Linux servers upgrading + new setup

Discussion in 'Other Operating Systems' started by Revenger, May 7, 2019.

  1. Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    I have my Linux server HP N36L microserver on Centos 6.9 and Virtualmin and it's pretty much EOL with extended support support has moved to Centos 7 now.

    Also because Centos 6 is lacking the newer PHP, MySQL and other packages which is becoming a requirement I had to install those manually on my system.
    As well I run XRDP which is isn't perfect I have to re-run the service etc each time I reboot to get it running again and scripts doesn't send the messages to webmin to show if the services are started stopped etc.
    Also I have transmission installed and a few other things I tested.

    So basically I kinda should be updating my server at some stage.

    I am loathed to run Centos 7 due to not having latest packages and having to clean install each time a new major version is released.

    Ubuntu Server I was originally using but I got many panics and system crashes so I moved to Centos 7 and it's been stable.

    I also want to run a minimal gui for GUI software Jdownloader etc and spent ages getting XRDP going which works but isn't perfect.

    So any advice on how to do this easily and be able to have hassle free upgrades?

    I can backup Virtualmin/Webmin configs easily enough.
    I have a Synology NAS I can setup and use as a temp VM.
    XRDP no idea what I am going to do about that I could just run a local X but I don't have a monitor attached to the videocard.
     
    Last edited: May 7, 2019
  2. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    937
    Location:
    BRISBANE
    If you're just running downloading apps, just use docker, install alpine, docker and be done with it
     
    darknebula likes this.
  3. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    Not too helpful as I run web servers as well as DNS etc.

    I had a look there are 3 main a-list supported systems by web/virtualmin.

    Centos, Ubuntu, Debian.

    I'll give a Debian a test in a VM as that's probably what I'll end up going to.

    Centos as mentioned has older packages for Apache Mysql etc, Ubuntu was unstable for me so Debian seems like it's the go.

    Any advice for moving over to a new temporary and new install on my sever let me know.

    As well as a light weight GUI system or proper xrdp setup.
     
    Last edited: May 7, 2019
  4. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    937
    Location:
    BRISBANE
    Why do you need a GUI? Why do you need webmin? Just use SSH. You can run nameservers in docker. Use Portainer if you want a web UI.
     
    darknebula likes this.
  5. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    Well Web/virtual is a easy to use GUI etc.

    Sure I could go all CLI with scripts etc and I am not putting it down as its great for those that can and like to have that level of power user control but for me I want to use what I have in a easy to use way same as jdownloader and any other gui stuff there are headless versions but prefer the gui as the headless remote phone/web interface seems to crash a bit and at my pc easier to use the GUI in a xrdp etc.

    It's just how I like to do things as i'm not a complete command line power user and wouldn't know where to start with creating all my own virtual host and other scripts etc so I like the fact I can do it all in a gui manage the domains, bind, samba etc etc.
     
  6. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    I have a VM of Debian 9.9 on my NAS I am setting up and learning and so far seems to be going okish.

    I have Virtualmin back in with my web servers.
    Instead of XVFB I am using Nomachine with its virtual display server with IceWM for the window manager instead of Fluxbox this time as it is a bit more complete than fluxbox with default options.

    I currently have a setup list going of commands for post install, installing all the stuff I need/want as well as commands to run.
    I dunno how I would make this into a script to autorun if I wanted to but its only 1 pc when I change my server over.

    What I am doing is setting up a the VM then I will switch the web server to that while I redo the HP N36L server then switch the servers back once thats complete with its setup.

    In IceWM I noticed fonts seem a bit blurry in xterm any idea how I can fix this seems to be the bolding?
    While moving the terminal windows colours appear to be ok but this comes back when stopped.
    (Update: turned out to be a setting in nomachine client side hardware decoding)

    icewm.PNG

    Any ideas on server apps I might like to run on the GUI etc.
    Lightweight file manager or something.
    I use Jdownloader and have GsmartControl as a extra nice way to keep a check on hdd's.
    (Before anyone points out yes I know you can run Jdownloader headless though you need to use their webui or app, all request data is transferred through their server and its a but unstable and drops out alot with connecting as I know from the remote client on my phone, but the gui is a darn good site downloader so why I run a virtual x server with it)

    Overall the VM setup is going alright and I will continue to monitor and test stuff before moving it onto my actual server.
     
