Category: Ubuntu

Tarsnap change key file with tarsnap-keyregen and tarsnap-recrypt

Want to change the tarsnap.key file?

Check out this manual: https://www.acunote.com/blog/2012/02/tarsnap-key-rotation-with-tarsnap-recrypt-and-tarsnap-keyregen.html

Especially this part of code is useful:

# create new key
tarsnap-keyregen --keyfile ~/tarsnap/keys/server.new.key \
                 --oldkey ~/tarsnap/keys/server.old.key \
                 --user me@example.com --machine server


# run recrypt.  This can take a long time (days), and final delete
# transaction will fail because of server cron jobs that will happen
# in the meantime
tarsnap-recrypt --oldkey ~/tarsnap/keys/server.old.key \
                --oldcachedir ~/tarsnap/cache/server.old \
                --newkey ~/tarsnap/keys/server.new.key \
                --newcachedir ~/tarsnap/cache/server.new

You can find the location of your tarsnap key file and cache folder with:

find / -name tarsnap.key
find / -name tarsnap-cache

Fixing VBoxManage: error: VMDK: descriptor does not start as expected in

When using Vagrant / Virtualbox and optionally Laravel Homestead it could occur that this message displays:

There was an error while executing `VBoxManage`, a CLI used by Vagrant

for controlling VirtualBox. The command and stderr is shown below.

Command: ["startvm", "{LONGOCDE}", "--type", "headless"]

Stderr: VBoxManage: error: Could not open the medium '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk'.

VBoxManage: error: VMDK: descriptor does not start as expected in '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk' (VERR_VD_VMDK_INVALID_HEADER).

VBoxManage: error: VD: error VERR_VD_VMDK_INVALID_HEADER opening image file '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk' (VERR_VD_VMDK_INVALID_HEADER)

VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MediumWrap, interface IMedium

After changing lots of stuff and trying out a lot, I found out it’s best to restore a backup of your vmdk file. For Linux and Windows there seem to be restore tools (not sure if these will work),  but not for Mac.

So, after trying to restore your backup, hopefully everything works (always backup your new file before restoring as well). Everything is at your own risk of course. Good luck!

Adding an extra IP to your VPS with Ubuntu

Edit your networking interfaces file:

sudo nano /etc/network/interfaces

Use these instructions (they are in Dutch): https://www.transip.nl/knowledgebase/artikel/219-hoe-voeg-ipv4-ipv6-adres-mijn/#ubuntu16ipv4

Restart network facilities with:

sudo ifdown eth0 && sudo ifup eth0

Also bring up your new ip address:

sudo ifup eth0:

Check if new ip address(ess) are added with:

ifconfig -a

Ubuntu 14.04 OpenSSL with Nginx – Generate & Install SSL certificate

Not the best guide, but some handy links I use to Generate and Install an SSL-certfificate with OpenSSL in NginX.

Generate OpenSSL Request:
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx

Order an SSL-certificate with the CSR

Then, when you received bundle plus CRT:
https://www.namecheap.com/support/knowledgebase/article.aspx/9419//installing-a-certificate-on-nginx

Restart NGINX:
https://www.cyberciti.biz/faq/nginx-restart-ubuntu-linux-command/

Using TransIP SSL-certificates

When using TransIP SSL-certificates you get a decrypted zip SSL-certificate (if you choose for standard mode instead of advanced mode).

These contains:

  • cabundle.crt
  • certificate.crt
  • certficate.key
  • certificate.p7b (you don’t need this one)

Open cabundle.crt, remove the first certificate (that is a root certificate and will give chain issues: an ‘anchor issue’ in SSL Labs). Then, swap the order of the two certificates of the bundle, else SSL Labs will give a chain issue: incorrrect order. Then, concatenate the certificate.crt (first) with the new cabundle.crt (second).

Then insert the concatenated crt file + the key on the server and insert them in NGINX:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name www.yourdomain.nl yourdomain.nl;
    
    ssl on;
    ssl_certificate /home/forge/ssl/domain1/20172018_cert_chain.crt;
    ssl_certificate_key /home/forge/ssl/domain1/20172018key.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
}

When creating your certificate you can concatenate certificate.crt with cabundle.crt .

How to fix the Laravel Gulp Error: Cannot find module ‘internal/fs’

Laravel Gulp Error: Cannot find module ‘internal/fs’

Get this error?

vagrant@homestead:*****$ gulp
module.js:472
    throw err;
    ^

Error: Cannot find module 'internal/fs'
    at Function.Module._resolveFilename (module.js:470:15)
    at Function.Module._load (module.js:418:25)
    at Module.require (module.js:498:17)
    at require (internal/module.js:20:19)
    at evalmachine.:18:20
    at Object. (/usr/lib/node_modules/gulp/node_modules/vinyl-fs/node_modules/graceful-fs/fs.js:11:1)
    at Module._compile (module.js:571:32)
    at Object.Module._extensions..js (module.js:580:10)
    at Module.load (module.js:488:32)
    at tryModuleLoad (module.js:447:12)

How to fix this error?

