After a long-ass day at work, I get home and decide to….work on my own sites. Don’t know why but I updated this blog and jamie.ie with a bunch of new plugins and gave them a facelift while I was it.
Not a whole lot else happened really this week, slammed at work. Did manage to get some work done on the security side of welp.me with Mozilla Observatory and now we score an A-! Could be better but it will do for now. I may have to look into seeing if I can upgrade this blog and jamie.ie but that’s not as important. Happy weekend!
Updated the license and upgraded Xenforo. It’s now working correctly with PHP7 so I’ve re-opened it. All plugins were updated and those not maintained were removed, the style needs some work in a few places but that can wait. Disabled TLS 1.0 and 1.1, did some other minor security fixes. Removed the Two-Factor plugin as Xenforo now ships with inbuild two-step login protection.
Also did some work with the streaming system, I’ve now disabled every streaming portal except Twitch.tv and youtube. I’ve also fixed and reset the API keys, so they should be scraping properly again in a few hours. The twitch chat is working again too, don’t know if that’s a good thing or not.
The IRC and IRC bots are now completely removed and probably won’t be coming back, it’s too much work for little payoff. Need to rebuild the custom livestreaming system too, will probably get it done during the week as it’s pretty low priority.
So as it stands, the forums are waiting to be updated so it will work on PHP7. I won’t be reverting back to PHP5.9 so it will have to wait until the Christmas period when I can update the license.
The ZNC server was moved over and is now loading properly again at welp.me/znc. I actually came very close to forgetting about this and would have completely lost ZNC. As of right now I’m downloading 100% backups from the server that will be decommissioned in a few days. Little annoyed with the xenforo thing but what can you do.
Also fixed a teamspeak issue where it wasn’t linking correctly to xenforo.
What better time to do all this than on a sick day.
Here’s the itinerary in full.
welp.me will move in full to a new SSD server leased off OVH. This will be rebuilt from the ground up to include a full memcached & varnish setup. The current setup is messy and needs to be rebuilt. I’ll be removing the comodo 3rd party cert and replacing it with Lets Encrypt. I’ll also be securing the webchat with Lets Encrypt, this part always annoyed me. There’s also several new features I want to add to this server, such as an image host and a pastebin.
ZNC, charybdis ircd (and bots), teamspeak server and the livestreaming setup will be moved onto the 8core Xeon 64gb ram OVH-SP-64 dedicated server.
jamie.ie will be moved onto a new WP Engine install I’ve been working on.
I’ll update this post as stuff gets underway but the jamie.ie move should be completed momentarily.
3:00GMT – jamie.ie successfully on the WP Engine platform, including SSL etc.
3:30GMT – welp.me successfully moved onto the new server, including SSL etc. Had a minor hiccup with a redirection loop because I left in extra config stuff by accident. SQL and files imported, upgraded to php7 also. Haven’t setup varnish or memcached yet.
4:00GMT – teamspeak3 successfully moved onto the new server including the db.
5:00GMT – varnish and memcached install and configured, disabled them for now though.
IRC, Bots and Livestreaming can wait for a bit. Good progress for today.
Well, it was hell.
I tried a myriad of things, unfortunately the easy option, piping everything through 80 wasn’t an option. The plex settings for setting up SSL were an absolute nightmare to get running, it was at this stage I contemplated just forwarding plex.domain.com straight to the plex.tv app and being done with it. I was even looking into moving completely away from plex and installing emby instead. It didn’t help that I was trying to setup everything alongside quickbox and didn’t want to break anything or get in the way of anything that might get wiped when it updates.
Here’s what I eventually settled on, snip. Editing this into /etc/apache2/sites-enabled/default-ssl.conf and modifying the parts I censored out, restarting apache got her done. Lets Encrypt for the subdomain was easy as usual, god I love Lets Encrypt.
Those ~15 lines took care of everything, the reverse proxy to the subdomain and critically, also the SSL. Happy days.