I have written a blog post about Installing a LetsEncrypt.org wildcard certificate on Linux using acme.sh and a DNS Api. I recently updated the instructions on how to use acme.sh if you need to install API keys for many different registrants.
Migration procedure for moving various free social media from a GNU/Linux to another GNU/Linux system and end results
This is the record for what went well and what didn’t go well in the process of migrating the *.consumium.org sites (except https://c.consumium.org, that’s in Espoo)
This migration was completed on 2016-06-09. I would like to extend a warm you to https://TransIP.eu for showing compassion in my predicament and offering to credit me some of the costs incurred by requiring 2 servers for a period of a time.
<spam>Their operation is really top-notch and I have never had outages with them that I would not have been responsible. Ever since I started hosting free social media with them in July 2013 the service has been outstanding and their control panel does include ability to take snapshots of system disks and a VNC just in case someone is not comfortable working with cli. The first time I saw the VNC in the control panel and it started to show the Debian GNU/Linux white-on-black bootup in my browser I was impressed.. Then it moved to run level 6 and I was naturally like “Whoa! It can do that!”. TransIP.eu is maybe not the most inexpensive hosting guys out there at the moment but I tell you their service level and its consistency are worth all the extra money. SSD system disks are spaceous and very fast and just as soon as http://maidsafe.net/ starts I’ll be purchasing at least one 10€ unit of 2,000GB big storage (which can be grown to 400,000GB, slightly under 400TB). Scp’ing between 2 servers in the same data center in Netherlands I was able to clock 101 Mbit/s speed. That is almost a gigabit / second, normal HDD couldn’t handle that.</spam>
Migration of diaspora* to a new server
- https://d.consumium.org (how to install diaspora* freesome on Debian GNU/Linux)
The original raison d’être for the old server called Debian7. The name is not very well chosen and misleading since the machine was dist-upgraded to Debian8 stable without hick-ups. Diaspora* was originally installed in July 2013 which at the time took couple of days
- Grabbed the database, app/views/home and public/uploads and inserted those into place and the pod looks fine now after the migration.
- Email was more of an hassle and is covered in a separate paragraph you’ll find down this page.
Migration of GNU social to a new server
- https://social.consumium.org (how to install GNU social freesome) (How I originally installed GNU social)
– GNU social is a handy microblogging service.This instance was installed in 2016. Should pose no problems. MySQL was replaced with MariaDB during installation of this with no problems. Update: GNU social migration was the first one to be done. Grabbed the database (which contains the confs) and the ‘avatar’ and ‘files’ directories. Shut down. Put those in place and restart web server and GNU social was up with apparently all the old information from the previous box.
- If you are getting an Error 400: After the migration the GNU social has been doing the same thing as before.. It often when trying to microblog gives an error “400”. Here one just needs to know to hit ctrl-r, no need to even hit ctrl-a ctrl-c, ctrl-r, ctrl-v as the software preserves what was written into the textbox.
Interesting point about Hubzilla and Friendica
Friendica and Hubzilla leverage the same instructional capital and best-practice which leads to that their installation instructions have many portions in common.
Migration of Hubzilla to a new server
- https://hub.consumium.org – (how to install Hubzilla freesome)
This will probably not have the old database restored because when I originally installed this I didn’t realize the point is to have many many channels but just one login. Of course it might be possible to restore the database but manipulate it so that the Consum(er)ium relevant channels would be under the same user
- Well I did restore the old database.
- Pretty much everything that was needed for installation of Hubzilla was already there. Just needed to run ‘sudo aptitude install mcrypt php5-mcrypt’ and installed the Hubzilla, Stopped Nginx and dropped in the database and the user uploads located in /var/www/hubzilla/store and it seems to work fine.
Migration of Friendica to a new server
the freesome of least steep learning curve for the people who want to free themselves of Facebook every now and then.
Friendica migration did not require copying over more than just the database as Friendica saves the uploaded files in the database and not flat file system.