Thanks to Softwarehorizont, I found the solution:

Try to delete all node modules and reinstall them. A command sequence like this would do:

npm cache clean
rm -Rf node_modules/
npm install

Still got this error?

If you still got this error, you can look up the following references (I have not tested these, at your own risk, like all solutions posted on this blog):

  1. https://github.com/nodejs/node/issues/9377
  2. http://stackoverflow.com/questions/40663489/npm-not-working-cannot-find-module-internal-fs-nodejs

Resetting Linux Root Password with TransIP / VPS on Ubuntu

Option 1 – Using bootloader

Use this guide: http://www.howtogeek.com/196520/grub2-101-how-to-access-and-use-your-linux-distributions-boot-loader/ . In my case this did not work.

Option 2 – Using SystemRescueCD

It might be that your VPS has a Linux Recovery Mode (not rescue mode) using a SystemRescueCD. If so, use this guide:
http://ubuntuportal.com/2011/07/reset-password-ubuntu-using-sytemrescuecd.html

In my case the /dev/vda5 was not mountable, because it was password encrypted. That was why I had to use these commands:
http://pissedoffadmins.com/os/mount-unknown-filesystem-type-lvm2_member.html

In summary it went like:

$ fdisk -l
$ mkdir /mnt/system
$ mount /dev/vda5 /mnt/system
# /dev/vda5 is the main Linux partition
mount: unknown filesystem type 'crypto_LUKS'
# I received an error that this partition is encrpted, so the I used:
$ cryptsetup open /dev/vda5 newRoot
$ modprobe dm-mod
$ vgchange -ay
$ lvscan
# hopefully the root is displayed now. Mount this one
mount /dev/xx/yy /mnt/system
# ACCESS :D :D
chroot /mnt/system
passwd
# Enter your new root password

Then I was able to reset my password, by entering passwd.

Laravel Forge Ubuntu Update and Upgrade Manual with OpenSSL bugfixes

Be careful: Not all commands have been fully tested, you use these instructions with care and on your own risk. To repeat, as goes for all our articles, using our instructions is on your own risk!
This article primarily focuses on Ubuntu 14.04 and 16.04 servers that are working with Laravel Forge, but it can be useful for all Ubuntu (server) users.

As mentioned, OpenSSL recently had a security vulnerability with code CVE-2016-2107. This vulnerability is fixed in OpenSSL 1.0.2h – 3 May 2016. Check your current version by entering the command:

openssl version -v

Only updating OpenSSL?

Then you can run:

sudo apt-get install --only-upgrade libssl1.0.0 openssl

Then restart Nginx:

sudo service nginx restart

Check if the version is upgrade by entering the command:

openssl version -v

If it is all right you should see the version:

OpenSSL 1.0.2h 3 May 2016

Or newer of course.

Doing an update or upgrade within the same version

As instructed by DigitalOcean, you can update or upgrade Ubuntu by updating the package list:

sudo apt-get update

Then, upgrade installed packages to their latest available versions:

sudo apt-get upgrade

You will be shown a list of upgrades, and prompted to continue. Answer y for yes and press Enter. Then, the packages are updated and upgraded

Error: Unmet dependencies?

While upgrading, the following error may occur:

The following packages have unmet dependencies:
linux-image-extra-3.13.0-66-generic: Depends: linux-image-3.13.0-66-generic but it is not installed
linux-image-extra-3.13.0-79-generic: Depends: linux-image-3.13.0-79-generic but it is not installed
linux-image-generic: Depends: linux-image-3.13.0-79-generic but it is not installed"

Therefore you can install the missing images by entering the command:

sudo apt-get install -f

It could be that you get this message:

Unpacking linux-image-3.13.0-79-generic (3.13.0-79.123) ...
dpkg: error processing archive /var/cache/apt/archives/linux-image-3.13.0-79-generic_3.13.0-79.123_amd64.deb (--unpack):
 cannot copy extracted data for './boot/vmlinuz-3.13.0-79-generic' to '/boot/vmlinuz-3.13.0-79-generic.dpkg-new': failed to write (No space left on device)
No apport report written because the error message indicates a disk full error
                                                                              dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)

In that case read the next paragraph.

Full /boot directory?

