ColcolMail
Installing Debian 10, OpenLiteSpeed, MariaDB and PHP 7.4 on AWS Lightsail.
Rough notes from an IT amateur so he does not forget. Follow at your peril!!!
AWS
Create Lightsail server, link to static IP and set firewall rules
(Assistance: AWS (Create instance, SSH, Static IPs))
Create Instance
Location: Ireland
Select a platform: OS Only –> Debian 10.5
Change SSH Key pair –> Create new –> Create –> Enter awskeypairname
–> Generate key pair –> Download file to Desktop
Identify your instance: servername
Click Create instance
Networking tab
Create static IP –> Enter servernameIP
–> attach to servername
Make a note of the IP: 11.22.33.44
Instances tab
Click on instance
Networking tab
IPV4 firewall
Add two rules:
Application: HTTPS
Protocol: TCP
Port: 443
Create
Application: Custom
Protocol: TCP
Port: 7080
Select Restrict to IP address and add your IP address (what is my IP?)
Create
Edit existing SSH rule:
Select Restrict to IP address and add your IP address (what is my IP?)
Save
DNS
Amend DNS records to point yourdomain.co.uk to the new server
Create/amend two DNS records:
Name: yourdomain.co.uk
Type: A
TTL: 300
Content: 11.22.33.44
Name: www.yourdomain.co.uk
Type: CNAME
TTL: 300
Content: yourdomain.co.uk
SSH and Update Debian
Set up initial SSH configuration using Lightsail key pair to allow remote root user login via password:
In terminal:
chmod 400 ~/Desktop/awskeypairname.pem
ssh -i ~/Desktop/awskeypairname.pem admin@11.22.33.44
$ sudo -i
(switches to root user)
# nano /etc/ssh/sshd_config
Within the file, scroll through and:
1) Change #PermitRootLogin prohibit-password
to PermitRootLogin yes
(Note: without the leading # –> ‘uncomments’ the command)
2) Change PasswordAuthentication no
to PasswordAuthentication yes
CTRL+O, Enter, CTRL+X to return to the command line.
# service sshd reload
# passwd
(enter new password for root user twice)# exit
$ exit
ssh root@11.22.33.44
(enter earlier password)
Should be able to log in.
# exit
Set up ssh configuration for automatic remote root user login
Assistance: (LearnLinuxTV from 9m50s to 45m50s)
In terminal:
ssh-keygen
Enter file name: /Users/username/.ssh/id_rsa_servernamekeypairname
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
(Above generates a second ssh key pair for root user and subsequent standard users)
cat .ssh/id_rsa_servernamekeypairname.pub
Displays a long key similar to this:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWe6bYxUz5nXp7A5zBdsB+6jdO8mmEWowTHHLsQ/9iixrTvKeygMpFQRPmludJeqlR9mMP5lp2LSrva80Flt/L5VxSNMGF1hixPqLyEW+UlsoPmludJeqlR9mMP5lp2LSrva8049I/GrROoLlmB1qgIYeic1swQhMapO1uvKCrrsyKSV9HT0dx+nPRk+0jgbnQIAlIEcW4Da50x5NCKGU0PiCTbPuWFnb4crZ6Z3yviPmludJeqlR9mMP5lp2LSrva8046PDEmuPMVDfaFQMEQCPpoQ8r83kllrGm9aNiPmludJeqlR9llrGm9aSrva80yC4LHmt2LZB7In3yA1 you@yourcomputer.lan
Copy the key onto your clipboard.
Now to ‘paste’ the key onto the server:ssh root@11.22.33.44
(enter password)
# nano .ssh/authorized_keys
File will already contain some text and a key relating to the awskeypairname
.
On the line below the existing text/key, paste the copied key from the clipboard.
