# # 24-10-17 rdp initial install # # vim 00_History_142.103.51.23_web01 # ln -s 00_History_142.103.51.23_web01 00_History # hostnamectl hostname web01.phas.ubc.ca # hostnamectl Static hostname: web01.phas.ubc.ca Icon name: computer-vm Chassis: vm Machine ID: 1a3c5f7fc9c04a939fd5bc43670c9ba0 Boot ID: 14dbb740d59948a68a7b8d06358be447 Virtualization: vmware Operating System: Ubuntu 22.04.5 LTS Kernel: Linux 5.15.0-122-generic Architecture: x86-64 Hardware Vendor: VMware, Inc. Hardware Model: VMware7,1 # apt install mailutils The following additional packages will be installed: gsasl-common guile-3.0-libs libfribidi0 libgc1 libgsasl7 libidn12 libltdl7 libmailutils8 libmysqlclient21 libntlm0 libpq5 mailutils-common mysql-common Suggested packages: mailutils-mh mailutils-doc The following NEW packages will be installed: gsasl-common guile-3.0-libs libfribidi0 libgc1 libgsasl7 libidn12 libltdl7 libmailutils8 libmysqlclient21 libntlm0 libpq5 mailutils mailutils-common mysql-common 0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded. .... Setting up mailutils (1:3.14-1) ... update-alternatives: using /usr/bin/frm.mailutils to provide /usr/bin/frm (frm) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/frm.1.gz because associated file /usr/share/man/man1/frm.mailutil s.1.gz (of link group frm) doesn't exist update-alternatives: using /usr/bin/from.mailutils to provide /usr/bin/from (from) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/from.1.gz because associated file /usr/share/man/man1/from.mailut ils.1.gz (of link group from) doesn't exist update-alternatives: using /usr/bin/messages.mailutils to provide /usr/bin/messages (messages) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/messages.1.gz because associated file /usr/share/man/man1/message s.mailutils.1.gz (of link group messages) doesn't exist update-alternatives: using /usr/bin/movemail.mailutils to provide /usr/bin/movemail (movemail) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/movemail.1.gz because associated file /usr/share/man/man1/movemai l.mailutils.1.gz (of link group movemail) doesn't exist update-alternatives: using /usr/bin/readmsg.mailutils to provide /usr/bin/readmsg (readmsg) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/readmsg.1.gz because associated file /usr/share/man/man1/readmsg. mailutils.1.gz (of link group readmsg) doesn't exist update-alternatives: using /usr/bin/dotlock.mailutils to provide /usr/bin/dotlock (dotlock) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/dotlock.1.gz because associated file /usr/share/man/man1/dotlock. mailutils.1.gz (of link group dotlock) doesn't exist Processing triggers for libc-bin (2.35-0ubuntu3.8) ... Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host. # dpkg-query -L mailutils /. /usr /usr/bin /usr/bin/decodemail /usr/bin/dotlock.mailutils /usr/bin/frm.mailutils /usr/bin/from.mailutils /usr/bin/mail.mailutils /usr/bin/messages.mailutils /usr/bin/mimeview /usr/bin/movemail.mailutils /usr/bin/readmsg.mailutils /usr/bin/sieve /usr/share /usr/share/doc /usr/share/doc/mailutils... /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/mailutils /usr/share/man /usr/share/man/man1/... /usr/share/man/man1/sieve.1.gz /usr/share/doc/mailutils/changelog.Debian.gz # apt install rsync # fdisk -l | grep sd Disk /dev/sda: 1.46 GiB, 1572864000 bytes, 3072000 sectors /dev/sda1 2048 1103871 1101824 538M EFI System /dev/sda2 1103872 3069951 1966080 960M Linux filesystem Disk /dev/sdb: 32 GiB, 34359738368 bytes, 67108864 sectors # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 1.5G 0 disk ├─sda1 8:1 0 538M 0 part /boot/efi └─sda2 8:2 0 960M 0 part /boot sdb 8:16 0 32G 0 disk ├─VGroot-LVroot 253:0 0 7G 0 lvm / ├─VGroot-LVvar 253:1 0 6G 0 lvm /var ├─VGroot-LVvartmp 253:2 0 3G 0 lvm /var/tmp ├─VGroot-LVaudit 253:3 0 2G 0 lvm /var/log/audit ├─VGroot-LVhome 253:4 0 6G 0 lvm /home ├─VGroot-LVswap 253:5 0 4G 0 lvm [SWAP] └─VGroot-LVlog 