Dealing with outgoing and incoming email
Getting email arrangements to work in a safe and reasonable way is by no means as easy as one may think at start. diaspora* email was configured to use SMTP over a TLS encrypted hop over to https://gandi.net‘s SMTP server. Took a while to figure out but I am guessing this will make the email look better to spam filters as the “origin” is under the same domain as the machines given in the MX records in DNS to be the Mail eXchange servers for consumium.org
‘sudo aptitude install sendmail’ installs sendmail, an MTA this is apparently all that is needed for PHP’s mail()-function to work.
The migration plan (and how it went)
(Note: to lazily get all the dependencies and hope there wasn’t old junk you could follow this post http://juboblo.gr/index.php/2015/12/02/original-howto-migrate-gnulinux-to-bigger-disk-with-clean-install-and-grab-all-apt-gettable-software-settings-and-files/)
Migration of system settings
- Update services to latest version so you get the same exact version when you reinstall each service from latest release [✔]
- Grab TLS key and cert – Remember to keep the key safe [✔] (note: exposing the server.key usually kept in /etc/ssl/private is very dangerous as it will expose all communications encrypted with that key)
- Grab firewall settings allowing traffic to 22, 80 and 443 [✔] NMAP security scanner is great copyleft free tool for looking at this. tip: ‘nmap localhost’ inside the firewall and ‘nmap the IP address” from outside the firewall will be very useful scans for verifying firewall settings.
- Grab confs:
- /etc/nginx/nginx.conf [✔]
- /etc/nginx/sites-enabled/nginx.conf [✔]
- Grab home dir [✔]
- Grab logs [✔]
- /var/log/nginx/access.log [✔]
- /var/log/nginx/error.log [✔]
- Then decided to grab all of /var/log into a .tar.gz, Is only logs, cannot hurt and [✔]
- Mass grab /etc and /var/www for later reference when the old server is recycled and resources returned to cloud.
- Get new server. [✔] Remember to install an ssh server when installing the software or you’ll be unable to access via ssh. Only if hosting guys provide a Virtual Network Console you can fix this problem there
- Add self to sudoers [✔]
- Restore home dir contents [✔]
- Install Nginx [✔]
- Put logs, key, cert and nginx.conf in place [✔]
Repeat following steps for each service
- Install dependencies [✔]
- Install new service clean [✔]
NOTIFY USERS THAT NOW IS FEW HOURS OF DATA LOSS IF YOU POSTBetter idea: When all is ready with the new installation in place and you are thus ready to start the DNS change propagation tell people that the database will be frozen when the old machine is “unreachable” due to the DNS already pointing to the next machine.
- Grab databases. Each database separately. [✔]
- Grab user uploaded content and the custom landing page for d* [✔]
- Insert grabbed database, confs, landing page, user uploaded content. [✔]
MAID == Massive Array of Internet Disks
SAFE == Secure Access for Everyone
In ze Internets people have been watching this endeavour by the brave Scots very very carefully and keenly for a few years. If all goes well MaidSafe.net will make the current Internet the “Legacy Internet” rapidly by providing a shared digital commons wealth unseen before. https://forum.safenetwork.io is the community forum where you can catch the gist of how excited people are about MaidSafe Network and it’s significance to the future of population of Planet Earth.
Technically this endeavour is very bold and ambitious. The key people have donated all their patents, papers and code to the nonprofit MaidSafe Foundation though there is also a MaidSafe Ltd registered in Scotland to enable professional staff for the ongoing development and deployment effort. Funds were raised by selling off 10% of the ceiling of SafeCoin (cryptocash) amount (4-gigacoins) to an enthusiastic crowd. So you get the gist that these are highly creative individuals pushing the envelope onto the future.
Last week http://maidsafe.net/ published it’s first downloadables that allow people to discover the MaidSafe test network. Word of caution: The test network is wiped occasionally when required by devops.
MaidSafe Launcher 0.3.0 – This is for connecting to the network – The login consists of three things: a pin, a keyword and a password. I don’t fully know what is the purpose of the “keyword” and the test network is getting reset whenever necessary for development and the credentials stop working because the secret identity that allows you to access your public identity no longer is there in the testnet.
Now start the MaidSafe App and it asks the Launcher to ask you for privileges.
