PHP contact form returns 504 gateway error after moving to Digital Ocean

This one had me scratching my head for a while – using php7.0-fpm and the latest nginx on Debian 8 Jessie I was seeing our PHP contact form working correctly but returning a Gateway 504 error upon submission, which was resulting in a great deal of resubmitted forms and error notifications from users.   This only started occuring after we moved our site to Digital Ocean – it turns out that it was a IP priority issue and the following resolved it:  
vim /etc/gai.conf
  and uncommenting the following line:  
precedence ::ffff:0:0/96  100

Then a reboot. Voila, the contact form worked properly again.

Installing Aegir 3 on Debian 8 Jessie/Ubuntu with Nginx

So, after a few failed attempts at installing the Aegir 3 Drupal control system we hit upon this “recipe” as what works for us currently on a fresh install of Debian 8 Jessie or Ubuntu 14.04.

This assumes you are logged in as root. First, update and upgrade your system.
apt-get update && apt-get upgrade -y
For the version of OS that currently gets installed with a fresh Binary Lane VPS we also need to update the base system. We like to use aptitude for that; while we’re installing aptitude, we might as well install the other thing that Aegir needs to install properly:
apt-get install curl sendmail aptitude -y
aptitude safe-upgrade -y
Now, we need to install the database server. We use MariaDB.
apt-get install mariadb-server -y
One that’s done – you will be prompted to enter a root password for the database – we run the following command:
Don’t worry about changing the root password now that you have already set one, but delete the test database when prompted, disable anonymous access and flush privileges. Now we can install Aegir, nginx, php5-fpm etc.:
echo “deb stable main” | sudo tee -a /etc/apt/sources.list.d/aegir-stable.list
curl | sudo apt-key add –
apt-get update
apt-get install aegir3 aegir3-provision aegir3-hostmaster nginx php5-fpm
Enter the hostmaster URL – usually the fully qualified domain name. Enter the database root password once for provision and once for hostmaster. Assuming all of the above has gone well, you should be given a one-time-login link in your terminal at the end of the install process, e.g.:
Now, before using that run the following:
Add this to the end of the file:
Defaults:aegir !requiretty
aegir ALL=NOPASSWD: /etc/init.d/nginx
This gives Aegir – the aegir user – permission to restart nginx without requiring a sudo password. Test this works by doing the following: su – aegir
sudo /etc/init.d/nginx restart
What you want to see then is this:
* Restarting nginx nginx
[ OK ]
vim /etc/nginx/nginx.conf
Comment out by putting a # in front of:
# tcp_nopush on;
# types_hash_max_size 2048;
# error_log /var/log/nginx/error.log;
Reboot, and use the one-time-link. You should be logged in fine and now can use Aegir!

How to protect Debian from the Shellshock exploit

Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your Debian server is vulnerable run the following in a terminal:
env VAR='() { :;}; echo Shellshock vulnerable!‘ bash -c “echo Bash Testing”
If your system is vulnerable, you will see:
Shellshock vulnerable! Bash testing
If it is not vulnerable, you will see:
bash: warning: VAR: ignoring function definition attempt bash: error importing function definition for `VAR’ Bash testing
If you are vulnerable, you can update bash by running the following:
sudo apt-get update && sudo apt-get install --only-upgrade bash
Once the update has finished, run the code to check your vulnerability again and it should be sorted.

Debian: How to see what has recently been upgraded or updated through apt-get

Forgotten what it was you last updated, or want to check what someone else has been updating? There’s a log file for that, and it’s located at:  
  To view it, run:  
less /var/log/apt/history.log
  Looking for an older logfile? They’re kept, too. To see the other log files available, view the directory using ls:  
ls /var/log/apt/
  It should look something like:  
history.log  history.log.1.gz  history.log.2.gz  history.log.3.gz  history.log.4.gz  term.log  term.log.1.gz  term.log.2.gz  term.log.3.gz  term.log.4.gz
  One further note – This will show the most recent things done with apt, not just upgrades.

How to cache yum repositories on CentOS using apt-cacher-ng on Debian or Ubuntu

  If you have a lot of virtual (or real) machines running Debian or Ubuntu and a limited internet connection, it can make a lot of sense to use apt-cacher-ng to create a local cache of the packages you use so that they are only downloaded once. The current version of apt-cacher-ng can also help out with yum repositories!   On CentOS, edit /etc/yum.conf and add:  
  If you have changed the default port of apt-cacher-ng from 3142, you will need to modify that. Our example file:  
[main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 installonly_limit=5 bugtracker_url= distroverpkg=centos-release proxy= #  This is the default, if you make this bigger yum won’t see if the metadata # is newer on the remote and so you’ll “gain” the bandwidth of not having to # download the new metadata and “pay” for it by yum not having correct # information. #  It is esp. important, to have correct metadata, for distributions like # Fedora which don’t keep old packages around. If you don’t like this checking # interupting your command line usage, it’s much better to have something # manually check the metadata once an hour (yum-updatesd will do this). # metadata_expire=90m # PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.d
  As you can see, our local apt-cacher-ng VM is   Run yum update and check your apt-cacher-ng’s cache – you should now see some CentOS respositories cached there.

Debian Wheezy: /etc/sudoers missing

  If you’re looking to add something to the /etc/sudoers file in a Debian Wheezy install, you may find that the file isn’t there! To create the file while logged in as the root user you need to install the sudo package:  
apt-get install sudo
  Once that install completes the file will appear:  
# # This file MUST be edited with the ‘visudo’ command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults        env_reset Defaults        mail_badpass Defaults        secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin” # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root    ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo   ALL=(ALL:ALL) ALL # See sudoers(5) for more information on “#include” directives: #includedir /etc/sudoers.d

Debian 7 (Wheezy) – no smbpasswd command

  If you have installed samba/cifs-utils/etc. and are trying to set your users up on a Debian 7 system, you might be surprised to find that the smbpasswd command seems to be missing. It’s actually part of the samba-common-bin package, which you can install via:  
sudo apt-get install samba-common-bin
  …and you should have your command.

Incorrect keyboard layout/map on a Raspberry Pi – no | or \

One thing that’s come up occasionally with our testing of the Pi so far has been that some distributions pick up on odd keyboard maps by default, particularly with Apple keyboards – to fix this on one of the Debian distros and get back your missing pipe (|) or backslash (\) characters run: # dpkg-reconfigure keyboard-configuration and select the correct keyboard map/layout for your keyboard.