Moving server this Sunday/Monday 30th July

Status
This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.
Switches things on and off again
Joined 2000
Paid Member
As a continuation of the service upgrades started on earlier this month ( Software Upgrades 10th July), diyaudio.com will be unavailable for up-to several hours from 10PM GMT this Sunday 30th July 2017. During this time we will be moving to a brand new server, and the IP addresses for diyAudio will also be changing.

All the work spent preparing and upgrading software this month will come to fruition as it allows us to shift our whole system to a new, modern server with the latest operating system. It will be HTTPS ready and I have got a full HTTPS-only configuration working well, however moving to HTTPS is not as simple as flicking a switch, there are myriad compromises and incompatibilities to be considered. I expect we will move to HTTPS within the next month.

Our new server has twice as much RAM (64GB), twice as many cores (8) and CPUs (32), enterprise grade SSDs, and an OS capable of making the most of the hardware. As many audiophiles can relate to, specs aren't everything and in our case we have a number of legacy issues courtesy of our aging forum platform and plugins, but I'm doing the best I can to ensure diyAudio is as secure, stable and fast as possible until we can move to XenForo in the next few months.

Prior to the software security upgrades this month, we were averaging 200ms for initial page generation (front page). After the upgrades we experienced about two weeks of 500-600ms while I debugged various issues with the new software modules, and upgraded more of our systems, and now we are back to a consistent and reasonable 250ms. The new server has been set up with an all new configuration, switching a monolithic memory hungry Apache+PHP for a highly optimised NginX + PHP-FPM configuration and preliminary tests look like it will substantially improve page response times. I'm confident when we eventually move to XenForo, the site will be "lightning fast".

There is a publicly viewable status update page here for anyone who'd like to know more about what work has been done, is in progress, and is yet to come: https://status.diyaudio.com. As you can see a lot of work has already been done, and we've made some great leaps forward in terms of our software stack, archiving outdated and EOL plugins, installing newer more secure plugins, configuring a new "best practice" mega-server ready for HTTPS, and auditing our advertising partners. With the move to our new server, we'll finally be free of operating system level hold-backs and ready to move forward with a migration to XenForo in the near future.
 
Last edited:
A lot of work behind the scenes, it is important for those of us who care about
DIYAudio site know what is going on behind the scenes etc. I for one appreciate it.

I'm sure you and other are aware how great and user friendly it is to use this DIYAudio
as opposed to yahoo groups. Yahoo is pretty worthless IMO and even trying to follow
threads etc is virtually impossible.

With all that you are doing do you have plans for the DIYAudio to use some type of
live video steaming/ conferencing type format, that could be use to show amp work
or pre amp trouble shooting live? participants could join and ask questions etc.
live while things transpire?
 
Switches things on and off again
Joined 2000
Paid Member
I believe I've now got the wiki working. If anyone experiences any problems with it please let me know here.

@ Jason

Here's a few good testing www's which can show how good, or not, your HTTPS config is ;)

SSL Server Test (Powered by Qualys SSL Labs)

https://www.httpvshttps.com

Free SSL Web Server Tester - Wormly

Plus, check out the highly recommened & FREE cert www too :) If you havn't already

Let's Encrypt - Free SSL/TLS Certificates

All the best with Everything

Thanks. Yes, I'm familiar with most of these. I already have our Let's Encrypt certificates set up on the new server (the old server was too old to run LE, and even the new one had some issues - LE has a LOT of dependencies and is quite fickle). The Qualys test is the gold standard, and I used it a lot of the last week to ensure we got an "A+".

One of my best friends runs Wormly. We've been using Wormly for years to keep track of server load and downtime. Great to see you mention it! We've also now started using New Relic to provide a finer grained analysis of what's going on in the server and it's been wonderful.

So far the new server configuration looks like it's working very well. Initial page creation time is now down to about 60-70ms on the new server with NginX+PHP-FPM. As a comparison we were looking at 300ms prior to the move from the old server, and 600ms prior to upgrading to PHP7. It went something like this:

  • Last few years: 150-200ms
  • After upgrading our forum software and plugins to more stable, secure (and slower) versions: 500-600ms
  • After upgrading from PHP5 to PHP7 (Monolithic Apache+PHP): 300ms
  • After upgrading to the new server, and switching to NginX+PHP-FPM: 60-70ms

That's just the initial page creation time. I am working now to ensure that all javascript and advertising is loaded asynchronously (in the background, not affected page rendering speed), and improving CDN configurations.