MaidSafe Demo App 0.0.1 that enables
- Creation of Public ID that allows people to reach your network attached public services / sites and also
- uploading public site / service to the network ( requires the DNS hacks to be viewable outisde of the Demo App )
- uploading and downloading private directories and files
TODO: Install the DNS hacks and try those out and report here
Nice article on #free #copyleft #opensource #tools for #system #monitoring https://opensource.com/life/16/2/open-source-tools-system-monitoring – #top, #atop, #htop and my favourite atm #glances
Original HowTo by http://juboblo.gr #installingfreesome
- #canworkwithoutsudo but this HowTo assumes #havesudo . Should be straightforward even #withoutsudo if existing LAMP (GNU/Linux, Apache or Nginx, MariaDB or MySQL and php) installed on the system. I used MariaDB and Nginx since the https://d.consumium.org #diaspora pod is configured to use that.
- Normative instructions: https://git.gnu.io/gnu/gnu-social/blob/master/INSTALL
- Also I read these slightly dated Debian specific instructions: https://levlaz.org/installing-gnu-social-on-a-debian-server/
Replacing MySQL with MariaDB
Following these instructions https://askubuntu.com/questions/531455/how-to-drop-in-replace-mysql-with-mariadb (written for Ubuntu14.04) blindly would have made a mess of this but they still outline what you want to do. Since they wanted to remove the ruby specific stuff which I wanted to stay to retain diaspora* pod working.
So I shut down diaspora* processes the usual waya and MySQL with ‘mysqladmin -uroot -p stop’
The instructions say to
sudo apt-get remove --purge mysql-server mysql-client mysql-common
but I used instead
sudo apt-get remove --purge mysql-server mysql-client
Which left the ruby stuff in place which is a good idea since afaik MariaDB is binary compatible with MySQL add-on stuff
sudo apt-get autoremove
sudo apt-get autoclean
sudo apt-get install mariadb-server
And MariaDB was up and running which I checked by ‘mysql -uroot -p’ so the downtime for the pod was only like 5 minutes for this step.
Installing the dependencies for GNUsocial
‘sudo aptitude install php5-curl php5-gd php5-gmp php5-intl php5-json php5-mysqlnd’
Installing optimizations / accelerators for GNUsocial
I went with this ‘ sudo aptitude install php5-xcache exif’
I’m not sure if php5-xcache (an opcode cache system) is what the official installation instructions refer to as ‘opcache’. At least /etc/php5/mods-available/ is showing a opcache.ini so I’m guess it was that.
Downloading GNUsocial code
‘sudo mkdir /var/www/gnusocial’
‘sudo chgrp www-data /var/www/gnusocial/’
‘sudo chmod g+w /var/www/gnusocial/’
‘sudo git clone https://git.gnu.io/gnu/gnu-social.git gnusocial/’
and you are done
Creating the database
From shell run
mysqladmin -u "root" -p create social
GRANT ALL on social.*
IDENTIFIED BY 'agoodpassword';
The command above is to be executed in the MariaDB client (start it with ‘mysql -uroot -p social’)
Get an SSL cert and key for your GNU social instance
I have not yet tried out https://letsencrypt.org/ but have heard good things about it and you cannot really beat the price of 0€. A few companies I am clientele of are supporting it financially. Mainly https://gandi.net – a very nice registrar. Good even if not the cheapest around. High sortiment of domain names and rock solid tek with the latest copyleft solutions.
Configure Apache/Nginx with the help of the example .conf files in the directory you cloned the social software into.
You can test the configuration file makes sense by
‘sudo nginx -t’
Remember to reload after editing.
‘sudo service nginx reload’
Once you have configured you httpd there is still one thing to do before proceeding to https://social.example.com/install.php
For some reason the installation guide did not mention that the default settings in the httpd.conf.example file expects unix:/var/run/php5-fpm.sock; to just be there.
‘sudo aptitude php5-fpm’
#HowTo #ByJuho – How to install clean GNU/Linukka aka. GNU/Linux onto bigger laptop 2.5″ HDD and all your apt-get’table applications and document and configuration files from an older smaller disk to bigger?
