Mike Swanson
a78fb96f95
Diagnosed azcomputerguru.com 521 errors: Cox's BGP route to specific Cloudflare origin-pull prefixes (162.158.0.0/16, 172.64.0.0/13, 173.245.48.0/20, 141.101.64.0/18) is broken from 72.194.62.0/29. Confirmed by TCP probe matrix from pfSense WAN, traceroute latency comparison, and state-table showing 0 inbound CF connections while direct-internet traffic still reached origin. Deployed Cloudflare Tunnel 'acg-origin' on Jupiter Unraid as a Docker container. Routes 4 proxied hostnames (azcomputerguru.com, analytics., community., radio.) through the tunnel with HTTPS backend to IX 172.16.3.10:443 with per-ingress SNI matching. All 4 hostnames return 200 OK through CF edge after the cutover. Repo hygiene: - Merged clients/ix-server/ into clients/internal-infrastructure/ (IX is internal infra, not a paying-client account). Git detected the session-log files as renames so history is preserved. Updated 4 stale path references in 2 files. - Moved cox-bgp ticket draft out of projects/dataforth-dos/ (wrong project) to clients/internal-infrastructure/vendor-tickets/. - Relocated tunnel-setup helper scripts from projects/dataforth-dos/datasheet-pipeline/implementation/ to clients/internal-infrastructure/scripts/cloudflared-tunnel-setup/. Deleted superseded/abandoned login attempts. Sanitized hardcoded Jupiter/pfSense SSH passwords to pull from SOPS vault at runtime; Cloudflare token reads from env var (tokens still in 1Password, vault entry is metadata-only). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
4.2 KiB
4.2 KiB
IX Server Account Cleanup - 2026-03-16
Summary
Performed audit of all 82 cPanel accounts on IX (172.16.3.10). Identified 21 accounts whose DNS had migrated to other hosts. After verifying backups existed, removed accounts. User intervened to restore accounts with active non-HTTP services (mail, DNS). Final result: 14 accounts removed, 7 restored and kept.
Backups Location
All accounts have backups in multiple locations:
- Automated daily backups:
/home/backup/2026-03-16/accounts/[user].tar.gz - Automated weekly backups:
/home/backup/weekly/(4 weeks retention) - Automated monthly backups:
/home/backup/monthly/(1 month retention) - Manual pre-removal backups:
/backup/migrated-accounts-2026-03-16/cpmove-[user].tar.gz(created for: cascades, dpainc, glaztech, janneirvine, jefffurr, jparkinsonaz, rsi, ultraper)
To restore any account:
/scripts/restorepkg /home/backup/2026-03-16/accounts/[username].tar.gz
Note: Some accounts required --force flag due to stale userdata files.
Accounts REMOVED (14 total)
| Account | Domain | Mail Routing | Reason Safe to Remove |
|---|---|---|---|
| blush | blushpermanentmakeup.com | Local (no mailboxes) | No MX, no active mail |
| dpainc | dpa-inc.com | Remote (O365) | Mail on O365, domain expired |
| drkataz | drkataz.com | Remote (Google) | Mail on Google |
| fabry | justso.co | Local (no mailboxes) | No MX, no active mail |
| janneirvine | janneirvine.com | Unknown | No MX, no backup in automated system |
| jefffurr | jefffurrier.com | Local (1 mailbox: jeff) | No MX record - mail migrated |
| rsi | restorativesolutionsintl.org | Remote | No MX |
| rwc | royalweedcontrol.com | Remote | No MX |
| saguaroconveyor | saguaroconveyor.com | Remote (GoDaddy) | Mail on GoDaddy |
| sparcora | sparcoracing.com | Local (5 mailboxes: info, orders, paypal, tim, jeff) | No MX record - mail migrated |
| sundanzer | sundanzer.com | Remote (Google) | Mail on Google |
| tmm | tucsonmountainmotors.com | Local (no mailboxes) | No MX |
| tonystech | northwesttucsonpool.com | Local (no mailboxes) | No MX |
| tucsonsafety | tucsonsafety.com | Remote (emailservice.io) | External mail |
| ultraper | ultraperformance.com | Local (2 mailboxes: store, jeff) | MX points to GoDaddy - mail migrated |
Accounts RESTORED and KEPT (7 total)
| Account | Domain(s) | Reason Kept |
|---|---|---|
| acg | acghosting.com, gurushow.com, tucsoncomputer.repair, azcomputer.guru | Infrastructure account - 8+ mailboxes, NS1/NS2 infrastructure DNS zones |
| cascades | cascadestucson.com, resident.cascadestucson.com | Active LOCAL mail routing with populated mailboxes |
| glaztech | glaztech.com | DNS-only account - no web but DNS managed on IX |
| rarengineer | rarengineer.com | MX points to mail.rarengineer.com which may resolve to IX |
| rrspc | rrspc.com | Active LOCAL mail routing, MX points to mail.rrspc.com on IX |
| thegirlsestate | thegirlsestatesales.com | Mail service account (MX to emailservice.io but account needed) |
ACG Infrastructure DNS Zones
The acg account contains critical infrastructure zones that must not be removed:
acghosting.com.dbns1.acghosting.com.dbns2.acghosting.com.dbfsusa.acghosting.com.dbwebsvr.acghosting.com.db
Other Work Done During This Session
Error Log Rotation
- ~8.5GB of error logs truncated across all accounts
Inactive Plugin Removal
- 60 inactive plugins removed (~430MB freed) across 19 accounts
WordPress nav-menu.php Fix
Fixed register_nav_menus('') fatal error on 4 sites:
- cryoweave (was causing 500 error)
- phxpropane
- rednourlaw
- tonystech (proactive fix)
Fix: Removed add_action('init', 'register_nav_menus'); from theme functions.php
Remaining Issues (not addressed)
- 5 critically outdated WordPress sites (security risk)
- WP_DEBUG enabled on 2 production sites
- No page/object caching on 38+ sites
- WP_CRON not disabled on all 53 WP sites
- Post revision cleanup needed on 14 sites
- Spam comment cleanup needed on 5 sites
- Large disk usage accounts need investigation
Lesson Learned
Always check for non-HTTP services (mail, DNS-only, forwarding) before removing cPanel accounts. DNS migration does not mean all services have migrated.