Differences

This shows you the differences between two versions of the page.

--- setup-config-debian-bullseye [2022/07/20 23:39] – admin
+++ setup-config-debian-bullseye [2022/07/24 16:18] (current) – admin
@@ Line 47: / Line 47: @@
 #or symlink into /etc/apache2/sites-enabled
 </code>
+=== Apache authentication htpasswd ===
+Within a vhost, add:
+<code>
+        <Location />
+                Order Allow,Deny
+                Allow from all
+                AuthName "Secure"
+                AuthType Basic
+                AuthUserFile /etc/apache2/secure/htpasswd
+                require valid-user
+                Allow from 127.0.0.1
+        </Location>
+</code>
+To create a htpasswd file:
+<code>
+htpasswd -c /etc/apache2/htpasswd username
+</code>
+=== Apache HTTPS Secure ssl ===
+Self Signed Cert
+<code>
+make-ssl-cert generate-default-snakeoil
+<VirtualHost *:443>
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+	SSLEngine on
+                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
+                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+                <FilesMatch "\.(cgi|shtml|phtml|php)$">
+                                SSLOptions +StdEnvVars
+                </FilesMatch>
+                <Directory /usr/lib/cgi-bin>
+                                SSLOptions +StdEnvVars
+                </Directory>
+</VirtualHost>
+</code>
+Ref: /etc/apache2/sites-available/default-ssl.conf
 ===== MySQL migrations =====
@@ Line 61: / Line 105: @@
 </code>
-===== VIM tweaks =====
+===== Odds and Ends =====
+<code>
+apt-get install screen
+dpkg-reconfigure tzdata
+apt-get install fail2ban
+apt-get install links
+</code>
+==== chkrootkit ====
+<code>
+apt-get install chkrootkit
+vi /etc/chkrootkit.conf
+#change to:
+RUN_DAILY="true"
+RUN_DAILY_OPTS="-q"
+DIFF_MODE="true"
+vi /etc/aliases
+#add
+root:           localuser
+#then run the following to take effect:
+newaliases
+Now the user will get nightly emails with chkrootkit report.
+</code>
+</code>
+==== VIM tweaks ====
 Because vi rocks
 <code>
@@ Line 71: / Line 145: @@
 </code>
-===== Odds and Ends =====
-<code>
-apt-get install screen
-dpkg-reconfigure tzdata
-</code>
-=== Website Updates ===
+===== Website Updates =====
+==== Wordpress ====
 <code>
 I had wordpress done via SVN, so it was easy.
@@ Line 85: / Line 155: @@
 </code>
-== php5 -> php7 woes ==
+==== php5 -> php7 woes ====
+Where possible any webapps will have to be updated as there are a lot of changes between php5 and php7.
 <code>
 #Apache error log showed:
@@ Line 100: / Line 171: @@
 </code>
-== mysql woes ==
+==== mysql woes ====
+Where possible any webapps will have to be updated as there are a lot of changes between php5 and php7.
 <code>
  PHP Fatal error:  Uncaught Error: Call to undefined function mysql_connect()
 </code>
 Edit php script and change mysql_connect() to **mysqli_connect()**
+==== Wiki ====
+Mediawiki instance was so old. Tried to copy it and update php scripts to php7. No joy, had problems connecting to database. The latest mediawiki was nearly 300MB (previous was 60MB).
+I made the decision to install and migrate to dokuwiki which doesn't use sql but flat text files.
+=== dokuwiki ===
+Install was very straight forward. (Info at: https://www.dokuwiki.org/install ) However for migration purposes, I chose to install an older version of dokuwiki for my php5.
+Went for an old stable release at: https://download.dokuwiki.org/archive
+If its too new, you'll get errors when running with php5.
+chmod 777 and run install.php
+=== Migration of mediawiki ===
+Setup and have dokuwiki installed with new install and user.
+<code>
+https://www.dokuwiki.org/tips:mediawiki_to_dokuwiki_converter
+For old Media wiki.
+https://github.com/tetsuo13/MediaWiki-to-DokuWiki-Importer/archive/99b29b645fb7f5bb8c5c03b23d1bfbb4eee642ed.zip
+Download and extract Zip. Browse to and edit:
+public_html/mediatodoc/src/MediaWiki2DokuWiki/settings.php
+Update paths.
+Run via browser /mediatodoc/src/MediaWiki2DokuWiki/index.php
+(got an error the first time, and had to add: $wgDBtype = "mysql"; to LocalSettings.
+Explore to dokuwiki, go to Site Map and all pages should be listed.
+Copy folder to newserver. Upgraded as per dokuwiki info ( https://www.dokuwiki.org/install:upgrade )
+</code>
 ===== Swap File for VM =====
@@ Line 149: / Line 258: @@
 </code>
+===== Mail Server Setup =====
+Followed [[postfix_smtp]] which was mostly OK and still accurate (updated portions of this page at same time for debian bullseye. )
+Also followed [[courier_imaps_server_-_maildir]] again, mostly which was OK (updated this wiki page at the same time for debian bullseye.)
+See final Postfix config -> [[postfix_smtp#debian_bullseye_config]]
+==== Secure smtpd using Postfix and sasl ====
+Debian bullseye had a lot set by default and changed a lot since [[secure_outgoing_smtp_via_postfix_courier_tls_and_sasl]]
+  * Ref1: http://wiki.debian.org/PostfixAndSASL
+  * Ref2: https://doc.axrglobal.com/servidores:mail:mail_system
+<code>
+apt-get install libsasl2-modules, postfix, sasl2-bin
+#postfix and the first will most likely be installed.
+vi /etc/postfix/main.cf
+#add/check
+smtpd_tls_auth_only = yes
+smtpd_sasl_auth_enable = yes
+vi /etc/postfix/sasl/smtpd.conf
+#enter
+pwcheck_method: saslauthd
+mech_list: PLAIN LOGIN
+vi /etc/default/saslauthd
+#add/update to the following:
+START=yes
+MECHANISMS="pam"
+OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
+mkdir -p /var/spool/postfix/var/run/saslauthd
+dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
+adduser postfix sasl
+</code>
+Error message I seen in mail.log -> **/etc/courier/shared/index: Permission denied**
+<code>
+Fix:
+chmod 755 /etc/courier/shared
+cd /etc/courier/shared
+touch index
+chown courier index
+</code>
+=== smtpd certs ===
+There was a default cert created after installing. The main locations this resides is:
+/etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key
+Postfix then read these via main.cf with smtpd_tls_cert_file and smtpd_tls_key_file respectively.
+It wasn't self signed, so I said I'd use the imapd.pem cert at /etc/courier/imapd.pem
+NOTE: May not be the best way, but worked.
+<code>
+mv /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil-orig.pem
+mv /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-orig.key
+cp /etc/courier/imapd.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
+vi /etc/ssl/certs/ssl-cert-snakeoil.pem
+#edit and only have
+-----BEGIN CERTIFICATE-----
+..
+-----END CERTIFICATE-----
+cp /etc/courier/imapd.pem /etc/ssl/private/ssl-cert-snakeoil.key
+vi /etc/ssl/private/ssl-cert-snakeoil.key
+#edit and have
+-----BEGIN PRIVATE KEY-----
+...
+-----END PRIVATE KEY-----
+Restart postfix etc.
+Note: Thunderbird does NOT like self-signed certs [[courier_imaps_server_-_maildir#testing_imaps_via_a_client_pc_and_problems|See here]]
+You can get it working, but it'll take time. If you get errors, most likely its thunderbird, so check another mail client also.
+</code>