This tutorial will take you through updating a server managed by ISPConfig from Debian 11 (bullseye) to Debian 12 (bookworm). This guide works for both single- and multiserver setups. Just repeat the same steps on every server.
Be aware that the update process may cause some downtime.
Prerequisites
- Make sure you’re logged in as root user
1. Updating the system from Debian 11 to Debian 12
Please go through the guide on updating Debian itself first: https://www.howtoforge.com/how-to-upgrade-from-debian-11-to-debian-12/
2. Install missing PHP packages
Debian 12 ships with PHP 8.2 as the default PHP version, so we have to install it:
apt-get install php8.2 php8.2-cli php8.2-cgi php8.2-fpm php8.2-gd php8.2-mysql php8.2-imap php8.2-curl php8.2-intl php8.2-pspell php8.2-sqlite3 php8.2-tidy php8.2-xsl php8.2-zip php8.2-mbstring php8.2-soap php8.2-opcache libonig5 php8.2-common php8.2-readline php8.2-xml curl
Don’t forget to adjust the PHP config files if necessary.
If you still want to use PHP 7.4 for some websites, install it as an additional version by following https://www.howtoforge.com/ispconfig-php-debian/
4. Run a force update of ISPConfig
To reconfigure the services so they are correctly configured for Debian 12, we need to run the ISPConfig update script and let it reconfigure services. Run the script from the command line with
ispconfig_update.sh --force
Go through the update steps. When asked whether you want to reconfigure services or not, hit enter. If you skip this step by answering „no”, ISPConfig won’t configure your services for Debian 12 and some services might be broken.
5. Update paths to use PHP 8.2 as default PHP version
As PHP 8.2 is the default PHP version shipped with Debian 12, we need to update the PHP paths in ISPConfig.
Log in to the panel as admin user and then go to System -> Server Config -> server1.example.com (the hostname of your server) -> Web -> PHP Settings
Replace the references to 7.4 to 8.2, so it looks like this:
Apache php.ini path: /etc/php/8.2/apache2/php.ini
CGI php.ini path: /etc/php/8.2/cgi/php.ini
PHP-FPM init script: php8.2-fpm
PHP-FPM php.ini path: /etc/php/8.2/fpm/php.ini
PHP-FPM pool directory: /etc/php/8.2/fpm/pool.d
PHP-FPM socket directory: /var/lib/php8.2-fpm
Be aware that all websites on this server that use the PHP version „Default” will now use PHP 8.2 instead of the old version.
We also have to let the system use PHP 8.2 as the default PHP handler for non-ISPConfig actions. To do this, run:
update-alternatives --config php
If you need to select a PHP version, select PHP 8.2. Then, run
update-alternatives --config php-cgi
If you need to select a PHP version, select PHP 8.2 as well. Lastly, run
update-alternatives --config php-fpm.sock
If you need to select a PHP version, select PHP 8.2 again.
For servers with Apache2 installed, we have to disable PHP-FPM 7.4 as the default PHP handler and enable PHP-FPM 8.2 by running these commands:
a2disconf php7.4-fpm
a2enconf php8.2-fpm
systemctl restart apache2
6. Update phpMyAdmin (optional)
If you have phpMyAdmin installed, we recommend updating your install as many users have an outdated version installed.
Run this command to run our phpMyAdmin update script:
curl https://git.ispconfig.org/ispconfig/tools/-/raw/master/auto_update_phpmyadmin.sh -sL | sh
You can keep phpMyAdmin updated automatically from now on by using this same script. See this forum post for more information: https://www.howtoforge.com/community/threads/keep-your-phpmyadmin-installation-up-to-date-automatically.88495/Advertisement
We’re done! If you have any problems, open a thread on the forum.
