linux:debian:start
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
linux:debian:start [2013/05/27 03:10] – adds cron experience stybla | linux:debian:start [2017/12/05 06:18] – Added migration of ejabberd from Jessie to Stretch stybla | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Debian ====== | ====== Debian ====== | ||
- | Despite I don' | + | Despite I don' |
It is actually quick reference for me. If you find it useful, good. If not, just move on. | It is actually quick reference for me. If you find it useful, good. If not, just move on. | ||
If you got offended by the content, I'm sorry. | If you got offended by the content, I'm sorry. | ||
+ | |||
+ | ===== Other topics ===== | ||
+ | |||
+ | * [[apt-mirror|local APT mirror]] | ||
+ | * [[automatic-installation|automatic installation of Debian]] | ||
+ | |||
===== Quick Tips and Tricks ===== | ===== Quick Tips and Tricks ===== | ||
+ | |||
+ | |||
+ | ==== APT fingerprints ==== | ||
+ | |||
+ | Print out all and full APT key fingerprints, | ||
+ | |||
+ | < | ||
+ | apt-key adv --list-public-keys --with-fingerprint --with-colons | ||
+ | </ | ||
Line 18: | Line 33: | ||
- make sure script name consists of allowed characters. And yes, ' | - make sure script name consists of allowed characters. And yes, ' | ||
- | This did happen to me and I fould myself scratching on the head. Despite being close to solution, I've overlooked the fact ' | + | This did happen to me and I fould myself scratching on the head. Despite being close to solution(yeah, I was reading |
- | isn't allowed character. I think I've got " | + | through '' |
+ | forum post in the end, resp. re-read man page again. | ||
Line 64: | Line 80: | ||
==== Migrating ejabberd 2.0.x to 2.1.x ==== | ==== Migrating ejabberd 2.0.x to 2.1.x ==== | ||
- | **WARNING - still work in progress!!!** | + | **WARNING - probably a bit incomplete, but who cares years later** |
Debian 6.0 Squeeze, however I think this doesn' | Debian 6.0 Squeeze, however I think this doesn' | ||
Line 131: | Line 147: | ||
</ | </ | ||
* hopefully enjoy! | * hopefully enjoy! | ||
+ | |||
+ | ==== Migrating ejabberd from Jessie to Stretch ==== | ||
+ | |||
+ | Yet another round fun. My private Jabber has been off for a long time, because client decided server is no good anymore. This was due to vulnerabilities in SSL/TLS, resp. OpenSSL(?) and there seemed to be no fix for Jessie. I've ignored it, because I didn't have time and it's not that important to me anyway. Now, on the verge of migration to Stretch, I couldn' | ||
+ | |||
+ | First of all, I found out I can neither perform backup or dump of ejabberd at Jessie. Mad props to devs, because all I had to do was to move ''/ | ||
+ | |||
+ | Second of all, there was the change of format of configuration file from whatever to YAML. In theory, you can convert old cfg to YAML via '' | ||
+ | |||
+ | < | ||
+ | ejabberdctl convert_to_yaml / | ||
+ | Error: erofs | ||
+ | </ | ||
+ | |||
+ | Not exactly nice, but worry not, because it's not that hard to adjust whatever needs to be adjusted, if your configuration is simple. | ||
+ | |||
+ | Last, but not least, was the certificate. I guess that was the issue on Jessie as well, but then I didn't really spend any time on it. Anyway, once I got ejabberd up and running, I couldn' | ||
+ | |||
+ | < | ||
+ | foo@bar: | ||
+ | CONNECTED(00000003) | ||
+ | 140252860966144: | ||
+ | --- | ||
+ | no peer certificate available | ||
+ | --- | ||
+ | No client certificate CA names sent | ||
+ | --- | ||
+ | SSL handshake has read 5 bytes and written 176 bytes | ||
+ | Verification: | ||
+ | --- | ||
+ | New, (NONE), Cipher is (NONE) | ||
+ | Secure Renegotiation IS NOT supported | ||
+ | Compression: | ||
+ | Expansion: NONE | ||
+ | No ALPN negotiated | ||
+ | SSL-Session: | ||
+ | Protocol | ||
+ | Cipher | ||
+ | Session-ID: | ||
+ | Session-ID-ctx: | ||
+ | Master-Key: | ||
+ | PSK identity: None | ||
+ | PSK identity hint: None | ||
+ | SRP username: None | ||
+ | Start Time: 1512468671 | ||
+ | Timeout | ||
+ | Verify return code: 0 (ok) | ||
+ | Extended master secret: no | ||
+ | --- | ||
+ | foo@bar:~/$ openssl s_client -connect XXX:5222 -starttls xmpp | ||
+ | CONNECTED(00000003) | ||
+ | --- | ||
+ | no peer certificate available | ||
+ | --- | ||
+ | No client certificate CA names sent | ||
+ | --- | ||
+ | SSL handshake has read 295 bytes and written 126 bytes | ||
+ | Verification: | ||
+ | --- | ||
+ | New, (NONE), Cipher is (NONE) | ||
+ | Secure Renegotiation IS NOT supported | ||
+ | Compression: | ||
+ | Expansion: NONE | ||
+ | No ALPN negotiated | ||
+ | --- | ||
+ | </ | ||
+ | |||
+ | Well, at least I've found out you must(?) disable SSLv2 in the config as well. Also, that there is '' | ||
+ | |||
+ | < | ||
+ | 2017-12-05 11: | ||
+ | 2017-12-05 11: | ||
+ | </ | ||
+ | |||
+ | So, as the last ditch effort, I've generated new SSL certificate. Lo behold, the miracle! Everything works now. I wonder what the problem was. May be SSL cert generated in ~ 2013 wasn't strong enough and that's what the issue was about from the get go. Comparison of old and new one: | ||
+ | |||
+ | < | ||
+ | Signature Algorithm: md5WithRSAEncryption | ||
+ | Signature Algorithm: sha256WithRSAEncryption | ||
+ | </ | ||
linux/debian/start.txt · Last modified: 2022/01/27 01:52 by stybla