Switched On Tech Design

Tag: debian

  • PHP contact form returns 504 gateway error after moving to Digital Ocean

    This one had me scratching my head for a while – using php7.0-fpm and the latest nginx on Debian 8 Jessie I was seeing our PHP contact form working correctly but returning a Gateway 504 error upon submission, which was resulting in a great deal of resubmitted forms and error notifications from users.

     

    This only started occuring after we moved our site to Digital Ocean – it turns out that it was a IP priority issue and the following resolved it:

     

    vim /etc/gai.conf

     

    and uncommenting the following line:

     

    precedence ::ffff:0:0/96  100

    Then a reboot. Voila, the contact form worked properly again.

  • Installing Aegir 3 on Debian 8 Jessie/Ubuntu with Nginx

    So, after a few failed attempts at installing the Aegir 3 Drupal control system we hit upon this “recipe” as what works for us currently on a fresh install of Debian 8 Jessie or Ubuntu 14.04.

    This assumes you are logged in as root. First, update and upgrade your system.

    apt-get update && apt-get upgrade -y

    For the version of OS that currently gets installed with a fresh Binary Lane VPS we also need to update the base system. We like to use aptitude for that; while we’re installing aptitude, we might as well install the other thing that Aegir needs to install properly:

    apt-get install curl sendmail aptitude -y

    Upgrade:

    aptitude safe-upgrade -y

    Now, we need to install the database server. We use MariaDB.

    apt-get install mariadb-server -y

    One that’s done – you will be prompted to enter a root password for the database – we run the following command:

    mysql_secure_installation

    Don’t worry about changing the root password now that you have already set one, but delete the test database when prompted, disable anonymous access and flush privileges. Now we can install Aegir, nginx, php5-fpm etc.:

    echo “deb http://debian.aegirproject.org stable main” | sudo tee -a /etc/apt/sources.list.d/aegir-stable.list
    curl http://debian.aegirproject.org/key.asc | sudo apt-key add –
    apt-get update
    apt-get install aegir3 aegir3-provision aegir3-hostmaster nginx php5-fpm

    Enter the hostmaster URL – usually the fully qualified domain name. Enter the database root password once for provision and once for hostmaster.

    Assuming all of the above has gone well, you should be given a one-time-login link in your terminal at the end of the install process, e.g.:

    http://aegir.example.com.au/user/reset/1/1446598196/Nw4T4yd25IWEngCP2d2A_Ck3XslBiobnhbuNzXU4/login

    Now, before using that run the following:

    visudo

    Add this to the end of the file:

    Defaults:aegir !requiretty
    aegir ALL=NOPASSWD: /etc/init.d/nginx

    This gives Aegir – the aegir user – permission to restart nginx without requiring a sudo password.

    Test this works by doing the following:

    su – aegir
    sudo /etc/init.d/nginx restart

    What you want to see then is this:

    * Restarting nginx nginx
    [ OK ]

    Then:

    vim /etc/nginx/nginx.conf

    Comment out by putting a # in front of:

    # tcp_nopush on;
    # types_hash_max_size 2048;
    # error_log /var/log/nginx/error.log;

    Reboot, and use the one-time-link. You should be logged in fine and now can use Aegir!

  • How to protect Debian from the Shellshock exploit

    Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your Debian server is vulnerable run the following in a terminal:

    env VAR='() { :;}; echo Shellshock vulnerable!‘ bash -c “echo Bash Testing”

    If your system is vulnerable, you will see:

    Shellshock vulnerable!

    Bash testing

    If it is not vulnerable, you will see:

    bash: warning: VAR: ignoring function definition attempt
    bash: error importing function definition for `VAR’
    Bash testing

    If you are vulnerable, you can update bash by running the following:

    sudo apt-get update && sudo apt-get install --only-upgrade bash

    Once the update has finished, run the code to check your vulnerability again and it should be sorted.

