Back

SERVER MOVE + HTTPS / SSL

#1
Hi guys

I am finally looking at a new server.

Currently testing out Cloudways.

I need to decide on a location for the server (DigitalOcean data centers), these are the choices offered:
  • London
  • San Francisco
  • Singapore
  • New York
  • Amsterdam
  • Frankfurt
  • Toronto
  • Banglore

Looking at Google Analytics geo location by subcontinent we have roughly: 31% northern america, 21% asia, 30+% europe.

My hunch is to go for a US west coast server, as this is between US and Japan/Asia basically. But really I have no idea about the existing "pipes" and actual network infrastructure.

Let me know what you think. I'm not stuck on Cloudways but they have a free trial, currently testing the San Francisco server.

PS: this is the stack they have: Nginx, Memcached, Varnish, ...

PPS: Server I'm going for is the second choice, so 1 GB RAM. I have no idea how it compares to hostgator as HG doesn't give me any info, but from what I understand the Cloud server actually has a dedicated CPU and memory, unlike HG shared hosting.

PPPS: Cloud could actually be really good for the forum when most requests are reading vs writing posts. However I have no idea how I'd optimize MyBB for that. Any hints welcome. (edit: Oh, there are Varnish rules, no idea how it works)
Edited: 2017-05-01, 11:24 am
Reply
#2
(2017-05-01, 11:12 am)ファブリス Wrote: Hi guys

I am finally looking at a new server.

Currently testing out Cloudways.

I need to decide on a location for the server (DigitalOcean data centers), these are the choices offered:
  • London
  • San Francisco
  • Singapore
  • New York
  • Amsterdam
  • Frankfurt
  • Toronto
  • Banglore

Looking at Google Analytics geo location by subcontinent we have roughly: 31% northern america, 21% asia, 30+% europe.

My hunch is to go for a US west coast server, as this is between US and Japan/Asia basically. But really I have no idea about the existing "pipes" and actual network infrastructure.

Let me know what you think. I'm not stuck on Cloudways but they have a free trial, currently testing the San Francisco server.

If latency mattered, I would put it in New York or London since those cities are connected to transatlantic fiber and it puts you as close as you can get to being on the border of Europe & NA for serving 61% of your traffic.... San Francisco is similar but splits between Asia and NA for 52% of your traffic.

However, I don't think latency matters. Even when people are using the SRS, it's still nothing close to a real-time interaction. San Francisco is fine if you want it there, it's on all kinds of trunk lines with multiple redundancies. It would also be fine to put it on the server closest to you, so that latency issues / regional outages have minimal impact on your administration efforts. Or to put it in whatever city you think is least likely to suffer from natural or man-made disaster for just-in-case.
Reply
#3
You just made me realize.. a close server would in theory mean a much quicker time to download / Upload the database...
Reply
May 15 - 26: Pretty Big Deal: Get 31% OFF Premium & Premium PLUS! CLICK HERE
JapanesePod101
#4
(2017-05-01, 12:00 pm)ファブリス Wrote: You just made me realize.. a close server would in theory mean a much quicker time to download / Upload the database...

It might sometimes, but as a general rule distance only affects latency and not throughput.
There is some increased chance of passing through congested lines the longer your path is, but those trunk lines are so vastly faster than endpoint connections that that's rarely the issue.

Latency (ping-time) is improved though, and if your transfer protocol relies on sequential transactions then it could be improved. A lot of transfers just spam data though and reassemble it at the end, making retransmit requests if anything seems to be missing, which minimizes the impact of individual transaction times.

There's enough factors that it's probably worth testing for that.

I was though originally thinking more about if you ever logged in to manipulate files or settings on the server directly; in cases like that, every button you press (or command you type if on a console) has to wait for a server response. Even on the opposite side of the world that's not likely to exceed 2 seconds, which isn't the end of the world but anything over half a second is noticeably laggy and gets annoying. At least it annoys me, heh.
Reply
#5
Also, don't forget to consider legal matters.
Not that I think it would ever matter: I mean, it's frankly unlikely you'll ever have to face legal issues or go to court because of this site but, as you're currently in Belgium, choosing the EU would be the best bet in your case, if you prefer to be on the safer side (unless your provider's terms of service say you're bound by Californian law nonetheless, or something along those lines).
Just saying...
Reply
#6
It sounds like there isn't much practical difference, so i would go for whatever sounds cooler at parties.
Reply
#7
Thank you guys, very helpful.

It sounds like London would be a good pick then. Latency is indeed annoying when using secure shell (ssh), and I do use it a lot to run mysql queries, and it is a bit laggy from the US.

Regarding files.. I just realized.. I should probably split the live db backup before uploading to new server. I don't think there is a migration for a custom site. I just realized if I don't split the file, and the upload breaks at 1 hour say, I have to do it all over again right? So creating a multi file archive here would be safer. I don't see another option then downloading and uploading. The Kanji Koohii live db archive is 700 ish megabytes with low compression so it's not that bad. (unfortunately high compression causes the server to kill the process taking too much time).
Reply
#8
Can't you use Digital Ocean directly and save some $?
Reply
#9
How much would you save?

