We found this tutorial useful: https://phoenixnap.com/kb/letsencrypt-nginx
Category: Ubuntu
Tarsnap change key file with tarsnap-keyregen and tarsnap-recrypt
Want to change the tarsnap.key file?
Check out this manual: https://www.acunote.com/blog/2012/02/tarsnap-key-rotation-with-tarsnap-recrypt-and-tarsnap-keyregen.html
Especially this part of code is useful:
# create new key
tarsnap-keyregen --keyfile ~/tarsnap/keys/server.new.key \
--oldkey ~/tarsnap/keys/server.old.key \
--user me@example.com --machine server
# run recrypt. This can take a long time (days), and final delete
# transaction will fail because of server cron jobs that will happen
# in the meantime
tarsnap-recrypt --oldkey ~/tarsnap/keys/server.old.key \
--oldcachedir ~/tarsnap/cache/server.old \
--newkey ~/tarsnap/keys/server.new.key \
--newcachedir ~/tarsnap/cache/server.new
You can find the location of your tarsnap key file and cache folder with:
find / -name tarsnap.key
find / -name tarsnap-cache
Fixing VBoxManage: error: VMDK: descriptor does not start as expected in
When using Vagrant / Virtualbox and optionally Laravel Homestead it could occur that this message displays:
There was an error while executing `VBoxManage`, a CLI used by Vagrant for controlling VirtualBox. The command and stderr is shown below. Command: ["startvm", "{LONGOCDE}", "--type", "headless"] Stderr: VBoxManage: error: Could not open the medium '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk'. VBoxManage: error: VMDK: descriptor does not start as expected in '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk' (VERR_VD_VMDK_INVALID_HEADER). VBoxManage: error: VD: error VERR_VD_VMDK_INVALID_HEADER opening image file '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk' (VERR_VD_VMDK_INVALID_HEADER) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MediumWrap, interface IMedium
After changing lots of stuff and trying out a lot, I found out it’s best to restore a backup of your vmdk file. For Linux and Windows there seem to be restore tools (not sure if these will work), but not for Mac.
So, after trying to restore your backup, hopefully everything works (always backup your new file before restoring as well). Everything is at your own risk of course. Good luck!
Adding an extra IP to your VPS with Ubuntu
Edit your networking interfaces file:
sudo nano /etc/network/interfaces
Use these instructions (they are in Dutch): https://www.transip.nl/knowledgebase/artikel/219-hoe-voeg-ipv4-ipv6-adres-mijn/#ubuntu16ipv4
Restart network facilities with:
sudo ifdown eth0 && sudo ifup eth0
Also bring up your new ip address:
sudo ifup eth0:
Check if new ip address(ess) are added with:
ifconfig -a
Ubuntu 14.04 OpenSSL with Nginx – Generate & Install SSL certificate
Not the best guide, but some handy links I use to Generate and Install an SSL-certfificate with OpenSSL in NginX.
Generate OpenSSL Request:
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx
Order an SSL-certificate with the CSR
Then, when you received bundle plus CRT:
https://www.namecheap.com/support/knowledgebase/article.aspx/9419//installing-a-certificate-on-nginx
Restart NGINX:
https://www.cyberciti.biz/faq/nginx-restart-ubuntu-linux-command/
Using TransIP SSL-certificates
When using TransIP SSL-certificates you get a decrypted zip SSL-certificate (if you choose for standard mode instead of advanced mode).
These contains:
- cabundle.crt
- certificate.crt
- certficate.key
- certificate.p7b (you don’t need this one)
Open cabundle.crt, remove the first certificate (that is a root certificate and will give chain issues: an ‘anchor issue’ in SSL Labs). Then, swap the order of the two certificates of the bundle, else SSL Labs will give a chain issue: incorrrect order. Then, concatenate the certificate.crt (first) with the new cabundle.crt (second).
Then insert the concatenated crt file + the key on the server and insert them in NGINX:
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.yourdomain.nl yourdomain.nl; ssl on; ssl_certificate /home/forge/ssl/domain1/20172018_cert_chain.crt; ssl_certificate_key /home/forge/ssl/domain1/20172018key.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; }
When creating your certificate you can concatenate certificate.crt with cabundle.crt .