CTRL+O, Enter, CTRL+X to return to the command line.# exit
nano .ssh/config
Within the file add the following lines:Host servername-root
Hostname 11.22.33.44
Port 22
User root
IdentityFile ~/.ssh/id_rsa_servernamekeypairname
CTRL+O, Enter, CTRL+X to return to the command line.
ssh servername-root
(should log straight in)
Update Debian packages
While logged in as root, a good opportunity to update Debian packages:# apt update
# apt upgrade
(answer Y to prompts)# exit
Set up SMTP email for server to send email notifications
(Assistance: Sylvain Durand, Debian (here and here))
(Permission errors within Debian 10: Alternative logfile path requires further adjustments. AskUbuntu)
(Errors within cron: Stackoverflow)
In terminal:
ssh servername-root
Ensure server packages are up to date:
# apt update
Install necessary email packages:
# apt install msmtp-mta
(answer Y to prompts)#
apt install bsd-mailx
(answer Y to prompts)
Create a system-wide SMTP config file:# nano /etc/msmtprc
Insert the following lines:defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log
account aws-system
host email-smtp.eu-west-1.amazonaws.com
port 587
from servername-system@yourdomain.co.uk
user L0NGUSERNAMEL1KETHIS
password VeryLOnGPASw0RDAb!tlikeTHiS
account default : aws-system
(host
, user
and password
can be retrieved from AWS SES. Ensure SMTP credentials are created in the SES region matching the host
endpoint)
CTRL+O, Enter, CTRL+X to return to the command line.
# echo "message" | mail -s "title" youremail@yourdomain.co.uk
(Sends a test email. Check your inbox)
# cat .msmtp.log
(Shows the email log, example below. exitcode=EX_OK
means it works)Jan 01 01:23:45 host=email-smtp.eu-west-1.amazonaws.com tls=on auth=on user=L0NGUSERNAMEL1KETHIS from=servername-system@yourdomain.co.uk recipients=youremail@yourdomain.co.uk mailsize=228 smtpstatus=250 smtpmsg='250 Ok 01020176e1cf4f13-b774792c-8714-4dd5-b28a-621d3ff63f3a-000000' exitcode=EX_OK
# exit
Install OpenLiteSpeed and Certbot
Install OpenLiteSpeed, create initial website and create Let’s Encrypt certificate
(Assistance: OpenLiteSpeed (here and here and here), Certbot and Snapcraft)
Within terminal:
ssh servername-root
Ensure server packages are up to date:
# apt update
Install OpenLiteSpeed packages:
# wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | bash
#
apt install openlitespeed
(answer Y to prompts)
# apt install lsphp74 lsphp74-common lsphp74-curl lsphp74-dev lsphp74-imap lsphp74-intl lsphp74-json lsphp74-ldap lsphp74-mysql lsphp74-opcache lsphp74-pspell lsphp74-memcached lsphp74-redis lsphp74-sqlite3 lsphp74-tidy
(answer Y to prompts)
Create files for initial user/website with appropriate permissions:#
groupadd yourdomaincouk
# useradd -M -g yourdomaincouk yourdomaincouk
#mkdir /home/yourdomain.co.uk
#mkdir /home/yourdomain.co.uk/public_html
#
chown yourdomaincouk:yourdomaincouk /home/yourdomain.co.uk
#chmod 711 /home/yourdomain.co.uk
#chown yourdomaincouk:nogroup /home/yourdomain.co.uk/public_html
#chmod 750 /home/yourdomain.co.uk/public_html
#touch /home/yourdomain.co.uk/public_html/.htaccess
#chown -R yourdomaincouk:yourdomaincouk /home/yourdomain.co.uk/public_html/.htaccess
#echo "<?php phpinfo();" > /home/yourdomain.co.uk/public_html/info.php
#echo "hello world" > /home/yourdomain.co.uk/public_html/index.php
#chown -R yourdomaincouk:yourdomaincouk /home/yourdomain.co.uk/public_html/*
Create log directory for OpenLiteSpeed:#
mkdir /home/yourdomain.co.uk/logs
# chown :nogroup /home/yourdomain.co.uk/logs
#
chmod 750 /home/yourdomain.co.uk/logs
Start OpenLiteSpeed and create your WebAdmin login details:# /usr/local/lsws/bin/lswsctrl start
# /usr/local/lsws/admin/misc/admpass.sh
(Enter administrator username and password)
In browser and OpenLiteSpeed WebAdmin
Visit: yourdomain.co.uk:7080
(proceed through SSL warnings and log into OpenLiteSpeed WebAdmin)
(if yourdomain.co.uk:7080
does not work and 11.22.33.44:7080
does work, then your DNS changes have yet to propogate).