    Last edited: May 19, 2019
  7. Statitica

    Statitica Member

    Joined:
    Dec 29, 2009
    Messages:
    3,189
    Location:
    Lae, Morobe, PNG
    Honestly, if I was going to running a remote desktop session regularly, I'd be inclined to use the MATE DE, and install X2GO with mate-bindings.

    As for how to make it into a script: pretty much just save your list of commands in sequential order as a .sh file, and then run it with
    Code:
    bash <filename>.sh
    More information on that here: http://matt.might.net/articles/bash-by-example/
     
  8. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    I like a minimal window manager as I only do a few things in it mainly just Jdownloader for managing downloads, so I don't really need a full de for my needs keeps resources lower and simpler etc, IceWM seems to be a good for me this time instead of Fluxbox.

    Yea was thinking that for a install script and will look at that it's just a post install thing to setup what I want on the server.

    As currently I have this listed with a couple files I would need to copy to the system and options like the initial su and password to get it going plus the chmod +x etc on downloaded files, also a couple other commands like the xresources file and the command to run to change the Xterm colours to remove that bold which makes text unreadable etc I am learning about now.

    Code:
    apt-get install sudo
    adduser mark sudo
    apt-get install git
    apt-get install curl
    apt-get install mc
    apt-get install htop
    apt-get install icewm
    apt-get install dh-autoreconf
    apt-get install gsmartcontrol
    
    wget http://software.virtualmin.com/gpl/scripts/install.sh
    ./install.sh
    apt-get update
    apt-get install webmin-virtualmin-google-analytics libapache2-mod-perl2
    
    wget http://download.nomachine.com/download/6.6/Linux/nomachine_6.6.8.5_amd64.deb
    sudo dpkg -i nomachine_6.6.8.5_amd64.deb
    
    ICEWM themes
    -------------------------------
    git clone https://github.com/bbidulock/icewm-extra-themes.git
    cd icewm-extra-themes
    ./autogen.sh
    ./configure --prefix=/usr --sysconfdir=/etc
    make V=0
    make DESTDIR="$pkgdir" install
    -------------------------------
    
    (Generate IceWM menu)
     icewm-menu-fdo
    
     
  9. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    I got Debian 9 installed on my actual server and moved services over now.

    I am having issues with Let's Encrypt on one of my sites which I am working through slowly.

    Disabled Webmin's FirewallD as it was crashing and even with ports for samba open they were blocked.
    Can anyone advise me about FirewallD and if I should work through it or leave it off?
    I'm thinking it's not worth the hassle having it on for a home server.

    Installed transmission but it crashed once when FirewallD crashed so I hope it stays stable now.

    Still working out a couple things like what user I want to run Jdownloader under in NoMachine.
     
  10. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,187
    Location:
    Briz Vegas
    If your server isn't visible to the WWW and IP matching the DNS entry for your domain Lets Encrypt wont issue a certificate.
     
  11. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    I had it all working with certificates until I redid the server to Debian 9 so I'm trying to work on why it's not renewing now afternoon the be server and reimporting the backup.
    My other virtual server with my blog renewed fine.
     
  12. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,187
    Location:
    Briz Vegas
    Can you see the HTTP server from the web?
     
  13. koss

    koss Member

    Joined:
    Mar 6, 2009
    Messages:
    4,957
    Location:
    Vic
    Letsencrypt shoves a temp file into your web root directory in a hidden folder so the script needs permission to do that, then the Letsencrypt server looks at your web server for that hidden file, if it finds it, then the install script gets the certificate from the lets encrypt server and saves it in the folder you ran the script from so it needs write permission to do that. So you need to check those folder permissions and that your web server is live/visible from the Internet.
     
  14. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    Yep it's virtualmin and the server was backed up and imported into the new server config and ports changed in the router the site is this which has a certificate still until about 2 weeks time.
    That's the sub of the main domain.

    I think something about this may have been changed with the new server install and import of the virtual server.

    The message I am seeing is this in the web panel is this:
    Seems like the community subsite is the one with the issue.
    For now I have removed the mail sub server and won't add it back as that's not a subsite at the moment (mby was causing a issue I don't know)

    Code:
    Request certificate for
    Domains associated with this server
    - cajgo-support.com
    - community.cajgo-support.com
    - mail.cajgo-support.com
    
    Months between automatic renewal: 2
    Time since last renewal 0.14 months
    Last successful renewal 04/10/2019 1:19 PM
    Last failed renewal 06/09/2019 1:24 PM
    Renewal failed due to Web-based validation failed : Failed to request certificate :
    community.cajgo-support.com challenge did not pass: Invalid response from https://community.cajgo-support.com/.well-known/acme-challenge/8ekI9ZtduRtiwJxInbe7MZM8Nc5kiSp5noC-Vy-RZo0 [220.244.244.115]: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><!-- st"
    
    So awaiting next week for the 50 renewal tries to reset (used them up trying to get the thing renewed) but unsure how to fix this.
    My other more personal/open blog site renewed fine the other day on the new system.