How to fix the Laravel Gulp Error: Cannot find module ‘internal/fs’
Laravel Gulp Error: Cannot find module ‘internal/fs’
Get this error?
vagrant@homestead:*****$ gulp module.js:472 throw err; ^ Error: Cannot find module 'internal/fs' at Function.Module._resolveFilename (module.js:470:15) at Function.Module._load (module.js:418:25) at Module.require (module.js:498:17) at require (internal/module.js:20:19) at evalmachine.:18:20 at Object. (/usr/lib/node_modules/gulp/node_modules/vinyl-fs/node_modules/graceful-fs/fs.js:11:1) at Module._compile (module.js:571:32) at Object.Module._extensions..js (module.js:580:10) at Module.load (module.js:488:32) at tryModuleLoad (module.js:447:12)
How to fix this error?
Thanks to Softwarehorizont, I found the solution:
Try to delete all node modules and reinstall them. A command sequence like this would do:
npm cache clean rm -Rf node_modules/ npm install
Still got this error?
If you still got this error, you can look up the following references (I have not tested these, at your own risk, like all solutions posted on this blog):
Resetting Linux Root Password with TransIP / VPS on Ubuntu
Option 1 – Using bootloader
Use this guide: http://www.howtogeek.com/196520/grub2-101-how-to-access-and-use-your-linux-distributions-boot-loader/ . In my case this did not work.
Option 2 – Using SystemRescueCD
It might be that your VPS has a Linux Recovery Mode (not rescue mode) using a SystemRescueCD. If so, use this guide:
http://ubuntuportal.com/2011/07/reset-password-ubuntu-using-sytemrescuecd.html
In my case the /dev/vda5 was not mountable, because it was password encrypted. That was why I had to use these commands:
http://pissedoffadmins.com/os/mount-unknown-filesystem-type-lvm2_member.html
In summary it went like:
$ fdisk -l $ mkdir /mnt/system $ mount /dev/vda5 /mnt/system # /dev/vda5 is the main Linux partition mount: unknown filesystem type 'crypto_LUKS' # I received an error that this partition is encrpted, so the I used: $ cryptsetup open /dev/vda5 newRoot $ modprobe dm-mod $ vgchange -ay $ lvscan # hopefully the root is displayed now. Mount this one mount /dev/xx/yy /mnt/system # ACCESS :D :D chroot /mnt/system passwd # Enter your new root password
Then I was able to reset my password, by entering passwd.
Laravel Forge Ubuntu Update and Upgrade Manual with OpenSSL bugfixes
Be careful: Not all commands have been fully tested, you use these instructions with care and on your own risk. To repeat, as goes for all our articles, using our instructions is on your own risk!
This article primarily focuses on Ubuntu 14.04 and 16.04 servers that are working with Laravel Forge, but it can be useful for all Ubuntu (server) users.
As mentioned, OpenSSL recently had a security vulnerability with code CVE-2016-2107. This vulnerability is fixed in OpenSSL 1.0.2h – 3 May 2016. Check your current version by entering the command:
openssl version -v
Only updating OpenSSL?
Then you can run:
sudo apt-get install --only-upgrade libssl1.0.0 openssl
Then restart Nginx:
sudo service nginx restart
Check if the version is upgrade by entering the command:
openssl version -v
If it is all right you should see the version:
OpenSSL 1.0.2h 3 May 2016
Or newer of course.
Doing an update or upgrade within the same version
As instructed by DigitalOcean, you can update or upgrade Ubuntu by updating the package list:
sudo apt-get update
Then, upgrade installed packages to their latest available versions:
sudo apt-get upgrade
You will be shown a list of upgrades, and prompted to continue. Answer y for yes and press Enter. Then, the packages are updated and upgraded
Error: Unmet dependencies?
While upgrading, the following error may occur:
The following packages have unmet dependencies: linux-image-extra-3.13.0-66-generic: Depends: linux-image-3.13.0-66-generic but it is not installed linux-image-extra-3.13.0-79-generic: Depends: linux-image-3.13.0-79-generic but it is not installed linux-image-generic: Depends: linux-image-3.13.0-79-generic but it is not installed"
Therefore you can install the missing images by entering the command:
sudo apt-get install -f
It could be that you get this message:
Unpacking linux-image-3.13.0-79-generic (3.13.0-79.123) ... dpkg: error processing archive /var/cache/apt/archives/linux-image-3.13.0-79-generic_3.13.0-79.123_amd64.deb (--unpack): cannot copy extracted data for './boot/vmlinuz-3.13.0-79-generic' to '/boot/vmlinuz-3.13.0-79-generic.dpkg-new': failed to write (No space left on device) No apport report written because the error message indicates a disk full error dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
In that case read the next paragraph.
Full /boot directory?
When installing missing dependencies and running the command:
sudo apt-get install
There might occur an error as described in the previous paragraph. This can be solved by following the following steps as described on Stack Overflow.