SERVER CONFIGURATION
Within the Server Configuration left-hand menu option:
General tab
General settings
Edit (top-right corner)
Server Name: A name for your server
Administrator Email: A contact email
VIRTUAL HOSTS
Within the Virtual Hosts left-hand menu option:
Delete the Example Virtual Host
Add (a new Virtual Host, top-right corner)Virtual Host Name: yourdomaincouk
Virtual Host Root: /home/yourdomain.co.uk
Config File: /usr/local/lsws/conf/vhosts/yourdomaincouk.conf
Enable Scripts/ExtApps: Yes
Restrained: Yes
Save (top-right corner)
CLICK TO CREATE the conf file
Save (top-right corner)
Within the Virtual Host list, click yourdomaincouk.
Within the General tab
Edit (top-right corner)Document Root: /home/yourdomain.co.uk/public_html
Domain Name: yourdomain.co.uk
Domain Aliases: www.yourdomain.co.uk
Save (top-right corner)
Within the Log tab
Edit (Virtual Host Log, top-right corner)Use Server’s Log: NO
File Name: $VH_ROOT/logs/virtualhost.log
Log Level: INFO
Rolling Size (bytes): 10M
Keep Days: 90
Save (top-right corner)
Add (Access Log, top-right corner)Log Control: Own Log File
File Name: $VH_ROOT/logs/access.log
Rolling Size (bytes): 10M
Keep Days: 90
Compress Archive: Yes
Save (top-right corner)
Within the External App tab
Add (top-right corner)Type: LiteSpeed SAPI App
Next (top-right corner)Name: yourdomaincouk
Address: uds://tmp/lshttpd/yourdomaincouk.sock
Max Connections: 10
Environment: PHP_LSAPI_CHILDREN=10
Initial Request Timeout (secs): 60
Retry Timeout (secs): 0
Persistent Connection: Yes
Command: /usr/local/lsws/lsphp74/bin/lsphp
Run as User: yourdomaincouk
Run as Group: yourdomaincouk
Save (top-right corner)
Within the Script Handler tab
Add (top-right corner)Suffixes: php
Handler Type: LiteSpeed SAPI
Handler name: [VHost Level]: yourdomaincouk
Save (top-right corner)
Within the Rewrite tab
Edit (top-right corner)Enable Rewrite: Yes
Auto Load from .htaccess: Yes
Save (top-right corner)
LISTENERS (http)
Select the Listeners left-hand menu option
Delete the Default Listener
Add (a new Listener, top-right corner)Listener name: http
IP Address: ANY IPv4
Port: 80
Secure: No
Save (top-right corner)
To map the domain to the Listener:
Within Listener Summary, View http
Listener (magnifying glass icon)
Within Virtual Host Mappings, Add:Virtual Host: yourdomaincouk
Domains: yourdomain.co.uk, www.yourdomain.co.uk, * , 11.22.33.44
Save
Restart OpenLiteSpeed (LSWS PID green button, top-right corner)
Within another browser window:
Visit yourdomain.co.uk
(should see ‘hello world’)
Visit yourdomain.co.uk/info.php
(should see php details)
Within terminal:
CERTBOT# apt install snapd
(answer Y to prompts)
# snap install core
testing snap# snap install hello-world
(Note: On occasion this error may appear:Warning: /snap/bin was not found in your $PATH. If you've not restarted your
session since you installed snapd, try doing that. Please see
https://forum.snapcraft.io/t/9469 for more details.
