I have written a blog post about Installing a LetsEncrypt.org wildcard certificate on Linux using acme.sh and a DNS Api. I recently updated the instructions on how to use acme.sh if you need to install API keys for many different registrants.
Migration procedure for moving various free social media from a GNU/Linux to another GNU/Linux system and end results
This is the record for what went well and what didn’t go well in the process of migrating the *.consumium.org sites (except https://c.consumium.org, that’s in Espoo)
This migration was completed on 2016-06-09. I would like to extend a warm you to https://TransIP.eu for showing compassion in my predicament and offering to credit me some of the costs incurred by requiring 2 servers for a period of a time.
<spam>Their operation is really top-notch and I have never had outages with them that I would not have been responsible. Ever since I started hosting free social media with them in July 2013 the service has been outstanding and their control panel does include ability to take snapshots of system disks and a VNC just in case someone is not comfortable working with cli. The first time I saw the VNC in the control panel and it started to show the Debian GNU/Linux white-on-black bootup in my browser I was impressed.. Then it moved to run level 6 and I was naturally like “Whoa! It can do that!”. TransIP.eu is maybe not the most inexpensive hosting guys out there at the moment but I tell you their service level and its consistency are worth all the extra money. SSD system disks are spaceous and very fast and just as soon as http://maidsafe.net/ starts I’ll be purchasing at least one 10€ unit of 2,000GB big storage (which can be grown to 400,000GB, slightly under 400TB). Scp’ing between 2 servers in the same data center in Netherlands I was able to clock 101 Mbit/s speed. That is almost a gigabit / second, normal HDD couldn’t handle that.</spam>
Migration of diaspora* to a new server
- https://d.consumium.org (how to install diaspora* freesome on Debian GNU/Linux)
The original raison d’être for the old server called Debian7. The name is not very well chosen and misleading since the machine was dist-upgraded to Debian8 stable without hick-ups. Diaspora* was originally installed in July 2013 which at the time took couple of days
- Grabbed the database, app/views/home and public/uploads and inserted those into place and the pod looks fine now after the migration.
- Email was more of an hassle and is covered in a separate paragraph you’ll find down this page.
Migration of GNU social to a new server
- https://social.consumium.org (how to install GNU social freesome) (How I originally installed GNU social)
– GNU social is a handy microblogging service.This instance was installed in 2016. Should pose no problems. MySQL was replaced with MariaDB during installation of this with no problems. Update: GNU social migration was the first one to be done. Grabbed the database (which contains the confs) and the ‘avatar’ and ‘files’ directories. Shut down. Put those in place and restart web server and GNU social was up with apparently all the old information from the previous box.
- If you are getting an Error 400: After the migration the GNU social has been doing the same thing as before.. It often when trying to microblog gives an error “400”. Here one just needs to know to hit ctrl-r, no need to even hit ctrl-a ctrl-c, ctrl-r, ctrl-v as the software preserves what was written into the textbox.
Interesting point about Hubzilla and Friendica
Friendica and Hubzilla leverage the same instructional capital and best-practice which leads to that their installation instructions have many portions in common.
Migration of Hubzilla to a new server
- https://hub.consumium.org – (how to install Hubzilla freesome)
This will probably not have the old database restored because when I originally installed this I didn’t realize the point is to have many many channels but just one login. Of course it might be possible to restore the database but manipulate it so that the Consum(er)ium relevant channels would be under the same user
- Well I did restore the old database.
- Pretty much everything that was needed for installation of Hubzilla was already there. Just needed to run ‘sudo aptitude install mcrypt php5-mcrypt’ and installed the Hubzilla, Stopped Nginx and dropped in the database and the user uploads located in /var/www/hubzilla/store and it seems to work fine.
Migration of Friendica to a new server
the freesome of least steep learning curve for the people who want to free themselves of Facebook every now and then.
Friendica migration did not require copying over more than just the database as Friendica saves the uploaded files in the database and not flat file system.
