Questions for your hoster

[calguy1000]

I've compiled (what I think is) a reasonable summary of some of the major (though simple to solve) problems we've encountered here over the last while, and summarized them into a bunch of questions I think that every CMS user should know and/or ask their hoster about before installing CMS on a new host.

Please feel free to add more, and to comment.

1) HOW DO I VIEW THE HTTP DAEMON ERROR LOGS FOR MY SITE?
[modified]
Why?
If you're running a dynamic application, like a content management system (any content management system) it means that you are running an 'application', not just a static set of .html and .css files.  Statements are evaluated, files may be created, deleted, modified, sql queries executed (including inserts and deletes).  Any of these actions could cause errors to pop up from time to time.  You really MUST be able to find, read, report, and hopefully understand these errors.  They are around, you just may not know where they are. 

Errors can be caused by your host (too restritive memory requirements, too restrictive permissions, safe mode, mod_rewrite, mod_security), or by the developer (mistakes do creep in, maybe the developer didn't account for the unique circumstances of your host).  Note... finding your httpd error log is probably something we can't help you with.  You may have to contact your hosting provider if you don't know where they are stored already.
[/modified]

the rest are in no particular order:

2)  Can I ssh in to correct any issues?
    ** don't ask what ssh is, if you don't know google it.
[modified]
SSH access if used properly will eliminate the problems of buggy ftp clients.  It can also help with permissions problems because you'll be able to see what the permissions are, and more easily change them (chmod -R).  You can create/edit/delete files easily.... there are lots of reasons why a good hosting provider gives ssh access.
[/modified]

3) How do I edit/create/delete/add new databases
    (can I do it with ssh)

4) Can I override some php.ini settings?
    like:
          memory limit
          the upload limits
          execution time limits
          safe mode
    If so, how?
    ** Again, don't ask what these are.... if you don't know, use google.

    (note: If your hosters answer is no to these questions, and the limits are set too low, you may not be able to use
      CMS Made Simple on this host).

5) Is Mod Security In Use?
    If it is, and there are problems with my chosen application, How do I go about changing things?

6) What are the mail settings for my site?
    * Does php's mail() function work?
    * If not, what settings do I need to use for my site to be able to send messages?
      (CMSMailer can be a help here for possible questions)

[cyberman]

Hmm, why is ssh important for the work with CMSms?

IMHO it's "only" a question of security  ...

[taufikp]

For me, SSH is an important feature. Too bad my current host doesn't allow SSH access. I want to be able to transfer CMSMS installation in compressed format, then uncompressing them manually, that's why SSH is important to me. But at the moment I'm stuck with transferring the files over FTP.

[cyberman]

I want to be able to transfer CMSMS installation in compressed format, then uncompressing them manually, that's why SSH is important to me.

It looks like you are a ssh pro - maybe you can write a howto about for our users?!

[alby]

For me, SSH is an important feature. Too bad my current host doesn't allow SSH access. I want to be able to transfer CMSMS installation in compressed format, then uncompressing them manually, that's why SSH is important to me. But at the moment I'm stuck with transferring the files over FTP.

It's not important if you can use php system function.
I use a simple php script for backup old version, install new version and copy previous config.php; after manualy (with a php filemanager) delete modules unnecessary.
Very Important is that your file/dir are www owner and not ftp/ssh owner for avoid many problem (p.e. XML modules)

Alby

[Pierre M.]

Hello,

Here are some more questions to help choosing a hosting provider :

Do you let your customers make .htaccess files to control these webserver features : auth ? rewrite ? headers ? expires ? (disk)cache ?
Do you provide some PhpMyAdmin or so database administration software ? (view, export/backup, import/restore)

And an advice : choose Windows hosting only if you have good reasons AND you master Windows. Hope this is not going to raise a flamewar

Pierre M.

[Pierre M.]

