Archive for July, 2019

Upgrading to Debian Buster

July 10, 2019 Comments off

Upgrading my cloud server (Linode) to Debian Buster was not too difficult. There were a few problems. Having a backup image and the ability to take a snapshot of your present system is essential if you are using your server for essential services.

Here is my experience.

First login and edit /etc/apt/sources.list and change all occurrences of stretch to buster. I use vi so just use this command %s/stretch/buster/g and save your work.

Next step user apt update and apt upgrade to install “buster”. It goes pretty quickly. After in installation is complete reboot the system. Run apt full-upgrade. You may see addition packages, then run apt autoremove to remove any old packages.

I ran into three issues. These included problems with dovecot, nsd, and nginx as I use my server for mail, nameservice and a web server.

First nsd nameserver. If you already have it configured under stretch. Simply remove the *.pem and *.key files and rerun nsd-control-setup. Then restart nsd and it should start as it should. The only problem I have found is logging. I had created /var/log/nsd.log and that seems to fail now. You can simply continue to use nsd with syslog as your logging method and that works fine.

On one upgrade I did have to reinstall nginx. However on several other upgrades, there was no problem. Just make a backup of sites-available for both apache2 and nginx, just in case.

As for Dovecot. I use dovecot ssl. It seems you need to regenerate dh.pem the dovecot ssl wiki as follows:

ssl_dh = </etc/dovecot/dh.pem (this will take a while)

Add the following to /etc/dovecot/conf.d/10-ssl.conf

ssl_dh = </etc/dovecot/dh.pem

ssl_min_protocol = TLSv1.2

ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:


ssl_prefer_server_ciphers = yes

ssl_min_protocol = TLSv1.2

Restart dovecot and it should function properly.

Categories: sysadmin