setup-config-debian-bullseye
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
setup-config-debian-bullseye [2022/07/20 22:25] – created admin | setup-config-debian-bullseye [2022/07/24 15:18] (current) – admin | ||
---|---|---|---|
Line 47: | Line 47: | ||
#or symlink into / | #or symlink into / | ||
</ | </ | ||
+ | |||
+ | === Apache authentication htpasswd === | ||
+ | Within a vhost, add: | ||
+ | < | ||
+ | < | ||
+ | Order Allow,Deny | ||
+ | Allow from all | ||
+ | AuthName " | ||
+ | AuthType Basic | ||
+ | AuthUserFile / | ||
+ | require valid-user | ||
+ | Allow from 127.0.0.1 | ||
+ | </ | ||
+ | </ | ||
+ | To create a htpasswd file: | ||
+ | < | ||
+ | htpasswd -c / | ||
+ | </ | ||
+ | |||
+ | === Apache HTTPS Secure ssl === | ||
+ | Self Signed Cert | ||
+ | < | ||
+ | make-ssl-cert generate-default-snakeoil | ||
+ | |||
+ | < | ||
+ | |||
+ | ServerAdmin webmaster@localhost | ||
+ | DocumentRoot / | ||
+ | |||
+ | ErrorLog ${APACHE_LOG_DIR}/ | ||
+ | CustomLog ${APACHE_LOG_DIR}/ | ||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile | ||
+ | SSLCertificateKeyFile / | ||
+ | < | ||
+ | SSLOptions +StdEnvVars | ||
+ | </ | ||
+ | < | ||
+ | SSLOptions +StdEnvVars | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | Ref: / | ||
===== MySQL migrations ===== | ===== MySQL migrations ===== | ||
Line 61: | Line 105: | ||
</ | </ | ||
- | ===== VIM tweaks | + | ===== Odds and Ends ===== |
+ | < | ||
+ | apt-get install screen | ||
+ | dpkg-reconfigure tzdata | ||
+ | apt-get install fail2ban | ||
+ | apt-get install links | ||
+ | </ | ||
+ | ==== chkrootkit ==== | ||
+ | < | ||
+ | apt-get install chkrootkit | ||
+ | vi / | ||
+ | #change to: | ||
+ | RUN_DAILY=" | ||
+ | RUN_DAILY_OPTS=" | ||
+ | DIFF_MODE=" | ||
+ | |||
+ | vi / | ||
+ | #add | ||
+ | root: | ||
+ | |||
+ | #then run the following to take effect: | ||
+ | newaliases | ||
+ | |||
+ | Now the user will get nightly emails with chkrootkit report. | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | ==== VIM tweaks ==== | ||
Because vi rocks | Because vi rocks | ||
< | < | ||
Line 71: | Line 145: | ||
</ | </ | ||
- | ===== Odds and Ends ===== | ||
- | < | ||
- | apt-get install screen | ||
- | dpkg-reconfigure tzdata | ||
- | </ | ||
- | === Website Updates === | + | ===== Website Updates |
+ | ==== Wordpress ==== | ||
< | < | ||
I had wordpress done via SVN, so it was easy. | I had wordpress done via SVN, so it was easy. | ||
Line 85: | Line 155: | ||
</ | </ | ||
- | == php5 -> php7 woes == | + | ==== php5 -> php7 woes ==== |
+ | Where possible any webapps will have to be updated as there are a lot of changes between php5 and php7. | ||
+ | < | ||
+ | #Apache error log showed: | ||
+ | PHP Parse error: | ||
+ | |||
+ | Edit the php file and on line 35: | ||
+ | Remove the &. Its not needed in php7. | ||
+ | Example: | ||
+ | Original php5 | ||
+ | $bbdb =& new $bbdb_class( array( | ||
+ | |||
+ | New: | ||
+ | $bbdb = new $bbdb_class( array( | ||
+ | </ | ||
+ | |||
+ | ==== mysql woes ==== | ||
+ | Where possible any webapps will have to be updated as there are a lot of changes between php5 and php7. | ||
+ | < | ||
+ | PHP Fatal error: | ||
+ | </ | ||
+ | Edit php script and change mysql_connect() to **mysqli_connect()** | ||
+ | |||
+ | ==== Wiki ==== | ||
+ | Mediawiki instance was so old. Tried to copy it and update php scripts to php7. No joy, had problems connecting to database. The latest mediawiki was nearly 300MB (previous was 60MB). | ||
+ | |||
+ | I made the decision to install and migrate to dokuwiki which doesn' | ||
