL
PHP 7.4.11 (cli) (built: Sep 29 2020 10:17:06) ( NTS ) MySQL(i) 5.7.31
The version of PHP, and for MySQL i will install the new one, the eighth, with some problems, of course!
Install PHP
The most popular and used version of PHP is not in the standard Ubuntu package repository… well, it has its cockroaches too! So we put it from another place, everyone does it(from some guy)!
sudo apt -y install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt -y install php7.4
sudo apt -y install php7.4-fpm php7.4-mysqlnd php7.4-xml php7.4-gd php7.4-mbstring
I need all these additional modules for the phpBB forum
Start php-fpm
sudo systemctl start php7.4-fpm
Edit config
vi /etc/php/7.4/fpm/pool.d/www.conf
It is quite difficult to understand how to configure php-fpm… you have to feel the load of server and avoid the high load…
user = nginx group = nginx listen = /run/php/php7.4-fpm.sock listen.owner = nginx listen.group = nginx listen.mode = 0660 pm = dynamic pm.max_children = 100 pm.start_servers = 5 pm.min_spare_servers = 1 pm.max_spare_servers = 10 pm.max_requests = 1500
restart
sudo service php7.4-fpm restart
By the way, Ubuntu insists on putting the new version of php, but I remove it and set it to 7.4
PHP 7.4.30 (cli) (built: Aug 1 2022 15:06:35) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.30, Copyright (c), by Zend Technologies
Install MySQL
Al diablo the old version, install 8
sudo apt install mysql-server
Set admin password
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Install Nginx with http2
In Ubuntu http2 is easier to configure than in CentOS. I get the latest version of nginx as instructed www.nginx.com/resources/wiki/start/topics/tutorials/install/
vi /etc/apt/sources.list.d/nginx.list
add
deb https://nginx.org/packages/ubuntu/ jammy nginx deb-src https://nginx.org/packages/ubuntu/ jammy nginx
and install
sudo apt install nginx
jammy is the nickname of Ubuntu version 22
Of course there is some kind of bug with key
If a W: GPG error: https://nginx.org/packages/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY $key is encountered during the NGINX repository update, execute the following:
do
wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
sudo apt update
sudo apt install nginx
finaly
nginx -v
nginx version: nginx/1.22.0
Start nginx and have it start on server boot
sudo systemctl start nginx
sudo systemctl enable nginx
http2 needs OpenSSL version 1.0.2 or higher
openssl version
we have higher
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022
That’s it, then in the nginx configurations you will only need to type one word in two places!
Transfer and start a site in WordPress
On the old host, we archive the entire folder with the site
tar -cvf itc.tar ./itcooky.com
We dump the MySQL database
mysqldump -user root -p wpit > ./wpit.sql
You have to conveniently download it to the new host with wget or scp
Unzip to a folder /usr/local/www/
tar -xvf it.tar.gz
Enter MySQL
mysql -u root -p
We create a user, a database, set a password – I have a name for all wpit
CREATE DATABASE wpit; CREATE USER 'wpit'@'localhost' IDENTIFIED BY 'QWErty123!'; GRANT ALL PRIVILEGES ON wpit.* TO 'wpit'@'localhost'; ALTER USER 'wpit'@'localhost' IDENTIFIED WITH mysql_native_password BY 'QWErty123!'; exit
We fill the base
mysql -u root -p wpit < wpit.sql
In ./wp-config.php we write a new database password if it is new
Create a configuration for this site
vi /etc/nginx/conf.d/it.conf
Code
server {
listen 80;
listen [::]:80;
server_name www.itcooky.com itcooky.com;
resolver 8.8.8.8;
access_log off;
root /usr/local/www/itcooky.com;
location / {
index index.php;
}
error_page 404 /404.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. ~.yandex. itcooky.com *.itcooky.com;
if ($invalid_referer) {
return 403;
}
}
location ~ /\.ht {
deny all;
}
}
Here you have to write in fastcgi_pass what we write in the php-fpm configuration
And here it is without ssl without http2, too soon yet
Reload nginx
service nginx reload
We change in our DNS registrar the IP4 and IP6 to new ones for this site and wait until they update!
The site appeared on http, but on https it gives an error, everything is correct, you need to update the Lets Encrypt certificates
We install
sudo apt install certbot python3-certbot-nginx
And we make the certificates
sudo certbot --nginx -d itcooky.com -d www.itcooky.com
The mustache worked and Lets Encrypt entered what was needed in the nginx config for this site, but only at the end, I dragged it to the top!
server {
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
server_name www.itcooky.com itcooky.com;
resolver 8.8.8.8;
ssl_certificate /etc/letsencrypt/live/itcooky.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/itcooky.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log off;
root /usr/local/www/artmundo.ru;
location / {
index index.php;
}
error_page 404 /404.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. ~.yandex. itcooky.com *.itcooky.com;
if ($invalid_referer) {
return 403;
}
}
location ~ /\.ht {
deny all;
}
}
In the listen lines, put http2 and change 80 to 443.