BTW, yes, SSH is faster and more reliable :

Code: Select all

cd downloadarea
wget http://dev.cmsmadesimple.org/frs/download.php/ABCD/cmsmadesimple-x.y.z.tar.gz
cd ../w3rootdir
mkdir workdir
cd workdir
tar -zxf ../../downloadarea/cmsmadesimple-x.y.z.tar.gz
mv cmsmadesimple-x.y.z cmsms-x.y.z
cd cmsms-x.y.z/
chmod 777 tmp/templates_c/ tmp/cache/ uploads/ uploads/images/
touch config.php; chmod 666 config.php

Then browse /workdir/cmsms-x.y.z
To be tuned according to the hosting.

Pierre M.

[Pierre M.]

mod_security can work by URL filtering to block blacklisted patterns.
But if your site doesn't use odd funky URLs, there shouldn't be any interference between mod_security and mod_rewrite.

We don't know your provider's policy, we don't know your provider's pattern blacklist, we don't know your provider's mod_security setup. You have to investigate with your provider why its config prevents your site to run on its new host.

If your site worked well with mod_rewrite pretty URLs, it should still work with the same config. Ask your ask to relax its patterns.

Pierre M.

[Pierre M.]

You have to investigate with your provider why its config prevents your site to run on its new host.
(...) Ask your host to relax its [mod_security] patterns.

[xolth]

Important!!!:
Ask for PHP5 (and better if it is PHP5 native module, rather than PHP4+PHP5 CGI).
I am experiencing many problems with PHP4 alone..

Choose a hoster providing at least 2 databases (one for production, and another one for testing purpose)

La tartiflette c'est bon pour la santé.

[drew]

I concur, ask for native PHP. Our hoster supplies PHP/CGI (SUEXEC) and this "seems to" be causing CMSMS installation problems.

All my other installations use non-CGI PHP and everything works just fine.

Of course you sacrifice security if the hoster is not running SUEXEC (http://en.wikipedia.org/wiki/Suexec)

[JohnnyB]

What I like about PHP5/CGI is that directory ownership is no longer a problem.  When PHP is native, (served from Apache module) than directories are given ownership of 'nobody' instead of your account's user name. This means you can delete the directory or files that are created via CMSMS unless you have SSH access.
Also with PHP/CGI, you don't have to make directories writeable to install CMSMS. 

But, I also see weird problems with PHP/CGI - default session path is not recognizable by CMSMS, so I have to create one and use a custom php.ini file to assign the session save path.

[viebig]

I may advice signing up on bluehost.com

SSH access, custom PHP ini, unlimitted space and traffic. PHP5 CGI Option, Gzip enabled and a cheap price for a two years contract. I think 6.99 USD/month

Great for a testing server. And for small/medium sites it will do good enought, Live Chat support really works.

I my experience, it´s all I need before moving "really important" projects to a VPS or dedicated server.

[kermit]

For me, SSH is an important feature. Too bad my current host doesn't allow SSH access. I want to be able to transfer CMSMS installation in compressed format, then uncompressing them manually, that's why SSH is important to me. But at the moment I'm stuck with transferring the files over FTP.

cpanel 11, h-sphere, and some other control panels used by many hosts have a web-based file manager that supports creating and extracting archives on the server from its web interface as well as other common tasks (changing permissions, creating/editing/copying/moving files, etc)..  where a web-based tool like this is available, ssh isn't needed, even for a 'fast' install of a cms.

BTW, yes, SSH is faster and more reliable :

Code: Select all

cd downloadarea
wget http://dev.cmsmadesimple.org/frs/download.php/ABCD/cmsmadesimple-x.y.z.tar.gz
cd ../w3rootdir
mkdir workdir
cd workdir
tar -zxf ../../downloadarea/cmsmadesimple-x.y.z.tar.gz
mv cmsmadesimple-x.y.z cmsms-x.y.z
cd cmsms-x.y.z/
chmod 777 tmp/templates_c/ tmp/cache/ uploads/ uploads/images/
touch config.php; chmod 666 config.php

Then browse /workdir/cmsms-x.y.z
To be tuned according to the hosting.

compared to basic ftp only method of install, yes, ssh is faster.. but not necessarily so when compared to using a web-based file manager (like described above) which can be just as efficient...

in pierre's example, the main speed savings is in transferring a distribution archive from server-to-server (wget) and then extracting that archive directly on the server (tar). compared to ftp... well there is no real comparison, because it's that much faster, especially on new installs (small diff patches aren't so bad via ftp).

but using a featured web-based file manager you can do the same thing... or my preference, upload a customized install archive and using that instead (which can also save some time from not having to download modules or plugins to install, not having to re-do tweaks you may apply to all sites you work on, etc..)

my own personal preference is ssh, but a web-based file manager ain't soo bad and can pretty much do anything that someone would do in a shell to install a web app that doesn't 'require' console access to install in the first place.