If so then:
i) Exit the OpenLiteSpeed WebAdmin browser;
ii) reboot the server by # reboot
, then wait a minute;
iii) return to the server by ssh yourdomaincouk-root
)
iv) return to the OpenLiteSpeed WebAdmin at yourdomain.co.uk
:7080)
# hello-world
(‘Hello World!’ should appear)# snap refresh core
(Install certbot)# snap install --classic certbot
(Try a dry-run first to check if everything is working):
# certbot certonly --webroot -w /home/yourdomain.co.uk/public_html -d yourdomain.co.uk -d www.yourdomain.co.uk --dry-run
(Then create a certificate):
# certbot certonly --webroot -w /home/yourdomain.co.uk/public_html -d yourdomain.co.uk -d www.yourdomain.co.uk
(Enter email for urgent renewal and security notices (recommended), agree to the T&Cs [Y] and accept/decline campaign updates)
This message should eventually appear:Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/yourdomain.co.uk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yourdomain.co.uk/privkey.pem
Within OpenLiteSpeed WebAdmin
LISTENERS (https)
Within the Listeners left-hand menu option:
Add (a new Listener, top-right corner):Listener name: https
IP Address: ANY IPv4
Port: 443
Secure: Yes
Save (top-right corner):
To map the domain to the Listener:
Within Listener Summary, View https
Listener (magnifying glass icon):
Within the SSL tab
Edit (top-right corner).Private Key File: /etc/letsencrypt/live/yourdomain.co.uk/privkey.pem
Certificate File: /etc/letsencrypt/live/yourdomain.co.uk/fullchain.pem
Chained Certificate: Yes
Save (top-right corner).
Within the General tab
Within Virtual Host Mappings, Add:Virtual Host: yourdomaincouk
Domains: yourdomain.co.uk, www.yourdomain.co.uk, * , 11.22.33.44
VIRTUAL HOSTS
Within the Virtual Hosts left-hand menu option:
Click on the yourdomaincouk Virtual Host in the table.
Within the SSL tab
Edit (top-right corner).Private Key File: /etc/letsencrypt/live/yourdomain.co.uk/privkey.pem
Certificate File: /etc/letsencrypt/live/yourdomain.co.uk/fullchain.pem
Chained Certificate: Yes
Save (top-right corner).
WEBADMIN SETTINGS
Within the WebAdmin Settings left-hand menu option:
Select Listeners:
Click on adminListener in the table.
Within the SSL tab
Edit (top-right corner).Private Key File: /etc/letsencrypt/live/yourdomain.co.uk/privkey.pem
Certificate File: /etc/letsencrypt/live/yourdomain.co.uk/fullchain.pem
Chained Certificate: Yes
Save (top-right corner).
Restart OpenLiteSpeed (LSWS PID green button, top-right corner).
Within terminal:
# nano /home/yourdomain.co.uk/public_html/.htaccess
Insert the following text:RewriteEngine On
RewriteCond %{HTTP_HOST} !yourdomain\.co\.uk [NC,OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://yourdomain.co.uk/$1 [R=301,L]
CTRL+O, Enter, CTRL+X to return to the command line.
Restart OpenLiteSpeed for the .htaccess change to take effect:# /usr/local/lsws/bin/lswsctrl restart
Within another browser window:
Visit yourdomain.co.uk
(should see ‘hello world’ and secure browser padlock)
Visit yourdomain.co.uk/info.php
(should see php details secure browser padlock)
MariaDB
Install MariaDB, secure installation, create initial database
(Assistance: Digital Ocean)
Within terminal:
ssh servername-root
Ensure server packages are up to date:
# apt update
Install and secure MariaDB:# apt install mariadb-server
(answer Y to prompts)
# mysql_secure_installation
Answer the prompts as below:Enter current password for root (enter for none): [Enter]
Set root password? [Y/n] n
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Create an administrator MariaDB user (example used: adminroot):#
mysql
MariaDB [(none)]> GRANT ALL ON *.* TO 'adminroot'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit;
Check MariaDB is running:
#systemctl status mariadb
Outputmariadb.service - MariaDB 10.3.27 database serve
Create a database for yourdomaincouk:
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset:
Active: active (running) since Mon 2020-12-28 11:14:00 UTC; 7min ago
Docs: man:mysqld(8)#
mysql -u adminroot -p
(enter password)
#CREATE DATABASE yourdomaincouk;
MariaDB [(none)]>GRANT ALL ON yourdomaincouk.* TO 'yourdomaincouk'@'localhost' IDENTIFIED BY 'yourpassword';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit;# exit
Miscellaneous
Set standard user password, home directory and automatic SSH login
Within terminal: (needs to be changed(
ssh servername-root
# passwd yourdomaincouk
(enter password and confirm password)
# usermod --home /home/yourdomain.co.uk yourdomaincouk
# exit
cat .ssh/id_rsa_servernamekeypairname.pub
Displays a long key similar to this:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWe6bYxUz5nXp7A5zBdsB+6jdO8mmEWowTHHLsQ/9iixrTvKeygMpFQRPmludJeqlR9mMP5lp2LSrva80Flt/L5VxSNMGF1hixPqLyEW+UlsoPmludJeqlR9mMP5lp2LSrva8049I/GrROoLlmB1qgIYeic1swQhMapO1uvKCrrsyKSV9HT0dx+nPRk+0jgbnQIAlIEcW4Da50x5NCKGU0PiCTbPuWFnb4crZ6Z3yviPmludJeqlR9mMP5lp2LSrva8046PDEmuPMVDfaFQMEQCPpoQ8r83kllrGm9aNiPmludJeqlR9llrGm9aSrva80yC4LHmt2LZB7In3yA1 you@yourcomputer.lan
Copy the key onto your clipboard.
