Zabbix 3.0 on Ubuntu 16.04 with Percona

After upgrading to Ubuntu 16.04, I couldn’t get Zabbix to run and was receiving the following

To fix this I needed to symlink the perconaclient library to the mysql client libraries that Zabbix was expecting.


iRedMail on Nginx

This is my experiment to get iRedMail to work with Nginx. In the end I got everything to work other than awstats, although with some caveats. I don’t like awstats very much and it seemed quite troublesome to get it setup. There is a mode to run awstats in that lets it just generate static files, which to me seem to be a better solution. I did testing only on Debian 6.0.7, although it should also work in Ubuntu just fine. It was also limited testing on brand new VMs.

So I am starting out with a brand new Debian 6.0.7 system. First things first we setup our hosts and hostname file. For my test environment I used mail.debian.test as my test environment. Then I grabbed the latest iRedMail which happened to be 0.8.3 at the time of writing this. I did this via wget in a ssh session. I had to install bzip2 to “tar -xf” it, so a quick “apt-get install bzip2” resolved that. I then ran the iRedMail installer and let it complete.

Now to stop apache services for good:

Optionally we can run “apt-get remove apache2” to get rid of apache binaries as well.

Now, I needed Nginx and php5-fpm (as I prefer fpm). This takes a little work as Debian 6.0.7 doesn’t have it in its default sources. This would have been easier on Ubuntu.

What I did her is first install nginx and curl. Then I added dotdeb to the sources list, added its key and then updated my sources. Finally I was able to install fpm.
Now that the applications are in place, I need to write their configuration files. Here is the list of files I will be using:
Nginx’s iRedMail site configuration file
php5’s FPM iRedMail web pool file
iRedMail init.d file to launch the iredadmin pyton webservice

During additional testing I uploaded the files and just used curl to put them into place. The init.d script is borrowed from the web (exactly where I can’t remember as I used bites and pieces from multiple places). However I don’t feel the need to write out or explain in great detail all off the changes.

You will need to modify the nginx file (/etc/nginx/sites-available/iRedMail) to contain the correct domain. As well you will need an additional dns enter for iredadmin.domain.tld (in my case iredadmin.debian.test). If this is your only/first ssl site or you prefer it to be default you will need to adjust the ssl section. I added comments to explain that. Nginx expects a default website and if none exist it won’t start.

As for the additional domain, I tried my best, but it seems there is no way to have the perl script to be aware its in a sub directory and pass the correct urls to its output templates. Although the template has the capability to do a homepath variable, this seems to be set from ctx in perl which from my limited knowledge I don’t believe is changeable via environment/server variables. I also didn’t see a way to change that in any setting. Hopefully the iRedMail developers can make this change in future versions.
The good news is the iRedMail developers had foresight to setup the script to run very smoothly as a stanalone python web server via a cgi socket. So no additional work to make that run is needed. I had hoped to use the iredapd service to launch this, but it appears to crash and fail horribly. So I setup a second instance to do this.

Now just a little more work to activate the new service, link the file as a live nginx site and restart some services.

Thats it. Now when I hit mail.debian.test I get the webmail portal. When I access iredadmin.debian.test I get the admin portal. phpmyadmin is also setup on mail.debian.test/phpmyadmin

Setting this up for Ubuntu should be easier, as 12.04 has php5-fpm in its packages so there is no need to add in the dotdeb resources. Everything else would be the same for it.

Nginx has always been flaky for me while doing Ipv6 services. I intended to include them but it just wasn’t playing nicely enough. Sometimes just doing [::]:80 to a listen will make it listen. Other times I have to specify it twice (and it doesn’t complain). Then again if I try it on 443 using [::]:443 nginx may not want to start at all, while it accepted [::]:80 just fine. So because of how picky it can be at times, I just opted to go with ipv4 only support here.

Another Ubuntu upgrade, Another dovecot+postfix breakage

It seems like every time I upgrade Ubuntu, dovecot+postfix breaks. Maybe its just my luck, but it has gotten fairly annoying to be the only service that breaks after any upgrade.

This time I spent hours last weekend reinstalling, uninstalling and reinstalling postfix and dovecot about 4 or 5 times. Sad to say here I don’t know quite what fixed it but I was able to receive mail.

Now today I found out I wasn’t able to send mail. So back into debug mode again to resolve that.

While doing some tests I realized that i couldn’t even log into my mail server under smtp (port 25). After some digging around I came across this little post:

The most important part here was a new line and change to an existing one:

Which for me was that auxprop_plugin went from mysql to sql and I added the new line below. This after a proper service restart resolved that problem. However I still had a problem of connecting to mail across SMTP+SSL (ie SMTPS on 465).

First off, I discovered my SSL certs for dovecot where outdated (expired it seems). While this shouldn’t of been causing the problem, I reissued the certificates. A quick search turned up and I was quickly back in business after backing up, deleting and generating the new certificates. I did modify the file and generate longer certificates though so it wouldn’t expire as fast (default is 1 year).

