Server Upgrade 16.04 to 18.04
Upgrading a server from 16.04 LTS to a 18.04 LTS at dimensis.com (through ssh, in a console) on the proxmox6 dedicated server.
Keep in mind that we might be interested in these other complementary guides for server seeds4c, at some point (either in Ubuntu 18.04 or after upgrading again to Ubuntu 20.04 LTS)
If Ubuntu 18.04 LTS:
- https://www.howtoforge.com/how-to-install-nextcloud-with-ispconfig/
- https://www.howtoforge.com/tutorial/perfect-server-ubuntu-18.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/
If Ubuntu 20.04 LTS:
1.1. Start the upgrade
To start the upgrade, install ubuntu-manager-core
sudo apt-get install update-manager-core
and then, run:
sudo do-release-upgrade
Voleu continuar treballant via SSH? Segons sembla, aquesta sessió s'està executant per sota de SSH. Actualment no és recomanable realitzar una actualització per sota de SSH, atès que en cas de fallada la recuperació és més difícil. Si continueu, s'iniciarà un dimoni addicional al port «1022». Voleu continuar? Continua [sN] s S'està iniciant un sshd addicional Per facilitar la recuperació en cas de fallada, s'iniciarà un sshd addicional al port «1022». Si alguna cosa anés malament amb l'ssh en ús, podeu fer servir l'addicional. Si feu servir un tallafoc, necessitareu obrir temporalment aquest port. Atès que això és potencialment perillós, no es fa automàticament. Per exemple, podeu obrir el port amb: «iptables -I INPUT -p tcp --dport 1022 -j ACCEPT» Premeu la tecla de retorn per continuar
If the ssh connection gets disconnected fro some reason, you can restore it with:
sudo screen -D -r
1.2. Notes on seeds04
apache2.conf
Configuration file '/etc/apache2/apache2.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** apache2.conf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/apache2/apache2.conf 2020-09-30 20:22:02.412703000 +0200 +++ /etc/apache2/apache2.conf.dpkg-new 2020-08-12 23:33:25.000000000 +0200 @@ -74,6 +74,12 @@ #Mutex file:${APACHE_LOCK_DIR} default # +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# # PidFile: The file in which the server should record its process # identification number when it starts. # This needs to be set in /etc/apache2/envvars @@ -216,6 +222,6 @@ IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: -IncludeOptional sites-enabled/ +IncludeOptional sites-enabled/*.conf # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
roundcube
Configuring roundcube-core ├──────────────────────────────────────────────────────────────┐ │ │ │ An error occurred while upgrading the database: │ │ ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) │ │ Fortunately, /var/cache/dbconfig-common/backups/roundcube_1.2~beta+dfsg.1-0ubuntu1.2021-04-11-20.01.22 should hold a backup of the database, made just │ before the upgrade (unless the error occurred during backup creation, in which case no changes will have been applied yet). Your options are: │ * abort - Causes the operation to fail; you will need to downgrade, │ reinstall, reconfigure this package, or otherwise manually intervene │ to continue using it. This will usually also impact your ability to │ install other packages until the installation failure is resolved. │ * retry - Prompts once more with all the configuration questions │ (including ones you may have missed due to the debconf priority │ setting) and makes another attempt at performing the operation. │ * retry (skip questions) - Immediately attempts the operation again, │ skipping all questions. This is normally useful only if you have │ solved the underlying problem since the time the error occurred. │ * ignore - Continues the operation ignoring dbconfig-common errors. │ This will usually leave this package without a functional database. │ │ <Ok>
Aborted since it failed.
But updated automatically the confic.php file.