Now to ‘paste’ the key onto the server:ssh yourdomaincouk@11.22.33.44
(enter password)
$ mkdir .ssh
$ nano .ssh/authorized_keys
Paste the copied key from the clipboard into the file.
CTRL+O, Enter, CTRL+X to return to the command line.$ exit
nano .ssh/config
Within the file add the following lines:Host servername-yourdomaincouk
Hostname 11.22.33.44
Port 22
User yourdomaincouk
IdentityFile ~/.ssh/id_rsa_servernamekeypairname
CTRL+O, Enter, CTRL+X to return to the command line.
Test automatic login:ssh servername-yourdomaincouk
$ exit
Certbot Auto-Renew Set-Up
(Assistance: Certbot)
Within terminal:
ssh servername-root
# nano /etc/letsencrypt/renewal-hooks/deploy/mjp_restart_ols.sh
Within the file add the following lines:#!/bin/sh
# NOTE: Based on
# https://community.letsencrypt.org/t/automatically-manage-certificates/141428/10
# Designed for Debian 10. Restarts OLS on every successful SSL renewal (hopefully!)
# Place this script inside# /etc/letsencrypt/renewal-hooks/deploy/
# and name it 'mjp_restart_ols.sh'
# Make the script executable with:
# chmod +x /etc/letsencrypt/renewal-hooks/deploy/mjp_restart_ols.sh
# Enjoy!
#
/usr/local/lsws/bin/lswsctrl restart
CTRL+O, Enter, CTRL+X to return to the command line.
Make the file executable:# chmod +x /etc/letsencrypt/renewal-hooks/deploy/mjp_restart_ols.sh
Test the executable file (note the preceding full stop!):# . mjp_restart_ols.sh
Should receive an [OK] message:[OK] Send SIGUSR1 to 599
# exit
Certbot Renewal Test
Within terminal:
ssh servername-root
# certbot renew --dry-run
OutputSaving debug log to /var/log/letsencrypt/letsencrypt.log
-----------------------------------------------------------
Processing /etc/letsencrypt/renewal/yourdomain.co.uk.conf
-----------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Account registered.
Simulating renewal of an existing certificate for yourdomain.co.uk and www.yourdomain.co.uk
Performing the following challenges:
http-01 challenge for yourdomain.co.uk
http-01 challenge for www.yourdomain.co.uk
Using the webroot path /home/yourdomain.co.uk/public_html for all unmatched domains.
