Upgrade Debian 10 to 11

Code: Select all

# Get latest Debian 10 updates
cp /etc/apt/sources.list /root/sources.list.buster-backup

echo "deb http://deb.debian.org/debian/ buster main non-free contrib" > /etc/apt/sources.list
echo "deb http://deb.debian.org/debian/ buster-updates main non-free contrib" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ buster/updates main non-free contrib" >> /etc/apt/sources.list
echo "deb http://archive.debian.org/debian buster-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.freexian.com/extended-lts buster main contrib non-free" >> /etc/apt/sources.list

wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb
rm /etc/apt/sources.list.d/hetzner-*

apt-get update

# if you see error like:
#   E: The repository 'https://packages.sury.org/php stretch Release' does no longer have a Release file.
#   N: Updating from such a repository can't be done securely, and is therefore disabled by default.
# then 
# remind this, because we need to re-add sury repo when you upgrade distro to deb11
# and run:
#   mv /etc/apt/sources.list.d/php.list /root/php.list.backup
#   apt-get update

# if you see error like:
# W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://nginx.org/packages/debian buster InRelease: The following signatures were invalid: EXPKEYSIG ABF5BD827BD9BF62 nginx signing key <[email protected]>
apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list

apt-get -y upgrade

apt-get -y dist-upgrade

# Prepare for Debian 11
echo "deb http://deb.debian.org/debian bullseye main contrib non-free" > /etc/apt/sources.list
echo "deb http://deb.debian.org/debian bullseye-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://security.debian.org/debian-security bullseye-security main contrib non-free" >> /etc/apt/sources.list
find /etc/apt/sources.list.d/ -type f -name "*.list" -exec sed -i 's/buster/bullseye/g' {} \;
rm /etc/apt/sources.list.d/hetzner*

# if we previously removed sury repo (/etc/apt/sources.list.d/php.list), it's a time to bring it back.
# run:
#   sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list'

# Get latest mysql-watchdog
if [ -f "/home/scanps.php" ]; then
  crontab -l > /root/my_cron_backup.txt
  # delete crontab
  crontab -r
  wget -nv -O /home/scanps.php https://c.myvestacp.com/tools/scanps/scanps.php

# Let's run upgrade to Debian 11:
apt-get update
apt-get -y upgrade
# During upgrade proccess apt will ask you what to do with some services and config files, choose the following options:
# Configuring libc6:amd64 : Restart services during package upgrades without asking? = Y
# Configuration file '/etc/mysql/mariadb.cnf' = N
# Configuration file '/etc/spamassassin/local.cf' = N
# /etc/clamav/clamd.conf = Keep the local version

# Let's run dist-upgrade to Debian 11:
apt-get -y dist-upgrade
# During upgrade proccess apt will ask you what to do with some config files, choose the following options:
# Configuring roundcube-core = Yes
# /etc/proftpd/proftpd.conf = Keep the local version
# /etc/proftpd/modules.conf = Install the package maintainer's version
# Configuration file '/etc/exim4/exim4.conf.template' = N
# /etc/dovecot/conf.d/10-auth.conf = Keep the local version
# /etc/dovecot/conf.d/10-mail.conf = Keep the local version
# /etc/dovecot/conf.d/10-ssl.conf = Keep the local version
# /etc/dovecot/conf.d/15-mailboxes.conf = Keep the local version
# /etc/dovecot/conf.d/20-imap.conf = Keep the local version
# /etc/ssh/sshd_config = Keep the local version
# /etc/roundcube/apache.conf = N
# /etc/roundcube/defaults.inc.php = N
# Configuring roundcube-core = SKIP - mandatory!!!
# /etc/roundcube/config.inc.php = N
# /etc/logrotate.d/apache2 = N

# Restore crontab if we deleted it previously
if [ -f " /home/scanps.php" ]; then
  crontab /root/my_cron_backup.txt

# In case we skipped roundcube upgrade during upgrade process, reinstall roundcube now:
apt-get install --reinstall roundcube roundcube-core roundcube-plugins
# /etc/roundcube/config.inc.php = Keep the local version

# Disable yescrypt
sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password

# Fixing removed proftpd ident module
if [ -f "/etc/proftpd/proftpd.conf" ]; then
    sed -i "s|IdentLookups.*|<IfModule mod_ident.c>\n    IdentLookups                  off\n  </IfModule>|g" /etc/proftpd/proftpd.conf
    systemctl restart proftpd
    systemctl enable proftpd

# Install php7.4-fpm:
cd /root
wget -nv -O /root/vesta-inst-php.sh https://c.myvestacp.com/tools/multi-php-install.sh
chmod u+x ./vesta-inst-php.sh
sudo ./vesta-inst-php.sh 1 0 0 0 0 0 1

# Set php7.4 as default php/cli version
update-alternatives --set php /usr/bin/php7.4

# Install php7.4-imap for roundcube filter plugin
apt-get -y install php7.4-imap

# Fixing exim4 config files:
cp -f /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
cp -f /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
touch /etc/exim4/limit_per_email_account_max_recipients
touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
touch /etc/exim4/limit_per_hosting_account_max_recipients
check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup)
if [ "$check_grep" -eq 0 ]; then
    sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template
check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup)
if [ "$check_grep" -eq 0 ]; then
    sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template
check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup)
if [ "$check_grep" -eq 0 ]; then
    sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template
# If you modified /etc/exim4/exim4.conf.template in the past, for example to add another IP for authenticated SMTP user
# then you must do it again
# see difference between /etc/exim4/exim4.conf.template-backup (that is your conf file before dist-upgrade) and /etc/exim4/exim4.conf.template
systemctl restart exim4

# Install phpmyadmin
apt-get -y install phpmyadmin
# Configuring phpmyadmin = select YES:
# Open new (second) ssh terminal and see password from /etc/phpmyadmin/config-db.php
# If that file does not exists then do in your second ssh terminal: grep 'controlpass' /etc/phpmyadmin/config.inc.php
# Web server to reconfigure automatically: select 'apache'
# Configuration file '/etc/phpmyadmin/apache.conf' = N
# Configuration file '/etc/phpmyadmin/config.inc.php' = N
# If this does not help then go to 'Retry' = select default mysql authentication = for mysql user enter: pma@localhost = in next step paste the password you found in second terminal

# Fixing hostname fpm config
source /etc/profile
PATH=$PATH:/usr/local/vesta/bin && export PATH
/usr/local/vesta/bin/v-change-web-domain-tpl "admin" "$HOSTNAME" "PHP-FPM-74" "yes"
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$HOSTNAME" 'force-https-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes'
sed -i "/^group =/c\group = www-data" /etc/php/7.4/fpm/pool.d/$HOSTNAME.conf
sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.4/fpm/pool.d/$HOSTNAME.conf
sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.4/fpm/pool.d/$HOSTNAME.conf

# Set new skin to Roundcube:
echo "\$rcmail_config['dont_override'][] = 'skin';" >> /etc/roundcube/config.inc.php
echo "\$rcmail_config['skin'] = 'elastic';" >> /etc/roundcube/config.inc.php

# Just in case check if all system limits are increased
wget -nv http://dl.myvestacp.com/vesta/increase-system-limits.sh -O /root/increase-system-limits.sh
bash /root/increase-system-limits.sh


# Reconnect to SSH after 60 sec, and run:
# check if all services are up