    Code:
    Time since last renewal 0.11 months
    Last successful renewal 06/10/2019 1:09 PM
    
     
  15. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,187
    Location:
    Briz Vegas
    Code:
    community.cajgo-support.com challenge did not pass:
    Check permissions it can't write the challenge file.
     
  16. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    Every folder is 0750 for permissions.
    .wellknown on the blog is 755 permission though.
    The only difference I can see is the blog has a .well-known\acme-challenge directory with a htaccess file inside it with.

    Code:
    AuthType None
    Require all granted
    Satisfy any
    
    Both the community home and sub don't have directories with a htaccess file.
    The community sub htaccess is this which is for the community forum to get SEO links and hasn't been touch and was working last certificate renewal.

    Code:
    Options -MultiViews +SymLinksIfOwnerMatch -Indexes
    
    #
    # If mod_security is enabled, attempt to disable it.
    # - Note, this will work on the majority of hosts but on
    #   MediaTemple, it is known to cause random Internal Server
    #   errors. For MediaTemple, please remove the block below
    #
    <IfModule mod_security.c>
        # Turn off mod_security filtering.
        SecFilterEngine Off
    
        # The below probably isn't needed, but better safe than sorry.
        SecFilterScanPOST Off
    </IfModule>
    
    #
    # MyBB "search engine friendly" URL rewrites
    # - Note, for these to work with MyBB please make sure you have
    #   the setting enabled in the Admin CP and you have this file
    #   named .htaccess
    #
    <IfModule mod_rewrite.c>
    
    ####################
    # Start Google SEO #
    ####################
    # Some hosts require RewriteBase to make RewriteRules work.
    RewriteBase /
    
    # Google SEO workaround for search.php highlights:
    # Make this rule the first rewrite rule in your .htaccess!
    RewriteRule ^([^&]*)&(.*)$ https://community.cajgo-support.com/$1?$2 [L,QSA,R=301]
    
    # Google SEO 404:
    ErrorDocument 404 /misc.php?google_seo_error=404
    
    # Google SEO Sitemap:
    RewriteRule ^sitemap\-([^./]+)\.xml$ misc.php?google_seo_sitemap=$1 [L,QSA,NC]
    
    # Google SEO URL Forums:
    RewriteRule ^Forum\-([^./]+)$ forumdisplay.php?google_seo_forum=$1 [L,QSA,NC]
    
    # Google SEO URL Threads:
    RewriteRule ^Thread\-([^./]+)$ showthread.php?google_seo_thread=$1 [L,QSA,NC]
    
    # Google SEO URL Announcements:
    RewriteRule ^Announcement\-([^./]+)$ announcements.php?google_seo_announcement=$1 [L,QSA,NC]
    
    # Google SEO URL Users:
    RewriteRule ^User\-([^./]+)$ member.php?action=profile&google_seo_user=$1 [L,QSA,NC]
    
    # Google SEO URL Calendars:
    RewriteRule ^Calendar\-([^./]+)$ calendar.php?google_seo_calendar=$1 [L,QSA,NC]
    
    # Google SEO URL Events:
    RewriteRule ^Event\-([^./]+)$ calendar.php?action=event&google_seo_event=$1 [L,QSA,NC]
    ##################
    # End Google SEO #
    ##################
    
        RewriteEngine on
        RewriteCond %{HTTPS} off
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        RewriteRule ^forum-([0-9]+)\.html$ forumdisplay.php?fid=$1 [L,QSA]
        RewriteRule ^forum-([0-9]+)-page-([0-9]+)\.html$ forumdisplay.php?fid=$1&page=$2 [L,QSA]
    