253:6 0 4G 0 lvm /var/log sr0 11:0 1 1024M 0 rom ## add disk in VMware # fdisk -l | grep sd Disk /dev/sda: 1.46 GiB, 1572864000 bytes, 3072000 sectors /dev/sda1 2048 1103871 1101824 538M EFI System /dev/sda2 1103872 3069951 1966080 960M Linux filesystem Disk /dev/sdb: 32 GiB, 34359738368 bytes, 67108864 sectors Disk /dev/sdc: 96 GiB, 103079215104 bytes, 201326592 sectors # fdisk /dev/sdc Command (m for help): n Partition type p primary (0 primary, 0 extended, 4 free) e extended (container for logical partitions) Select (default p): p Partition number (1-4, default 1): First sector (2048-201326591, default 2048): Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-201326591, default 201326591): Created a new partition 1 of type 'Linux' and of size 96 GiB. Command (m for help): t Hex code or alias (type L to list all): 8e Changed type of partition 'Linux' to 'Linux LVM'. Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table. Syncing disks. [root@web01 ~] 14:19:31 # fdisk -l | grep sd Disk /dev/sda: 1.46 GiB, 1572864000 bytes, 3072000 sectors /dev/sda1 2048 1103871 1101824 538M EFI System /dev/sda2 1103872 3069951 1966080 960M Linux filesystem Disk /dev/sdb: 32 GiB, 34359738368 bytes, 67108864 sectors Disk /dev/sdc: 96 GiB, 103079215104 bytes, 201326592 sectors /dev/sdc1 2048 201326591 201324544 96G 8e Linux LVM # pvcreate /dev/sdc1 Physical volume "/dev/sdc1" successfully created. [root@web01 ~] 14:21:48 # pvdisplay --- Physical volume --- PV Name /dev/sdb VG Name VGroot PV Size 32.00 GiB / not usable 4.00 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 8191 Free PE 0 Allocated PE 8191 PV UUID mNxKY8-tdDW-uCeJ-t5BC-JvmT-5tQs-W0m1K3 "/dev/sdc1" is a new physical volume of "<96.00 GiB" --- NEW Physical volume --- PV Name /dev/sdc1 VG Name PV Size <96.00 GiB Allocatable NO PE Size 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID hAklwZ-PUDR-Jg9H-oQMI-6VwI-6gDi-08EqYs [root@web01 ~] 14:22:00 # pvs PV VG Fmt Attr PSize PFree /dev/sdb VGroot lvm2 a-- <32.00g 0 /dev/sdc1 lvm2 --- <96.00g <96.00g [root@web01 ~] 14:22:09 # pvscan PV /dev/sdb VG VGroot lvm2 [<32.00 GiB / 0 free] PV /dev/sdc1 lvm2 [<96.00 GiB] Total: 2 [<128.00 GiB] / in use: 1 [<32.00 GiB] / in no VG: 1 [<96.00 GiB] [root@web01 ~] 14:22:22 # vgcreate VG_DATA01 /dev/sdc1 Volume group "VG_DATA01" successfully created [root@web01 ~] 14:22:57 # lvcreate --name LV_DATA01 -l 100%FREE VG_DATA01 Logical volume "LV_DATA01" created. # mkfs.xfs /dev/VG_DATA01/LV_DATA01 meta-data=/dev/VG_DATA01/LV_DATA01 isize=512 agcount=4, agsize=6291200 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 bigtime=0 inobtcount=0 data = bsize=4096 blocks=25164800, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=12287, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 # mkdir /www # vim /etc/fstab # additions by rdp /dev/mapper/VG_DATA01-LV_DATA01 /www xfs defaults 1 2 # mount /www # df -hT Filesystem Type Size Used Avail Use% Mounted on tmpfs tmpfs 96M 956K 95M 1% /run /dev/mapper/VGroot-LVroot xfs 7.0G 3.8G 3.3G 54% / tmpfs tmpfs 479M 0 479M 0% /dev/shm tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs tmpfs 479M 4.0K 479M 1% /tmp /dev/sda2 xfs 954M 400M 555M 42% /boot /dev/sda1 vfat 537M 6.1M 531M 2% /boot/efi /dev/mapper/VGroot-LVhome xfs 6.0G 76M 6.0G 2% /home /dev/mapper/VGroot-LVvar xfs 6.0G 1.3G 4.8G 21% /var /dev/mapper/VGroot-LVvartmp xfs 3.0G 54M 3.0G 2% /var/tmp /dev/mapper/VGroot-LVlog xfs 4.0G 1.2G 2.8G 30% /var/log /dev/mapper/VGroot-LVaudit xfs 2.0G 47M 2.0G 3% /var/log/audit tmpfs tmpfs 96M 4.0K 96M 1% /run/user/0 /dev/mapper/VG_DATA01-LV_DATA01 xfs 96G 718M 96G 1% /www # vim /etc/postfix/main.cf # vim /etc/mailname # systemctl start postfix # systemctl status postfix ● postfix.service - Postfix Mail Transport Agent Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled) Active: active (exited) since Thu 2024-10-17 13:58:23 PDT; 32min ago Docs: man:postfix(1) Main PID: 1712 (code=exited, status=0/SUCCESS) CPU: 828us Oct 17 13:58:23 web01 systemd[1]: Starting Postfix Mail Transport Agent... Oct 17 13:58:23 web01 systemd[1]: Finished Postfix Mail Transport Agent. # vim /etc/aliases # cat /etc/aliases # See man 5 aliases for format postmaster: root root: web01-admin@mail.phas.ubc.ca # newaliases # apt install apache2 Use 'apt autoremove' to remove them. The following additional packages will be installed: apache2-bin apache2-data apache2-utils bzip2 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4 liblua5.3-0 mailcap mime-support Suggested packages: apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser bzip2-doc The following NEW packages will be installed: apache2 apache2-bin apache2-data apache2-utils bzip2 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4 liblua5.3-0 mailcap mime-support 0 upgraded, 13 newly installed, 0 to remove and 1 not upgraded. Enabling module mpm_event. Enabling module authz_core. Enabling module authz_host. Enabling module authn_core. Enabling module auth_basic. Enabling module access_compat. Enabling module authn_file. Enabling module authz_user. Enabling module alias. Enabling module dir. Enabling module autoindex. Enabling module env. Enabling module mime. Enabling module negotiation. Enabling module setenvif. Enabling module filter. Enabling module deflate. Enabling module status. Enabling module reqtimeout. Enabling conf charset. Enabling conf localized-error-pages. Enabling conf other-vhosts-access-log. Enabling conf security. Enabling conf serve-cgi-bin. Enabling site 000-default. Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service. Created symlink /etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service → /lib/systemd/system/apache-htcacheclean.service. Processing triggers for ufw (0.36.1-4ubuntu0.1) ... Processing triggers for libc-bin (2.35-0ubuntu3.8) ... # apt install fail2ban The following additional packages will be installed: python3-pyinotify python3-systemd whois Suggested packages: system-log-daemon monit sqlite3 python-pyinotify-doc The following NEW packages will be installed: fail2ban python3-pyinotify python3-systemd whois 0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded. Need to get 512 kB of archives. Setting up whois (5.5.13) ... Setting up fail2ban (0.11.2-6) ... Setting up python3-pyinotify (0.9.6-1.3) ... Setting up python3-systemd (234-3ubuntu2) ... # cat /root/.vimrc " https://vim.fandom.com/wiki/Disable_automatic_comment_insertion " next line disables the auto comment in vim editor autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o ================================================================ 24-10-18 # apt install logwatch The following additional packages will be installed: libdate-manip-perl Suggested packages: libsys-cpu-perl libsys-meminfo-perl The following NEW packages will be installed: libdate-manip-perl logwatch Setting up libdate-manip-perl (6.86-1) ... Setting up logwatch (7.5.6-1ubuntu1) ... # cd /etc/apache2/sites-available/ # ll -rw-r--r-- 1 root root 1332 Dec 4 2023 000-default.conf -rw-r--r-- 1 root root 6338 Dec 4 2023 default-ssl.conf # rsync -av root@websvr01.phas.ubc.ca::root/etc/httpd/sites-available/ . receiving incremental file list ./ bpss.conf elab-course.conf mschallenge.conf phys420.conf pitp.conf require-intranet.conf sms-course.conf websvr01.conf z_atlas.conf_ON_BUMBLEBEE z_summercamps.conf_ON_ARCHIVES archive/ ... archive/zNotUsed_uso.conf sent 1,483 bytes received 117,956 bytes 238,878.00 bytes/sec total size is 112,027 speedup is 0.94 # cd ../sites-enabled/ # ll lrwxrwxrwx 1 root root 35 Oct 17 15:48 000-default.conf -> ../sites-available/000-default.conf # rsync -av root@websvr01.phas.ubc.ca::root/etc/httpd/sites-enabled/ . receiving incremental file list ./ bpss.conf -> ../sites-available/bpss.conf mschallenge.conf -> ../sites-available/mschallenge.conf phys420.conf -> ../sites-available/phys420.conf