Upgrade Debian 9 to 10

Post Reply
User avatar
myVesta
Site Admin
Posts: 904
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 7 times
Been thanked: 6 times

Code: Select all

# Prepare to get latest Debian 9 updates
mv /etc/apt/sources.list /root/sources.list.stretch-backup
echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" > /etc/apt/sources.list
echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free" > /etc/apt/sources.list.d/extended-lts.list
wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && dpkg -i freexian-archive-keyring_2022.06.08_all.deb
rm /etc/apt/sources.list.d/hetzner-*
rm /etc/apt/sources.list.d/extended-lts.list

apt-get update

# if you see error like:
#   E: The repository 'https://packages.sury.org/php stretch Release' does no longer have a Release file.
#   N: Updating from such a repository can't be done securely, and is therefore disabled by default.
# then 
# remind this, because we need to re-add sury repo later
# and run:
#   mv /etc/apt/sources.list.d/php.list /root/php.list.backup
#   apt-get update

# Get latest Debian 9 updates
apt-get -y upgrade
# During update proccess apt will ask you what to do with some config files, choose the following options:
# /etc/roundcube/config.inc.php = Keep the local version

apt-get -y dist-upgrade

# Prepare for Debian 10
sed -i 's/stretch/buster/g' /etc/apt/sources.list
find /etc/apt/sources.list.d/ -type f -name "*.list" -exec sed -i 's/stretch/buster/g' {} \;

# if we previously removed sury repo (/etc/apt/sources.list.d/php.list), it's a time to bring it back.
# run:
#   sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list'

echo "deb http://deb.debian.org/debian/ buster main non-free contrib" > /etc/apt/sources.list
echo "deb http://deb.debian.org/debian/ buster-updates main non-free contrib" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ buster/updates main non-free contrib" >> /etc/apt/sources.list


# Let's run upgrade to Debian 10:
apt-get update
apt-get -y upgrade

# During upgrade proccess apt will ask you what to do with some services and config files, choose the following options:
# Configuring libc6:amd64 : Restart services during package upgrades without asking? = Y
# Configuration file '/etc/nginx/conf.d/default.conf' = N
# Configuration file '/etc/nginx/nginx.conf' = N
# Configuration file '/etc/default/spamassassin' = Y
# Configuration file '/etc/security/limits.conf' = N
# Configuration file '/etc/fail2ban/jail.conf' = Y

# Let's run dist-upgrade to Debian 10:
apt-get -y dist-upgrade
# During upgrade proccess apt will ask you what to do with some config files, choose the following options:
# Configuration file '/etc/exim4/exim4.conf.template' = N
# Configuration file '/etc/sysctl.conf' = Y
# /etc/dovecot/dovecot-sql.conf.ext = Keep the local version
# /etc/dovecot/conf.d/10-director.conf = Keep the local version
# /etc/dovecot/conf.d/10-logging.conf = Keep the local version
# /etc/dovecot/conf.d/10-mail.conf = Keep the local version
# /etc/dovecot/conf.d/10-master.conf = Keep the local version
# /etc/dovecot/conf.d/10-ssl.conf = Keep the local version
# /etc/dovecot/conf.d/15-lda.conf = Keep the local version
# /etc/dovecot/conf.d/90-quota.conf = Keep the local version
# /etc/dovecot/conf.d/auth-system.conf.ext = Keep the local version
# /etc/dovecot/conf.d/20-imap.conf = Keep the local version
# /etc/dovecot/conf.d/20-pop3.conf = Keep the local version
# /etc/ssh/sshd_config = Install the package maintainer's version
# /etc/roundcube/defaults.inc.php = N
# /etc/roundcube/htaccess = N
# Configuring roundcube-core = NO - mandatory!!!
# /etc/roundcube/config.inc.php = Keep the local version
# /etc/logrotate.d/apache2 = N
# /etc/bind/named.conf.options = N


# let's block 'admin' for ssh login, as security measure
echo "" >> /etc/ssh/sshd_config
echo "DenyUsers admin" >> /etc/ssh/sshd_config

# Let's tweak sysctl.conf for better stability:
# Check if file /etc/sysctl.conf contains: fs.file-max = 200000
grep 'fs.file-max = 200000' /etc/sysctl.conf
# if nothing returned, then run:
   echo "fs.file-max = 200000" >> /etc/sysctl.conf

# run:
mysql
# if it gives error, do the following:
#   mysqld_safe --skip-grant-tables --skip-networking &
#   mysql_upgrade
#   mysqladmin shutdown
#   systemctl start MySQL

# In case we skipped roundcube upgrade during upgrade process, reinstall roundcube now:
apt-get install --reinstall roundcube roundcube-core roundcube-plugins
# /etc/roundcube/config.inc.php = Keep the local version

# Install php7.3-fpm:
cd /root
wget -nv -O /root/vesta-inst-php.sh https://c.myvestacp.com/tools/multi-php-install.sh
chmod u+x ./vesta-inst-php.sh
sudo ./vesta-inst-php.sh 1 0 0 0 0 1

# Making sure Apache is in mpm_event mode
/usr/local/vesta/bin/v-list-sys-web-status | grep "Server MPM:"
# if it returns:
# <dt>Server MPM: prefork</dt>
# then run:
cd /root
wget -nv http://dl.myvestacp.com/vesta/switch-apache-to-event-mode.sh -O /root/switch-apache-to-event-mode.sh
chmod u+x /root/switch-apache-to-event-mode.sh
bash /root/switch-apache-to-event-mode.sh 70

# M,aking sure once again Apache is in mpm_event mode
/usr/local/vesta/bin/v-commander 'e' 'q'

# Patching php.ini for /var/log/php-mail.log
NOTFOUNDVAL='php-mail.log'
OLDVAL=";mail.log = .*"
NEWVAL="mail.log = /var/log/php-mail.log"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"

# Patching php.ini for disable_functions
NOTFOUNDVAL="exec,system,passthru,shell_exec"
LINEBEGINSWITH="disable_functions ="
NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g"
systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart

# Set php7.3 as default php/cli version
update-alternatives --set php /usr/bin/php7.3

# Get latest myVesta source code in order to fix some config files:
cd /root
rm -rf /root/vesta
git clone https://github.com/myvesta/vesta.git

RHOST='apt.myvestacp.com'
CHOST='c.myvestacp.com'
VERSION='debian'
VESTA='/usr/local/vesta'
memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
arch=$(uname -i)
os='debian'
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
vestacp="$VESTA/install/$VERSION/$release"

# Flixing dovecot config files:
cp -rf $vestacp/dovecot /etc/
cp -f $vestacp/clamav/clamd.conf /etc/clamav/
echo "ssl_dh=</usr/share/dovecot/dh.pem" >> /etc/dovecot/conf.d/10-ssl.conf
systemctl restart dovecot
systemctl restart clamav-daemon

# We need php-twig library for phpmyadmin
apt-get -y install php-twig
# if 'php-twig' is not available, try:
aptitude -t buster-backports install php-twig

# Install phpmyadmin
apt-get -y install phpmyadmin
# Configuration file '/etc/phpmyadmin/apache.conf' = N
# Configuration file '/etc/phpmyadmin/config.inc.php' = N

# Fixing hostname fpm config
VESTA="/usr/local/vesta"
source /etc/profile
PATH=$PATH:/usr/local/vesta/bin && export PATH
/usr/local/vesta/bin/v-change-web-domain-tpl "admin" "$HOSTNAME" "PHP-FPM-73" "yes"
sed -i "/^group =/c\group = www-data" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf
sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.3/fpm/pool.d/$HOSTNAME.conf

# Install php7.3-imap for roundcube filter plugin
apt-get -y install php7.3-imap
systemctl restart php7.3-fpm

# Turn off MariaDB strict mode
echo "" >> /etc/mysql/mariadb.cnf
echo "sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" >> /etc/mysql/mariadb.cnf
systemctl restart mysql

cat /etc/hostname
# Check if /etc/hostname has changed (hostname should be in the format: sub.domain.com), if it is not in that format then restore the previous hostname

reboot

# Reconnect to SSH after 60 sec, and run:
v-list-sys-services
# check if all services are up

Tags:
User avatar
webxtek
Posts: 46
Joined: Wed Nov 18, 2020 7:43 pm

Has anyone tested debian 12?
User avatar
isscbta
Team Member
Posts: 118
Joined: Mon Jul 19, 2021 1:41 am
Has thanked: 12 times
Been thanked: 3 times

In our latest update, we have released a version that now supports Debian 12. We have thoroughly tested it on our test servers, and to the best of our knowledge, everything is functioning correctly.
However, we recommend not upgrading existing servers from deb11 to deb12 because we didn't write an upgrading walk-through yet.
We will write it in the next three months.
Post Reply