#needsudo not gonna work without sudo rights
#need $20 USB-to-SATA casing and a screwdriver
#alternative similar effect producing method is to use the casing and use dd to move partitions around and Gparted to resize them.
# what it doesn’t do? It doesn’t move password file so this will no work for a system then one user. It does not move /root-directory contents in case there is something there and it does not move any server software set-up except for the apt-gettable software.
# Run in the old GNU/Linukka to get complete list of # ‘apt-get install’ed packages onto packages.list
‘dpkg –get-selections > packages.list’
# Move this packages.list file (no need to compress it. it is few tens of kilobytes long) to the
# Now you could try
‘sudo dpkg –set-selections < packages.list’
straight ahead but for me it complained about not finding obviously existing packages such as ‘apache2’ so I consulted the dpkg man page
# So first run
‘ sudo apt-get install dselect’
# and run
‘sudo dselect update’
# and you will get the latest fullest catalogue of apt-gettable software from the repositories
# Now you are ready to set dpkg (Debian PacKaGe management) selections from the file
‘sudo dpkg –set-selections < packages.list’
# now install all packages that were set in the previous command from packages.list. This is obviously going to take a some time but you’re almost there.
‘sudo apt-get dselect-upgrade’
# You can now use your favourite method of recovering your files stored in /home are restored
#I didn’t just mount the old /home partition. Instead I put it into a USB-to-SATA casing and used that to connect the HDD into the freshly installed system and copied them over.
# Alternatives are using a 3rd (removable) HDD to move the files or upload to server or cloud and download to new system.
# recursively copying all directories from the old /home partition
‘sudo cp /media/username/UUIDgoeshere /home -R’
System monitoring and control software for [K]ubuntu / copyleft
Resource Monitor is a KDE5 Plasma Plasmoid Widget companion to the System Monitor. Install instructions in Muon Discoverer. One dependancy must be installed. It sits in your panel and reports CPU load and frequency, RAM and swap usage with tiny letters and numbers and graphics. Here seen in 2x high panel height
Cpufrequtils (ThinkWiki entry for cpufrequtils)are installable from the Ubuntu repositories by typing ‘sudo apt install cpufrequtils’ and contains 2 commands:
- cpufreq-info for querying the state of the cores and
- cpufreq-set for setting parameters.
Thinkpad Fan Control is a fan RPM control software written in C for the Thinkpad series of laptops. Apparently the normal controller has a ceiling at 4,500RPM but according to the internets the fan can be instructed to go 5,500RPM raising the noise pitch and volume slightly.
CPU-Z by CPUID is another good free-of-charge Windows program that will give you lot of information about your system also including the frequency multiplier used at each time
Synopsis of the original problem
Had a machine with a weird temperature problem here… It’s a 2011 Lenovo ThinkPad X201 with a 1st generation i5 known as Arrandale. CPU temperature control, maybe voltage control, maybe amp control is not working correctly in #Kubuntu. (UPDATE: Sandy Bridge, Ivy Bridge and newer intel systems should use the Intel P-State governor. Installation instructions for [K]ubunu here)
Temperature seems to be mostly dependent on the frequency of the CPU with some correation to load. Reported CPU fan rotation speed is 4,000-4,500 RPM and does not adequately respond to the heat situation.
(UPDATE: Directing high pressure pressurised air into the cooling elements while machine unpowered seems to have remedied the problem.)
#GNU/#Linukka heat shutdowns causing system being unusable. Before anyone starts about the GNU/Linukka treating the system and therefore the user more badly then a Microsoft Windows I must say that air conducts have not been cleaned and silicon heat paste has not been changed to fresh, new. I gonna get supplies to do that when I run into shop.
In Kubuntu15.10 GNU/Linukka burns the chip at ~ 90C ~ 2.0-2.5Ghz operating speed causing emergency shutdown because of temperature because the readings viewed in Psensor may flux 15-20C somewhat interdependent of CPU load. Windows 7 keeps the CPU ~ 1.5-2.0GHz quite independent from the load and the temps are in the acceptable ~ 70C zone with only 2-4C variance in the readings reported by CoreTemp.
* Bought a pressure air can and blasted the visible from exterior heat sink