+ | |||
+ | === dokuwiki === | ||
+ | Install was very straight forward. (Info at: https:// | ||
+ | |||
+ | Went for an old stable release at: https:// | ||
+ | If its too new, you'll get errors when running with php5. | ||
+ | |||
+ | chmod 777 and run install.php | ||
+ | |||
+ | === Migration of mediawiki === | ||
+ | Setup and have dokuwiki installed with new install and user. | ||
+ | < | ||
+ | https:// | ||
+ | |||
+ | For old Media wiki. | ||
+ | https:// | ||
+ | |||
+ | Download and extract Zip. Browse to and edit: | ||
+ | public_html/ | ||
+ | Update paths. | ||
+ | |||
+ | Run via browser / | ||
+ | |||
+ | (got an error the first time, and had to add: $wgDBtype = " | ||
+ | |||
+ | Explore to dokuwiki, go to Site Map and all pages should be listed. | ||
+ | |||
+ | Copy folder to newserver. Upgraded as per dokuwiki info ( https:// | ||
+ | </ | ||
+ | |||
+ | |||
===== Swap File for VM ===== | ===== Swap File for VM ===== | ||
Line 130: | Line 258: | ||
</ | </ | ||
+ | ===== Mail Server Setup ===== | ||
+ | Followed [[postfix_smtp]] which was mostly OK and still accurate (updated portions of this page at same time for debian bullseye. ) | ||
+ | Also followed [[courier_imaps_server_-_maildir]] again, mostly which was OK (updated this wiki page at the same time for debian bullseye.) | ||
+ | |||
+ | See final Postfix config -> [[postfix_smtp# | ||
+ | |||
+ | ==== Secure smtpd using Postfix and sasl ==== | ||
+ | Debian bullseye had a lot set by default and changed a lot since [[secure_outgoing_smtp_via_postfix_courier_tls_and_sasl]] | ||
+ | |||
+ | * Ref1: http:// | ||
+ | * Ref2: https:// | ||
+ | |||
+ | < | ||
+ | apt-get install libsasl2-modules, | ||
+ | #postfix and the first will most likely be installed. | ||
+ | |||
+ | vi / | ||
+ | #add/check | ||
+ | smtpd_tls_auth_only = yes | ||
+ | smtpd_sasl_auth_enable = yes | ||
+ | |||
+ | |||
+ | vi / | ||
+ | #enter | ||
+ | pwcheck_method: | ||
+ | mech_list: PLAIN LOGIN | ||
+ | |||
+ | |||
+ | vi / | ||
+ | #add/update to the following: | ||
+ | START=yes | ||
+ | MECHANISMS=" | ||
+ | OPTIONS=" | ||
+ | |||
+ | mkdir -p / | ||
+ | |||
+ | dpkg-statoverride --add root sasl 710 / | ||
+ | adduser postfix sasl | ||
+ | |||
+ | </ | ||
+ | |||
+ | Error message I seen in mail.log -> **/ | ||
+ | < | ||
+ | Fix: | ||
+ | chmod 755 / | ||
+ | cd / | ||
+ | touch index | ||
+ | chown courier index | ||
+ | </ | ||
+ | |||
+ | === smtpd certs === | ||
+ | There was a default cert created after installing. The main locations this resides is: | ||
+ | |||
+ | / | ||
+ | |||
+ | Postfix then read these via main.cf with smtpd_tls_cert_file and smtpd_tls_key_file respectively. | ||
+ | |||
+ | It wasn't self signed, so I said I'd use the imapd.pem cert at / | ||
+ | |||
+ | NOTE: May not be the best way, but worked. | ||
+ | |||
+ | < | ||
+ | mv / | ||
+ | mv / | ||
+ | |||
+ | cp / | ||
+ | vi / | ||
+ | #edit and only have | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | .. | ||
+ | -----END CERTIFICATE----- | ||
+ | |||
+ | cp / | ||
+ | vi / | ||
+ | #edit and have | ||
+ | -----BEGIN PRIVATE KEY----- | ||
+ | ... | ||
+ | -----END PRIVATE KEY----- | ||
+ | |||
+ | Restart postfix etc. | ||
+ | |||
+ | Note: Thunderbird does NOT like self-signed certs [[courier_imaps_server_-_maildir# | ||
+ | You can get it working, but it'll take time. If you get errors, most likely its thunderbird, | ||
+ | |||
+ | </ | ||
setup-config-debian-bullseye.1658355931.txt.gz · Last modified: 2022/07/20 22:25 by admin