Code: Select all
# Prepare to get latest Debian 9 updates
mv /etc/apt/sources.list /root/sources.list.stretch-backup
echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" > /etc/apt/sources.list
echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free" > /etc/apt/sources.list.d/extended-lts.list
wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && dpkg -i freexian-archive-keyring_2022.06.08_all.deb
rm /etc/apt/sources.list.d/hetzner-*
rm /etc/apt/sources.list.d/extended-lts.list
apt-get update
# if you see error like:
# E: The repository 'https://packages.sury.org/php stretch Release' does no longer have a Release file.
# N: Updating from such a repository can't be done securely, and is therefore disabled by default.
# then
# remind this, because we need to re-add sury repo later
# and run:
# mv /etc/apt/sources.list.d/php.list /root/php.list.backup
# apt-get update
# Get latest Debian 9 updates
apt-get -y upgrade
# During update proccess apt will ask you what to do with some config files, choose the following options:
# /etc/roundcube/config.inc.php = Keep the local version
apt-get -y dist-upgrade
# Prepare for Debian 10
sed -i 's/stretch/buster/g' /etc/apt/sources.list
find /etc/apt/sources.list.d/ -type f -name "*.list" -exec sed -i 's/stretch/buster/g' {} \;
# if we previously removed sury repo (/etc/apt/sources.list.d/php.list), it's a time to bring it back.
# run:
# sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list'
echo "deb http://deb.debian.org/debian/ buster main non-free contrib" > /etc/apt/sources.list
echo "deb http://deb.debian.org/debian/ buster-updates main non-free contrib" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ buster/updates main non-free contrib" >> /etc/apt/sources.list