Waiting for verification…
Cleaning up challengesDry run: skipping deploy hook command: /etc/letsencrypt/renewal-hooks/deploy/mjp_restart_ols.sh
-----------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/yourdomain.co.uk/fullchain.pem-----------------------------------------------------------
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/yourdomain.co.uk/fullchain.pem (success)
-----------------------------------------------------------# exit
Renewal logs are stored at /var/logs/letsencrypt
/
WordPress CLI Installation
(Assistance: WordPress, OpenLiteSpeed Forum)
Within terminal:
ssh servername-root
# curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
Check if WP-CLI works using OpenLiteSpeed php:
# /usr/local/lsws/lsphp74/bin/php wp-cli.phar --info
Should see output similar to this:
OutputOS: Linux 4.19.0-13-cloud-amd64 #1 SMP Debian 4.19.160-2(2020-11-28) x86_64
Shell: /bin/sh
PHP binary: /usr/local/lsws/lsphp74/bin/php
PHP version: 7.4.13
php.ini used: /usr/local/lsws/lsphp74/etc/php/7.4/litespeed/php.ini# chmod +x wp-cli.phar
# mv wp-cli.phar /usr/local/bin/wp
Amend user profile to automatically use OpenLiteSpeed php with WP-CLI during every SSH session:# nano /home/yourdomain.co.uk/.profile
Insert the following line:export PATH=/usr/local/lsws/lsphp74/bin:$PATH
CTRL+O, Enter, CTRL+X to return to the command line.# exit
Check the automatic profile works:ssh servername-yourdomaincouk
$ wp --info
Output should show OpenLiteSpeed php:
OutputOS: Linux 4.19.0-13-cloud-amd64 #1 SMP Debian 4.19.160-2(2020-11-28) x86_64
Shell: /bin/sh
PHP binary: /usr/local/lsws/lsphp74/bin/php
PHP version: 7.4.13
php.ini used: /usr/local/lsws/lsphp74/etc/php/7.4/litespeed/php.ini$ exit
Amend WordPress PHP configurationsssh servername-root
Create WordPress config file to allow larger plugins, images etc to be uploaded through the dashboard. # nano /usr/local/lsws/lsphp74/etc/php/7.4/mods-available/wordpress.ini
Insert the following lines:
post_max_size = 128M
upload_max_filesize = 128M
CTRL+O, Enter, CTRL+X to return to the command line.
Restart OpenLiteSpeed for the PHP change to take effect:# /usr/local/lsws/bin/lswsctrl restart
Visit yourdomain.co.uk/info.php to ensure post_max_size
and upload_max_filesize
both show 128M
# exit
Create Sendy Cronjobsssh servername-root
# crontab -u yourdomaincouk -e
Insert the following lines below the comments:
* * * * * /usr/local/lsws/lsphp74/bin/lsphp /home/yourdomain.co.uk/public_html/autoresponders.php > /dev/null 2>&1
* * * * * /usr/local/lsws/lsphp74/bin/lsphp /home/yourdomain.co.uk/public_html/import-csv.php > /dev/null 2>&1*/5 * * * * /usr/local/lsws/lsphp74/bin/lsphp /home/yourdomain.co.uk/public_html/scheduled.php > /dev/null 2>&1
*/15 * * * * /usr/local/lsws/lsphp74/bin/lsphp /home/yourdomain.co.uk/public_html/update-segments.php > /dev/null 2>&1
CTRL+O, Enter, CTRL+X to return to the command line.
Wait a minute, then check to see whether the cronjobs are running (should be at least two a minute): # systemctl status cron
OutputJan 09 18:37:01 ip-172-26-5-155 CRON[22067]: pam_unix(cron:session): session ope
Jan 09 18:37:01 ip-172-26-5-155 CRON[22065]: pam_unix(cron:session): session ope
Jan 09 18:37:01 ip-172-26-5-155 CRON[22069]: (yourdomaincouk) CMD (/
Jan 09 18:37:01 ip-172-26-5-155 CRON[22070]: (yourdomaincouk) CMD (/
Then q to exit.# exit
Update Debian 10 to Debian 11
(Assistance: Debian, Phoenixnap)
Within AWS:
***CREATE BACK UP OF YOUR LIGHTSAIL SERVER !!!***
Within terminal:
ssh servername-root
First, update and upgrade Debian packages to latest versions and then reboot:# apt update
# apt upgrade
# reboot
NOTE: This error once occurred during apt upgrade
:# dpkg: error processing package openlitespeed (--configure):
installed openlitespeed package post-installation script subprocess was killed by signal (Killed)
Errors were encountered while processing:
openlitespeed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Solution# dpkg --configure -a
Then double check package has upgraded with# apt update
ssh servername-root
Show Debian version (should be 10.x):# cat /etc/debian_version
Find old configuration files:# find /etc -name '.dpkg-' -o -name '.ucf-' -o -name '*.merge-error'
Only /etc/ca-certificates.conf.dpkg-old
is returned.
Now double check for problem packages:# dpkg --audit
# dpkg --get-selections | grep 'hold$'
Both commands should return nothing.