5) Is Mod Security In Use?
    If it is, and there are problems with my chosen application, How do I go about changing things?

the only problem i've actually ever encountered with mod_security is with it catching a suspect keyword in a page's content when trying to save a page.. and that's not very often, and only on a couple sites that happen to use a 'suspect' keyword in content....

Code: Select all

# Quick fix for posting errors when saving pages (goes in cmsms root .htaccess)
# if mod_security catches a keyword in the content upon save
# Uncomment only when when you need to bypass the filters, 
# then comment it back out when you are done to reenable them
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

the above is an easy way to temporarily bypass that to allow the page save when it happens... simply uncomment the last four lines (only) when needed..

I may advice signing up on bluehost.com

SSH access, custom PHP ini, unlimitted space and traffic. PHP5 CGI Option, Gzip enabled and a cheap price for a two years contract. I think 6.99 USD/month

Great for a testing server. And for small/medium sites it will do good enought, Live Chat support really works.

I my experience, it´s all I need before moving "really important" projects to a VPS or dedicated server.

my two cents on hosts with outrageous plans and prices or 'unlimited' hosting (which does NOT actually exist, regardless of a host's claims or promises. any host that offers 'unlimited' plans, imho, isn't worth a second, or even a first, look)...

entrusting your important web site (or a client's) to a host that has to cram so many big, low-priced accounts on to a single server is downright foolish... there's a reason why hosts like 1and1, godaddy, ipower, etc. suck at serving php/mysql driven sites.. and overcrowded servers are it.

further, hosts with huge plans and too-low prices probably attract more people with intentions on using larger chunks of resources.. or spammers/crooks who don't want bandwidth limits prematurely (i.e. before they actually get 'caught') suspending their account... so those users leave less resources for everybody else (and that's a lot of everybody elses, per server, on hosts like this)... long ago, i've lost count of the hits referred to my hosting sites from search engines with search keywords like 'unlimited hosting instant activation paypal'... those hits typically coming from russia, asia, or certain african countries...

if you, as a developer, choose what turns out to be a poor performing host, then YOU are the one the client will bitch at for their slow-as-snails site, not the host, and their satisfaction and happiness with the job you're doing/have done goes right down the drain... and if they realize just how impatient web site visitors are and how quickly they will click to go somewhere else if a site or page isn't loading fast enough (something around 8 seconds for a page to fully download and render is a figure i've seen referred to more than once).. and how much potential business they may be losing because of the slow site, they'll get mad (at YOU), not just unhappy.

if a client wants to use some cut-rate, overselling host (or is already on one), it is then YOUR job as their developer, consultant, etc. to advise/educate them on what comprises a good, quality host...  besides, if you'll be working on the site later on, don't YOU want it to be on a good, fast host, too?

[viebig]

@kermit,

nothing is perfect, but  for a testing server or a small site, bluehost is doing it´s job. It´s a low cost solution.

Nothing is free, and good hosts arent free too. I my case is important to have a low cost alternative that has the features I need, and about unlimited traffic and storage, it´s just a marketing gamble.

I do know if I start to use a huge ammount of traffic and storage, bluehost will take some actions.

But it´s great for a playground, and it´s nor fot my clients , its for me.

I´m currently acessing some web services located in USA, and any hosting company in brazil costs 10 times more and the resources and speed are 10 times less than bluehost.

I´m on third world. Dont judge me.

For clients and projects that do need, speed, reliability and quality, nothing better than a VPS or dedicated server.