Dealing with outgoing and incoming email
Getting email arrangements to work in a safe and reasonable way is by no means as easy as one may think at start. diaspora* email was configured to use SMTP over a TLS encrypted hop over to https://gandi.net‘s SMTP server. Took a while to figure out but I am guessing this will make the email look better to spam filters as the “origin” is under the same domain as the machines given in the MX records in DNS to be the Mail eXchange servers for consumium.org
‘sudo aptitude install sendmail’ installs sendmail, an MTA this is apparently all that is needed for PHP’s mail()-function to work.
The migration plan (and how it went)
(Note: to lazily get all the dependencies and hope there wasn’t old junk you could follow this post http://juboblo.gr/index.php/2015/12/02/original-howto-migrate-gnulinux-to-bigger-disk-with-clean-install-and-grab-all-apt-gettable-software-settings-and-files/)
Migration of system settings
- Update services to latest version so you get the same exact version when you reinstall each service from latest release [✔]
- Grab TLS key and cert – Remember to keep the key safe [✔] (note: exposing the server.key usually kept in /etc/ssl/private is very dangerous as it will expose all communications encrypted with that key)
- Grab firewall settings allowing traffic to 22, 80 and 443 [✔] NMAP security scanner is great copyleft free tool for looking at this. tip: ‘nmap localhost’ inside the firewall and ‘nmap the IP address” from outside the firewall will be very useful scans for verifying firewall settings.
- Grab confs:
- /etc/nginx/nginx.conf [✔]
- /etc/nginx/sites-enabled/nginx.conf [✔]
- Grab home dir [✔]
- Grab logs [✔]
- /var/log/nginx/access.log [✔]
- /var/log/nginx/error.log [✔]
- Then decided to grab all of /var/log into a .tar.gz, Is only logs, cannot hurt and [✔]
- Mass grab /etc and /var/www for later reference when the old server is recycled and resources returned to cloud.
- Get new server. [✔] Remember to install an ssh server when installing the software or you’ll be unable to access via ssh. Only if hosting guys provide a Virtual Network Console you can fix this problem there
- Add self to sudoers [✔]
- Restore home dir contents [✔]
- Install Nginx [✔]
- Put logs, key, cert and nginx.conf in place [✔]
Repeat following steps for each service
- Install dependencies [✔]
- Install new service clean [✔]
NOTIFY USERS THAT NOW IS FEW HOURS OF DATA LOSS IF YOU POSTBetter idea: When all is ready with the new installation in place and you are thus ready to start the DNS change propagation tell people that the database will be frozen when the old machine is “unreachable” due to the DNS already pointing to the next machine.
- Grab databases. Each database separately. [✔]
- Grab user uploaded content and the custom landing page for d* [✔]
- Insert grabbed database, confs, landing page, user uploaded content. [✔]
Capitalism is going deeper into crisis and the current status quo (which Clinton seems to want to hold intact) that no replacing jobs are created and there seem to be no politicians pushing for planetary basic income funded from sharing the revenue streams generated by invested capital.
Due to human productivity the feasibly employable capital is growing constantly (unless we already dunn wreck the weather and will suffer from it) and this in conjunction by the scientific-technical advances, new service innovation and vast efficiency gains from self-service automation and full automation in ICT drives growth of service productivity. These should enable to pay planetary basic income.
Take away cab driver, bus driver, delivery truck driver, trucker and farm equipment operators’ jobs is what the automators are now proposing so you see that this decline of capitalism ain’t gonna be happy time for the middle-class and proles either.
I know the people who publicly advocate total despotic enforcement of maximal greed everywhere all the time by the invisible green hand (read: mostly republicans) fathomed by Adam Smith don’t want it totalitarian for those they consider their kin. Maybe peoples of the Earth need to rethink how they divide to kin/non-kin.
Call me commiemist, I’ll slice, dice and red red hot hot salsa salsa till everyone’s gotten something to eat and if there is more resources then I’ll crêpes with jam and whipped cream for dessert.
