Distro upgrade as a service

For several years we have worked with customers to upgrade dozens of servers (primarily Debian and Ubuntu) from old (sometimes ancient) distro versions to the latest, stable versions.

We are now offering this distro upgrade as a service.

The upgrade steps are as follows:

  • We collect systems information to ensure your setup is updatable (e.g. that the server is SSH accessible, running Debian or Ubuntu, has sufficient space to run a backup).
  • We trigger a backup of your current server (it does not have to be a RimuHosting server).
  • We import that into a new RimuHosting VM
  • We dist-upgrade the new VM to the latest stable version
  • We crossgrade that from 32bit to 64bit if necessary
  • You perform your QA checks
  • You point your DNS to the updated server

The upgrade as a service is non-destructive: we only make changes to a copy of your server, not the original.

As an introductory offer this service is provided for no cost. After the upgrade, there will be a hosting fee for the resulting server.

To get going, just mention this post and any details about your setup on our contact form.

Sample scenario: Upgrade your Debian 8 Jessie server to Debian 10 buster and regain access to Debian security updates, and features like automated LetsEncrypt certificate installs.

Posted in Rimuhosting | Tagged , | 1 Comment

VM backup and download

The following code snippet will let you create a backup image of a Linux server, encrypt it, and then make it available for download. It requires PHP, and makes use of PHP's built in HTTP server. You will need sufficient disk space on your VM image to create the download. The file is compressed, so the backup will typically be smaller than the disk space used on the VM.

# random password of letters and digits
password="$(</dev/urandom tr -dc A-Z0-9 | head -c10)"
# create a backup directory
[ ! -d /root/backup.$$ ] && mkdir /root/backup.$$
# date like 2021-06-28-1624846640
dt="$(date +%Y-%m-%d-%s)"
cd /root/backup.$$
# exclude mysql and log files, but keep directory structure
find /var/log /var/cache/apt/archives -type f > /root/excludefiles.log
#find /var/lib/mysql -type f > /root/excludefiles.log
# exclude sockets
find / -type s -print 2>/dev/null >> /root/excludefiles.log
# create a tar file, exclude certain directories
# encrypt the data using openssh with the provided password
tar -cpzf - \
--exclude-from=/root/excludefiles.log \
--exclude=/root/backup.* \
--exclude=/restore* \
--exclude=/proc \
--exclude=/tmp \
--exclude=/mnt \
--exclude=/dev \
--exclude=/sys \
--exclude=/run \
--exclude=/media \
--exclude=/usr/src/linux-headers* \
--exclude=/home/*/.gvfs \
--exclude=/home/*/.cache \
--exclude=/home/*/.local/share/Trash / | openssl enc -aes-256-cbc  -md sha256 -pass "pass:$password"  > /root/backup.$$/backup-$dt.tar.gz.enc

# save password details
echo "openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" -in backup-$dt.tar.gz.enc -out backup-$dt.tar.gz" >> /root/backupcredentials.log

#zip --encrypt --password "$password" backup.zip $directorytozip

# output a message about how to access and use the file 
ip=$(ifconfig eth0 | grep 'inet ' | sed 's/inet addr:/inet /' | awk '{print $2}')
echo "The backup file is created at /root/backup.$$/backup-$dt.tar.gz.enc.  

Download your backup from http://$ip:32956/backup-$dt.tar.gz.enc

Download your backup with scp using: scp root@$ip:/root/backup.$$/backup-$dt.tar.gz.enc 

Extract your backup on a target host with scp using: mkdir /restore.$$; cd /restore.$$; scp root@$ip:/root/backup.$$/backup-$dt.tar.gz.enc /dev/stdout | openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" | tar xz

Unencrypt the backup with: openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" -in backup-$dt.tar.gz.enc -out backup-$dt.tar.gz

Should you need openssl for windows, you may download that.  For example from https://curl.se/windows/

The backup includes mysql databases.  You may prefer to exclude them, and run a MySQL database dump instead.

# offer the file for download.  Kill this process off after you have downloaded the file.  
# PHP has a built in web server
# at job to kill off process after 24h?
nohup php -S $ip:32956 &

To decrypt the backup you will need openssl. This is typically available on most Linux installs. There are also Windows binaries available, e.g. from https://curl.se/windows/

You may wish to skip the encryption step if you are scp-ing the file directly and not offering it via a public download URL.

The backup skips the mysql directory. You could include that if you wished (be sure to stop the mysql server while the files are being copied). Alternatively you could create a mysql database dump prior to creating the backup image.

Posted in Rimuhosting | Tagged , | Leave a comment

Centos8 + Apache + Tomcat + LetsEncrypt Setup

A popular setup for Tomcat is to run it as a backend behind Apache. This lets you use Apache for some websites and URLs and Tomcat for others (while keeping the same IP address and port).

Another common requirement is to have a valid SSL certificate.

This HOWTO describes that setup. The HOWTO is for Centos8, but it would not be too different for other distros.

Run a clean install choosing Centos8 at https://rimuhosting.com/cp/vps/disk/install.jsp

In /etc/httpd/conf.modules.d/00-proxy.conf enable:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

Run the following:

Continue reading
Posted in Rimuhosting | Comments Off on Centos8 + Apache + Tomcat + LetsEncrypt Setup

Ubuntu 20.04 LTS released

Ubuntu Logo

The latest long term support (LTS) release of Ubuntu is now available for new installs. Ubuntu 20.04, also known as "Focal Fossa" can be ordered at https://rimuhosting.com/order/v2orderstart.jsp. It's also an option to consider if you reinstall an existing VPS.

