Messages

1

CentOS 7 Problems / Weird bad gateway error on WordPress.

« on: April 06, 2021, 02:05:36 PM »

The site works fine but sometimes when I try to post a new post or reply to a comment the backend keeps loading until timeout and then the whole backend gives a bad gateway error but the site frontend homepage is working and it also gives a bad gateway error if you select a post, only the homepage keeps working.
I have to reboot the server for everything get back to normal and it happens every 3-4 inputs(posts or comments).
My specs:
2gb ram
3 cores cpu
Centos 7
Nginx and php-fpm 8.
The problem started to happen (I think) after switching from suphp and apache to php-fpm and nginx.

2

Nginx / Please Help me fix my webserver (wordpress, 500 error & 404 error)

« on: March 16, 2021, 03:47:30 PM »

I had a wordpress site that was working on nginx-only with php-fpm80, and I stupidly wanted to install wireguard on the same vps and it bricked my site.
I used this auto script: https://github.com/Nyr/wireguard-install

I'm now getting 500 internal error on homepage and login page, and 404 error on article pages.
I obviously removed wireguard and all iptables rules.
I've tried rebuilding vhosts and webserver, also I've tried rebuilding php-fpm, I've rebooted a million times and deleted cloudflare cache and browser cache.
Here's my nginx conf file:

user nobody;
worker_processes auto;
#worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log crit;
pid                     /var/run/nginx.pid;

events {
   worker_connections  1024;
   use                 epoll;
   multi_accept        on;

}
http {
   sendfile on;
   tcp_nopush on;
   tcp_nodelay on;
   client_header_timeout 3m;
   client_body_timeout 3m;
   client_max_body_size 256m;
   client_header_buffer_size 4k;
   client_body_buffer_size 256k;
   large_client_header_buffers 4 32k;
   send_timeout 3m;
   keepalive_timeout 60 60;
   reset_timedout_connection       on;
   server_names_hash_max_size 1024;
   server_names_hash_bucket_size 1024;
   ignore_invalid_headers on;
   connection_pool_size 256;
   request_pool_size 4k;
   output_buffers 4 32k;
   postpone_output 1460;

   include mime.types;
   default_type application/octet-stream;

   # Compression gzip
   gzip on;
   gzip_vary on;
   gzip_disable "MSIE [1-6]\.";
   gzip_proxied any;
   gzip_min_length 512;
   gzip_comp_level 6;
   gzip_buffers 8 64k;
   gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype;

   # Proxy settings
   proxy_redirect      off;
   proxy_set_header    Host            $host;
   proxy_set_header    X-Real-IP       $remote_addr;
   proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_pass_header   Set-Cookie;
   proxy_connect_timeout   300;
   proxy_send_timeout  300;
   proxy_read_timeout  300;
   proxy_buffers       32 4k;
   proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
   proxy_cache_key "$host$request_uri $cookie_user";
   proxy_temp_path  /var/cache/nginx/temp;
   proxy_ignore_headers Expires Cache-Control;
   proxy_cache_use_stale error timeout invalid_header http_502;
   proxy_cache_valid any 1d;

   open_file_cache_valid 120s;
   open_file_cache_min_uses 2;
   open_file_cache_errors off;
   open_file_cache max=5000 inactive=30s;
   open_log_file_cache max=1024 inactive=30s min_uses=2;

   # SSL Settings
   ssl_session_cache   shared:SSL:10m;
   ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers        "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS";

   # Logs
   log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                      '"$status" $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
   log_format  bytes   '$body_bytes_sent';
   #access_log          /var/log/nginx/access.log main;
   access_log off;

   # Cache bypass
   map $http_cookie $no_cache {
      default 0;
      ~SESS 1;
      ~wordpress_logged_in 1;
   }

   # Include additional configuration
   include /etc/nginx/cloudflare.inc;
   include /etc/nginx/conf.d/*.conf;
}

And here's the content of mydomain.ssl.conf:

server {
   listen ip ssl ;
   server_name domain  www.domain.com;
   root /home/user/public_html;
   index index.php index.html index.htm;
   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {

      add_header Strict-Transport-Security "max-age=31536000";
      add_header X-XSS-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;

      location ~.*\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {         
         expires max;
      }
      
      location ~ [^/]\.php(/|$) {
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         if (!-f $document_root$fastcgi_script_name) {
            return  404;
         }

         fastcgi_pass    unix:/opt/alt/php-fpm74/usr/var/sockets/user.sock;
         fastcgi_index   index.php;
         include         /etc/nginx/fastcgi_params;
      }

   }

   location ~* "/\.(htaccess|htpasswd)$" {deny all;return 404;}

   disable_symlinks if_not_owner from=/home/user/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

server {
   listen ip ssl ;   
   server_name webmail.domain;

   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {
      proxy_pass  http://127.0.0.1:2095;
      include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}

   disable_symlinks if_not_owner from=/home/sexmot/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

server {
   listen ip ssl ;   
   server_name mail.domain;

   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {
      proxy_pass  http://127.0.0.1:2095;
      include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}

   disable_symlinks if_not_owner from=/home/user/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

server {
   listen ip ssl ;   
   server_name cpanel.domain;

   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {
      proxy_pass  https://127.0.0.1:2083;
      include proxy.inc;
   }

   location /pma {
      proxy_pass  https://127.0.0.1:2031;
      include proxy.inc;
   }

   location /roundcube {
      proxy_pass  https://127.0.0.1:2031;
      include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}

   disable_symlinks if_not_owner from=/home/user/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

I changed my ip to "ip" and my domain to "domain" and username to "user" for anonymity reason

3

Varnish / Re: Error 503 service unavailable while ram is free

« on: March 10, 2021, 10:47:44 PM »

Should I make varnich cache files on the disk?
edit: I just read that you can store some files on RAM (css, etc..) and the rest on disk.
can someone explain how to do that on cwp?