I also add one more config so that everything is pulled from port 80 to 443
server {
if ($host = www.itcooky.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = itcooky.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name itcooky.com www.itcooky.com;
return 301 https://itcooky.com$request_uri;
access_log off;
}
Here, by the way, the sertbot also breaks in and writes its own thing
I restart nginx and see that it works and passes the test on http2!
Transfer of phpBB
The forum turned out to be too big to archive and download, so I downloaded it directly via scp
sudo scp -r root@123.123.123.123:/usr/local/www/itcooky.com/forum ./
- for this I opened the access root through ssh
- everything is downloaded even what is in symbolic links
- after downloading, all you need to do is chow to nginx:nginx
We repeat the steps of creating and filling the MySQL bas, the passqrod goes to ./forum/config.php
I'm trying to visit phpBB but it won't work, error GROUP BY DSC LIMITS
Turns out this is a well known joke, one of my php addons is very old (Anvar update "Images from posts", oh I checked your site and it doesn't exist anymore)
MySQL versions greater than 5.7. they don't like the word GROUP it wants ORDER
There are tips to add in my.cnf
sql_mode = NO_ENGINE_SUBSTITUTIO
MySQL restarted with no effect
Then I changed GROUP to ORDER in those two places where it says the error and it worked! Now it works so well that I can't reproduce the error anymore!
By the way, MySQL itself tells how to fix this problem...
WL#8693: Remove the syntax for GROUP BY ASC and DESC
...so THEY have created that error, THEY explain how to fix it and WE have to do all the work of changing the word because they don't like it anymore!
Installation of Sphinx for effective search in phpBB
It is simple and the same old version 2.2 is installed
sudo apt-get install sphinxsearch
We create and chown'amos the necessary directories.
mkdir {/usr/local/www/sphinx2/,/usr/www/local/sphinx2/log}
chown -R sphinx:sphinx /usr/www/local/sphinx2
We take the configuration of the forum from the administration panel where the search for sphinx is, we put it here /usr/local/www/sphinx2/
And start indexing for the first time
indexer --config /usr/local/www/sphinx2/sphinx2.conf index_phpbb_87ye287ye823ye82_main
indexer --config /usr/local/www/sphinx2/sphinx2.conf index_phpbb_phpbb_87ye287ye823ye82_delta
indexer --rotate --config /usr/local/www/sphinx2/sphinx2.conf index_phpbb_87ye287ye823ye82_delta
that phrase is created by the forum 87ye287ye823ye82
Start
searchd --config /usr/local/www/sphinx2/sphinx2.conf
And it looks like he's listening
netstat -tunlp;
tcp 0 0 127.0.0.1:9313 0.0.0.0:* LISTEN 4961/searchd
To make it start after a reboot, you need to add to
crontab -e
@reboot /usr/bin/sleep 10;/usr/bin/searchd --config /usr/local/www/sphinx2/sphinx2.conf
won't start without sleep, probably too early
En el mismo lugar, añadimos un indexador una vez por la noche, uno grande y uno pequeño cada cinco minutos.
*/5 * * * * indexer --rotate --config /usr/local/www/sphinx2/sphinx2.conf index_phpbb_87ye287ye823ye82_delta >> /usr/local/www/sphinx2/log/indexer.log 2>&1 & 13 3 * * * indexer --rotate --config /usr/local/www/sphinx12/sphinx2.conf index_phpbb_87ye287ye823ye82_main >> /usr/local/www/sphinx2/log/indexer.log 2>&1 &
Everything ready for phpBB
Database backup
We also add to
crontab -e
5 1 * * * /usr/bin/mysqldump -u backupuser -pf34f\%34f34fKGG wpit > /usr/local/www/archive/wpit_dayly.sql
nota aquí que % comentado \% a lo natural % un comando con ese simbolo no funcionara aca
backupuser we create it like this
GRANT SELECT, PROCESS, LOCK TABLES ON *.* TO 'backupuser'@'%' IDENTIFIED BY 'f34f\%34f34fKGG';
before there was no need to add PROCESS
and one more to the cron
35 1 7 * * /bin/cp /usr/local/www/archive/wpit.sql /usr/local/www/archive/wpit.sql
A copy will be saved every 7th of the month until the following 7th
Increase of space in VPS
In Hertzner it's easy, there are Volumes, you can add it at any time and then increase it if necessary
There I throw the folder with the photos, and I put a symbolic link to them. In the folder where there was a folder with images, I run
ln -s /mnt/HC_Volume_123123123/foto1 ./foto1
Leave a Reply