Migrating and upgrading VASK
Last week, I migrated a car club forum from an old hosting provider to a new one. Post migration, I also upgraded the forum software from a version that was released in 2011, to the latest (2023).
The forum had been ticking away nicely with no major issues, but it was well and truly time for a refresh!
The forum software
In the old host, the forum was running on the Simple Machines Forum platform - version 2.0.x
. This consisted of a bunch of php scripts, and a MySQL 4 database holding all the user content and forum settings.
The old forum was relatively stable, but due to limitations with the hosting provider, things like images (which are quite popular in a car focused forum) had to be hosted elsewhere and then linked on the forum. With the new hosting provider, we’re paying a very reasonable yearly fee and have unlimited disk space. This means we can host all the images on the forum itself, which makes for a much better user experience.
The old hosting provider offered very little in terms of security, so we had to use Simple Machine Forum mods to achieve a basic level of protection against spammers.
Hello, Cloudflare
The new forum is fronted by Cloudflare.
Cloudflare offer us WAF functionality, bot protection, caching, analytics, and more. This has enabled us to provide a much more secure, stable, and fast platform for our users.
To ensure nobody can bypass Cloudflare and connect to the site directly, the sites .htaccess
has restrictions in place to only permit connections originating from Cloudflare’s IP ranges. This ensures all traffic is routed through Cloudflare for inspection.
I’ve also set up additional WAF rules to ensure key actions on the site (for example, accessing the admin section, registration page, login page) are protected with a Cloudflare managed challenge. This helps weed out any bad traffic before they can attempt to do anything harmful.
The migration
Here is the plan I made for the migration. This plan was refined over 5 dry runs, which made the production cutover go relatively straightforward.
- Put old forum into maintenance mode to prevent any changes
- Download old forum config and attachments
- Download old forum database backup
- Execute local database modifications to enable the DB to be imported into the new MySQL DB
sed -i 's%TYPE=MyISAM%ENGINE=MyISAM%g' vask_20230916.sql sed -i 's%timestamp(14)%timestamp%g' vask_20230916.sql sed -i 's%/var/users/vask/vask.org.nz/htdocs/%/home/vask/test.vask.org.nz/%g' vask_20230916.sql sed -i 's%Database: vask%Database: vask_vask_test%g' vask_20230916.sql
- Restore DB into new provider DB
- Create DB user and assign required privileges
- Update local site config to point to new DB
- Upload site config to host
- Download full upgrade package and upload to host
- Uncompress the full upgrade package
- Download repair_settings.php and upload to host
- Execute
repair_settings.php
and update all URLs to HTTPS - Run the upgrade wizard
- Test access to the forum
- Delete all mods
- Delete all unnecessary (old, garbage) files from the host
- Configure forum settings:
- Nicer limits for attachments, add jpeg to whitelist
- Enable likes
- Enable @ mentions
- Set
max-width
to1800px
inthemes/default/index.css
because most screens are wider these days - Upload and install Pretty URLs mod
- Check
.htaccess
to ensure the CloudFlare IPs are the only ones allowed to connect direct
- Install the mod I created to retain source IP address when Cloudflare is proxying traffic
- Health check the forum, fix any obvious issues
- Delete any outstanding user registrations that are bogus
- Execute all forum maintenance jobs
- Enable Google reCAPTCHA to protect new registrations
- Send test email, ensure received
- Update DNS to point to the new host
- Execute pre go-live full backup
- Remove forum maintenance, enabling users to access the site again
- Post completion message to discussion
- Decommission old forum
Issues encountered
Since I did 5 dry runs of the migration before the production one, most of the kinks were worked out fairly quickly.
One of the issues that cropped up after cutover was intermittent 403 Forbidden
messages being presented to the users.
After thorough investigation, I couldn’t figure out what was causing the issue. I logged a ticket with the hosting provider, and it turns out they enable ModSecurity by default, and this was picking up some forum standard functionality as a potential attack, and blocking the request.
With ModSecurity disabled, the forum is functioning as it should with no trouble. I am comfortable with ModSecurity being disabled, as Cloudflare are doing the hard work to protect the forum.
We’re live!
Woo! The updated forum is live and serving traffic. No complaints so far, and it seems to be ticking along nicely.
From the changes I have made, this should help the forum live on for many more years to come 😎
Overall, it took about 5 solid days to pull together the migration plan, do 5x dry runs, and the final production run. That isn’t too bad considering I had never worked behind the scenes of a Simple Machines Forum before!
The forum is a great way to retain and share knowledge, so I am more than happy to volunteer my weekends to help keep it happy and healthy!
Visit and contribute!
Whether you own or just admire Volkswagen Group vehicles, join us!
Visit https://www.vask.org.nz and register for an account.