4

Varnish / Error 503 service unavailable while ram is free

« on: March 10, 2021, 10:37:34 PM »

CWP is reporting that ram+cache is full while ram is almost at 25% but I'm still facing error 503 on peak visits time.

will this be fixed If I delete varnish?

5

Aplications / Squid proxy not working

« on: March 08, 2021, 11:03:40 PM »

I'm trying to use my vps as a private proxy and in order to do that I installed squid and followed a tutorial to configure it on centos 7, but looks like something is conflicting with cwp.
PS. I don't have a firewall on.

6

PHP Selector / Re: Err_too_many_redirects on WordPress /wp-admin/

« on: March 08, 2021, 04:52:43 PM »

try this htaccess rule:

Code: [Select]

SetEnvIf X-Forwarded-Proto "https" HTTPS=on
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

remove any https redirect before adding,

This fixed the admin panel but now the site is havinixed content because it is served through site.com/wp-content/cache/site.gzip

I turned off gzip compression in nginx.conf and the site is working fine, is there a way to use gzip without this happening?

7

PHP Selector / Err_too_many_redirects on WordPress /wp-admin/

« on: March 07, 2021, 08:11:23 PM »

I used to have a free cwp with apache-only webserver and everything was working perfectly except that its performance was terrible.
So I bought cwp pro to use php-fpm selector but now when I try to login as admin in my WordPress site it shows too many redirects error.
Here's everything I've done:
1.Build php8.0.2 from php-fpm selector and activate it.
2.Edit htaccess on my domain to use that build.
3.change webserver from apache only to Apache+nginx+varnish
4. Rebuild webserver

Homepage and site is working on http and https but on https it's not showing the green padlock on chrome browser.
I've tried removing ssl certificate and reinstall but it didn't work, I've also tried purging cloudflare cache and removing device cookies, I've also turned off force https on cloudflare.

8

Apache / Webserver is down

« on: February 08, 2021, 08:18:30 PM »

Cwp's files were corrupted so I took the daily backup and the sql backup.
I reinstalled centos 7 and installed a fresh cwp and recreated identical user account to copied everything from  the backup to public_html, and imported sql to identical user database pairs
And then I've rebuilt apache and rebooted
And cloudflare is still saying webserver is down, and even temporary url isn't working
Have I missed something during the reinstallation?

9

CentOS 7 Problems / Re: how to switch from mod_php to php-fpm?

« on: October 23, 2020, 05:25:56 PM »

suggested is to use fpm selector or if using switcher only then you need to rebuild php with fpm flag

why does it still says "experimental" on fpm? It's old tech isn't it?

10

CentOS 7 Problems / Re: how to switch from mod_php to php-fpm?

« on: October 23, 2020, 05:19:03 PM »

ok I will try that thanks

11

CentOS 7 Problems / how to switch from mod_php to php-fpm?

« on: October 20, 2020, 04:10:04 PM »

I'm on php 7.4.11 and I think I'm on mod_php because whenever a lot of traffic comes I get 90+ processes, how to switch to php-fpm on free panel?
I'm on vps btw.

12

CentOS 7 Problems / Re: High I/O, 96 processes and mariadb is crashing every few minutes

« on: October 20, 2020, 04:06:59 PM »

thanks buddy

13

CentOS 7 Problems / Re: High I/O, 96 processes and mariadb is crashing every few minutes

« on: October 20, 2020, 01:15:00 PM »

My vps specs are:
1GB memory RAM, 1GB memory swap
2 cores allocated to me from a xeon proccessor
I had half these specs on a shared hosting with the same traffic but nothing ever happened.
Every saod move to vps because it can handle the traffic better than shared but it looks to me that it's the opposite?
Is there any way to optimize my specs with a small WordPress site? It's been virtually down for almost a month

Thanks for your helpful reply, do you know any article/guide on how to optimize it because changing panels isn't a very reasonable option for me because I can't risk more downtime.
Also is it possible to switch from mod_php to php-fpm on free cwp?

14

CentOS 7 Problems / High I/O, 96 processes and mariadb is crashing every few minutes

« on: October 20, 2020, 12:33:40 PM »

My vps specs are:
1GB memory RAM, 1GB memory swap
2 cores allocated to me from a xeon proccessor
I had half these specs on a shared hosting with the same traffic but nothing ever happened.
Every saod move to vps because it can handle the traffic better than shared but it looks to me that it's the opposite?
Is there any way to optimize my specs with a small WordPress site? It's been virtually down for almost a month