Sysadmin

Where did my Emacs color-theme go in Ubuntu 20.04.LTS?!

26-Oct-2020 by joho

Having recently upgraded a small VPS from Ubuntu 18.04.LTS to Ubuntu 20.04.LTS, I ran into a little snag with Emacs and its color-theme (from the emacs-goodies-el package).

After some digging, it seems this is now done somewhat differently in Ubuntu 20.04.LTS.

This is what my .emacs file used to contain:

(require 'color-theme) 
(color-theme-initialize) 
(color-theme-charcoal-black)

This is what I changed it to:

(add-to-list 'custom-theme-load-path 
(file-name-as-directory "/usr/share/emacs/site-lisp/elpa/color-theme-modern-0.0.2"))
(load-theme 'charcoal-black t t) 
(enable-theme 'charcoal-black)

In addition, I also had to install the elpa-color-theme-modern package (from the Ubuntu 20.04.LTS distribution).

Checksum of file using Windows certutil

22-Oct-202022-Oct-2020 by joho

After getting files from a remote source, it is often a good idea to get some sort of fingerprint or checksum of the file, and verify it against a known value published in a place or on a website you trust.

For Windows, this can be accomplished with:

certutil -hashfile filename.ext sha256

sha256 can be any of MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

View as @geek1968 flashcard on Instagram

pdftk and php-pdftk on Ubuntu 18.04 without using snap

01-Oct-2020 by joho

During a product launch I recently came across an “interesting” issue involving pdftk (and php-pdftk). Some of the developers had made assumptions (ever heard that one before?) about the operating environment and how things were/are configured.

These assumptions were based on a development environment that in no way reflected the final production environment (ever heard that one before?). In this particular case, they were expecting the great PDF toolkit (pdftk) to be available and working just like it did in their development environment.

To summarize the issue: pdftk has been removed from Ubuntu 18.04 due to dependency issues. The “recommended” solution is to install pdftk using snap. This, in itself, is not a bad recommendation. But in a web server environment, it may put you in a place you don’t want to be in.

So after a few hours of toying with ideas and testing various things, I figured there must be some Debian-like package that would actually work when installed on Ubuntu 18.04 and that is not a snap package.

There is.

Later versions (or packages) of pdftk now exist as pdftk-java, and they do work with php-pdftk as well.

In my case, I located pdftk-java_3.1.1-1_all.deb and installed it. Or tried to rather. It has a number of dependencies that you will see for yourself. You’ll need to decide if their “weight” makes it worthwhile for you to go down this path. But it was one, reasonably good, way for us to solve the problem.

The developers you ask? They have been sent to /dev/codersgulag/cobol and will spend a number of solar iterations there.

(The file I ended up using was http://ftp.debian.org/debian/pool/main/p/pdftk-java/pdftk-java_3.1.1-1_all.deb, and it does work on Ubuntu 18.04.LTS)

Monitoring redis access and activity

11-Sep-2020 by joho

Use redis-cli to monitor redis access and activity.

redis-cli monitor

telnet localhost 6379

When the connection has been made, type MONITOR

Use Ctrl+C or send SIGINT to get out of redis-cli. To stop the redis session initialized with telnet, simply type QUIT and press <Enter>

See more from @geek1968 on Instagram

Webmin, Virtualmin and APT for Ubuntu and Debian

30-Apr-2020 by joho

I often use Webmin and Virtualmin to manage basic stuff on Linux servers, mostly so because others sometime need to change minor settings on these servers, and they may or may not be very familiar with doing things from the CLI.

You can, of course, update Webmin and Virtualmin manually, from within Webmin. But if you’re using APT, there is an automated, better, way of keeping these lovely software packages up to date.

Webmin

Create a file in /etc/apt/sources.list.d/ like webmin.list

Add the following line to that file:

deb https://download.webmin.com/download/repository sarge contrib

Add Jamie Cameron’s GPG key for the repository like so:

cd /root
wget https://download.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc

Finalize everything with

apt-get install apt-transport-https
apt-get update

You may now install/update Webmin with via APT (apt-get, aptitude, etc).

Virtualmin

Create a file in /etc/apt/sources.list.d/ like virtualmin.list

For Ubuntu 18.04.LTS (“Xenial”), add the following to that file:

deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-xenial main
deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal main

There are, of course, sources available for other distributions too. Simply replace xenial above, with the name of the distribution you’re running. You can find a list of the Debian based distributions here: software.virtualmin.com/vm/6/gpl/apt/dists/

Add the virtualmin GPG key for the repository like so:

cd /root
wget http://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin-6
apt-key add RPM-GPG-KEY-virtualmin-6

Finalize everything with

apt-get update

You may now install/update Virtualmin via APT (apt-get, aptitude, etc). You can find some more information about this in relation to Virtualmin on the Virtualmin forum.