When installing missing dependencies and running the command:

sudo apt-get install

There might occur an error as described in the previous paragraph. This can be solved by following the following steps as described on Stack Overflow.
When you command:

df -h

You probably would see that the /boot directory is 100% filled. In that case:

First, identify the space to be used,

cd /boot
du -sk *|sort -n

There might be a lot of kernels. Then run:

uname -a

to get the running kernel. The user on Stack Overflow: identified that I was on Linux alternate 2.6.32-43-server and did a tar of 6 of the versions that were not running, and were old.

tar -cvf ~username/boot.tar *2.6.32-44-server *2.6.32-45-server *2.6.32-46-server *2.6.32-47-server *2.6.32-48-server *2.6.32-49-server

Then do a rm -rf of what is backed up:

rm -rf *2.6.32-44-server *2.6.32-45-server *2.6.32-46-server *2.6.32-47-server *2.6.32-48-server *2.6.32-49-server

I am showing these commands as examples, you will have to decide what you will work with for your situation.

Now that you have some space on /boot, you are able to run

apt-get -f install

To clean up the failed install of 2.6.32-56-server.

Then do:

apt-get remove linux-headers-2.6.32-38 linux-headers-2.6.32-38-server linux-image-2.6.32-38-server
apt-get remove linux-headers-2.6.32-39 linux-headers-2.6.32-39-server linux-image-2.6.32-39-server

This gives room to put back what I had backed up.

tar -xf ~username/boot.tar
rm  ~username/boot.tar

To clean up, you could could run:

apt-get autoremove

Then reboot and you will see you are using a very small percentage of /boot.

>> Doesn’t that work? You can also try this Stack Overflow-answer, which also worked for me.

Release upgrading from 14.04 to 16.04

Be careful! As “zachleigh” mentions on Laracasts: “If you’re already using php7 in 14.04, then there really isnt much point in upgrading now I guess. 14.04 is supported until spring 2018 so you still have a couple years before you have to do anything. May as well wait until the next long term support release, 18.04, comes out in 2018.”

If you still would like to do this, read the guide by DigitalOcean and run:

sudo do-release-upgrade

Backup Ubuntu site / Laravel Forge server with Tarsnap

Would you like to backup your Ubuntu server with Tarsnap and also backup your Mysql database? Then follow this steps:

Install Tarsnap

1. Install dependencies

sudo apt-get install build-essential ext2fs-dev zlib1g-dev libssl-dev

2. Install Tarsnap

Download Tarsnap with this wget:

wget --no-check-certificate https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz

Now we need to extract, configure, and compile Tarsnap.

tar xfz tarsnap-autoconf-1.0.35.tgz
cd tarsnap-autoconf-1.0.35
./configure
sudo make install clean

3. Configure Tarsnap

Copy the example config to the live config:

sudo mv /usr/local/etc/tarsnap.conf.sample /usr/local/etc/tarsnap.conf

Then create a key, save this key to a USB or something, you can’t reset it.

mkdir ~/.tarsnap
tarsnap-keygen --keyfile /home/youruser/.tarsnap/tarsnap.key --user your@email.com --machine your-machine-name
You’ll be prompted for your Tarsnap password when running tarsnap-keygen.

Now, edit the tarsnap.conf file:

sudo pico /usr/local/etc/tarsnap.conf

Point the keyfile directive to the key file we created a couple steps ago. The top of your tarsnap.conf file should look similar to this now:

### Recommended options
 
# Tarsnap cache directory
cachedir /tmp/tarsnap-cache
 
# Tarsnap key file
keyfile /home/youruser/.tarsnap/tarsnap.key

4. Use Tarsnap to Make a Backup

To create a backup do this:

tarsnap -c -f servername-20140805 /home/forge

I’m using Laravel forge’s home directory. This directory is now backup up to Tarsnap. In the next step we’ll add a backup folder with the latest mysql-database.

Backup Mysql database

Create a folder in /home/forge : backup. Create a file in the folder:

touch /home/forge/makebackup.sh

Insert this information in the file:

#!/bin/sh
TODAY=$(date "+%A");
flock -n ~/.mysqldump mysqldump -u forge -p forge --password=YOURPASSWORD > ~/backup/mysql-latest.sql; 
flock -n ~/.tarsnap.lock tarsnap -c -f "$(uname -n)-$(date +%Y-%m-%d_%H-%M-%S)" ~/ 2>/dev/null;

Create Cronjob

Let the makebackup.sh be called every x days:

crontab -e

Insert this piece of info:

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO={{YOUREMAILHERE}}
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 2 * * * flock -n ~/.makebackup.lock ~/backup/makebackup.sh

To view the backupped files so far:

tarsnap --list-archives | sort

Thanks to Longren.io and thanks to Hypernode