Here is an infographic:
MAID == Massive Array of Internet Disks
SAFE == Secure Access for Everyone
In ze Internets people have been watching this endeavour by the brave Scots very very carefully and keenly for a few years. If all goes well MaidSafe.net will make the current Internet the “Legacy Internet” rapidly by providing a shared digital commons wealth unseen before. https://forum.safenetwork.io is the community forum where you can catch the gist of how excited people are about MaidSafe Network and it’s significance to the future of population of Planet Earth.
Technically this endeavour is very bold and ambitious. The key people have donated all their patents, papers and code to the nonprofit MaidSafe Foundation though there is also a MaidSafe Ltd registered in Scotland to enable professional staff for the ongoing development and deployment effort. Funds were raised by selling off 10% of the ceiling of SafeCoin (cryptocash) amount (4-gigacoins) to an enthusiastic crowd. So you get the gist that these are highly creative individuals pushing the envelope onto the future.
Last week http://maidsafe.net/ published it’s first downloadables that allow people to discover the MaidSafe test network. Word of caution: The test network is wiped occasionally when required by devops.
MaidSafe Launcher 0.3.0 – This is for connecting to the network – The login consists of three things: a pin, a keyword and a password. I don’t fully know what is the purpose of the “keyword” and the test network is getting reset whenever necessary for development and the credentials stop working because the secret identity that allows you to access your public identity no longer is there in the testnet.
Now start the MaidSafe App and it asks the Launcher to ask you for privileges.
MaidSafe Demo App 0.0.1 that enables
- Creation of Public ID that allows people to reach your network attached public services / sites and also
- uploading public site / service to the network ( requires the DNS hacks to be viewable outisde of the Demo App )
- uploading and downloading private directories and files
TODO: Install the DNS hacks and try those out and report here
Nice article on #free #copyleft #opensource #tools for #system #monitoring https://opensource.com/life/16/2/open-source-tools-system-monitoring – #top, #atop, #htop and my favourite atm #glances
https://mozilla.github.io/server-side-tls/ssl-config-generator/ by @mozilla helps you make your #SSL/#TLS stronger.
Check your TLS strength free with https://www.ssllabs.com/ssltest/ @QualSys
Original HowTo by http://juboblo.gr #installingfreesome
- #canworkwithoutsudo but this HowTo assumes #havesudo . Should be straightforward even #withoutsudo if existing LAMP (GNU/Linux, Apache or Nginx, MariaDB or MySQL and php) installed on the system. I used MariaDB and Nginx since the https://d.consumium.org #diaspora pod is configured to use that.
- Normative instructions: https://git.gnu.io/gnu/gnu-social/blob/master/INSTALL
- Also I read these slightly dated Debian specific instructions: https://levlaz.org/installing-gnu-social-on-a-debian-server/
Replacing MySQL with MariaDB
Following these instructions https://askubuntu.com/questions/531455/how-to-drop-in-replace-mysql-with-mariadb (written for Ubuntu14.04) blindly would have made a mess of this but they still outline what you want to do. Since they wanted to remove the ruby specific stuff which I wanted to stay to retain diaspora* pod working.
So I shut down diaspora* processes the usual waya and MySQL with ‘mysqladmin -uroot -p stop’
The instructions say to
sudo apt-get remove --purge mysql-server mysql-client mysql-common
but I used instead
sudo apt-get remove --purge mysql-server mysql-client
Which left the ruby stuff in place which is a good idea since afaik MariaDB is binary compatible with MySQL add-on stuff
sudo apt-get autoremove sudo apt-get autoclean sudo apt-get install mariadb-server
And MariaDB was up and running which I checked by ‘mysql -uroot -p’ so the downtime for the pod was only like 5 minutes for this step.