# Let's run upgrade to Debian 10:
apt-get update
apt-get -y upgrade
# During upgrade proccess apt will ask you what to do with some services and config files, choose the following options:
# Configuring libc6:amd64 : Restart services during package upgrades without asking? = Y
# Configuration file '/etc/nginx/conf.d/default.conf' = N
# Configuration file '/etc/nginx/nginx.conf' = N
# Configuration file '/etc/default/spamassassin' = Y
# Configuration file '/etc/security/limits.conf' = N
# Configuration file '/etc/fail2ban/jail.conf' = Y
# Let's run dist-upgrade to Debian 10:
apt-get -y dist-upgrade
# During upgrade proccess apt will ask you what to do with some config files, choose the following options:
# Configuration file '/etc/exim4/exim4.conf.template' = N
# Configuration file '/etc/sysctl.conf' = Y
# /etc/dovecot/dovecot-sql.conf.ext = Keep the local version
# /etc/dovecot/conf.d/10-director.conf = Keep the local version
# /etc/dovecot/conf.d/10-logging.conf = Keep the local version
# /etc/dovecot/conf.d/10-mail.conf = Keep the local version
# /etc/dovecot/conf.d/10-master.conf = Keep the local version
# /etc/dovecot/conf.d/10-ssl.conf = Keep the local version
# /etc/dovecot/conf.d/15-lda.conf = Keep the local version
# /etc/dovecot/conf.d/90-quota.conf = Keep the local version
# /etc/dovecot/conf.d/auth-system.conf.ext = Keep the local version
# /etc/dovecot/conf.d/20-imap.conf = Keep the local version
# /etc/dovecot/conf.d/20-pop3.conf = Keep the local version
# /etc/ssh/sshd_config = Install the package maintainer's version
# /etc/roundcube/defaults.inc.php = N
# /etc/roundcube/htaccess = N
# Configuring roundcube-core = NO - mandatory!!!
# /etc/roundcube/config.inc.php = Keep the local version
# /etc/logrotate.d/apache2 = N
# /etc/bind/named.conf.options = N
# let's block 'admin' for ssh login, as security measure
echo "" >> /etc/ssh/sshd_config
echo "DenyUsers admin" >> /etc/ssh/sshd_config
# Let's tweak sysctl.conf for better stability:
# Check if file /etc/sysctl.conf contains: fs.file-max = 200000
grep 'fs.file-max = 200000' /etc/sysctl.conf
# if nothing returned, then run:
echo "fs.file-max = 200000" >> /etc/sysctl.conf
# run:
mysql
# if it gives error, do the following:
# mysqld_safe --skip-grant-tables --skip-networking &
# mysql_upgrade
# mysqladmin shutdown
# systemctl start MySQL
# In case we skipped roundcube upgrade during upgrade process, reinstall roundcube now:
apt-get install --reinstall roundcube roundcube-core roundcube-plugins
# /etc/roundcube/config.inc.php = Keep the local version
# Install php7.3-fpm:
cd /root
wget -nv -O /root/vesta-inst-php.sh https://c.myvestacp.com/tools/multi-php-install.sh
chmod u+x ./vesta-inst-php.sh
sudo ./vesta-inst-php.sh 1 0 0 0 0 1
# Making sure Apache is in mpm_event mode
/usr/local/vesta/bin/v-list-sys-web-status | grep "Server MPM:"
# if it returns:
# <dt>Server MPM: prefork</dt>
# then run:
cd /root
wget -nv http://dl.myvestacp.com/vesta/switch-apache-to-event-mode.sh -O /root/switch-apache-to-event-mode.sh
chmod u+x /root/switch-apache-to-event-mode.sh
bash /root/switch-apache-to-event-mode.sh 70
# M,aking sure once again Apache is in mpm_event mode
/usr/local/vesta/bin/v-commander 'e' 'q'
# Patching php.ini for /var/log/php-mail.log
NOTFOUNDVAL='php-mail.log'
OLDVAL=";mail.log = .*"
NEWVAL="mail.log = /var/log/php-mail.log"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
# Patching php.ini for disable_functions
NOTFOUNDVAL="exec,system,passthru,shell_exec"
LINEBEGINSWITH="disable_functions ="
NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g"
systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart
# Set php7.3 as default php/cli version
update-alternatives --set php /usr/bin/php7.3
# Get latest myVesta source code in order to fix some config files:
cd /root
rm -rf /root/vesta
git clone https://github.com/myvesta/vesta.git
RHOST='apt.myvestacp.com'
CHOST='c.myvestacp.com'
VERSION='debian'
VESTA='/usr/local/vesta'
memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
arch=$(uname -i)
os='debian'
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
vestacp="$VESTA/install/$VERSION/$release"
# Flixing dovecot config files:
cp -rf $vestacp/dovecot /etc/
cp -f $vestacp/clamav/clamd.conf /etc/clamav/
echo "ssl_dh=</usr/share/dovecot/dh.pem" >> /etc/dovecot/conf.d/10-ssl.conf
systemctl restart dovecot
systemctl restart clamav-daemon
# We need php-twig library for phpmyadmin
apt-get -y install php-twig
# if 'php-twig' is not available, try:
aptitude -t buster-backports install php-twig
# Install phpmyadmin
apt-get -y install phpmyadmin
# Configuration file '/etc/phpmyadmin/apache.conf' = N
# Configuration file '/etc/phpmyadmin/config.inc.php' = N
# Fixing hostname fpm config
VESTA="/usr/local/vesta"
source /etc/profile
PATH=$PATH:/usr/local/vesta/bin && export PATH
/usr/local/vesta/bin/v-change-web-domain-tpl "admin" "$HOSTNAME" "PHP-FPM-73" "yes"
sed -i "/^group =/c\group = www-data" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
# Install php7.3-imap for roundcube filter plugin
apt-get -y install php7.3-imap
systemctl restart php7.3-fpm
# Turn off MariaDB strict mode
echo "" >> /etc/mysql/mariadb.cnf
echo "sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" >> /etc/mysql/mariadb.cnf
systemctl restart mysql
cat /etc/hostname
# Check if /etc/hostname has changed (hostname should be in the format: sub.domain.com), if it is not in that format then restore the previous hostname
reboot
# Reconnect to SSH after 60 sec, and run:
v-list-sys-services
# check if all services are up