The official release notes for this release are available at https://wiki.ubuntu.com/FocalFossa/ReleaseNotes and will be be upstream supported until at least April 2025

Features in the 20.04 long term support release include:

  • python3 is now the default python interpreter
  • php updated to v7.4, with support for strongly typed properties and enforces stricter usage of arrays and ternary operators
  • updates to ha/clustering tools, notably now using kronosnet (or knet for short) as an essential feature, supporting dynamic configuration of new network resources
  • HAProxy 2.0
  • TLS 1.3 support is now baked in to services through the updated openssl library, so all your sites can take full advantage of the latest web encryption technology

As usual there is a supported upgrade path from previous Ubuntu releases, though customers with 18.04 LTS installs may be better to wait for the next (20.04.1) point release before updating. For anyone looking to do this, please see our recommendations at https://rimuhosting.com/knowledgebase/linux/distros/ubuntu

You can install new servers now at https://rimuhosting.com/order/v2orderstart.jsp, or contact us if you have any questions about Ubuntu 20.04.

Posted in Distributions | Tagged , , | Comments Off on Ubuntu 20.04 LTS released

Unknown Password Change – diagnostics

Often numerous people have access to an account, developers, owners, system administrators.

Occasionally they do things, they maybe shouldn't - like changing the password - leaving all other people in the loop out.

When this happens its always good to make sure that you know who changed that password - because if it was not you, it was potentially an exploit of some sort

Its fairly hard to track down exactly WHO did this, however its easy to work out WHEN it happens, which allows you to look up other things to determine who

To determine when the password was changed you can check the /etc/shadow file . It looks like this

Continue reading
Posted in Rimuhosting | Tagged , , , , | Comments Off on Unknown Password Change – diagnostics

Woop! WordPress hosting launch

Today we launch our Woop! WordPress hosting service. We are pretty excited about this.

woop logoMany of our RimuHosting customers run WordPress on the VMs they host with us. That makes sense since 30% of the world's sites run on WordPress. For over a decade we have been working with these customers to keep their WordPress installs up to date and secure. As well as working with them to make their sites load quickly, and have up to date SSL certs.

With so many customers wanting to run WordPress, and after seeing so many different setups, we wondered:

If we had our way, what would the ideal WordPress setup look like?

-Some guys (and Liz) at RimuHosting
Continue reading
Posted in Rimuhosting | Tagged | Comments Off on Woop! WordPress hosting launch

Business as usual in the Covid-19 pandemic

For customers using RimuHosting services, we don't expect the covid-19 pandemic will have any impact on our provision of services for you to use.

Existing servers are continuing to operate as normal and for now, provision of new services is also operating as normal. We have spare capacity available to cater for extra demand. It is conceivable that if demand increases significantly, shipping delays or shortages of parts may delay provisioning of new services. However, as of now we don't expect any problems.

We are continuing to work as normal. A number of our staff always work from home and the rest do so occasionally. From earlier this week, all our staff started working from home as a precaution, to reduce the risk in case community transmission starts in New Zealand.

The datacenters we operate from are all set up to continue operating with minimal staffing if necessary.

If your VPS has a firewall associated which has your office IP whitelisted, consider the impact on staff working remotely. We are happy to help with sorting out any problems such as this that you might experience when staff start to work from home.

We are also in a good position to provision new services aimed at supporting your organization working from home. e.g. We can help install software such as WordPress blogging and website platform, Nextcloud document sharing, Jitsi secure video conferencing for up to 8 participants, Mattermost enterprise messaging, Moodle online training and education platform, and Sandstorm easy-install self-hosted online services, and many other internet based products. Just mention what your needs are and our staff will be happy to assist.

We wish you well in these times of uncertainty.

Posted in Announce, Rimuhosting | Tagged , , , , , | Comments Off on Business as usual in the Covid-19 pandemic

CentOS 8 available

The long awaited release of CentOS 8 64bit is now available with new installs from our order pages at https://rimuhosting.com/order/v2orderstart.jsp. It's also an option to consider if you reinstall an existing VPS. CentOS8 was formally released on 24 Sep 2019.

The official release notes are available at https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.1905.

CentOS8 will be supported until 30 Sep 2029. It is based on sources used by well known enterprise platforms, and will provide a reliable long term install target for new projects.

Continue reading
Posted in Announce, Distributions, Rimuhosting | Tagged , , , , , | Comments Off on CentOS 8 available

Finding and auto updating wordpress / themes / plugins with wp-cli

For many years I have maintained a shell script that checks and can update wordpress. Its great, it needs nearly nothing and is handy for basic diagnosis, however its not good as something that can update things on a cron so well which multiple people have asked about.

Continue reading
Posted in Featured, Rimuhosting | 1 Comment

Exploits on Webmin 1.8xx and earlier

Developers have just announced the release of Webmin 1.930. This includes some important security fixes. If you have an older Webmin version please update urgently to insure your server remains secure.

In particular they described an exploit that is fairly major.

Should your install be too old to update, you can fix the bug by editing the file in /etc/webmin/miniserv.conf and remove the passwd_mode= line, followed by restarting the webmin service. A quick easy shell script for this would be like this ...

sed -i s/passwd_mode.*// /etc/webmin/miniserv.conf 
service webmin restart

If you need a hand with any of this, pop in a ticket and we can help out.

Posted in Security | Tagged , , , | Comments Off on Exploits on Webmin 1.8xx and earlier