Centminmod help

[p4guru]

hmm looks like zend opcode cache got installed..

try these commands

rm -rf /root/centminmod/php.d/zendopcache.ini
fpmrestart

curious was initial centmin v1.2.3-eva2000.03 installed ? and did you install initially with PHP 5.3.27 default or changed it to 5.5.1 before centmin mod install as per http://centminmod.com/phpfpm.html ?

if that doesn't work try running menu command #5 and downgrade to PHP 5.4.17 and then #7, #10 and #15 to reinstall apc, memcached and ImagicK and see if it's PHP 5.5 related on your end.

only other difference from my config is mine is xenforo only with PHP 5.5, no idea if your portal add on supports PHP 5.5 or even PHP 5.4 ? if you disable portal addon does it work ?

 

[p4guru]

Only other thing i can think of is to rule out your existing data and setup a 2nd dummy xenforo install on a proper domain dns pointing to centmin mod ip address.

i.e. create new vhost, test.quantnet.com and install a 2nd test xenforo install without any add ons and see if it works without ssl/https and plain https

 

[Andy.N]

hmm looks like zend opcode cache got installed..

try these commands

rm -rf /root/centminmod/php.d/zendopcache.ini
fpmrestart

curious was initial centmin v1.2.3-eva2000.03 installed ? and did you install initially with PHP 5.3.27 default or changed it to 5.5.1 before centmin mod install as per http://centminmod.com/phpfpm.html ?

if that doesn't work try running menu command #5 and download to PHP 5.4.17 and then #7, #10 and #15 to reinstall apc, memcached and ImagicK and see if it's PHP 5.5 related on your end.

only other difference from my config is mine is xenforo only with PHP 5.5, no idea if your portal add on supports PHP 5.5 or even PHP 5.4 ? if you disable portal addon does it work ?

Removed that opcache, restart fpm. same problem still.

I did install with 5.3.27 and changed it to 5.5.1 as the link
I'm going to downgrade it to 5.4 and see if it works.

If not, I will wipe the server and redo it to see if it helps.

 

[Andy.N]

Only other thing i can think of is to rule out your existing data and setup a 2nd dummy xenforo install on a proper domain dns pointing to centmin mod ip address.

i.e. create new vhost, test.quantnet.com and install a 2nd test xenforo install without any add ons and see if it works without ssl/https and plain https

I don't know if what I use as server_name on virtual.conf is the problem.

I only have one domain so i used ns1.quantnet.com
I think it may be the problem since I tried to ping ns1.quantnet.com and it resulted in unknown host.

 

[p4guru]

change ns1.quantnet.com in virtual.conf to something like nhost.quantnet.net then update dns with web host or registrar and create a new A record for nhost.quannet.com pointing to new centmin mod ip address and same for test.quantnet.com A record point to centmin mod ip address

 

[Andy.N]

Excellent idea. I will get to it. It will ensure all DNS is right.
Thanks a lot for helping me out.

 

[Andy.N]

change ns1.quantnet.com in virtual.conf to something like nhost.quantnet.net then update dns with web host or registrar and create a new A record for nhost.quannet.com pointing to new centmin mod ip address and same for test.quantnet.com A record point to centmin mod ip address

I'm running out of ideas.

I created an A record on my registrar pma.quantnet.com pointing to the new IP
I changed virtual.conf to pma.quantnet.com

I also created a new vhost cn.quantnet.com and have that A record cn pointing to that IP
this vhost contains a pretty much vanilla xf 1.2 installation

going to cn.quantnet.com will now time out just like before. here are the error

2013/07/24 21:04:51 [error] 17469#0: *9 upstream timed out (110: Connection timed out) while reading response header from upstream,
client: 209.150.45.88, server: cn.quantnet.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host:
"cn.quantnet.com"

going to pma.quantnet.com will point to the nginx test page.

 

[p4guru]

you still using PHP 5.5 with cn.quantnet.com ?

what does output of these 5 commands give ?

netstat -plant
ps ax | grep php-fpm | grep -v grep
php -v
fpmrestart
mysqladmin -u root -p ver

mysqladmin will prompt for mysql root password if not set just hit enter

pma.quantnet.com looks correct to me.

 

[Andy.N]

you still using PHP 5.5 with cn.quantnet.com ?

PHP 5.5.1 as I have not downgraded it yet. I have disabled all the addons via config.php
I have mariaDB installed but disabled because this server is web-only. They are connecting to a db on another server.

netstat -plant

Output

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:11211             0.0.0.0:*                   LISTEN      5854/memcached
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      19625/nginx
tcp        0      0 0.0.0.0:53                  0.0.0.0:*                   LISTEN      20960/nsd
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2634/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      944/master
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      19625/nginx
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      17077/php-fpm
tcp        0      0 192.237.163.162:80          1.202.218.70:28057          ESTABLISHED 19626/nginx
tcp        0      0 127.0.0.1:46846             127.0.0.1:9000              ESTABLISHED 19626/nginx
tcp        0      1 10.208.131.88:53877         10.178.129.112:3306         SYN_SENT    17077/php-fpm
tcp        8      0 127.0.0.1:9000              127.0.0.1:46846             ESTABLISHED 17077/php-fpm
tcp        0     48 192.237.163.162:22          209.150.45.88:53890         ESTABLISHED 17082/sshd
tcp        0      0 192.237.163.162:80          1.202.218.119:27467         TIME_WAIT   -
tcp        0      0 :::53                       :::*                        LISTEN      20960/nsd
tcp        0      0 :::22                       :::*                        LISTEN      2634/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      944/master

ps ax | grep php-fpm | grep -v grep

output

17474 ?        Ss     0:00 php-fpm: master process (/usr/local/etc/php-fpm.conf)
17561 ?        S      0:00 php-fpm: pool www
17567 ?        S      0:00 php-fpm: pool www

php -v

output

PHP 5.5.1 (cli) (built: Jul 24 2013 17:56:47)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies

fpmrestart

output

Gracefully shutting down php-fpm .......... done
Starting php-fpm  done

mysqladmin -u root -p ver

output

Enter password:
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)'
Check that mysqld is running and that the socket: '/var/lib/mysql/mysql.sock' exists!

