Move Server Times Out
When migrating a website or a server role between nodes in your LxRoot cluster, the process may time out if the servers cannot establish a persistent data connection. This is almost exclusively caused by restrictive network security rules between your cluster nodes.
Firewall & Port Requirements
LxRoot uses RPC (Remote Procedure Call) to coordinate data transfers. Unlike standard web traffic, RPC often utilizes ephemeral ports—temporary ports assigned automatically from a large range—to handle high-speed data synchronization.
If you are using an external hardware firewall (e.g., AWS Security Groups, Google Cloud Firewalls, or a physical appliance), you must allow all TCP ports for traffic moving between the private IP addresses of your cluster members.
Security Best Practice:
- Internal Only: You do not need to open these ports to the general internet.
- Whitelisting: Create a rule that specifically whitelists the IP addresses of your other LxRoot servers.
- Consistency: Ensure the rules are applied to both the Source and Destination servers to allow bi-directional traffic.
Once these ports are open, retry the "Move Server" task. The orchestration layer should now be able to handshake and begin the rsync or docker export process without timing out.