Code: Select all
# Prepare to get latest Debian 9 updates
mv /etc/apt/sources.list /root/sources.list.stretch-backup
echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" > /etc/apt/sources.list
echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free" > /etc/apt/sources.list.d/extended-lts.list
wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb
rm /etc/apt/sources.list.d/hetzner-*
# Get latest mysql-watchdog
if [ -f "/home/scanps.php" ]; then
crontab -l > /root/my_cron_backup.txt
# delete crontab
crontab -r
wget -nv -O /home/scanps.php https://c.myvestacp.com/tools/scanps/scanps.php
fi
apt-get update
# if you see error like:
# E: The repository 'https://packages.sury.org/php stretch Release' does no longer have a Release file.
# N: Updating from such a repository can't be done securely, and is therefore disabled by default.
# then
# remind this, because we need to re-add sury repo when you upgrade distro to deb11
# and run:
# mv /etc/apt/sources.list.d/php.list /root/php.list.backup
# apt-get update
# if you see error like:
# W: GPG error: http://archive.debian.org/debian stretch-proposed-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
# then run:
apt-get install debian-archive-keyring
apt-get update
# if you see error like:
# W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://nginx.org/packages/debian buster InRelease: The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <[email protected]>
apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
# Get latest Debian 9 updates
apt-get -y upgrade
# During update proccess apt will ask you what to do with some config files, choose the following options:
# /etc/roundcube/config.inc.php = Keep the local version
apt-get -y dist-upgrade
# Prepare for Debian 10
sed -i 's/stretch/buster/g' /etc/apt/sources.list
find /etc/apt/sources.list.d/ -type f -name "*.list" -exec sed -i 's/stretch/buster/g' {} \;
echo "deb http://deb.debian.org/debian/ buster main non-free contrib" > /etc/apt/sources.list
echo "deb http://deb.debian.org/debian/ buster-updates main non-free contrib" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ buster/updates main non-free contrib" >> /etc/apt/sources.list
echo "deb http://archive.debian.org/debian buster-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.freexian.com/extended-lts buster main contrib non-free" >> /etc/apt/sources.list