Źródło Link:
W trakcie apt-get full-upgrade -y system będzie pytał czy zainstalować nowe pliki konfiguracyjne do:
pliku konfiguracyjnego „/etc/dovecot/dovecot.conf”
Plik konfiguracyjny „/etc/pure-ftpd/db/mysql.conf”
Plik konfiguracyjny „/etc/apache2/apache2.conf”
Plik konfiguracyjny „/etc/apache2/ports.conf”
Plik konfiguracyjny „/etc/mysql/mariadb.conf.d/50-server.cnf”
Potwierdzamy Y zainstalowanie nowych wersji opiekuna pakietów.
Można w trakcie instalacji wykonać kopię tych plików:
cp /etc/dovecot/dovecot.conf /root
cp /etc/pure-ftpd/db/mysql.conf /root
cp /etc/apache2/apache2.conf /root
cp /etc/apache2/ports.conf /root
cp /etc/mysql/mariadb.conf.d/50-server.cnf /rootAktualizacja bazy danych MySQL
mysql_upgrade -u root -pPrzydatne polecenia MySQL do przeprowadzenia aktualizacji bazy roundcube.
Zmiana hasła użytkownika roundcune:
SET PASSWORD FOR 'techonthenet'@'localhost' = PASSWORD('newpassword');Pokaż użytkowników
SELECT User FROM mysql.user;Pokaż użytkownikom wraz z nazwą hosta, gdzie mogą się logować
SELECT host, user FROM mysql.user;Sprawdzenie praw użytkownika
SELECT User, Db, Host from mysql.db;Jak znaleźć uprawnienia przyznane konkretnemu użytkownikowi MySQL
show grants for 'vivek'@'%';
show grants for 'vivek'@'192.168.1.1';
show grants for 'root'@'localhost';Aby pomóc w zobaczeniu uprawnień, wpisz:
select distinct concat('SHOW GRANTS FOR ', QUOTE(user), '@', QUOTE(host), ';') as query from mysql.user;Veeam, trzeba doinstalować blksnap:
apt install blksnap -yIf you want MySQL to listen on all interfaces, not just localhost, to allow access to MySQL from desktop tools, then edit /etc/mysql/mariadb.conf.d/50-server.cnf and comment out the line bind-address = 127.0.0.1 by adding a # in front of it.
nano /etc/mysql/mariadb.conf.d/50-server.cnf
[...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1
[...]
Edit the file /etc/mysql/debian.cnf and set the MYSQL / MariaDB root password there twice in the rows that start with the word password.
nano /etc/mysql/debian.cnf
The MySQL root password that needs to be added is shown in red. In this example, the password is „howtoforge”.
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = "howtoforge"
[mysql_upgrade]
host = localhost
user = root
password = "howtoforge"
To prevent the error ’Error in accept: Too many open files’ we will set higher open file limits for MariaDB now.
Open the file /etc/security/limits.conf with an editor:
nano /etc/security/limits.conf
and add these lines at the end of the file.
mysql soft nofile 65535
mysql hard nofile 65535
Next, create a new directory /etc/systemd/system/mysql.service.d/ with the mkdir command.
mkdir -p /etc/systemd/system/mysql.service.d/
and add a new file inside:
nano /etc/systemd/system/mysql.service.d/limits.conf
paste the following lines into that file:
[Service]
LimitNOFILE=infinity
Save the file and close the nano editor.
Then we reload systemd and restart MariaDB:
systemctl daemon-reload
systemctl restart mariadb
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
root@server1:/home/administrator# netstat -tap | grep mysql
tcp6 0 0 [::]:mysql [::]:* LISTEN 16623/mysqld
Postfix zen.spamhaus.org – poprawka blokowania przez spamhous serwerów pocztowych.
For anyone else that might be experiencing this and still wants to use spamhaus for their blacklist, I found that adding „=127.0.0.[2..11]” to the /etc/postfix/main.cf after „reject_rbl_client zen.spamhaus.org” resolved the receiving issue. You have to do it on the command line, as the control panel doesn’t allow entering those characters. And if you update ISPConfig, you have to make the same changes again, as they will be overwritten by the update.
Edit: reload the service after making said changes.
https://www.claudiokuenzler.com/blog/1231/postfix-reject-mails-blocked-using-zen-spamhaus-dnsbl-open-resolver