Installing the dependencies for GNUsocial
‘sudo aptitude install php5-curl php5-gd php5-gmp php5-intl php5-json php5-mysqlnd’
Installing optimizations / accelerators for GNUsocial
I went with this ‘ sudo aptitude install php5-xcache exif’
I’m not sure if php5-xcache (an opcode cache system) is what the official installation instructions refer to as ‘opcache’. At least /etc/php5/mods-available/ is showing a opcache.ini so I’m guess it was that.
Downloading GNUsocial code
‘sudo mkdir /var/www/gnusocial’
‘sudo chgrp www-data /var/www/gnusocial/’
‘sudo chmod g+w /var/www/gnusocial/’
‘sudo git clone https://git.gnu.io/gnu/gnu-social.git gnusocial/’
and you are done
Creating the database
From shell run
mysqladmin -u "root" -p create social
GRANT ALL on social.* TO 'social'@'localhost' IDENTIFIED BY 'agoodpassword';
The command above is to be executed in the MariaDB client (start it with ‘mysql -uroot -p social’)
Get an SSL cert and key for your GNU social instance
I have not yet tried out https://letsencrypt.org/ but have heard good things about it and you cannot really beat the price of 0€. A few companies I am clientele of are supporting it financially. Mainly https://gandi.net – a very nice registrar. Good even if not the cheapest around. High sortiment of domain names and rock solid tek with the latest copyleft solutions.
Configure Apache/Nginx with the help of the example .conf files in the directory you cloned the social software into.
You can test the configuration file makes sense by
‘sudo nginx -t’
Remember to reload after editing.
‘sudo service nginx reload’
Once you have configured you httpd there is still one thing to do before proceeding to https://social.example.com/install.php
For some reason the installation guide did not mention that the default settings in the httpd.conf.example file expects unix:/var/run/php5-fpm.sock; to just be there.
‘sudo aptitude php5-fpm’
#HowTo #ByJuho – How to install clean GNU/Linukka aka. GNU/Linux onto bigger laptop 2.5″ HDD and all your apt-get’table applications and document and configuration files from an older smaller disk to bigger?
#needsudo not gonna work without sudo rights
#need $20 USB-to-SATA casing and a screwdriver
#alternative similar effect producing method is to use the casing and use dd to move partitions around and Gparted to resize them.
# what it doesn’t do? It doesn’t move password file so this will no work for a system then one user. It does not move /root-directory contents in case there is something there and it does not move any server software set-up except for the apt-gettable software.
# Run in the old GNU/Linukka to get complete list of # ‘apt-get install’ed packages onto packages.list
‘dpkg –get-selections > packages.list’
# Move this packages.list file (no need to compress it. it is few tens of kilobytes long) to the
# Now you could try
‘sudo dpkg –set-selections < packages.list’
straight ahead but for me it complained about not finding obviously existing packages such as ‘apache2’ so I consulted the dpkg man page
# So first run
‘ sudo apt-get install dselect’
# and run
‘sudo dselect update’
# and you will get the latest fullest catalogue of apt-gettable software from the repositories
# Now you are ready to set dpkg (Debian PacKaGe management) selections from the file
‘sudo dpkg –set-selections < packages.list’
# now install all packages that were set in the previous command from packages.list. This is obviously going to take a some time but you’re almost there.
‘sudo apt-get dselect-upgrade’
# You can now use your favourite method of recovering your files stored in /home are restored
#I didn’t just mount the old /home partition. Instead I put it into a USB-to-SATA casing and used that to connect the HDD into the freshly installed system and copied them over.
# Alternatives are using a 3rd (removable) HDD to move the files or upload to server or cloud and download to new system.
# recursively copying all directories from the old /home partition
‘sudo cp /media/username/UUIDgoeshere /home -R’
[18:13] <jubo2> Suppose a situation where the SAFE Network has been opearting for N years
[18:14] <jubo2> … providing value to the beneficiaries of the commons
[18:15] <jubo2> … and fairly lotterying SafeCoin to the Farmers and the Builders
[18:15] <jubo2> [18:07] <jubo2> #1 Did SafeCoin guarantee the provision of valuable things in the past? Yes.