  • Debian: How to see what has recently been upgraded or updated through apt-get

    Forgotten what it was you last updated, or want to check what someone else has been updating? There’s a log file for that, and it’s located at:

     

    /var/log/apt/history.log

     

    To view it, run:

     

    less /var/log/apt/history.log

     

    Looking for an older logfile? They’re kept, too. To see the other log files available, view the directory using ls:

     

    ls /var/log/apt/

     

    It should look something like:

     

    history.log  history.log.1.gz  history.log.2.gz  history.log.3.gz  history.log.4.gz  term.log  term.log.1.gz  term.log.2.gz  term.log.3.gz  term.log.4.gz

     

    One further note – This will show the most recent things done with apt, not just upgrades.

  • How to cache yum repositories on CentOS using apt-cacher-ng on Debian or Ubuntu

     

    If you have a lot of virtual (or real) machines running Debian or Ubuntu and a limited internet connection, it can make a lot of sense to use apt-cacher-ng to create a local cache of the packages you use so that they are only downloaded once. The current version of apt-cacher-ng can also help out with yum repositories!

     

    On CentOS, edit /etc/yum.conf and add:

     

    proxy=http://[ip-of-your-local-apt-cacher-ng-server]:3142

     

    If you have changed the default port of apt-cacher-ng from 3142, you will need to modify that. Our example file:

     

    [main]
    cachedir=/var/cache/yum/$basearch/$releasever
    keepcache=0
    debuglevel=2
    logfile=/var/log/yum.log
    exactarch=1
    obsoletes=1
    gpgcheck=1
    plugins=1
    installonly_limit=5
    bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum
    distroverpkg=centos-release
    proxy=http://10.1.1.12:3142

    #  This is the default, if you make this bigger yum won’t see if the metadata
    # is newer on the remote and so you’ll “gain” the bandwidth of not having to
    # download the new metadata and “pay” for it by yum not having correct
    # information.
    #  It is esp. important, to have correct metadata, for distributions like
    # Fedora which don’t keep old packages around. If you don’t like this checking
    # interupting your command line usage, it’s much better to have something
    # manually check the metadata once an hour (yum-updatesd will do this).
    # metadata_expire=90m

    # PUT YOUR REPOS HERE OR IN separate files named file.repo
    # in /etc/yum.repos.d

     

    As you can see, our local apt-cacher-ng VM is 10.1.1.12.

     

    Run yum update and check your apt-cacher-ng’s cache – you should now see some CentOS respositories cached there.

  • Debian Wheezy: /etc/sudoers missing

     

    If you’re looking to add something to the /etc/sudoers file in a Debian Wheezy install, you may find that the file isn’t there! To create the file while logged in as the root user you need to install the sudo package:

     

    apt-get install sudo

     

    Once that install completes the file will appear:

     

    #
    # This file MUST be edited with the ‘visudo’ command as root.
    #
    # Please consider adding local content in /etc/sudoers.d/ instead of
    # directly modifying this file.
    #
    # See the man page for details on how to write a sudoers file.
    #
    Defaults        env_reset
    Defaults        mail_badpass
    Defaults        secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”

    # Host alias specification

    # User alias specification

    # Cmnd alias specification

    # User privilege specification
    root    ALL=(ALL:ALL) ALL

    # Allow members of group sudo to execute any command
    %sudo   ALL=(ALL:ALL) ALL

    # See sudoers(5) for more information on “#include” directives:

    #includedir /etc/sudoers.d

     

  • Debian 7 (Wheezy) – no smbpasswd command

     

    If you have installed samba/cifs-utils/etc. and are trying to set your users up on a Debian 7 system, you might be surprised to find that the smbpasswd command seems to be missing. It’s actually part of the samba-common-bin package, which you can install via:

     

    sudo apt-get install samba-common-bin

     

    …and you should have your command.

  • Finding /var/log/auth.log in CentOS 6

     

    This one is straight-forward – if you’re used to Debian and are in a CentOS system looking for /var/log/auth.log you’ll find it in:

     

    /var/log/secure

     

    Short and sweet!

  • Incorrect keyboard layout/map on a Raspberry Pi – no | or \

    One thing that’s come up occasionally with our testing of the Pi so far has been that some distributions pick up on odd keyboard maps by default, particularly with Apple keyboards – to fix this on one of the Debian distros and get back your missing pipe (|) or backslash (\) characters run:

    # dpkg-reconfigure keyboard-configuration

    and select the correct keyboard map/layout for your keyboard.