        RewriteRule ^thread-([0-9]+)\.html$ showthread.php?tid=$1 [L,QSA]
        RewriteRule ^thread-([0-9]+)-page-([0-9]+)\.html$ showthread.php?tid=$1&page=$2 [L,QSA]
        RewriteRule ^thread-([0-9]+)-lastpost\.html$ showthread.php?tid=$1&action=lastpost [L,QSA]
        RewriteRule ^thread-([0-9]+)-nextnewest\.html$ showthread.php?tid=$1&action=nextnewest [L,QSA]
        RewriteRule ^thread-([0-9]+)-nextoldest\.html$ showthread.php?tid=$1&action=nextoldest [L,QSA]
        RewriteRule ^thread-([0-9]+)-newpost\.html$ showthread.php?tid=$1&action=newpost [L,QSA]
        RewriteRule ^thread-([0-9]+)-post-([0-9]+)\.html$ showthread.php?tid=$1&pid=$2 [L,QSA]
    
        RewriteRule ^post-([0-9]+)\.html$ showthread.php?pid=$1 [L,QSA]
    
        RewriteRule ^announcement-([0-9]+)\.html$ announcements.php?aid=$1 [L,QSA]
    
        RewriteRule ^user-([0-9]+)\.html$ member.php?action=profile&uid=$1 [L,QSA]
    
        RewriteRule ^calendar-([0-9]+)\.html$ calendar.php?calendar=$1 [L,QSA]
        RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)\.html$ calendar.php?calendar=$1&year=$2&month=$3 [L,QSA]
        RewriteRule ^calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)-day-([0-9]+)\.html$ calendar.php?action=dayview&calendar=$1&year=$2&month=$3&day=$4 [L,QSA]
        RewriteRule ^calendar-([0-9]+)-week-(n?[0-9]+)\.html$ calendar.php?action=weekview&calendar=$1&week=$2 [L,QSA]
    
        RewriteRule ^event-([0-9]+)\.html$ calendar.php?action=event&eid=$1 [L,QSA]
    
        <IfModule mod_env.c>
            SetEnv SEO_SUPPORT 1
        </IfModule>
    </IfModule>
    
    #
    # If Apache is compiled with built in mod_deflade/GZIP support
    # then GZIP Javascript, CSS, HTML and XML so they're sent to
    # the client faster.
    #
    <IfModule mod_deflate.c>
        AddOutputFilterByType DEFLATE text/css text/html application/xhtml+xml text/xml application/xml text/plain text/x-component application/javascript application/x-javascript application/rss+xml application/atom+xml application/json application/manifest+json application/x-web-app-manifest+json application/vnd.ms-fontobject application/font-sfnt application/font-woff application/font-woff2 image/svg+xml image/x-icon
    </IfModule>
    
    # Note: You are able to choose a different name in the Admin CP. If you've done that you need to change it here too
    <Files "error.log">
        Order Deny,Allow
        Deny from all
    </Files>
    
    I could add the directory and the htaccess to the other vhost main and sub folders.
     
    Last edited: Jun 13, 2019
  17. koss

    koss Member

    Joined:
    Mar 6, 2009
    Messages:
    4,957
    Location:
    Vic
  18. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    Actually by my posts the certificate renewal is 9th of July as letsencrypt is 3 months.
    That date is in US so month first then date.

    Aka:
    Last successful renewal 04/10/2019 1:19 PM
    Last failed renewal 06/09/2019 1:24 PM

    That's how virtualmin has things with the http to s redirect and other site works fine with its renewal.
    I'll try to make directories in the community and home for .well-known challenge directory with that htaccess file and see what happens when the activation attempts reset.

    One reason I hope someone can work with me on the community o I have a second pair of eyes and a partner to help go through and improve things but unfortunately it seems I am trying to run and get going a site as the only 'solo' member etc etc.
     
  19. gdjacobs

    gdjacobs Member

    Joined:
    Apr 3, 2007
    Messages:
    1,302
    Location:
    MB, Canada
    Unless you're validating with a DNS record which Let's Encrypt also supports.
     
  20. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,885
    Location:
    Armadale / Perth
    Tried again now the tries are reset and I am seeing this error:

    Code:
    Requesting a certificate for cajgo-support.com, community.cajgo-support.com from Let's Encrypt ..
    .. request failed : Web-based validation failed : Failed to request certificate :
    community.cajgo-support.com challenge did not pass: Invalid response from https://community.cajgo-support.com/.well-known/acme-challenge/DVF07sF9RzwdOxsWvuBnXwcu2Jy2gj11EqlMtw5FOII [220.244.244.115]: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><!-- st"
    DNS-based validation failed : Failed to request certificate :
    community.cajgo-support.com challenge did not pass: No TXT record found at _acme-challenge.community.cajgo-support.com
    
     

Share This Page

Advertisement: