@IRJ said in Massive speed increase when switching WordPress from apache to nginx: I really wanted to do everything server side and be as lean as possible. I wanted zero plugins related to performance on my WP site. Lean WP, that's an oxymoron if anything I've heard before that some sites are slower with cloudflare CDN compared to going straight to the site. Are you using http/2 as well? Most likely in this case, the switch to nginx from apache itself didn't make anything noticeably faster but the caching and compression did.

We got it. Had to open the Nginx logs and noticed too many "posts" in the error log. Dug in and it was three ranges overseas all hitting with a "post timeout attack." It was a light DDoS where sessions were being opened and held causing nginx to wait on a timeout. This caused Apache to just increment forever. Once we blocked those ranges, the Apache thread count started to drop for the first time, and memory started to release. And the continuous flood of nginx error logs ceased. If you are looking at nginx error logs, this is what you look for: upstream timed out (110: Connection timed out) while reading response header from upstream, client: You can use this command to collect the offending IP addresses: grep "upstream timed out" error.log | cut -d' ' -f20 Then use your firewall to shut them down. We are all good now! Woot.

Well let's talk about fedora and updating killing a laptop lol....

@Dashrender said in Fedora 30 LAMP Web Server Varnish Cache Broken After Update: @scottalanmiller said in Fedora 30 LAMP Web Server Varnish Cache Broken After Update: @Obsolesce said in Fedora 30 LAMP Web Server Varnish Cache Broken After Update: Wow so they just decide to up and change ports? And I thought Windows updates were bad... They accidentally hard coded to the default. did you report it? Unlikely.

FLAMP >

@JaredBusch said in WordPress admin page redirecting to IP: Is the site URL correct in the settings Been there many times

@scottalanmiller said in NGINX vs Apache: @wrx7m said in NGINX vs Apache: Does Apache have a paid version? I know that nginx reverse proxy is free, but the web server (at least used to be) a paid product. Apache is totally free. Nginx is free for all normal purposes, it is advanced features that I've never even thought of wanting that are paid. Ahh. Ok. I misconstrued those features as being the entire product.

@dafyre said in Fedora 29 Apache HTTPD Keeps Adding ssl.conf: Have you tried creating a blank ssl.conf file and then chmod +i ssl.conf ? I've not, but that's such a hockie way of doing it, I was hoping not to.

@coliver said in CentOS7 Server Apache Disable old TLS for higher versions: @jaredbusch said in CentOS7 Server Apache Disable old TLS for higher versions: @coliver said in CentOS7 Server Apache Disable old TLS for higher versions: @DustinB3403 I really like this site for information on securing various web servers. https://cipherli.st/ I just implemented their Nginx setting but getting back that TLSv1 was accepted? https://www.ssllabs.com/ssltest/analyze.html?d=naggaroth.daerma.com First line should read TLS1.2 if you don't have a version of Nginx that supports 1.3. Correct. That is the only change I made to their config. I even reran dhparam

@scottalanmiller Yeah both of my webservers use mariadb for example

@jaredbusch said in Fedora Update Breaks httpd: So, if you followed the original instructions, you can use this to fix it. sed -i "s/access\.log/httpd\/access_log/" /etc/httpd/conf.d/bookstack.conf Then start apache. systemctl start httpd As always, thanks @JaredBusch that fixed it for me as well.

@jaredbusch said in Apache Struts - Critical Security Flaw: Was the Eqifax breech because of the march strus flaw or a more recent one? Just making sure the actual facts are known. The one from March.

@zachary715 said in Certbot Apache plugin broken in Fedora 26: @scottalanmiller said in Certbot Apache plugin broken in Fedora 26: I ran into this issue, forgot about this thread, went through LetsEncrypt's threads and their solution for this problem led me... here! Very nice. Just did the exact same thing. Let'sEncrypt forum had the link which led me here right about the time @JaredBusch was responding in my other thread. It has been posted on here more than one time. I should probably find one of those posts and make @scottalanmiller tag it appropriately. Edit: Or too slow..

Thank you, I'll investigate from here.

@aaronstuder said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack: @scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack: Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least. That's unfortunate I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing? It just means that an SSL layer has to be in front of it. Nginx is used on most platforms to handle SSL.

@scottalanmiller How are you liking Salt Stack?

Did you use my instructions for Zimbra with Apache on CentOS? https://mangolassi.it/topic/8344/installing-zimbra-email-8-6-on-centos-7

Just as a comparison, here's what it would look like with Ansible: name: Recursively own html files file: path: /var/www/html owner: apache group: apache state: directory recurse: yes

Location matters very little. I would stick to the standards.

I might put this on my project list one of these days.

@scottalanmiller Also, using just using the root domain name for the conf file name is potentially confusing depending on how much you are hosting. Even for my gaming website, I have a bunch of sub domains setup. www.daerma.com.conf goes to the root and www. oc.daerma.com.conf is owncloud obelisk.daerma.com.conf is my nodeBB forum That does not even get into what do you do about the ones that you have multiple TLD names for such as .it, .com, .org, etc.

@scottalanmiller said in Installing a Basic LAMP Stack on CentOS 7: @NashBrydges said in Installing a Basic LAMP Stack on CentOS 7: @scottalanmiller I haven't yet. About to give it a try. Stuck to legacy since that was what I was reading everywhere. Where is everywhere? Technet says to not use legacy. https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-centos-and-red-hat-enterprise-linux-virtual-machines-on-hyper-v Legacy is a fallback driver that you never want to use, it's low performance and high overhead. If you needed that for CentOS, it would make Hyper-V a silly, non-production ready platform. But Hyper-V is a good, solid performer. Not only that, but I install all of my CentOS 7 VM's as Generation 2 when on Hyper-V they work perfectly with default settings for everything except secure boot. Uncheck secure boot. Everything else is 100% default settings.

@scottalanmiller said in Elastix login page gives error HTTP ERROR 500 when login: @dbeato said in Elastix login page gives error HTTP ERROR 500 when login: @denny said in Elastix login page gives error HTTP ERROR 500 when login: systemctl stop firewalld disable selinux find /var/www/html/var/ -type d -exec chmod 755 {} ; find /var/www/html/var/ -type f -exec chmod 755 {} ; Way to necro a post, security and firewall ar of the upmost importance. No system ever needs to be setup open this way.... I think that he was being tongue in cheek. Okay, I didn't get it LOL

Very valid point. Let me invite him here. Thanks @scottalanmiller

Getting lots of eyes on this thread today. Very interesting.