• Tag Archives software
  • Debian 8.0 Jessie – server upgrade notes

    General

    So the blog and my email address have been unavailable a few hours as I was thinking I could just run the upgrade in the background on a Sunday afternoon. My fault. 😉

    See the Debian Jessie announcement and Debian Jessie release notes for general information.

    On my system there’s only a web- and a mailserver with some antivirus and firewall stuff. So I had to adjust some Apache settings and fiddle with dovecot and some other start scripts. I was happy the udev maintainer included some checks against the kernel version, as I run a xen-based virtual root server by Vollmar.net and thus don’t install the kernel by myself (and stick to udev 175 or it wouldn’t boot any more 😉 ).

    Apache 2.4 httpd

    For the Apache webserver there are upgrade notes available in the documentation, I had to get rid of the NameVirtualHosts directive (if untouched the /etc/apache2/ports.conf file from Debian does the trick but I modified mine) and change
    Order allow,deny
    Allow from all

    into
    Require all granted
    everywhere in order to allow access to the web-roots again. Also the sites-available files now require a .conf suffix.

    postgreSQL

    Take care, it’s confusing, there will be the daemons for 9.1 and 9.4 running in parallel, the client will be the one of 9.4 but uses the 9.1 cluster. So only remove 9.1 after you migrated successfully from 9.1 to 9.4 (most probably by removing the existing 9.4 cluster created during package installation and running pg_upgradecluster 9.1 main).

    phpMyAdmin

    If you get errors like "PHP Fatal error: require_once(): Failed opening required '/usr/share/php/php-gettext/gettext.inc' (include_path='.') in /usr/share/phpmyadmin/libraries/select_lang.lib.php on line 463" you need to upgrade your /etc/phpmyadmin/apache2.conf – most probably there’s a /etc/phpmyadmin/apache2.conf.dpkg-dist already sitting next to it, also see #709302 (it’s not a bug 😉 ).

    postfix/dovecot mailserver

    dovecot

    So it seems that I did nearly make no changes in /etc/dovecot/conf but this lead to my IMAPs/POP3s daemons not starting any more. In the end I guess the ssl configuration was the culprit, I uncommented the lines pointing to my SSL-key files in 10-ssl.conf, no idea whether this was the 100% correct approach, it’s usually better to create local configuration.

    clamav-daemon

    For some reason I was hit by Debian #778507 – a letter was missing in /var/lib/dpkg/info/clamav-daemon.postinst, so line 626 has to be
    [ -n "$PidFile" ] && echo "PidFile $PidFile" >> $DEBCONFFILE

    bley

    I use bley by Evgeni Golov for greylisting, here I modified the init script by myself before to include the postgresql dependency and now had to accept upstream changes. But they also include a dbconfig-based database configuration now.

    fail2ban

    The fail2ban package seems to be more verbose now, so I could fix some typos in the rule files (one time the name of a local file was misspelt, one file lacked the ignoreregex= stanza).