ASTRAPI

Hello @growroom

At the moment i am not available 😞

I am really sorry...

Hello

There is a vulnerability that has been discovered in popular Java logging library Log4j 2 which may allow attackers to run code remotely on your servers.

Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch.

So if you are using Elastic Search you may be vulnerable.

Vulnerability info:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

As there is no official patches out yet and the exploitation of the vulnerability already started you may want to apply a workaround until an official patch released:

So for Elasticsearch version 6.4 and up:

Edit your jvm.options configuration file usually located at:

/etc/elasticsearch/jvm.options

and edit at the end this line:

-Dlog4j2.formatMsgNoLookups=true

Then restart Elastic Search using something:

systemctl restart elasticsearch

If you are using ELastic Search version 6.3 and and any earlier version please upgrade asap to the latest supported version by Invision.

The 6.3 and earlier versions are using an old version of Log4j which means the above workaround will not work !

Update also your JDK :

When running on older JDKs, an attacker is able to inject and execute a remote Java class.

On recent JDKs the attack is limited to potential DoS - causing data ingestion to temporarily stop - and information leakage, but no remote code execution attack vectors are known.

Keep your servers secured !!!!

Thanks

Thanks for your kind words 🙂

Not yet as no needed 🙂

If you have enabled the Cloudflare then you should not have any direct download from Wasabi as all requested files will be going through Cloudflare that there is no limit.

Hello Circo,

I think the manually installation of addons issue is not related to the topic.

It will be better to open a new topic about it....

Hello 🙂

In my opinion it will be better to optimize and scale as a solution rather than archiving.

It will be better to have a proper solution so when the database increase later to be ready for it and not start archiving again.

Archiving is limiting your users interaction...

I prefer also MariaDB 🙂

And this one for Wasabi and Cloudflare 🙂

It is a plan that you must do or your server admin or both 🙂

Installing Centos 7 for the next 4 years and then when things are more mature you can migrate.

You may be able to adjust your existing installation and start using it following another Centos like distribution.... so no need to reinstall 🙂

Or you can go ahead with Ubuntu for example. But check first that your control panel (if you use any) to support it and check also any scripts that you will use to be compatible also.

IPS don't care if it is on top of Centos or Ubuntu... It just needs the web server, php, mysql, and other related software like Redis or Elastic search to work.

IPS will perform better on the most minimal installation of the OS and to the better optimized Network, kernel, software e.t.c

Yes this is the best option:

Intel Xeon-E 2288G - 8 c / 16 t - 3.7 GHz / 5 GHz

But adding a better cpu is one part of the performance results in general .....

Optimizing the OS, network, software like Nginx, Phpfpm, Mysql, Redis e.t.c

must be done to improve in general your server performance.

If you have already optimize them then adding resources will help 🙂

Hello Gauravk

Centos 8 is dead ! To be more specific it will be dead in 1 year from now.

Centos 7 has 4 years before the end also.

We are in the process that a new Centos like system will take over like Rocky Linux or the Cloudlinux option.

In the next few months we will see.

You can wait a bit or get an alternative like Ubuntu or Debian e.t.c Or get Centos 7 and take your time to decide (4 years) and then migrate.

Centos stream rolling doesn't seem to be the best and more stable option for server environments.

As i prefer Centos personally i will pick up the most supported alternative that at the moment seems to be the Rocky linux that the owner of it is one of the owners of the original Centos... The name is coming from his partner that both build Centos that is not in life anymore 😞

For the cpu it is a combination of both. A core with high clock will help on single core tasks like backing up a database if you use the traditional way to backup the database but it depends also how new is the Cpu and the instruction sets that it has.

Let us know the exact cpu models and we will let you know which one is better 🙂

I am not saying that Invision platform should monitor the disk space of the server.

I just had an idea to warn the user that the specific Invision task will not work and will kill the server/forum on the above specific scenario.

Thanks @Charles

Ubuntu starts getting a bigger peace from the cake the past year but i still prefer the Centos minimal installation 🙂

You may need to check also the compatibility for various control panels.

For example if you want to use Cpanel then they support Centos and not Debian. So it's one way road.

The OS is something important but keep in mind, what you will install and how on the server is very important also.

Which Web server, php, Mysql e.t.c

Most of the distros are similar and all have their own pros and cons.

If you are administering your own server, the most important factor is the ease of use and that depends on your usage experience and familiarity with the distro.

The rule of thumb is, choose the distro that you are most comfortable with and have the most experience in.

It will give you less trouble while administering it.

Hello Gauravk

Invision will work on any system that can run a Web server, Php, Mysql e.t.c so it will work on all 🙂

My recommendation is to use Centos as you will find a lot of info online if you need any help and it is very stable and well known as recommended OS for web servers.

A lot of scripts also are developed for Centos. If you are using a ready to use solution like a control panel just check which version it supports. Centos 7 or 8.

If you are using a custom Installation then you may prefer to go with Centos 8 as it will be a bit faster due to the newer gcc and a few more libraries that will help in performance.

Centos 7 is fine and i use it also....

Have a nice day 🙂

Hello 🙂

(This is a community guide on how to setup Backblaze and Cloudflare, as a significantly cheaper replacement for Amazon S3 and Cloudfront.  The author has no affiliate arrangement with any of the companies listed in the guide and offers the guide as a free community resource.  You should consult with your hosting provider and / or server administrator before proceeding with the guide.)