 

[p4guru]

hmm looks like php-fpm might be timing out trying to connect to mysql server???

Make sure mysql username and password set in xenforo config.php are correct for what you setup in Centmin Mod

you can check by trying to connect via command line

mysql -u mysqlusername -p databasename

when prompted enter mysqlusername's password which you set in xenforo config.php

do you get into MariaDB[databasename]> command prompt ? (to exit type exit)

or do you get Access denied message ?

You need to create mysql database on new server, import backup data and then assign mysql username and password to the database.

edit: close look at netstats, looks like mysql server isn't running ? no line for mysqld on 3306 port from output

try

service mysql restart

or

mysqlrestart

edit: doh you have mysql on another server ... simple problem then

• CSF firewall http://centminmod.com/csf_firewall.html probably blocked the connection. So might need to allow remote server ip address within CSF's whitelist and add port 3306 to /etc/csf/csf.conf TCP_OUT line and restart CSF firewall via csf -r command AND/OR
• Have you setup appropriate mysql username grant permissions for web server ip to connect to remote server's MySQL instance ? Check with

mysql -h remotehostname -u mysqlusername -p databasename

Alot simplier if I knew you split mysql to a 2nd server

 

[Andy.N]

edit: doh you have mysql on another server ... simple problem then

• CSF firewall http://centminmod.com/csf_firewall.html probably blocked the connection. So might need to allow remote server ip address within CSF's whitelist and add port 3306 to /etc/csf/csf.conf TCP_OUT line and restart CSF firewall via csf -r command AND/OR
• Have you setup appropriate mysql username grant permissions for web server ip to connect to remote server's MySQL instance ? Check with

mysql -h remotehostname -u mysqlusername -p databasename

Alot simplier if I knew you split mysql to a 2nd server

Yes, life would be much better if you realized that much ealier and I realize of this last piece earlier
I spent the last half day trying to figure it out, sending support ticket to the host, etc.
And then realized that it may have to do with the iptables. Then I turn off both iptables on the web server and the db.
Then, boom, it works.

Then wanting to tell you about the progress, I came back to this thread and notice that you made a post and add this all important piece.

Now, after adding the ip of the remote db server to the allow list as well as the 3306 port and restart the csf, it still works.

When I restart the iptables on the db server, it stops working so I have to figure out that issue. As far as I know, iptables on the db server is empty (it does not block any ip).

Now, I have to figure out how to get the main site working.

Thanks again for all your help. I wouldn't get to this stage without your continued help.

 

[p4guru]

CSF firewall is just a wrapper and interface to iptables - just alot easier to use than iptables. So should work with iptables enabled on Centmin Mod side.

DB side just whitelist your web server ip address.

Yeah was curious why Centmin Mod didn't work for you when it works flawlessly for me for many servers - so glad to get to the bottom of it

edit: oh tip use centmin.sh menu option 16 to change sshd port from default 22 for more security

 

[TPerry]

king so I have to figure out that issue. As far as I know, iptables on the db server is empty (it does not block any ip).

I do VERY little centOS, but for this, issue an iptables -L at the command prompt and make sure that port 3306 is allowed to have traffic.
You should see something like

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mysql state NEW,ESTABLISHED

 

[p4guru]

Yeah on db server 3306 port needs to be allowed in iptables as well.

 

[Andy.N]

Yeah on db server 3306 port needs to be allowed in iptables as well.

The centmin tutorial is geared towards people who use the same server for DB so it's a good idea to add more info for people who has DB on another server.

 

[p4guru]

The centmin tutorial is geared towards people who use the same server for DB so it's a good idea to add more info for people who has DB on another server.

Guess it depends on end user's level of expertise. As it's common knowledge if you have a remote MySQL server, that you need to ensure firewall on both ends are configured correctly

 

[Andy.N]

Guess it depends on end user's level of expertise. As it's common knowledge if you have a remote MySQL server, that you need to ensure firewall on both ends are configured correctly

True. I guess I learn this lesson myself as I had this task handled for my by other people in the past.

 

[TPerry]

True. I guess I learn this lesson myself as I had this task handled for my by other people in the past.

There isn't anything wrong with that...it allows you to know whether someone is jacking you around if you ever go to another managed host. You will be less likely to believe some of the drivel that some will feed you - and if they begin to understand you know what you are talking about you usually get a better response.

 

[Andy.N]

CSF firewall http://centminmod.com/csf_firewall.html probably blocked the connection. So might need to allow remote server ip address within CSF's whitelist and add port 3306 to /etc/csf/csf.conf TCP_OUT line and restart CSF firewall via csf -r command AND/OR

This is also the cause of some problem I just discovered.
I use Amazon SES for my SMTP mailing on the site and I got lot of timed out error on ACP. After some googling and this was the cause. I need to add the port 465 to the TCP_OUT list.

Thanks again. It would be impossible without your help.
I got a new SSL cert and got it installed this morning. The main site is humming alone and it has been live after I made the dns change.

 

[p4guru]

You're welcome...