When you command:
df -h
You probably would see that the /boot directory is 100% filled. In that case:
First, identify the space to be used,
cd /boot du -sk *|sort -n
There might be a lot of kernels. Then run:
uname -a
to get the running kernel. The user on Stack Overflow: identified that I was on Linux alternate 2.6.32-43-server and did a tar of 6 of the versions that were not running, and were old.
tar -cvf ~username/boot.tar *2.6.32-44-server *2.6.32-45-server *2.6.32-46-server *2.6.32-47-server *2.6.32-48-server *2.6.32-49-server
Then do a rm -rf of what is backed up:
rm -rf *2.6.32-44-server *2.6.32-45-server *2.6.32-46-server *2.6.32-47-server *2.6.32-48-server *2.6.32-49-server
I am showing these commands as examples, you will have to decide what you will work with for your situation.
Now that you have some space on /boot, you are able to run
apt-get -f install
To clean up the failed install of 2.6.32-56-server.
Then do:
apt-get remove linux-headers-2.6.32-38 linux-headers-2.6.32-38-server linux-image-2.6.32-38-server apt-get remove linux-headers-2.6.32-39 linux-headers-2.6.32-39-server linux-image-2.6.32-39-server
This gives room to put back what I had backed up.
tar -xf ~username/boot.tar rm ~username/boot.tar
To clean up, you could could run:
apt-get autoremove
Then reboot and you will see you are using a very small percentage of /boot.
>> Doesn’t that work? You can also try this Stack Overflow-answer, which also worked for me.
Release upgrading from 14.04 to 16.04
Be careful! As “zachleigh” mentions on Laracasts: “If you’re already using php7 in 14.04, then there really isnt much point in upgrading now I guess. 14.04 is supported until spring 2018 so you still have a couple years before you have to do anything. May as well wait until the next long term support release, 18.04, comes out in 2018.”
If you still would like to do this, read the guide by DigitalOcean and run:
sudo do-release-upgrade
Backup Ubuntu site / Laravel Forge server with Tarsnap
Would you like to backup your Ubuntu server with Tarsnap and also backup your Mysql database? Then follow this steps:
Install Tarsnap
1. Install dependencies
sudo apt-get install build-essential ext2fs-dev zlib1g-dev libssl-dev
2. Install Tarsnap
Download Tarsnap with this wget:
wget --no-check-certificate https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz
Now we need to extract, configure, and compile Tarsnap.
tar xfz tarsnap-autoconf-1.0.35.tgz cd tarsnap-autoconf-1.0.35 ./configure sudo make install clean
3. Configure Tarsnap
Copy the example config to the live config:
sudo mv /usr/local/etc/tarsnap.conf.sample /usr/local/etc/tarsnap.conf
Then create a key, save this key to a USB or something, you can’t reset it.
mkdir ~/.tarsnap tarsnap-keygen --keyfile /home/youruser/.tarsnap/tarsnap.key --user your@email.com --machine your-machine-name You’ll be prompted for your Tarsnap password when running tarsnap-keygen.
Now, edit the tarsnap.conf file:
sudo pico /usr/local/etc/tarsnap.conf
Point the keyfile directive to the key file we created a couple steps ago. The top of your tarsnap.conf file should look similar to this now:
### Recommended options # Tarsnap cache directory cachedir /tmp/tarsnap-cache # Tarsnap key file keyfile /home/youruser/.tarsnap/tarsnap.key
4. Use Tarsnap to Make a Backup
To create a backup do this:
tarsnap -c -f servername-20140805 /home/forge
I’m using Laravel forge’s home directory. This directory is now backup up to Tarsnap. In the next step we’ll add a backup folder with the latest mysql-database.
Backup Mysql database
Create a folder in /home/forge : backup. Create a file in the folder:
touch /home/forge/makebackup.sh
Insert this information in the file:
#!/bin/sh TODAY=$(date "+%A"); flock -n ~/.mysqldump mysqldump -u forge -p forge --password=YOURPASSWORD > ~/backup/mysql-latest.sql; flock -n ~/.tarsnap.lock tarsnap -c -f "$(uname -n)-$(date +%Y-%m-%d_%H-%M-%S)" ~/ 2>/dev/null;
Create Cronjob
Let the makebackup.sh be called every x days:
crontab -e
Insert this piece of info:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin MAILTO={{YOUREMAILHERE}} PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 2 * * * flock -n ~/.makebackup.lock ~/backup/makebackup.sh
To view the backupped files so far:
tarsnap --list-archives | sort
Thanks to Longren.io and thanks to Hypernode