Just upgraded one of our servers to IW 7 and worked like a dream (well had to regenerate 1 siteworx vhost file, update CA Certs and correct yum update fail - but these were not IW fault)
This server also had chirpy CSF and CXS and R1soft installed, which did not cause any issues on upgrade
@iworx-brandon - putting http to https redirect into its own .conf in users apache folder worked lovely thank you.
I do have a question though, which I maybe overthinking - could a user change SSL ciphers by adding their own .conf in the users apache folder
If so, I believe this has the potential to stop apache restarting of not 100% correct and if so, how easy would it be to track down the potential user causing the conflict in SSL
Lastly, I am sure you all know but I forgot (sorry @IWorx-Jenna) but IW 7 is not for Centos 6 - so any users trying to upgrade a old Centos 6 server - it will fail
I donāt know what to tell you about the āStart on boot-upā MySQL setting. It has been a while since I visited that page in IW6, and I didnāt check it before running the upgrade, so I could be wrong about it being associated with the upgrade. Itās not a setting I would have left at ānoā had I seen it before, however. If those values are pulled from a conf file I could retrieve from backups, I can take a look and see if I can tell when/if it changed.
The *.htm files are only HTML, no PHP. I did a little experimentation with the *.htm files, and I only get an error if itās an index.htm file. A test.htm file loads just fine. The test file I used consists only of HTML: test.htm (344 Bytes)
Attempt to browse to the file while itās named ātest.htmā and it loads just fine. Rename it to āindex.htmā (and make sure itās the only index file in the folder) and it returns:
Forbidden
You donāt have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
I am running the OWASP rules with ModSecurity, which is the source of most of my 403 woes, but there is nothing in the error logs to indicate this is due to OWASP as there usually would be.
@linux4me I coudl be entirely wrong, as I am not feeling too well today and a little woozy, but could it be it is missing from apache (httpd.conf) which you can access from nodeworx, services webserver
I did notice something else, though. If I go Nodeworx > System Services > Web Server and click the link to edit the configuration file, then click the Cancel button on the edit screen, nothing happens.
@d2d4j Are you 100% sure IW7 is not for centos 6 as i had checked the Interworx demo site running IW7 and that indicates it a Centos 6.10 final server. see
Been following this topic with great interest and was looking forward to the upgrade.
@bear - yes I was myself and we used a free 1 domain IW server used for DNS only to test with. @iworx-brandon fixed the preflight test so it was showing lovely to go ahead an upgrade, I opened a support ticket as it failed.
@IWorx-Jenna spent time having a look and let me know the reason. I hope Jenna does not mind, but I will post the relevant part below so you can see why. It is connected with CA certs and OpenSSL on Centos 6, which is End of Life (EOL) for over a year now.
Kudos to IW and fully understand they will not support EOL
Many thanks
John
Unfortunately, while the fix is as easy as running āyum updateā or 'yum reinstall ca-certificates ā on a CentOS 7 server, this server is CentOS 6:
Since itās been EOL for about a year, now, those commands donāt work for this (and, if I remember correctly, the new certificates wonāt work at all for the version of openSSL that EL6 uses):
[****** ~]# yum reinstall ca-certificates
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, presto
Setting up Reinstall Process
Loading mirror speeds from cached hostfile
remi-safe: mirror.23m.com
Installed package ca-certificates-2020.2.41-65.1.el6_10.noarch (from updates) not available.
Error: Nothing to do
[****** ~]# yum update
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, presto
Setting up Update Process
Loading mirror speeds from cached hostfile
remi-safe: mirror.23m.com
No Packages marked for Update
[****** ~]#
I recommend just moving to a CentOS 7 serverāthat actually will cut out the whole upgrading to IW7 thing all together, as you can just install IW fresh on it. Let me know if you need a demo key to help with that migration.
Elaboration on what John posted: IW7 can be used on CentOS 6 servers. The issue will be upgrading. A month ago or so (Oct 1st, according to our chat log), CA certs expired, and the updated ones are not compatible with the OpenSSL version for EL6. So many EL6 servers will not be able to run the update (or install any InterWorx version at all), now.
So itās not an IW7 isnāt compatible with EL6 thing, itās an EL6 is not compatible with the CA certs that are needed to access the repo for the update. Which is, again, a new thing as of the beginning of Oct.
If your current IW6 servers are using CentOS 6, I strongly recommend just migrating to EL7 servers and just installing IW7 fresh. While we are working on AlamLinux 8 support, there is no ETA on it being available, and more and more things are just going to start failing with EL6 that we canāt bandaid like we have been doing for the last year. CentOS 7 doesnāt go EOL for another two and a half years or so, so that is really a much better option at this juncture.
IW7 uses a new template system, different from IW6. Any changes you may have made in the past to let .htm extensions work may not have crossed over. Can you submit a ticket to support.interworx.com and enable RA? Iāll take a look and see if I can get it working for you, again.
@d2d4j, I have never modified the DirectoryIndex setting, so that must be what was set when the server was configured and IW6 installed. Some of those entries are really unusual to me. I only use *.php, *.htm (on IW6), and *.html, so I suppose I could remove the restā¦
@linux4me@IWorx-Jenna I have just run a quick test by renaming a default IW index.html to index.htm and it worked lovely (we have index.htm in httpd.conf as well)
So I am thinking it is something other then directoryindex as it worked for us
@linux4me coudl you repeat same test, just rename a default IW index.html to htm and see if it shows error
I am going to bed now for me, but kudos to IW and thank you for delivering a near perfect transition tool
Iāve created a support ticket (#SUP00054062) and enabled Remote Assistance. No rush on this; I changed all the affected files to *.html, so nothing is currently broken.
@IWorx-Jenna
With regards to IW7 on a Centos 6 server, may be an idea to have some sort of warning in the pre-flight check.
just one question, can you use the mass import in Nodeworx to transfer accounts from a server with IW 6 to a server with IW7 on it?
I already added in our work chat with the devs about adding something like that to the pre-flight checker, though no one is in until next week. Johnās server yesterday is literally the first time Iāve seen the issue, though that makes sense since the certs just expired a few weeks ago. So it was unknown it could possibly be an issue until then.
Yes, you can import accounts from IW6 to IW7. That is actually what we have been advising customers to do for the last few years.
just rereading your comment.
i may be wrong but i think you misinterpreted my comment as inteworx 7 has not been available for years.
if i have IW6 on one server and want to import accounts on to a new server with IW7 will there be any issues? thank you for your time
IW7 has been in service for over a year I believe and it is only the upgrade tool from IW6 to IW7 which has just reached RC or stable
There are lots of users who have imported from IW6 to IW7 fresh install without issues
We will be importing some of our accounts from IW6 to IW7 next week
If your a little unsure still, if you try plan a test import to be around the working times of IW, so if you have an issue, you can quickly open a support ticket and let IW have a look
Also, @IWorx-Jenna@iworx-brandon on new siteworx accounts the index.html is 755 and should be 644 but better check the other files
Could I ask how you view the graphs from server graphs to show daily weekly monthly yearly
CentOS 7 doesnāt go EOL for another two and a half years or so, so that is really a much better option at this juncture.
