Migrating 1&1 server from one machine to another without interruption
Recently I have been migrating my Plesk based machine leased from 1&1 to a newer server and I have not found any tips how to perform the migration properly. So here is my suggestion:
- Inform your users that they should not modify any data, turn any possible application into read only mode.
- Switch off MTA (qmail or postfix) on old machine – good SMTP servers will try to deliver repeatedly.
- Transfer your data using Plesk migration tool
- Redirect all common traffic to the new machine (see bellow)
- Remove the messages about read only usage on the new machine.
- Change DNS settings of your main domain to point to the new machine.
- Transfer the domain using 1&1 Control Panel from one package to another – do not be worry about legal steps, the transfer is fully internal and takes just hours to complete.
Iptables rules to forward traffic from one machine to another
I’m pretty sure, this list can be reduced, but this worked well for me and allowed monitoring of the traffic being forwared per port number.
NEWIP="87.106.22.204" iptables -I FORWARD 1 -p tcp -m tcp -d $NEWIP -j ACCEPT iptables -I FORWARD 1 -p tcp -m tcp -s $NEWIP -j ACCEPT iptables -I FORWARD 1 -p udp -m udp -d $NEWIP -j ACCEPT iptables -I FORWARD 1 -p udp -m udp -s $NEWIP -j ACCEPT iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination $NEWIP:80 iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NEWIP --dport 80 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination $NEWIP:443 iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NEWIP --dport 443 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination $NEWIP:25 iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NEWIP --dport 25 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -m tcp --dport 465 -j DNAT --to-destination $NEWIP:465 iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NEWIP --dport 465 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -m tcp --dport 993 -j DNAT --to-destination $NEWIP:993 iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NEWIP --dport 993 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j DNAT --to-destination $NEWIP:53 iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NEWIP --dport 53 -j MASQUERADE iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination $NEWIP:53 iptables -t nat -A POSTROUTING -p udp -m udp -d $NEWIP --dport 53 -j MASQUERADE
Categories: Missing Answers