[18:15] <jubo2> [18:07] <jubo2> #2 Does SafeCoin currently guarantee the provision of valuable things? Well it is up, ain’t it?
[18:08] <jubo2> #3 Do you feel confident that the SafeCoin will guarantee also in future the provision of more and more services and resources to the beneficiaries of the commons?
[18:15] <jubo2> [18:09] <jubo2> All points #1, #2, #3 hold true for money, gold and SafeCoin _when_ MaidSafe has operated for N years?
[18:16] <jubo2> the point is that by the time the 4-gigacoin ceiling is hit the system will have moved to a hybrid model between socialism and free marketism
[18:17] <jubo2> and when the bell tolls for 4-gigacoins minted and paid to the farmers and builders the exchange rates between SafeCoin and other currencies has formed and also transition to free market has been seen when entities start charging SafeCoin from the bigger users
[18:18] <jubo2> So it starts out as pure socialism
[18:19] <jubo2> if all the connected world just hooked up their old boxes to wired internet we would have huge disk capacity
[18:20] <jubo2> and then it moves to hybrid model where the state pays but also SafeCoin is asked of those who use bigger amount of resources.. say over 500GB or whatever
[18:21] <jubo2> once the transition to the hybrid model is far enough it is safe to turn the digicash mints off and nothing drastic will happen
[18:22] <jubo2> coz #1, #2 and #3 are still intact even if the socialism is not systemic but more of the generosity of the patrons of the network
[18:23] <jubo2> somewhere while this happens I can buy pizza with my SafeCoin and the pizzeria keeper can pay for his storage and net presence needs with the SafeCoin creating a cycle of money
[18:25] <jubo2> so please brave Scots who are going to h4x this, don’t mess it up because it is a good thing
[18:25] <jubo2> me a go offline now
[18:26] <jubo2> All the best from Finlan.
#Fiction #Utopia #20??
#Ownwork #ByJuho #TranslationByJuho #English #Finnish #TheScienceBehindFictionalShouldBeQuestioned
Once upon a time there was a world that was living in a long-lasting period of massive growth from the continuous and accelerating pace of scientific-technological development and especially from the massive efficiency gains brought on by self-service automation and full automation.
Some crazy things going on in the economy here and there had once again given the politico-economico-right-wing it’s favourite stuff “crisis awareness” of the masses which was largely being used to justify the right-wing politics.
Near the left edge of the left the argument for basic income was made based on the massive efficiency gains from self-service automation and full automation. This led to a campaign for planetary basic income that would be relative to the local price level to make it economically feasible, for payers as well receivers, which was all of us.
Support the author, hire him VAT incl. or employment contract basis – details and contact info http://byjuho.fi/contact-info/
Olipa kerran maailma joka eli valtavan pitkäkestoisen reaalituottavuuden kasvun aikaa alati jatkuvasta ja kiihtyvästä tieteellis-teknillisestä kehityksestä ja erityisesti itsepalveluautomaation sekä täysautomaation tuomasta valtavasta tuottavuuden kasvusta.
Talouden sekoilut vähän sielä sun täällä olivat taas antaneet poliittis-taloudellis-oikeistolaiselle eliitille yhtä sen lempparikamaa, kansan “kriisitietoisuutta” jonka perusteella oikeistolaista politiikkaa yleisesti perusteltiin.
Vasemmiston vasemmalla laidalla taas argumentti perustulon puolesta perustui juuri mainittuihin täys- ja itsepalveluautomaation tuottamaan valtavaan lisätehokkuuteen. Tämä johti kampanjaan planetaarisen perustulon puolesta joka olisi suhteutettu jokaisen alueen hintatasoon jotta se olisi taloudellisesti mahdollinen, niin maksajille kuin vastaanottajillekin, eli meille kaikille.
Tue kirjoittajaa, ALV 24% laskutus ja työsopimuspohjaisuus ok – Lisätietoja ja yhteystiedot http://byjuho.fi/contact-info/