User Tools

Site Tools


This page outlines some of the noteworthy points on setting up Debian Bullseye on a hetzner Cloud server.

Apache Setup

apt-get install apache2
apt-get install libapache2-mod-php 
apt-get install default-mysql-server	(mariadb is now default)
mysql_secure_installation 		( )
apt-get install php-mysql
a2enmod userdir

vi /etc/apache2/mods-enabled/php7.4.conf
comment out lines to enable php for userdirs

adduser kartbuilding
cd /home/kartbuilding/
mkdir public_html
vi index.php 
<?php phpinfo(); ?>

That should be the basic lamp setup.

Virtual Hosts

vi /etc/apache2/sites-available/01-kartbuilding.conf
<VirtualHost *:80>
        DocumentRoot /home/kartbuilding/public_html/
        CustomLog /var/log/apache2/access_kart.log combined
        ErrorLog /var/log/apache2/error_kart.log
        Loglevel warn
        <Directory />
                Options FollowSymLinks Indexes MultiViews
                AllowOverride All
        UserDir disabled

#Repeat block for other vhosts on this domain

#Enable site with
a2ensite 01-kartbuilding
#or symlink into /etc/apache2/sites-enabled

Apache authentication htpasswd

Within a vhost, add:

        <Location />
                Order Allow,Deny
                Allow from all
                AuthName "Secure"
                AuthType Basic
                AuthUserFile /etc/apache2/secure/htpasswd
                require valid-user
                Allow from

To create a htpasswd file:

htpasswd -c /etc/apache2/htpasswd username

Apache HTTPS Secure ssl

Self Signed Cert

make-ssl-cert generate-default-snakeoil

<VirtualHost *:443>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

	SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars

Ref: /etc/apache2/sites-available/default-ssl.conf

MySQL migrations

Copy across data to new server

#always source -> destination
#On new server issue
rsync -ave ssh user@oldserver:/home/kartbuilding/ /home/kartbuilding/

Odds and Ends

apt-get install screen
dpkg-reconfigure tzdata
apt-get install fail2ban
apt-get install links


apt-get install chkrootkit
vi /etc/chkrootkit.conf
#change to:

vi /etc/aliases
root:           localuser

#then run the following to take effect:

Now the user will get nightly emails with chkrootkit report.


VIM tweaks

Because vi rocks

apt-get install vim
vi /etc/vim/vimrc
uncomment syntax on
uncomment let g:skip_defaults_vim = 1  (allows default vim control mouse off)

Website Updates


I had wordpress done via SVN, so it was easy.
cd /home/kartbuilding/public_blog
svn info
svn sw .

php5 -> php7 woes

Where possible any webapps will have to be updated as there are a lot of changes between php5 and php7.

#Apache error log showed:
PHP Parse error:  syntax error, unexpected 'new' (T_NEW) in...... on line 35

Edit the php file and on line 35:
Remove the &. Its not needed in php7.
Original php5
$bbdb =& new $bbdb_class( array(

$bbdb = new $bbdb_class( array(

mysql woes

Where possible any webapps will have to be updated as there are a lot of changes between php5 and php7.

 PHP Fatal error:  Uncaught Error: Call to undefined function mysql_connect()

Edit php script and change mysql_connect() to mysqli_connect()


Mediawiki instance was so old. Tried to copy it and update php scripts to php7. No joy, had problems connecting to database. The latest mediawiki was nearly 300MB (previous was 60MB).

I made the decision to install and migrate to dokuwiki which doesn't use sql but flat text files.


Install was very straight forward. (Info at: ) However for migration purposes, I chose to install an older version of dokuwiki for my php5.

Went for an old stable release at: If its too new, you'll get errors when running with php5.

chmod 777 and run install.php

Migration of mediawiki

Setup and have dokuwiki installed with new install and user.

For old Media wiki.

Download and extract Zip. Browse to and edit:
Update paths.

Run via browser /mediatodoc/src/MediaWiki2DokuWiki/index.php

(got an error the first time, and had to add: $wgDBtype = "mysql"; to LocalSettings.

Explore to dokuwiki, go to Site Map and all pages should be listed.

Copy folder to newserver. Upgraded as per dokuwiki info ( )

Swap File for VM

Hetzner cloud server did not come with swap space. While you could console and resize, creating a swap file was a nice quick solution.

Check for swap

root@sun:~# free
               total        used        free      shared  buff/cache   available
Mem:         1981092      180740      250956       15668     1549396     1596964
Swap:              0           0           0

cat /etc/fstab
#shows no swap

Create swap file

fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

root@sun:~# free
               total        used        free      shared  buff/cache   available
Mem:         1981092      182696      245032       15668     1553364     1594984
Swap:        2097148           0     2097148

Add to fstab for reboot

vi /etc/fstab
/swapfile swap swap defaults 0 0

swapon --show

Delete Swap file

swapoff -v /swapfile
edit fstab
rm the file

Mail Server Setup

Followed postfix_smtp which was mostly OK and still accurate (updated portions of this page at same time for debian bullseye. )

Also followed courier_imaps_server_-_maildir again, mostly which was OK (updated this wiki page at the same time for debian bullseye.)

See final Postfix config → debian_bullseye_config

Secure smtpd using Postfix and sasl

Debian bullseye had a lot set by default and changed a lot since secure_outgoing_smtp_via_postfix_courier_tls_and_sasl

apt-get install libsasl2-modules, postfix, sasl2-bin
#postfix and the first will most likely be installed.

vi /etc/postfix/
smtpd_tls_auth_only = yes
smtpd_sasl_auth_enable = yes

vi /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

vi /etc/default/saslauthd
#add/update to the following:
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

mkdir -p /var/spool/postfix/var/run/saslauthd

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

Error message I seen in mail.log → /etc/courier/shared/index: Permission denied

chmod 755 /etc/courier/shared
cd /etc/courier/shared
touch index
chown courier index

smtpd certs

There was a default cert created after installing. The main locations this resides is:

/etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key

Postfix then read these via with smtpd_tls_cert_file and smtpd_tls_key_file respectively.

It wasn't self signed, so I said I'd use the imapd.pem cert at /etc/courier/imapd.pem

NOTE: May not be the best way, but worked.

mv /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil-orig.pem
mv /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-orig.key

cp /etc/courier/imapd.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
vi /etc/ssl/certs/ssl-cert-snakeoil.pem
#edit and only have

cp /etc/courier/imapd.pem /etc/ssl/private/ssl-cert-snakeoil.key
vi /etc/ssl/private/ssl-cert-snakeoil.key
#edit and have 

Restart postfix etc.

Note: Thunderbird does NOT like self-signed certs [[courier_imaps_server_-_maildir#testing_imaps_via_a_client_pc_and_problems|See here]]
You can get it working, but it'll take time. If you get errors, most likely its thunderbird, so check another mail client also.
setup-config-debian-bullseye.txt · Last modified: 2022/07/24 16:18 by admin