Double check a Linux meta package is installed:# dpkg -l "linux-image*" | grep ^ii | grep -i meta
Should return something like this:ii linux-image-cloud-amd64 4.19+105+deb10u19 amd64 Linux for x86-64 cloud (meta-package)
Double check all packages are up to date:# apt update
Now to edit apt
sources files:# nano /etc/var/sources.list
Replace buster
with bullseye
For security lines, replace buster/updates
with bullseye-security
Once edited, file should look like this:deb http://cdn-aws.deb.debian.org/debian bullseye main
deb-src http://cdn-aws.deb.debian.org/debian bullseye main
deb http://security.debian.org/debian-security bullseye-security main
deb-src http://security.debian.org/debian-security bullseye-security main
deb http://cdn-aws.deb.debian.org/debian bullseye-updates main
deb-src http://cdn-aws.deb.debian.org/debian bullseye-updates main
deb http://cdn-aws.deb.debian.org/debian bullseye-backports main
deb-src http://cdn-aws.deb.debian.org/debian bullseye-backports main
CTRL+O, Enter, CTRL+X to return to the command line.
Now edit OpenLiteSpeed sources file:# nano /etc/var/sources.list.d/lst_debian_repo.list
Replace buster
with bullseye
Once edited, file should look like this (second line is commented out):deb http://rpms.litespeedtech.com/debian/ bullseye main
#deb http://rpms.litespeedtech.com/edge/debian/ bullseye main
CTRL+O, Enter, CTRL+X to return to the command line.# apt update
Should now see new list of packages to be upgraded:Get:1 http://security.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:2 http://cdn-aws.deb.debian.org/debian bullseye InRelease [116 kB]
Get:3 http://cdn-aws.deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 http://cdn-aws.deb.debian.org/debian bullseye-backports InRelease [49.0 kB]
Get:5 http://security.debian.org/debian-security bullseye-security/main Sources [201 kB]
Get:6 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [245 kB]
Get:7 http://security.debian.org/debian-security bullseye-security/main Translation-en [161 kB]
Ign:8 http://rpms.litespeedtech.com/debian bullseye InRelease
Get:9 http://rpms.litespeedtech.com/debian bullseye Release [2393 B]
Get:10 http://rpms.litespeedtech.com/debian bullseye Release.gpg [836 B]
Get:11 http://cdn-aws.deb.debian.org/debian bullseye/main Sources [8637 kB]
Get:12 http://cdn-aws.deb.debian.org/debian bullseye/main amd64 Packages [8183 kB]
Get:13 http://cdn-aws.deb.debian.org/debian bullseye/main Translation-en [6240 kB]
Get:14 http://cdn-aws.deb.debian.org/debian bullseye-updates/main Sources [5084 B]
Get:15 http://cdn-aws.deb.debian.org/debian bullseye-updates/main amd64 Packages [14.8 kB]
Get:16 http://cdn-aws.deb.debian.org/debian bullseye-updates/main Translation-en [8129 B]
Get:17 http://cdn-aws.deb.debian.org/debian bullseye-backports/main Sources [430 kB]
Get:18 http://cdn-aws.deb.debian.org/debian bullseye-backports/main amd64 Packages [420 kB]
Get:19 http://cdn-aws.deb.debian.org/debian bullseye-backports/main Translation-en [351 kB]
Get:20 http://rpms.litespeedtech.com/debian bullseye/main amd64 Packages [17.4 kB]
Fetched 25.2 MB in 5s (4945 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
434 packages can be upgraded. Run 'apt list --upgradable' to see them.
Run minimal upgrade first:# apt upgrade --without-new-pkgs
Then run full upgrade:# apt full-upgrade
Various system messages will appear during these two upgrade processes.
Select YES for restarting important services.
Select OK
for configuring SMTP server hostname as the default
Select (default) local version currently installed
for chrony.conf
, msmtprcm.new
and sshd_config
and any others.
Once completed, reboot:# reboot
ssh servername-root
Double check if full upgrade has worked.
First check version of Debian (should show 11.x):# cat /etc/debian_version
Then check for updates:# apt update
Should return all packages are up to date
.# exit
Within browser:
Check if websites are working!
Check if yourdomain.co.uk:7080
is working!
Once everything is working, delete server backup!!