Forcing apt-get to use IPv4

13-Feb-2020 by joho

When or if you run into trouble with apt-get and IPv6 connections timing out or not resolving properly at all, it may be a good idea to simply prevent apt-get from using IPv6.

Use

-o Acquire::ForceIPv4=true

when running apt-get, or create /etc/apt/apt.conf.d/99force-ipv4 and put

Acquire::ForceIPv4 "true"

in it.

If this does not work for you, you may want to have a look at /etc/gai.conf (this will, however, affect your system on a deeper level for IPv4 vs IPv6 connectivity). If you’re not interested in IPv6, it should cause no problems.

See more from @geek1968 on Instagram

URL re-writing with nginx, PHP, and WordPress

23-Dec-2019 by joho

There are many posts about nginx, re-directs, PHP, and WordPress. There are somewhat fewer posts that talk about (internal) re-writes, where the request by the web browser is mangled to be served by another resource than the one requested.

For example, I may want a request for https://mysite.foo/cool/penguin to actually be served by https://mysite.foo/coolstuff.php?id=penguin, or simply setup an alias such as https://mysite.foo/cool/penguin to be served by https://mysite.foo/cool/linux, but preserve the URL in the browser address bar.

With PHP-FPM and nginx, you run into an additional problem, which is the fastcgi_parm variables that are passed from nginx to PHP-FPM. So even if you have really fancy URL re-writing configured (and working), the end result may not be passed on to PHP-FPM from nginx.

So solve this, you should look into this construct, which is present in many nginx configurations as a default setup:

fastcgi_param REQUEST_URI $request_uri;

Since your needs probably differ from mine, I wont make this post any longer than it has to be, but that fastcgi_param line above may be a good starting point if you’re experiencing problems with nginx, PHP-FPM, and URL re-writing.

Good luck!

What’s My IP / Dynamic DNS / DDNS / DynDNS

22-Oct-202025-Oct-2019 by joho

There are a number of ways to figure out your current public IP address automatically, which can be extremely useful for Dynamic DNS (DDNS) situations or other automation ventures, here are some of them.

OpenDNS

dig +short @resolver1.opendns.com ANY myip.opendns.com

If the above doesn’t work, you may want to try this:

dig +short myip.opendns.com @resolver1.opendns.com

ifconfig.co

curl https://ifconfig.co

Akamai

curl http://whatismyip.akamai.com/

Cloudflare

dig @1.1.1.1 ch txt whoami.cloudflare +short

Google

dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

Changing your MTU may help certbot / Let’s Encrypt

24-Jun-2019 by joho

While attempting to create a Let’s Encrypt SSL certificate using certbot for a number of domains, I ran into something that appeared to be a timeout issue in the certbot client and/or one of the Python libraries used by it.

I found this thread, which recommends changing the MTU to 1300, and it does work. So, maybe this will help you too 🙂

community.letsencrypt.org/t/cannot-get-new-certificate-readtimeout-error/94586

In other words:

ifconfig eth0 mtu 1300

may help you out.

Things to do after migrating to Zimbra 8.8.x

02-Jun-2019 by joho

As I recently handled a migration from Zimbra 8.7.11 to Zimbra 8.8.12, I’ve been running into things I think the Zimbra updater should handle by itself, and/or things that should be documented in a more practical way than they currently are. I’ll just keep updating this post with things I find and learn.

(The migration turned into an 18 hour job since we ran into a +1 year old problem where an Ubuntu upgrade form 14.04.LTS to 16.04.LTS more or less wipes your Zimbra setup and leaves it in a very sorry state. Fortunately, I managed to piece it back by hand.)

Zimbra Backup NG

The new and improved Zimbra Backup NG should be enabled IMHO. It does things a lot better than the previous version(s). In a number of places, Zimbra makes references to its improvements, and so on. They should probably include this instruction too:

To disable the “classic” (or “legacy”) backups, a simple

zmschedulebackup -F

(as the “zimbra” user) is all you need to execute. (You may want to hang on to your old backups until they’ve outlived their purpose though. This command only disables/removes the scheduled “legacy” backups.)