Indeed Cloudways's 17$ offering is the DigitalOcean's 10$.. but I'm not too keen on paying 20$ / mon (which will be closer to 23-24 €) for 2GB RAM if the 1GB RAM is sufficient.

Then you have the memcached / varnish / etc. stack. I believe this one is set up by Cloudways. Would have to figure what DO uses. Or do they set up anything ?

And then CW seems to give you the ability to fully backup and move things. In theory I could easily move from one platform to another. Whereas if I set up on DO, I would have to do this myself again.

It looks like digitalocean would let me have root access. That's cool but I'd rather kick myself in the groin than start messing with Ubuntu and packages and have security risks when managing servers is not my area of expertise. Besides for Koohii the SSH shell access is plenty enough.

So hmm. I would say that level of access is not beneficial to me.
Reply
#10
(2017-05-01, 7:15 pm)anotherjohn Wrote: Can't you use Digital Ocean directly and save some $?

Thinking time is free is a massive logical fallacy.
Reply
#11
(2017-05-01, 5:49 pm)fuaburisu Wrote: I just realized if I don't split the file, and the upload breaks at 1 hour say, I have to do it all over again right?
That depends on how you're doing the data transfer. If you use rsync it will only retransfer what it needs to, so restarting an interrupted transfer will pick up where it left off. (It can also handle only copying across the changed parts if the destination already has a copy of an older version of a file.)
Reply
#12
Thanks for all the advice so far!

I never tried rsync, can I use that just like scp? One problem on HostGator was that scp would get killed after some time, so I couldn't even download a database backup via SSH (had to use FileZilla). Could work here, I have to try... maybe HG killed the process because it's a shared server.

Spent 3 hours yesterday, I've got the site running on Cloudways. Then I wanted to run a maintenance program to edit user password, so I use "php something.php --blah" and this throwed an error as the script couldn't write to a log file. Found the log file has as owner the "application level" owner instead of the master credential. But since I am ssh as the "master" owner (server, instead of application), php run via command line is not the same owner as the "application level" owner (there is a ssh un/pw for each application, on top of the master one).

This is annoying on HG I could do chmod but Cloudways doesn't. My hunch is I'll get around by using their "application level" ssh, then I will be the owner. It's annoying when I want to run some php scripts but I can live with that.
Reply
#13
rsync uses ssh for its data transfer by default, so if ssh to the destination works then rsync local-file user@remote-host:remote-file should work (or you can run it on the destination host and use rsync user@source-host:file-there file-here). It can also sync an entire directory tree if given the right options (but watch out for one of its UI gotchas here where copying 'dir' and 'dir/' have different meaning: one copies the dir and its contents and the other just its contents). Options available for being verbose, maintaining file permissions and ownership, dry-run, etc.
Reply
#14
Ahh thanks!

I'll probably sign up for the London or New York server tomorrow as I don't want to spend more time on trial.
Reply
#15
Quote:Fabrice posted:

I realized since I need to map the domain (koohii.com) to a new server... I have no choice but to transfer the main site AND forum at the same time.


The DNS records for kanji.koohii.com and forum.koohii.com can point to different IP addresses, so you don't have to move both sites at the same time.
Reply
#16
I'm not paying for two servers Smile
Reply
#17
It's fine, I'll move everything in http. And I'll do https next so i can break it down in smaller steps. Main site needs to move quicker, if forum is read only a cpl days its not great but not end of the world. We'll see.
Reply
#18
Creating a new account now on Cloudways.

I realized Vultr has the same 1 GB RAM, 1 Core for 11 $ / mo. It's cheaper than DigitalOcean.

AND if we need upgrade later.. Vultr's next plan is 23 $ / mo with 2 GB RAM, 1 Core; wheras upgrading from DigitalOcean's 17 $ goes straight to 34 $ / mo which is over my budget.

Also looking at server stats Koohii is nowhere near 1 TB. I'm seeing just under 10 GB for the forum (monthly), likewise for Kanji Koohii. Koohii sites don't host any media like large images, videos, etc. So unlikely to hit 1 TB anytime soon.

So all in all it seems Vultr's base offer is cheaper, and more flexible if I ever want to upgrade.
Reply
#19
Hi guys, I don't know much about computers and these kind of things so pardon my ignorance, I noticed that Google Chrome is not signaling kanji koohii as secure anymore so I just wanted to come here and ask, is this normal? I just had a huge infection of my system and had to factory reset it, so now I'm paranoid and worryied, as not only kanj koohii site is not appearing as secure anymore, but other websites too, thankfully the big names such as google.com and gmail are still showing as secure for me.
Reply
#20
(2017-05-04, 10:25 am)Iuri_ Wrote: Hi guys, I don't know much about computers and these kind of things so pardon my ignorance, I noticed that Google Chrome is not signaling kanji koohii as secure anymore so I just wanted to come here and ask, is this normal? I just had a huge infection of my system and had to factory reset it, so now I'm paranoid and worryied, as not only kanj koohii site is not appearing as secure anymore, but other websites too, thankfully the big names such as google.com and gmail are still showing as secure for me.
That indicates whether or not your connection to the website is encrypted or not. Mostly it doesn't matter when posting to a public forum, because what you're doing is going to be public anyway so it doesn't matter if it can be seen.