if [ -f "/etc/apt/sources.list.d/mssql-release.list" ]; then
sed -i 's#/9/#/10/#g' /etc/apt/sources.list.d/mssql-release.list
fi
# Let's run apt update:
apt-get update
# Let's run upgrade to Debian 10:
apt-get -y upgrade
# During upgrade proccess apt will ask you what to do with some services and config files, choose the following options:
# Configuring libc6:amd64 : Restart services during package upgrades without asking? = Y
# Configuration file '/etc/security/limits.conf' = N
# Configuration file '/etc/fail2ban/filter.d/dovecot.conf' = N
# Configuration file '/etc/fail2ban/filter.d/exim.conf' = N
# Configuration file '/etc/fail2ban/jail.conf' = Y
# Configuration file '/etc/default/spamassassin' = Y
# Configuration file '/etc/nginx/conf.d/default.conf' = N
# Configuration file '/etc/nginx/nginx.conf' = N
# Configuration file '/etc/roundcube/defaults-inc.conf' = N
# Configuration file '/etc/roundcube/htaccess' = N
# /etc/roundcube/config.inc.php = Keep the local version
# Let's run dist-upgrade to Debian 10:
apt-get -y dist-upgrade
# During upgrade proccess apt will ask you what to do with some config files, choose the following options:
# Configuration file '/etc/exim4/exim4.conf.template' = N
# Configuration file '/etc/sysctl.conf' = Y
# /etc/dovecot/conf.d/10-logging.conf = Keep the local version
# /etc/dovecot/conf.d/10-mail.conf = Keep the local version
# /etc/dovecot/conf.d/10-master.conf = Keep the local version
# /etc/dovecot/conf.d/10-ssl.conf = Keep the local version
# /etc/dovecot/conf.d/20-imap.conf = Keep the local version
# /etc/dovecot/conf.d/20-pop3.conf = Keep the local version
# /etc/dovecot/dovecot-sql.conf.ext = Keep the local version
# /etc/dovecot/conf.d/10-director.conf = Keep the local version
# /etc/dovecot/conf.d/15-lda.conf = Keep the local version
# /etc/dovecot/conf.d/90-quota.conf = Keep the local version
# /etc/dovecot/conf.d/auth-system.conf.ext = Keep the local version
# /etc/init.d/proftpd = Y
# /etc/proftpd/proftpd.conf = Keep the local version
# /etc/ssh/ssh_config = Y = Install the package maintainer's version
# /etc/ssh/sshd_config = Install the package maintainer's version
# /etc/roundcube/defaults.inc.php = N
# /etc/roundcube/htaccess = N
# Configuring roundcube-core = NO - mandatory!!!
# /etc/roundcube/config.inc.php = Keep the local version
# /etc/logrotate.d/apache2 = N
# /etc/bind/named.conf.options = N
# let's block 'admin' for ssh login, as security measure
echo "" >> /etc/ssh/sshd_config
echo "DenyUsers admin" >> /etc/ssh/sshd_config
# Let's tweak sysctl.conf for better stability:
# Check if file /etc/sysctl.conf contains: fs.file-max = 200000
grep 'fs.file-max = 200000' /etc/sysctl.conf
# if nothing returned, then run:
echo "fs.file-max = 200000" >> /etc/sysctl.conf
# run:
mysql
# if it gives error, do the following:
# mysqld_safe --skip-grant-tables --skip-networking &
# mysql_upgrade
# mysqladmin shutdown
# systemctl start MySQL
# In case we skipped roundcube upgrade during upgrade process, reinstall roundcube now:
apt-get install --reinstall roundcube roundcube-core roundcube-plugins
# configuring roundcube database = select YES
# Configuration file '/etc/roundcube/config.inc.php' = keep the local version currently installed
# Restore crontab if we deleted it previously
if [ -f "/home/scanps.php" ]; then
crontab /root/my_cron_backup.txt
fi
# Install php7.3-fpm:
cd /root
wget -nv -O /root/vesta-inst-php.sh https://c.myvestacp.com/tools/multi-php-install.sh
chmod u+x ./vesta-inst-php.sh
sudo ./vesta-inst-php.sh 1 0 0 0 0 1
# Making sure Apache is in mpm_event mode
/usr/local/vesta/bin/v-list-sys-web-status | grep "Server MPM:"
# if it returns:
# <dt>Server MPM: prefork</dt>
# then run:
cd /root
wget -nv http://dl.myvestacp.com/vesta/switch-apache-to-event-mode.sh -O /root/switch-apache-to-event-mode.sh
chmod u+x /root/switch-apache-to-event-mode.sh
bash /root/switch-apache-to-event-mode.sh 70
# Making sure once again Apache is in mpm_event mode
/usr/local/vesta/bin/v-commander 'e' 'q'
# Patching php.ini for /var/log/php-mail.log
NOTFOUNDVAL='php-mail.log'
OLDVAL=";mail.log = .*"
NEWVAL="mail.log = /var/log/php-mail.log"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
# Patching php.ini for disable_functions
NOTFOUNDVAL="exec,system,passthru,shell_exec"
LINEBEGINSWITH="disable_functions ="
NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g"
systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart
# Set php7.3 as default php/cli version
update-alternatives --set php /usr/bin/php7.3
# Get latest myVesta source code in order to fix some config files:
cd /root
rm -rf /root/vesta
git clone https://github.com/myvesta/vesta.git
RHOST='apt.myvestacp.com'
CHOST='c.myvestacp.com'
VERSION='debian'
VESTA='/usr/local/vesta'
memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
arch=$(uname -i)
os='debian'
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
vestacp="$VESTA/install/$VERSION/$release"
# Flixing dovecot config files:
cp -rf $vestacp/dovecot /etc/
cp -f $vestacp/clamav/clamd.conf /etc/clamav/
echo "ssl_dh=</usr/share/dovecot/dh.pem" >> /etc/dovecot/conf.d/10-ssl.conf
systemctl restart dovecot
systemctl restart clamav-daemon
# We need php-twig library for phpmyadmin
apt-get -y install php-twig
# if 'php-twig' is not available (or a dependency issue appears), then run:
# aptitude -t buster-backports install php-twig
# Install phpmyadmin
apt-get -y install phpmyadmin
# if 'php-twig' has a dependency issue, see previous block for aptitude twig
# Configuration file '/etc/phpmyadmin/apache.conf' = N
# Configuration file '/etc/phpmyadmin/config.inc.php' = N
# Configuring phpmyadmin = select YES
# Fixing hostname fpm config
VESTA="/usr/local/vesta"
source /etc/profile
PATH=$PATH:/usr/local/vesta/bin && export PATH
/usr/local/vesta/bin/v-change-web-domain-tpl "admin" "$HOSTNAME" "PHP-FPM-73" "yes"
sed -i "/^group =/c\group = www-data" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
systemctl restart php7.3-fpm
# If phpmyadmin still does not work, then:
chmod -R a+rwx /var/lib/phpmyadmin/tmp
mkdir -p /root/phpmyadmin
wget -nv -O /root/phpmyadmin/pma.sh http://c.myvestacp.com/debian/11/pma/pma.sh
wget -nv -O /root/phpmyadmin/create_tables.sql http://c.myvestacp.com/debian/11/pma/create_tables.sql
bash /root/phpmyadmin/pma.sh
# Install php7.3-imap for roundcube filter plugin
apt-get -y install php7.3-imap
systemctl restart php7.3-fpm
# Fixing my.cnf symlink
rm /etc/alternatives/my.cnf
rm /etc/mysql/my.cnf
ln -s /etc/mysql/mariadb.cnf /etc/alternatives/my.cnf
ln -s /etc/mysql/mariadb.cnf /etc/mysql/my.cnf
# Turn off MariaDB strict mode
echo "" >> /etc/mysql/mariadb.cnf
echo "sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" >> /etc/mysql/mariadb.cnf
systemctl restart mysql
echo "MAX_DBUSER_LEN=80" >> /usr/local/vesta/conf/vesta.conf
cp /usr/local/vesta/install/debian/10/templates/web/nginx/* /usr/local/vesta/data/templates/web/nginx/
v-rebuild-web-domains admin
cat /etc/hostname
# Check if /etc/hostname has changed (hostname should be in the format: sub.domain.com), if it is not in that format then restore the previous hostname
# Just in case check if all system limits are increased
wget -nv http://dl.myvestacp.com/vesta/increase-system-limits.sh -O /root/increase-system-limits.sh
bash /root/increase-system-limits.sh
v-list-sys-services
# check if all services are up
reboot
# Reconnect to SSH after 60 sec, and run:
v-list-sys-services
# check if all services are up