In my research, I found out a helpful command would tell me if SSL was working:

It failed as you can see. I will also mention you can test just TLS here by using:

I ran this command on the server directly, and it did give me more output, which became my basis for google searches.

This problem here after many google searches not turning up too many results, I stumbled onto this blog post, which had my answer.

I had the options commented out. So while the service was running on 465, the options where not set to enable TLS on that port. A few quick changes and service restart later, everything was working. Which leaves me with another note of being more careful doing file merging when using SSH during a upgrade. I most likely botched the file at that time.

Postfix with ubuntu 11.10

In addition to my Dovecot issues, postfix as well had failed and I wasn’t able to send emails. However, getting them was more important at that point.

After some trials, I found I needed to add this to my
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Which has resolved postfix from not working. Hopefully I fixed all my issues since my upgrade.

Dovecot with ubuntu 11.10

Just recently updated my vps to ubuntu 11.10, this went mostly smooth. However, I had some issues with dovecot. I could not get it to start.

It seems that the configuration guide I followed to setup dovecot broke due to outdated settings. However thanks to a wiki guide from dovecot, I was able to convert my configuration file:

However, dovecot refused to work properly. After much searching and much issues, I finally figured out that I had to install a new package, dovecot-mysql in order to get this to work. After which, a restart of the saslauthd service brought everything back into working order, at least for dovecot

Nginx with IPv6 and vhosts has recently setup IPv6 natively and is deploying it across their data-centers.  This is great as I now have a native IPv6 address for my VPS.

I use Nginx as a replacement for Apache and I noticed today that my vhosts where not correctly responding on the IPv6 address.  Since I use a wildcard for my subdomains, it still would respond with my main domain, but it wouldn’t recongize any additional or subdomain.  From the configuration documentation it makes it sound like I only need to add “listen [::]:80;” to my vhosts in order to get this to work.  However despite my tries I received an error:

[emerg]: bind() to [::]:80 failed (98: Address already in use)

All documentation supports the suggested command and some suggest running the sockets separately (by adding ip6only=on to that listen).  However this still failed to make it work.

So, after going through all my configs, test configs (for test subdomains I have) and disabling any listen directives (which broke a few things), I still couldn’t get it to work.  In the end I am not quite sure how I got it to work.  I even checked with “lsof -i :80” to see anything that might of been running and couldn’t find anything.

But what I did to finally get this to work right was add this to my default config (ie for my main domain):

listen 80 default;
listen [::]:80 default ipv6only=on;

Then for each other vhost I added:

listen [::]:80;

This seems to make things work without any problem.  No errors whatsoever and ipv6 responds as it should.

As a final note, I should mention my ISP does not natively support IPv6 yet.  I am using a tunnel broker via HE.

Moving home directory to a new drive

My current host has a unique feature in which it allows me to setup virtual machines easily. Since that is easily possible, I may want to someday switch to another operating system. So I wanted to split all my /home and configuration files out onto a separate drive. Which is entirely possible with my host.

The nice thing about linux systems is since they operate on open source software, things like configurations and setting things up are becoming less of a problem.  So If I set up my files correctly and use some correct symlinks, I could easily switch my operating system without missing a beat.

I will avoid discussing the details of getting the other drive setup on my machine. However, getting to working properly does take a little bit of work, all of which is easy.

Firstly, after I made sure the new drive exists in /dev, I simply created a folder to where I would mount the files.

$ mkdir /home-new

Now the directory exists, I simply just mount the drive to the directory.

$ mount /dev/xvdc /home-new

Doing some basic commands, I tested to ensure that the drive works and is functioning properly.  The next step involves copying files over.  However I had my site setup with permissions already and copying them would result in them being owned by root again.  Luckily the copy command has a argument that allows us to preserve that.

$ cp -Rp /home/* /home-new

Once that completed, I ensured that the files all worked on the new drive.  Next was to edit my /etc/fstab so the drive would mount correctly on reboots.  Simply put, I just copied the one for my root drive, changed the /dev device to the correct drive and the mount point to /home.  Just incase something went wrong, I shut off apache and moved /home to /home-old with a move command.

Now, I could of easily umount the /home-new drive and remount it on /home.  But just to ensure everything worked, I issued a reboot command and waited for my server to reboot.  After the reboot, I was able to see my site working again.  However I was not done yet.  My apache configuration files are still on the main drive.  An easy way for me to get around this is moving all my virtual host configuration files to my home folder and creating a symlink to them.

$ mkdir /home/configs
$ mv /etc/apache2/sites-available /home/configs
$ ln -s /home/configs/sites-available /etc/apache2/sites-available

This completes the move of my apache configs.  I modified the default configuration and have it containing things like port and other apache configuration changes.  I just simply repeated this for other configurations I changed and wish to have them transfer if I switch operating systems.

The only thing left to do is change where my mysql data is being stored.  Although I will work on not breaking that the first time around some other day 🙂