mariadb
Configuration file '/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** 50-mysqld_safe.cnf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf 2017-01-28 19:36:04.878210202 +0100 +++ /etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf.dpkg-new 2020-10-12 18:24:44.000000000 +0200 @@ -1,11 +1,30 @@ +# NOTE: This file is read only by the traditional SysV init script, not systemd. +# MariaDB systemd does _not_ utilize mysqld_safe nor read this file. +# +# For similar behaviour, systemd users should create the following file: +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# +# To achieve the same result as the default 50-mysqld_safe.cnf, please create +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# with the following contents: +# +# [Service] +# User=mysql +# StandardOutput=syslog +# StandardError=syslog +# SyslogFacility=daemon +# SyslogLevel=err +# SyslogIdentifier=mysqld +# +# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/ +# + [mysqld_safe] # This will be passed to all mysql clients # It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... +# especially if they contain "#" chars... # Remember to edit /etc/mysql/debian.cnf when changing the socket location. socket = /var/run/mysqld/mysqld.sock nice = 0 skip_log_error syslog -open_files_limit = 20000 -
Configuration file '/etc/mysql/mariadb.conf.d/50-server.cnf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** 50-server.cnf (Y/I/N/O/D/Z) [default=N] ? D --- /etc/mysql/mariadb.conf.d/50-server.cnf 2017-01-28 19:15:32.764020985 +0100 +++ /etc/mysql/mariadb.conf.d/50-server.cnf.dpkg-new 2020-10-12 18:24:44.000000000 +0200 @@ -23,11 +23,10 @@ tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking -open_files_limit = 20000 # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. -#bind-address = 127.0.0.1 +bind-address = 127.0.0.1 # # * Fine Tuning @@ -38,7 +37,7 @@ thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched -myisam-recover = BACKUP +myisam_recover_options = BACKUP #max_connections = 100 #table_cache = 64 #thread_concurrency = 10 @@ -77,7 +76,7 @@ expire_logs_days = 10 max_binlog_size = 100M #binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name +#binlog_ignore_db = exclude_database_name # # * InnoDB @@ -91,11 +90,17 @@ # Read the manual, too, if you want chroot! # chroot = /var/lib/mysql/ # -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". +# For generating SSL certificates you can use for example the GUI tool "tinyca". # # ssl-ca=/etc/mysql/cacert.pem # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem +# +# Accept only connections using the latest and most secure TLS protocol version. +# ..when MariaDB is compiled with OpenSSL: +# ssl-cipher=TLSv1.2 +# ..when MariaDB is compiled with YaSSL (default in Debian): +# ssl=on # # * Character sets @@ -123,7 +128,7 @@ # you can put MariaDB-only options here [mariadb] -# This group is only read by MariaDB-10.0 servers. +# This group is only read by MariaDB-10.1 servers. # If you use the same .cnf file for MariaDB of different versions, # use this group for options that older servers don't understand -[mariadb-10.0] +[mariadb-10.1]
ssh
--- /etc/ssh/sshd_config root.root 0644 2018-11-18 15:37:17 │ +++ /tmp/fileRNVUhB root.root 0644 2021-04-11 20:47:57 │ @@ -1,81 +1,76 @@ │ -# Package generated configuration file │ -# See the sshd_config(5) manpage for details │ +# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ -# What ports, IPs and protocols we listen for │ -Port 22 │ -# Use these options to restrict which interfaces/protocols sshd will bind to │ -#ListenAddress :: │ +# This is the sshd server system-wide configuration file. See │ +# sshd_config(5) for more information. │ + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin │ + │ +# The strategy used for options in the default sshd_config shipped with │ +# OpenSSH is to specify options with their default value where │ +# possible, but leave them commented. Uncommented options override the │ +# default value. │ + │ +#Port 22 +#AddressFamily any │ #ListenAddress 0.0.0.0 │ -Protocol 2 │ -# HostKeys for protocol version 2 │ -HostKey /etc/ssh/ssh_host_rsa_key │ -HostKey /etc/ssh/ssh_host_dsa_key │ -HostKey /etc/ssh/ssh_host_ecdsa_key │ -HostKey /etc/ssh/ssh_host_ed25519_key │ -#Privilege Separation is turned on for security │ -UsePrivilegeSeparation yes │ - │ -# Lifetime and size of ephemeral version 1 server key │ -KeyRegenerationInterval 3600 │ -ServerKeyBits 1024 │ +#ListenAddress :: │ + │ +#HostKey /etc/ssh/ssh_host_rsa_key │ +#HostKey /etc/ssh/ssh_host_ecdsa_key │ +#HostKey /etc/ssh/ssh_host_ed25519_key │ + │ +# Ciphers and keying │ +#RekeyLimit default none │ │ # Logging │ -SyslogFacility AUTH │ -LogLevel INFO │ +#SyslogFacility AUTH │ +#LogLevel INFO │ │ # Authentication: │ -LoginGraceTime 120 │ -#PermitRootLogin prohibit-password │ + │ +#LoginGraceTime 2m │ PermitRootLogin yes │ -StrictModes yes │ +#StrictModes yes │ +#MaxAuthTries 6 │ +#MaxSessions 10 │ + │ +#PubkeyAuthentication yes │ + │ +# Expect .ssh/authorized_keys2 to be disregarded by default in future. │ +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 │ │ -RSAAuthentication yes │ -PubkeyAuthentication yes │ -#AuthorizedKeysFile %h/.ssh/authorized_keys │ +#AuthorizedPrincipalsFile none │ │ +#AuthorizedKeysCommand none │ +#AuthorizedKeysCommandUser nobody │ + │ +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts │ +#HostbasedAuthentication no │ +# Change to yes if you don't trust ~/.ssh/known_hosts for │ +# HostbasedAuthentication │ +#IgnoreUserKnownHosts no │ # Don't read the user's ~/.rhosts and ~/.shosts files │ -IgnoreRhosts yes │ -# For this to work you will also need host keys in /etc/ssh_known_hosts │ -RhostsRSAAuthentication no │ -# similar for protocol version 2 │ -HostbasedAuthentication no │ -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication │ -#IgnoreUserKnownHosts yes │ +#IgnoreRhosts yes │ │ -# To enable empty passwords, change to yes (NOT RECOMMENDED) │ -PermitEmptyPasswords no │ +# To disable tunneled clear text passwords, change to no here! │ +#PasswordAuthentication yes │ +#PermitEmptyPasswords no │ │ # Change to yes to enable challenge-response passwords (beware issues with │ # some PAM modules and threads) │ ChallengeResponseAuthentication no │ -# Change to no to disable tunnelled clear text passwords │ -#PasswordAuthentication yes │ - │ # Kerberos options │ #KerberosAuthentication no │ -#KerberosGetAFSToken no │ #KerberosOrLocalPasswd yes │ #KerberosTicketCleanup yes │ +#KerberosGetAFSToken no │ │ # GSSAPI options │ #GSSAPIAuthentication no │ #GSSAPICleanupCredentials yes │ - │ -X11Forwarding yes │ -X11DisplayOffset 10 │ -PrintMotd no │ -PrintLastLog yes │ -TCPKeepAlive yes │ -#UseLogin no │ - │ -#MaxStartups 10:30:60 │ -#Banner /etc/issue.net │ - │ -# Allow client to pass locale environment variables │ -AcceptEnv LANG LC_* │ - │ -Subsystem sftp /usr/lib/openssh/sftp-server │ +#GSSAPIStrictAcceptorCheck yes │ +#GSSAPIKeyExchange no │ │ # Set this to 'yes' to enable PAM authentication, account processing, │ # and session processing. If this is enabled, PAM authentication will │ @@ -87,3 +82,41 @@ │ # PAM authentication, then enable this but set PasswordAuthentication │ # and ChallengeResponseAuthentication to 'no'. │ UsePAM yes │ + │ +#AllowAgentForwarding yes │ +#AllowTcpForwarding yes │ +#GatewayPorts no │ +X11Forwarding yes │ +#X11DisplayOffset 10 │ +#X11UseLocalhost yes │ +#PermitTTY yes │ +PrintMotd no │ +#PrintLastLog yes │ +#TCPKeepAlive yes │ +#UseLogin no │ +#PermitUserEnvironment no │ +#Compression delayed │ +#ClientAliveInterval 0 │ +#ClientAliveCountMax 3 │ +#UseDNS no │ +#PidFile /var/run/sshd.pid │ +#MaxStartups 10:30:100 │ +#PermitTunnel no │ +#ChrootDirectory none │ +#VersionAddendum none │ + │ +# no default banner path │ +#Banner none │ + │ +# Allow client to pass locale environment variables │ +AcceptEnv LANG LC_* │ + │ +# override default of no subsystems │ +Subsystem sftp /usr/lib/openssh/sftp-server │ + │ +# Example of overriding settings on a per-user basis │ +#Match User anoncvs │ +# X11Forwarding no │ +# AllowTcpForwarding no │ +# PermitTTY no │ +# ForceCommand cvs server
munin
--- /etc/munin/plugin-conf.d/munin-node 2020-03-24 07:56:45.700017314 +0100 +++ /etc/munin/plugin-conf.d/munin-node.dpkg-new 2018-05-11 08:58:52.000000000 +0200 @@ -36,6 +36,7 @@ [df*] env.warning 92 env.critical 98 +env.exclude_re ^/run/user [exim_mailqueue] group adm, (Debian-exim) @@ -72,7 +73,7 @@ [mysql*] user root env.mysqlopts --defaults-file=/etc/mysql/debian.cnf -env.mysqluser munin +env.mysqluser debian-sys-maint env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf [postfix_mailqueue]
Alias names for this page:
1604to1804 | 16to18