The tutorial is tested with the latest version of Invision 4.5.4 !

Invision Community allows a file storage configuration with Amazon S3 and a content distribution network (CDN) of your choice:

WHAT IS BACKBLAZE?

Backblaze is an infinitely Scalable B2 Cloud Storage. Backblaze B2 is enterprise-grade, S3 compatible storage that companies around the world use to store and serve data. Backblaze's service works with native APIs, CLI, and GUI; you can move and manage data with minimal coding. Their service provides fast access all the time; there is no need to accept delays or pay speed surcharges. It can also support HIPAA compliant storage with their Business Associates Agreement (BAA). B2 is compatible at ¼ the cost of AWS S3 with no hidden fees or minimums.

Backblaze is an award winning cloud storage provider for 2020 !

Pricing:

Based on their latest pricing, it is very cheap at around 5$ per 1TB storage per month! There is a cost for direct downloads (bandwidth) at 0.01$ per GB but it will not affect us as we will use Cloudflare and all files will be served from Backblaze to Cloudflare and then to users that is totally free 🙂

Be careful if you have any custom direct downloads that bypass Cloudflare. If you link to custom downloads directly, you will be charged for bandwidth. All default Invision files should go through Cloudflare. I am using Backblaze for a few of my clients and they never charged anything extra as all Invision files are going through Cloudflare as expected. Please monitor your balance after a few days just to be sure!

GUIDE:

BEFORE PROCEEDING, PLEASE BACKUP YOUR DATA FIRST!

STEP 1: Create a bucket on Backblaze

First we need to sign up at Backblaze Cloud: https://www.backblaze.com/b2/sign-up.html

You will need a phone number to activate your account:

After the activation of the account we will need to create a bucket that will host our files.

On the Buckets sections we click on Create a Bucket:

Then we add a name for our bucket. Recommendation: avoid dots (.) in the bucket name.

On the next screen we type a Bucket name and we select Public and then we click at Create a Bucket.

After that under the Create a Bucket we should have our Bucket.

Now we must keep a note of the ENDPOINT:

Now we need to get our Bucket access keys from the App Keys menu. At the bottom we click at Add a New Application Key:

At the new screen we select a anything as a key name and we keep selected the Read and Write access and wee click at Create New Key:

Then you will see there only once the KeyID and the Application Key that we must keep a note of them as we will need them later !

As a last step we need to go to our bucket that we just created and upload an image. From the menu on the left we click on Browse Files and then we click on our bucket:

Then we click on upload and we upload a simple file like an image...

On the right side of the uploaded image we have to click at the info icon:

At the pop up screen we need to keep a note for that part so copy it with the other notes that wee have already:

That's it ! We created our bucket and we got the access info that we will need !

STEP 2: Create a CNAME dns record at Cloudflare

Now you have to login to Cloudflare and go to your DNS tab from the top menu and then click Add record:

We use as Type the Cname and as Name the cdn and as Target the info that we got from the pop on the previous step in the tutorial above:

After saving that DNS record we should have that:

Now for security reasons we have to go to the page Rules on the top menu and create two rules:

RULE 1:

Just replace your domain and the bucket name that you create:

RULE 2:

Just replace your domain:

The final result should be like this:

Keep in mind the order of the rules as if you set the second rule as 1 it will not work and your forum images will not work as page rules uses priority. This is important!

That's it for the Cloudflare part!

STEP 3: Configure Invision to use the Backblaze Cloud

From Invision Admin Control Panel, go to System -> Files -> Storage Settings

Then we click on Configurations:

and then on Create New on the right side.

Then we select Amazon S3 and we fill the needed info as:

When you click Save if you get any warnings or errors then you have to check again the tutorial as you may forgot something or may have a typo somewhere...

If you save it without any issues then you are ready to use it by going to: System -> Files -> Storage Settings

and select a category with not many images for example Icons & Logos or anything else with a few images and from the drop down options the: Amazon S3:superbucket

Then wait for the automated task to transfer your files to the Cloud and check if all are ok !

If yes then you can proceed with the rest categories.

*Keep only at your server your theme resources:

Keep in mind that if you have a lot of GB of files it may take a long time for the transfer !

It may help to go to the Dashboard and run manually the process to get the files transferred faster.

*Attachments and Downloads may not work out of the box (don't use them on my test forum and i don't know for sure) and you may need to use the addon S3 Compatible Downloads:

I hope that you will benefit from this tutorial and get better performance while saving space on your main server and a lot of money 🙂

Backblaze is much more stable than Wasabi!

It also includes up to 10GB free storage, so you can test it easily !

Credits to: @Joel R and @Martin A.

Enjoy !

You can use Cloudflare that will help a lot your forums as a CDN and has also some nice one click optimizations and they offer a free plan or you can use it only for the DNS records.

Dns records changes are getting active in seconds.

Please keep in mind that MariaDB 10.4/10.5, are not drop-in backwards compatible so choosing any of these would/may be one way upgrade/switches.

Also many users report performance issues (most querying big tables) for the 10.4 that i didn't test yet at 10.5 as it is a bit early for me to do that jump....

A temporary solution for that is to use this parameter at your my.cnf file:

optimizer_use_condition_selectivity=1

Enjoy ! 🙂

Great 🙂

A quick note:

For Invision 4.5.x it will be better to not use a dot (.) in your bucket name.

Also you will need to use for downloads the latest version of the plugin at:

Latest Redis version is working fine....

It is faster 🙂