A lot of work behind the scenes, it is important for those of us who care about
DIYAudio site know what is going on behind the scenes etc. I for one appreciate it.

I'm sure you and other are aware how great and user friendly it is to use this DIYAudio
as opposed to yahoo groups. Yahoo is pretty worthless IMO and even trying to follow
threads etc is virtually impossible.

With all that you are doing do you have plans for the DIYAudio to use some type of
live video steaming/ conferencing type format, that could be use to show amp work
or pre amp trouble shooting live? participants could join and ask questions etc.
live while things transpire?

This could be a great idea...

Hi Jason, please confirm if Tapatalk plugin will be enabled soon after the upgrade

Yes, it will.
 
 

Jason said:
It will be HTTPS ready and I have got a full HTTPS-only configuration working well, however moving to HTTPS is not as simple as flicking a switch, there are myriad compromises and incompatibilities to be considered. I expect we will move to HTTPS within the next month.
Thank you Jason..... May I ask you please dont FORCE https??

Some of us wont be able to directly get here if you do and really there is NOTHING ON THIS SITE requiring SSL.... (No sensitive data here)

www.cellar.org (Also VBB) has HTTPS but they do not block HTTP sessions which is nice...


SSL is mainly for banking sites :)


Thank you for your hard work!!
 
Some of us wont be able to directly get here if you do
May I ask what would prevent anyone from getting to this site if https were required? HTTPS has been built into every browser for years, doesn't cost anything, and requires no configuration from the user. So what is the issue?
and really there is NOTHING ON THIS SITE requiring SSL.... (No sensitive data here)
Imagine you had a house in a city of ten million people. Not all of those people are going to be nice respectable citizens. You have no sensitive information in the house, but you do have a good amount of normal household goods. Would you feel save leaving all the doors and windows open while you go on vacation for a month? Now imagine you have a website on the Internet (a virtual city with a couple of billion inhabitants, not all of them nice respectable citizens). You have no banking or financial information on that website, but you do have vast amounts of data which took a lot of time, money, person-hours to generate. You also have a large amount of information that might breach the privacy of thousands of users to varying degrees. Now, would you feel safe leaving all the doors and windows of your virtual house wide open?
SSL is mainly for banking sites
Not true. The Internet is a hostile place. Statistically, one in twenty people is a psychopath. Two billion people on the 'Net implies one hundred million psychopaths have access to your website. Suppose one in a thousand of them has some really serious hacking skills; you now have one hundred thousand top notch hacker psychopaths to deal with, any of whom might decide at any time that it would be entertaining to make your life hell. Still feel safe? Ask the people who run servers, who manage server security, who see the server logs showing the constant attacks by thousands of faceless cyberspace thugs. HTTPS is certainly not a cure for all the threats on the internet, but it is one tiny step towards better safety. It should be mandatory for all websites these days; we are not living in the infancy of the Internet any longer, those golden days when the only people on the 'Net were scientists and researchers sharing their research papers with each other, and nobody had ever heard terms like "DDOS attack" and "botnet" and "ransomware". -Gnobuddy
 
Switches things on and off again
Joined 2000
Paid Member
Great to hear :) Still tweaking things, but it's settling down. This is probably as quick as we'll get with vBulletin, but it will be game-on when we migrate to XenForo.

When we move to HTTPS, it will be strictly HTTPS only. All HTTP requests will be re-written using HSTS immediately to HTTPS. I believe also that all URLs on the page linking to foreign websites, will be re-written to HTTPS. There are technical reasons for this. If there are any remote deep linked images that don't respond to HTTPS requests they will appear as dead images. With the photopost ruckus recently, I will definitely be looking into creating some kind of easy to use system to "recover" dead images from other websites, but I think it will need to leverage the membership to do any uploading so the site is protected from legal ramifications courtesy of the DMCA.

We won't be rushing into it, though as I mentioned I have had it running smoothly in development. If you don't have a SSL compliant browser, now would be a good time to upgrade. From what I recall, it's likely IE on XP won't work at all. XP went EOL in 2014, and nobody should be using it in 2017 to browse the web unless they have a penchant for acquiring viruses.
 
Switches things on and off again
Joined 2000
Paid Member
Yes, we use Cloudflare already.

We just experienced an unexpected 30 minutes of downtime. I was working on the backup process and there was an issue with the database. The database has been checked and it appears to be working fine now. I am working out why this happened (looks like it was related to the new configuration we are using).
 
Status
This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.