Migrate forum off Centmin Mod → Ubuntu 24.04 (DO) + Cloudflare – build, move, harden, document

Jeffin

Jeffin

Well-known member
About the site
  • Domain: christianforumsite.com
  • Host: DigitalOcean droplet, fronted by Cloudflare (Free plan currently)
  • Traffic (last 30 days from Cloudflare): ~10.26M requests, 148 GB served, 1.2M unique visitors, ~19% cached
  • Current stack (old): Centmin Mod on an ageing distro (nginx 1.21.x, PHP 8.0.24, MariaDB 10.4.x, OpenSSL 1.0.2k etc.)
Goal
Build a modern, secure, fast, easy-to-upgrade environment on a fresh DigitalOcean Ubuntu 24.04 LTS droplet, migrate XenForo, harden it, and hand over clear docs so my team can maintain it going forward. No in-place Centmin changes; this is a side-by-side migration.


Scope of work (deliverables)​

1) Provision & base hardening​

  • New DigitalOcean droplet (Premium CPU) in same region.
    • Suggested starting size: 4 vCPU / 8 GB RAM / 160 GB SSD (can right-size after tuning).
  • Create non-root sudo user; SSH keys only, disable password/root logins.
  • Install and configure:
    • nginx, PHP-FPM 8.3 (8.2 only if an add-on blocks), extensions: mbstring, intl, gd or imagick, zip, curl, redis, opcache.
    • MariaDB 10.6+ (or I can opt for DO Managed DB—quote both options).
    • Redis (object cache).
    • certbot, UFW, fail2ban, unattended-upgrades, logrotate.
  • Security baseline: UFW (22 from admin IPs, 80/443 open), fail2ban ssh + nginx auth jails.

2) Web/PHP/DB tuning​

  • nginx vhost for christianforumsite.com (+ www) with pretty URLs, HTTP/2/3, TLS 1.3, sensible security headers; client_max_body_size set to match XF attachments.
  • PHP-FPM pool tuned for RAM (e.g., pm=ondemand, reasonable max_children).
  • Opcache enabled with sane limits.
  • MariaDB tuned for utf8mb4; reasonable innodb_buffer_pool_size (on 8 GB RAM, 2–3 GB), slow query log enabled.

3) Cloudflare (keep zone)​

  • SSL mode Full (strict); origin cert or Let’s Encrypt on the droplet.
  • If on Pro (preferred for forums): enable Managed WAF; add rate-limits:
    • /login & /register: ~20 req / 60 s per IP → block/challenge.
    • /admin.php: challenge by default; allowlist office IPs.
  • Cache rules: bypass for logged-in cookies; cache static (/styles/, /js/, /attachments/*) with long TTL.
  • If staying on Free, implement equivalent basic protection + nginx/fail2ban throttling.

4) Email deliverability​

  • Configure transactional SMTP (SES/SendGrid/Mailgun).
  • SPF/DKIM/DMARC records validated; test from XenForo.

5) Staging, migration & cutover​

  • Set up staging.christianforumsite.com on the new droplet for rehearsal.
  • Copy codebase, data/ and internal_data/ (correct permissions; only these two writable).
  • Dump DB on old → import on new.
  • Update src/config.php (DB creds, Redis, salts).
  • Test: guest + logged-in flows, posting, uploads, image proxy, cron, sitemap, mail.
  • Lower DNS TTL, put old site in maintenance, final rsync & DB dump, switch DNS via Cloudflare, purge cache, monitor.

6) Backups & monitoring (must have)​

  • Nightly DB dump (mysqldump --single-transaction) → gzip → upload to DO Spaces (S3) with 7–14-day retention.
  • Nightly rsync of data/ & internal_data/ to Spaces.
  • Weekly droplet snapshot.
  • External uptime check + Healthchecks for backup jobs.
  • Prove a restore on staging (show steps and a successful login).

7) Documentation & handover​

  • Paths and owners, nginx/PHP/MariaDB/Redis configs, cron jobs, Cloudflare rules, backup locations and restore runbook, and a simple SOP for:
    • Monthly apt security updates,
    • PHP minor upgrades when XF/add-ons support it,
    • XenForo upgrade checklist (staging first, then prod).

8) Optional (quote separately)​

  • Offload attachments to DO Spaces (S3) via XenForo to lift cache % and reduce origin I/O.
  • Elastic/Opensearch setup only if I’m using Enhanced Search (confirm during discovery).


Constraints / notes​

  • Prefer PHP 8.3 if add-ons allow; otherwise launch on 8.2 and note blockers.
  • No Centmin Mod; standard Ubuntu 24.04 packages for maintainability.
  • I’m in Sydney (AEST/AEDT). I’ll provide DO & Cloudflare admin invites and current server SSH access.
  • Maintenance window can be arranged for low-traffic hours.


Please private message​

  • Fixed-price quote (itemised base scope + optional items).
  • ETA and availability window.
  • 2-3 relevant migrations you’ve done (LEMP/PHP 8.x; XenForo or comparable PHP apps).
  • Your approach to backups and rollback, and a sample nginx vhost (redact secrets).
  • Post-cutover hyper-care period (e.g., 7 days) included in price.
Budget expectations: open to fair quotes; looking for quality, solid process, and clean handover.

I am usually free over the weekend, so if I don't reply immediately, I will certainly reply over the weekend. Thanks very much!
 
You'd really want to consider a professionally managed stack for #1's "Install and configure", I personally work with ServerPilot and so far they were very professional and by far more so than any alternative I've tried (no affiliation).
 
I'd like to take the job but i wouldn't do it on a fixed price basis due to how many variables you have in there.
I have 10 years of experience being the server admin for a dozen sites, both small and medium sized, and charge a minimum of 70$ USD/hr and i expect this to be a 10 hour job approximately. I'm betting this is above your cost expectations though.

But let me give you some advice for free:

Digital Ocean does not throttle their disks among their individual cloud customers. For this reason, your website will randomly stutter. This stutter can periodically take your site down when doing disk heavy operations like backups or cron jobs. If you run monitoring every minute, you should notice this already.

I would avoid DO for production websites and instead chose vultr, aws, or hetzner.

Nginx-fpm is 20% slower than PHP running in apache with mod_php. I wouldn't insist on nginx unless you have some specific reason that you need it. Nginx is only faster at serving static files, but that additional speed only comes into play when you have a much larger volume of traffic than you currently have.

Good luck!
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom