Upgrade Debian 8 to 9

Post Reply
User avatar
myVesta
Site Admin
Posts: 934
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 8 times
Been thanked: 6 times

Code: Select all

# Get latest Debian 8 updates
mv /etc/apt/sources.list /root/sources.list.old-jessie-backup
echo "deb http://deb.freexian.com/extended-lts jessie main contrib non-free" > /etc/apt/sources.list
wget http://deb.freexian.com/extended-lts/archive-key.gpg -O /etc/apt/trusted.gpg.d/freexian-archive-extended-lts.gpg
apt-key add /etc/apt/trusted.gpg.d/freexian-archive-extended-lts.gpg

# Get latest mysql-watchdog
if [ -f "/home/scanps.php" ]; then
  crontab -l > /root/my_cron_backup.txt
  # delete crontab
  crontab -r
  wget -nv -O /home/scanps.php https://c.myvestacp.com/tools/scanps/scanps.php
fi

apt-get update

# if you see error like:
#   E: The repository 'https://packages.sury.org/php jessie Release' does no longer have a Release file.
#   N: Updating from such a repository can't be done securely, and is therefore disabled by default.
# then 
# remind this, because you need to re-add sury repo when you upgrade Debian to 10
# and run:
#  mv /etc/apt/sources.list.d/php.list /root/php.list.backup
#  apt update

apt-get -y upgrade
apt-get -y dist-upgrade

# Prepare for Debian 9
mv /etc/apt/sources.list /root/sources.list.jessie-backup
echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" > /etc/apt/sources.list
echo "deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://archive.debian.org/debian-security stretch/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free" > /etc/apt/sources.list.d/extended-lts.list
wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && dpkg -i freexian-archive-keyring_2022.06.08_all.deb
find /etc/apt/sources.list.d/ -type f -exec sed -i 's/jessie/stretch/g' {} \;

# Let's run upgrade to Debian 9:
apt-get update
apt-get -y upgrade
# During upgrade proccess apt will ask you what to do with some config files, choose the following options:
# Configuration file '/etc/spamassassin/local.cf' = N

# Let's run dist-upgrade to Debian 9:
apt-get -y dist-upgrade
# During upgrade proccess apt will ask you what to do with some services and config files, choose the following options:
# configuring libc6 = select YES to restart services
# configuring roundcube database = select YES
# configuring phpmyadmin database = select YES
# Configuration file '/etc/systemd/timesyncd.conf' = Y
# Configuration file '/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp' = Y
# Configuration file '/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost' = Y
# Configuration file '/etc/exim4/exim4.conf.template' = N
# Configuration file '/etc/apache2/apache2.conf' = N
# Configuration file '/etc/roundcube/apache.conf' = Y
# Configuration file '/etc/roundcube/defaults.inc.php' = N
# Configuration file '/etc/roundcube/htaccess' = Y
# Configuration file '/etc/roundcube/plugins/jqueryui/config.inc.php' = Y
# configuring roundcube core = select YES = (it will probably show error, select RETRY, open new ssh terminal and see password from /etc/roundcube/debian-db.php = in /etc/roundcube/debian-db-roundcube.php should be the same pass = if it's not, run 'mysql' and type "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY 'password-you-found-in-debian-db';" = enter that password when dialog in first terminal ask for database password (also change password in /etc/roundcube/debian-db-roundcube.php) = if this does not help go to 'Ignore' and reinstall roundcube in next step) = avoid backuping database = keep the local version currently installed
# Configuration file '/etc/roundcube/config.inc.php' = keep the local version currently installed
# Configuration file '/etc/roundcube/plugins/password/config.inc.php' = N
# Configuration file '/etc/ssh/ssh_config' = Y
# Configuration file '/etc/ssh/sshd_config' = Y
# configuring clamav-daemon = keep the local version currently installed
# modified /etc/dovecot/conf.d/10-logging.conf = keep the local version currently installed
# modified /etc/dovecot/conf.d/10-mail.conf = keep the local version currently installed
# modified /etc/dovecot/conf.d/15-mailboxes.conf = keep the local version currently installed
# modified /etc/dovecot/conf.d/20-imap.conf = keep the local version currently installed
# modified /etc/dovecot/conf.d/20-pop3.conf = keep the local version currently installed
# Configuration file '/etc/phpmyadmin/apache.conf' = Y
# Configuration file '/etc/phpmyadmin/config.inc.php' = N
# Configuring phpmyadmin = select YES = (open new ssh terminal and see password from /etc/phpmyadmin/config-db.php = if this does not help go to 'Ignore' and reinstall phpmyadmin in next step) = avoid backuping database = keep the local version currently installed
# Configuration file '/etc/vsftpd.conf' = N
# Configuration file '/etc/fail2ban/jail.conf' = Y


# Now reinstall roundcube and phpmyadmin that are probably failed to upgrade database in previous step:
apt install --reinstall roundcube roundcube-core
# configuring roundcube database = select YES
# Configuration file '/etc/roundcube/config.inc.php' = keep the local version currently installed
apt install --reinstall phpmyadmin
# configuring phpmyadmin database = select YES

# Restore crontab if we deleted it previously
if [ -f " /home/scanps.php" ]; then
  crontab /root/my_cron_backup.txt
fi

# dovecot conf fixes
if [ ! -f "/etc/dovecot/conf.d/15-mailboxes.conf" ]; then
    mv /etc/dovecot/conf.d/15-mailboxes.conf.ucf-dist /etc/dovecot/conf.d/15-mailboxes.conf
fi
sed -i "s#namespace inbox {#namespace inbox {\n  inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf
service dovecot restart


# If you are using PHP via Apache then you have to run these 3 commands:
a2dismod php5
a2enmod php7.0
service apache2 restart


# Fixing roundcube permissions:
chown -R admin:admin /var/log/roundcube
chmod -R 0644 /var/log/roundcube
chmod 0755 /var/log/roundcube


# Fixing phpmyadmin blowfish_secret hash:
echo "\$cfg['blowfish_secret'] = 'qtdRoGmbc9{8IZr323xYcSN]0s)r$9b_JUnb{~XQ';" >> /etc/phpmyadmin/config.inc.php
# change this hash string to randomly hash


# Fixing webmail alias:
sed -i '1s#^#Alias /webmail /var/lib/roundcube\n#' /etc/roundcube/apache.conf
service apache2 reload


# Adding http2 support:
find /usr/local/vesta/data/templates/web/nginx/ -type f -name "*.stpl" -exec sed -i "s/%ip%:%proxy_ssl_port%;/%ip%:%proxy_ssl_port% http2;/g" {} \;


# Download some myVesta tweaks:
rm -rf /root/vesta-temp-dl
mkdir /root/vesta-temp-dl
wget -nv -O /root/vesta-temp-dl/vesta.tgz http://dl.myvestacp.com/vesta/vesta.tgz
tar -xzf /root/vesta-temp-dl/vesta.tgz -C /root/vesta-temp-dl


# Fixing some Roundcube plugins:
cp -R /root/vesta-temp-dl/vesta/usr/share/roundcube/plugins/filters /usr/share/roundcube/plugins/
cp /root/vesta-temp-dl/vesta/usr/share/roundcube/plugins/new_user_dialog/new_user_dialog.php /usr/share/roundcube/plugins/new_user_dialog/new_user_dialog.php


# Rebuild all nginx and apache templates:
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
        continue;
    fi
    v-rebuild-web-domains $user 'no'
done
service nginx restart


# Install php7.0-imap:
apt-get install php7.0-imap


# Install php7.0-fpm:
cd /root
wget -nv -O /root/vesta-inst-php.sh https://c.myvestacp.com/tools/multi-php-install.sh
chmod u+x ./vesta-inst-php.sh
sudo ./vesta-inst-php.sh 0 0 1


# Patching php.ini for disable_functions
NOTFOUNDVAL="exec,system,passthru,shell_exec"
LINEBEGINSWITH="disable_functions ="
NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g"
systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart


# Removing php_value directives:
if grep -q 'php_value' /etc/apache2/conf.d/roundcube.conf; then
    sed -i "s|php_value|# php_value|g" /etc/apache2/conf.d/roundcube.conf
fi


# Switching apache to mpm_event and php to php-fpm:
wget -nv http://dl.myvestacp.com/vesta/switch-apache-to-event-mode.sh -O /root/switch-apache-to-event-mode.sh
chmod u+x /root/switch-apache-to-event-mode.sh
/root/switch-apache-to-event-mode.sh 70


# Stop passing http requests to apache for not found static files:
wget -nv http://dl.myvestacp.com/vesta/switch-to-not-passing-static-to-apache.sh -O /root/switch-to-not-passing-static-to-apache.sh
chmod u+x /root/switch-to-not-passing-static-to-apache.sh
/root/switch-to-not-passing-static-to-apache.sh


# Just in case check if all system limits are increased
wget -nv http://dl.myvestacp.com/vesta/increase-system-limits.sh -O /root/increase-system-limits.sh
bash /root/increase-system-limits.sh


# Let's reboot the server to load everything new:
reboot

# Reconnect to SSH after 60 sec

v-list-sys-services
# check if all services are up

Tags:
Post Reply