Unfortunately, the login page is also not encrypted. This could allow your login credentials for the site to be seen by an unscrupulous network admin or a hacker that has compromised a router. If you use the same password in other places, that could become a bigger problem, and also if you stored any sensitive information on this site (in PMs or the like) those could be accessed.

The connection being open instead of secure doesn't give access directly to your computer however.

The rest I'm not bothered by, but it is disconcerting that the login is not secure.

You can protect your account by logging out and then resetting your password - then your new password will have never been transmitted over the unsecure connection (well, until you use it). Doing that every time until secure connections are restored is gonna be a pain, but is probably a good idea. (Not that I think anyone is targeting koohii passwords, but y'know, just for caution's sake.)

Oh, also if you are 'remembered' and haven't typed your password in since the login page became unsecure, your password can't have been spied on so you don't really need to worry about it, just don't log out and in again until the login page is secure again.
Edited: 2017-05-04, 6:29 pm
Reply
#21
(2017-05-04, 10:25 am)Iuri_ Wrote: Hi guys, I don't know much about computers and these kind of things so pardon my ignorance, I noticed that Google Chrome is not signaling kanji koohii as secure anymore so I just wanted to come here and ask, is this normal? I just had a huge infection of my system and had to factory reset it, so now I'm paranoid and worryied, as not only kanj koohii site is not appearing as secure anymore, but other websites too, thankfully the big names such as google.com and gmail are still showing as secure for me.

That "secure" in Chrome means that your communication with a site is encrypted. It says nothing about whether you will get infected or not, by visiting that site.

If you want to avoid any problems when visiting sites that don't appear as "secure", it's easy: don't re-use passwords. That's all you have to do. If you don't re-use passwords, and a hacker sniffs your unecrypted password to Koohii (when you long in to Koohii over a public wi-fi, for instance), it doesn't matter. They have no use for it. Worst thing they can do is log into your Koohii account. Which they won't, because there's no money in it.

The reason why people get hacked isn't because they visit sites that don't encrypt traffic. It's because they have the same username and password for their personal email (that's linked to their bank account), as they have for a bunch of other sites. Hackers steal the password from one site, and then use it to gain access to everything else.
Reply
#22
Stansfield's answer is to the point. Thank you.

Koohii FORUM's login page has NEVER been on an encrypted connection aka "https". So nothing changed there. WHat changed is Google decided to use its weight and influence to force https on all website owners by demoting non https sites in search rankings, and at the same time making everyone believe that https (the "little green lock") is secure. I actually just saw a Google ad for that in my town at a bus stop... crazy. It certainly is more secure, but is also misleading. Because https won't protect you *at all* from being infected with malware and the like. It will just make it less likely for someone on a public network to see your credentials.

If your system is infected by malware or things like that it is both using sensible passwords as per Stansfield's recommendation, and also understanding when not to open email attachements, or trust shady links in phishing emails and the like. Koohii has nothing to do with that.

These days malware comes mainly through installs on shady sites, email attachments and 0 day vulnerabilities.

HTTPS aka "encrypted connection" is coming soon.
Reply
#23
Thanks for clearing up everything to me guys, I decided to change my account's password just in case(one I won't use anywhere else).
Reply
#24
Ugh I'm tempted to go back to a shared hosting solution as Cloudways put so many limitations to the SSH.

A simple php maintenance script fails when I log with the master SSH, because some folder was created with ownership set as the "application" , instead of the master user. But when I SSH as master and run php from command line, php is in the context where master is the owner, but somehow is not allowed to write to a file created by a different owner which technically is a "child".

Which means to be able to write to the log file created with the "application" level owner, I have to use a "application level" SSH which is supposed to be a feature to allow team members to work on just one application without giving them access to all the server applications. Cool, but it's supposed to be a feature, but instead I am forced to use it, with more limitations, instead of the master credential.

PS: oh yeah I wasn't clear >>> because I am not allowed to chmod even with the master SSH !!! (not that it would help much here since on top of that you're not in the correct group / owner).

They also force one database per application. So you cna have more dbs by creating more dummy apps. Fine. But then your database username and database name are the same, and they are FIXED to random gibberish like "uzhzbxid" (not a joke).

PPS: oh, and they don't have builtin emails also which means more work for me setting up a third party just to send emails. And a free smtp one via gmail would have a limit of ~500 emails a day and who knows how many of these get sent if forum users subscribe to many threads and the like.


Spent 10+ hours on this already and I feel like I'm going to waste my time.

Any recommendations for a good shared hosting with SSH and Let's Encrypt ?
Edited: 2017-05-06, 9:53 am
Reply
#25
Comparing to HostGator what I see is on HG my main account was the owner of ALL the files in all the "apps". I would also see ALL the databases when I do "SHOW DATABASES" in MySQL.. Stupid Cloudways let me believe i have only one db , if I am loggedi n as one of the applications, because Iam not "owner" of the other ones I guess.

Sounds like they are good for ready made packages like wordpress but for a custom app it's a pain in the ass.
Reply