Procedure to keep The perfect server updated

Discussion in 'Installation/Configuration' started by Dennis_sp, Dec 10, 2019.

  1. Dennis_sp

    Dennis_sp Member

    Last year i followed this guide to install Ubuntu with ISPConfig:
    https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/

    My question is, what is the correct procedure to update the server? For instance, one of my Joomla sites says this:

    We have detected that your server is using PHP 7.1.17-0ubuntu0.17.10.1 which is obsolete and no longer receives official security updates by its developers. The Joomla! Project recommends upgrading your site to PHP 7.2 or later which will receive security updates at least until 2020-11-30. Please ask your host to make PHP 7.2 or a later version the default version for your site. If your host is already PHP 7.2 ready please enable PHP 7.2 on your site's root and 'administrator' directories – typically you can do this yourself through a tool in your hosting control panel, but it's best to ask your host if you are unsure.
     
  2. Steini86

    Steini86 Active Member

    For security updates do:
    Code:
    sudo apt update
    sudo apt upgrade -y
    For release upgrade read https://help.ubuntu.com/community/UpgradeNotes then do:
    Code:
    sudo do-release-upgrade
    For new PHP Versions follow this guide: https://www.howtoforge.com/tutorial...fig-3-from-debian-packages-on-debian-8-and-9/
    Instead of Part 4 which is for Debian, use this on Ubuntu:
    Code:
    sudo add-apt-repository ppa:ondrej/php
    sudo add-apt-repository ppa:ondrej/apache
    sudo apt update
    Do not install the old PHP versions (5.x) with this guide, instead use it for php7.3 and php7.4 (if needed, otherwise just update your current version)
    If you do not want to install additional (new) PHP version, but "just" get a secure current version, then ignore the guide, do the 3 commands as shown above and upgrade via "apt upgrade"
     
  3. Dennis_sp

    Dennis_sp Member

    Thanks, before i could run sudo apt update i first had to updated my cd /etc/apt/sources.list accoring to these instructions:
    https://help.ubuntu.com/community/EOLUpgrades

    After that i was able to upgrade from Ubuntu 17 to 18. During the upgrade the installed asked if i wanted to replace these files with new ones:
    dovecot
    /etc/bind/named.conf
    and grub

    After rebooting none of the websites are working (internal server error). I checked the Apache error log and i noticed these errors:

    Code:
    .php-fcgi-starter: line 15: /usr/bin/php-cgi: No such file or directory
    PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php/20160303/apc.so'
    And many more similar warnings. It looks like PHP has failed to start. How can i resolve this?
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Have you installed php-cgi ?
    Find out which package contains '/usr/lib/php/20160303/apc.so' and install it.
     
  5. Dennis_sp

    Dennis_sp Member

  6. Steini86

    Steini86 Active Member

    I hope you went to the long-term support version: 18.04.3 LTS.
    Otherwise you can go directly to 19.10. However, this will only receive updates until 07/2020, while the LTS version gets updates until 2023: https://wiki.ubuntu.com/Releases

    If you have done a release upgrade, there is more to do:
    - Delete (or update) third party repositories from /etc/apt/sources.list.d (depending on what you have installed there, delete all third party (not stock ubuntu) files).
    - Make sure you have all the packages updated (apt update; apt full-upgrade)
    - Let ispconfig know of the upgrade:
    Code:
    ispconfig_update.sh
    Only if it says there is no update for you, do:
    Code:
    cd /tmp
    wget http://www.ispconfig.org/downloads/ISPConfig-3.1.15p2.tar.gz
    tar xvfz ISPConfig-3.1.15p2.tar.gz
    cd ispconfig3_install/install
    php -q update.php
    - Choose "reconfigure-services = yes"
    - Then install additional PHP versions as shown above
    - Reboot your server

    In general, you might want to activate http/2 and change all websites to the use of php-fpm. Is much faster.
     
    Last edited: Dec 14, 2019
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    In addition to what @Steini86 wrote, before issuing ispconfig_update.sh command, read the ISPConfig Perfect Server Guide for Ubuntu 18.04 and check all packages mentioned there are installed and all configurations are according to that guide.
    You installed ISPConfig on Ubuntu 17.x following the guide for that Ubuntu version. Now that you have Ubuntu 18.04 you must check the OS is installed and configured following Guide for Ubuntu 18.04. Then ISPConfig update with force reconfigure services does the setups correctly.
     
  8. Dennis_sp

    Dennis_sp Member

    Steini86 likes this.
  9. Dennis_sp

    Dennis_sp Member

    I have a follow up question on this thread. I noticed that after updating to Ubuntu 18.04 i cannot use Filezilla anymore to connect through FTP. WinSCP works normally. Accoridng to this thread this has to do with TLS1.3: https://forum.filezilla-project.org/viewtopic.php?f=2&t=50457&sid=44edfedfd6bf6ed3f68cca3edb53b15e

    Does anyone know a fix?

    Output Filezilla:
    Status: Resolving address of www.***redacted***
    Status: Connecting to ***redacted***
    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Command: USER ***redacted***
    Error: GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated.
    Status: Server did not properly shut down TLS connection
    Error: Could not read from socket: ECONNABORTED - Connection aborted
    Error: Could not connect to server
    Status: Waiting to retry...
    Status: Resolving address of www.***redacted***
    Status: Connecting to ***redacted***
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 50 allowed.
    Response: 220-Local time is now 20:18. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command: AUTH TLS
    Response: 234 AUTH TLS OK.
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Command: USER ***redacted***
    Error: GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated.
    Status: Server did not properly shut down TLS connection
    Error: Could not read from socket: ECONNABORTED - Connection aborted
    Error: Could not connect to server

    Output syslog:

    Feb 12 20:27:27 web pure-ftpd: (?@***redacted***) [INFO] New connection from ***redacted***
    Feb 12 20:27:27 web pure-ftpd: (?@***redacted***) [ERROR] TLS renegociation
     
  10. Steini86

    Steini86 Active Member

    See also:
    https://wiki.filezilla-project.org/FTP_over_TLS
    https://forum.filezilla-project.org/viewtopic.php?t=50598
    https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1832998
     

Share This Page