pitp.conf -> ../sites-available/pitp.conf websvr01.conf -> ../sites-available/websvr01.conf sent 42 bytes received 358 bytes 800.00 bytes/sec total size is 154 speedup is 0.39 # cd /etc/ # rsync -av root@websvr01.phas.ubc.ca::root/etc/letsencrypt . receiving incremental file list letsencrypt/ ... letsencrypt/renewal/websvr01.phas.ubc.ca.conf sent 142,868 bytes received 11,332,224 bytes 2,086,380.36 bytes/sec total size is 10,764,306 speedup is 0.94 # systemctl restart apache2 Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details. # journalctl -xeu apache2.service ░░ ░░ A stop job for unit apache2.service has begun execution. ░░ ░░ The job identifier is 2393. Oct 18 12:36:02 web01.phas.ubc.ca apachectl[4770]: AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/bpss.conf: Oct 18 12:36:02 web01.phas.ubc.ca apachectl[4770]: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not inclu> Oct 18 12:36:02 web01.phas.ubc.ca apachectl[4768]: Action 'graceful-stop' failed. Oct 18 12:36:02 web01.phas.ubc.ca apachectl[4768]: The Apache error log may have more information. Oct 18 12:36:02 web01.phas.ubc.ca systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE # a2enmod rewrite Enabling module rewrite. To activate the new configuration, you need to run: systemctl restart apache2 # systemctl restart apache2 [root@web01-EduCld-UB22 etc] 12:37:58 # apt install certbot The following additional packages will be installed: python3-acme python3-certbot python3-configargparse python3-icu python3-josepy python3-openssl python3-parsedatetime python3-requests-toolbelt python3-rfc3339 python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Suggested packages: python-certbot-doc python3-certbot-apache python3-certbot-nginx python-acme-doc python-openssl-doc python3-openssl-dbg The following NEW packages will be installed: certbot python3-acme python3-certbot python3-configargparse python3-icu python3-josepy python3-openssl python3-parsedatetime python3-requests-toolbelt python3-rfc3339 python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface 0 upgraded, 14 newly installed, 0 to remove and 1 not upgraded. Preconfiguring packages ... Can't exec "/tmp/certbot.config.oToWzV": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178. open2: exec of /tmp/certbot.config.oToWzV configure failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59. Selecting previously unselected package python3-openssl. Selecting previously unselected package python3-josepy. Selecting previously unselected package python3-requests-toolbelt. Selecting previously unselected package python3-rfc3339. Selecting previously unselected package python3-acme. Selecting previously unselected package python3-configargparse. Selecting previously unselected package python3-parsedatetime. Selecting previously unselected package python3-zope.hookable. Selecting previously unselected package python3-zope.interface. Selecting previously unselected package python3-zope.event. Selecting previously unselected package python3-zope.component. Selecting previously unselected package python3-certbot. Selecting previously unselected package python3-icu. Selecting previously unselected package certbot. Setting up python3-configargparse (1.5.3-1) ... Setting up python3-requests-toolbelt (0.9.1-1) ... Setting up python3-parsedatetime (2.6-2) ... Setting up python3-icu (2.8.1-0ubuntu2) ... Setting up python3-zope.event (4.4-3) ... Setting up python3-zope.interface (5.4.0-1build1) ... Setting up python3-openssl (21.0.0-1) ... Setting up python3-zope.hookable (5.1.0-1build1) ... Setting up python3-josepy (1.10.0-1) ... Setting up python3-rfc3339 (1.1-3) ... Setting up python3-zope.component (4.3.0-3) ... Setting up python3-acme (1.21.0-1ubuntu0.1) ... Setting up python3-certbot (1.21.0-1build1) ... Setting up certbot (1.21.0-1build1) ... Created symlink /etc/systemd/system/timers.target.wants/certbot.timer → /lib/systemd/system/certbot.timer. # certbot delete Saving debug log to /var/log/letsencrypt/letsencrypt.log Which certificate(s) would you like to delete? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: bpss.phas.ubc.ca 2: mschallenge.phas.ubc.ca 3: phys420.phas.ubc.ca 4: pitp.phas.ubc.ca 5: websvr01.phas.ubc.ca - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certificate(s) are selected for deletion: * websvr01.phas.ubc.ca Are you sure you want to delete the above certificate(s)? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Deleted all files relating to certificate websvr01.phas.ubc.ca. # certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log The requested apache plugin does not appear to be installed # apt install python3-certbot-apache The following additional packages will be installed: augeas-lenses libaugeas0 python3-augeas Suggested packages: augeas-doc augeas-tools python-certbot-apache-doc The following NEW packages will be installed: augeas-lenses libaugeas0 python3-augeas python3-certbot-apache # a2enmod ssl Considering dependency setenvif for ssl: Module setenvif already enabled Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Enabling module socache_shmcb. Enabling module ssl. See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates. To activate the new configuration, you need to run: systemctl restart apache2 # systemctl restart apache2 # apt install php The following additional packages will be installed: libapache2-mod-php8.1 php-common php8.1 php8.1-cli php8.1-common php8.1-opcache php8.1-readline psmisc Suggested packages: php-pear The following NEW packages will be installed: libapache2-mod-php8.1 php php-common php8.1 php8.1-cli php8.1-common php8.1-opcache php8.1-readline psmisc 0 upgraded, 9 newly installed, 0 to remove and 1 not upgraded. Selecting previously unselected package psmisc. Selecting previously unselected package php-common. Selecting previously unselected package php8.1-common. Selecting previously unselected package php8.1-opcache. Selecting previously unselected package php8.1-readline. Selecting previously unselected package php8.1-cli. Selecting previously unselected package libapache2-mod-php8.1. Selecting previously unselected package php8.1. Selecting previously unselected package php. Setting up psmisc (23.4-2build3) ... Setting up php8.1-common (8.1.2-1ubuntu2.19) ... Creating config file /etc/php/8.1/mods-available/calendar.ini with new version Creating config file /etc/php/8.1/mods-available/ctype.ini with new version Creating config file /etc/php/8.1/mods-available/exif.ini with new version Creating config file /etc/php/8.1/mods-available/fileinfo.ini with new version Creating config file /etc/php/8.1/mods-available/ffi.ini with new version Creating config file /etc/php/8.1/mods-available/ftp.ini with new version Creating config file /etc/php/8.1/mods-available/gettext.ini with new version Creating config file /etc/php/8.1/mods-available/iconv.ini with new version Creating config file /etc/php/8.1/mods-available/pdo.ini with new version Creating config file /etc/php/8.1/mods-available/phar.ini with new version Creating config file /etc/php/8.1/mods-available/posix.ini with new version Creating config file /etc/php/8.1/mods-available/shmop.ini with new version Creating config file /etc/php/8.1/mods-available/sockets.ini with new version Creating config file /etc/php/8.1/mods-available/sysvmsg.ini with new version Creating config file /etc/php/8.1/mods-available/sysvsem.ini with new version Creating config file /etc/php/8.1/mods-available/sysvshm.ini with new version Creating config file /etc/php/8.1/mods-available/tokenizer.ini with new version Setting up php8.1-readline (8.1.2-1ubuntu2.19) ... Creating config file /etc/php/8.1/mods-available/readline.ini with new version Setting up php8.1-opcache (8.1.2-1ubuntu2.19) ... Creating config file /etc/php/8.1/mods-available/opcache.ini with new version Setting up php8.1-cli (8.1.2-1ubuntu2.19) ... update-alternatives: using /usr/bin/php8.1 to provide /usr/bin/php (php) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/php.1.gz because associated file /usr/share/man/man1/php8.1.1.gz (of link group php) doesn't exist update-alternatives: using /usr/bin/phar8.1 to provide /usr/bin/phar (phar) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/phar.1.gz because associated file /usr/share/man/man1/phar8.1.1.gz (of link group phar) doesn't exist update-alternatives: using /usr/bin/phar.phar8.1 to provide /usr/bin/phar.phar (phar.phar) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/phar.phar.1.gz because associated file /usr/share/man/man1/phar.phar8.1.1.gz (of link group phar.phar) doesn't exist Creating config file /etc/php/8.1/cli/php.ini with new version Setting up libapache2-mod-php8.1 (8.1.2-1ubuntu2.19) ... Creating config file /etc/php/8.1/apache2/php.ini with new version Module mpm_event disabled. Enabling module mpm_prefork. apache2_switch_mpm Switch to prefork apache2_invoke: Enable module php8.1 Setting up php8.1 (8.1.2-1ubuntu2.19) ... Setting up php (2:8.1+92ubuntu1) ... Processing triggers for php8.1-cli (8.1.2-1ubuntu2.19) ... Processing triggers for libapache2-mod-php8.1 (8.1.2-1ubuntu2.19) ... # certbot -v --apache certonly --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: bpss.phas.ubc.ca 2: mschallenge.phas.ubc.ca 3: phys420.phas.ubc.ca 4: pitp.phas.ubc.ca 5: web01.phas.ubc.ca 6: bpss.physics.ubc.ca 7: mschallenge.physics.ubc.ca 8: pitp.physics.ubc.ca - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 5 Simulating a certificate request for web01.phas.ubc.ca Performing the following challenges: http-01 challenge for web01.phas.ubc.ca Waiting for verification... Challenge failed for domain web01.phas.ubc.ca http-01 challenge for web01.phas.ubc.ca Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems: Domain: web01.phas.ubc.ca Type: unauthorized Detail: 142.103.51.23: Invalid response from http://web01.phas.ubc.ca/.well-known/acme-challenge/CLShTAobZmc5G1anL4rHxVjgMHwWDyWNjhK4XZR8E-k: 403 Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet. Cleaning up challenges Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. Solution: # cd /var/lib/letsencrypt/ # ll total 0 drwxr-x--- 2 root root 6 Oct 18 13:28 backups drwxr-xr-x 2 root root 6 Oct 18 15:36 http_challenges # cd .. # ls -ld letsencrypt/ drwxr-x--- 4 root root 44 Oct 18 15:36 letsencrypt/ # pwd /var/lib # chmod -R a+rX letsencrypt/ # ls -ld letsencrypt/ drwxr-xr-x 4 root root 44 Oct 18 15:36 letsencrypt/ # cd letsencrypt/ # ll total 0 drwxr-xr-x 2 root root 6 Oct 18 13:28 backups drwxr-xr-x 2 root root 6 Oct 18 15:36 http_challenges # certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: bpss.phas.ubc.ca 2: mschallenge.phas.ubc.ca 3: phys420.phas.ubc.ca 4: pitp.phas.ubc.ca 5: web01.phas.ubc.ca 6: bpss.physics.ubc.ca 7: mschallenge.physics.ubc.ca 8: pitp.physics.ubc.ca - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 5 Requesting a certificate for web01.phas.ubc.ca Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/web01.phas.ubc.ca/fullchain.pem Key is saved at: /etc/letsencrypt/live/web01.phas.ubc.ca/privkey.pem This certificate expires on 2025-01-16. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for web01.phas.ubc.ca to /etc/apache2/sites-enabled/web01.conf Congratulations! You have successfully enabled HTTPS on https://web01.phas.ubc.ca # openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 Generating DH parameters, 2048 bit long safe prime ........+........ ======================================================================== 24-10-21 # apt install plocate The following additional packages will be installed: liburing2 The following NEW packages will be installed: liburing2 plocate Selecting previously unselected package liburing2:amd64. Selecting previously unselected package plocate. Setting up liburing2:amd64 (2.1-2build1) ... Setting up plocate (1.1.15-1ubuntu2) ... update-alternatives: using /usr/bin/plocate to provide /usr/bin/locate (locate) in auto mode update-alternatives: warning: skip creation of /usr/share/man/man1/locate.1.gz because associated file /usr/share/man/man1/plocate.1.gz (of link group locate) doesn't exist update-alternatives: warning: skip creation of /usr/share/man/man8/updatedb.8.gz because associated file /usr/share/man/man8/updatedb.plocate.8.gz (of link group locate) doesn't exist Adding group `plocate' (GID 116) ... Done. Initializing plocate database; this may take some time... done Created symlink /etc/systemd/system/timers.target.wants/plocate-updatedb.timer → /lib/systemd/system/plocate-updatedb.timer. Processing triggers for libc-bin (2.35-0ubuntu3.8) ... # apt-get install update-notifier-common The following additional packages will be installed: distro-info patch python3-debian ubuntu-advantage-tools ubuntu-pro-client ubuntu-pro-client-l10n update-manager-core Suggested packages: shunit2 ed diffutils-doc The following NEW packages will be installed: distro-info patch python3-debian ubuntu-advantage-tools ubuntu-pro-client ubuntu-pro-client-l10n update-manager-core update-notifier-common Preconfiguring packages ... Can't exec "/tmp/ubuntu-advantage-tools.config.y9NCY6": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178. open2: exec of /tmp/ubuntu-advantage-tools.config.y9NCY6 configure failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59. Selecting previously unselected package patch. Selecting previously unselected package distro-info. Selecting previously unselected package ubuntu-pro-client. Selecting previously unselected package ubuntu-advantage-tools. Selecting previously unselected package update-manager-core. Selecting previously unselected package update-notifier-common. Selecting previously unselected package ubuntu-pro-client-l10n. Setting up distro-info (1.1ubuntu0.2) ... Setting up python3-debian (0.1.43ubuntu1.1) ... Setting up patch (2.7.6-7build2) ... Setting up ubuntu-pro-client (34~22.04) ... Created symlink /etc/systemd/system/multi-user.target.wants/ua-reboot-cmds.service → /lib/systemd/system/ua-reboot-cmds.service. Created symlink /etc/systemd/system/timers.target.wants/ua-timer.timer → /lib/systemd/system/ua-timer.timer. Created symlink /etc/systemd/system/multi-user.target.wants/ubuntu-advantage.service → /lib/systemd/system/ubuntu-advantage.service. Setting up ubuntu-pro-client-l10n (34~22.04) ... Setting up ubuntu-advantage-tools (34~22.04) ... Setting up update-manager-core (1:22.04.21) ... Setting up update-notifier-common (3.192.54.8) ... Created symlink /etc/systemd/system/timers.target.wants/update-notifier-download.timer → /lib/systemd/system/update-notifier-download.timer. Created symlink /etc/systemd/system/timers.target.wants/update-notifier-motd.timer → /lib/systemd/system/update-notifier-motd.timer. update-notifier-download.service is a disabled or a static unit, not starting it. update-notifier-motd.service is a disabled or a static unit, not starting it. ======================================================================== 24-11-20 certbot renew --cert-name pitp.phas.ubc.ca --dry-run # certbot certonly --dry-run --apache -d pitp.phas.ubc.ca Saving debug log to /var/log/letsencrypt/letsencrypt.log Error while running apache2ctl configtest. Action 'configtest' failed. The Apache error log may have more information. AH00526: Syntax error on line 23 of /etc/apache2/sites-enabled/pitp.conf: SSLCertificateFile: file '/etc/letsencrypt/live/pitp.phas.ubc.ca/cert.pem' does not exist or is empty The apache plugin is not working; there may be problems with your existing configuration. The error was: MisconfigurationError("Error while running apache2ctl configtest.\nAction 'configtest' failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 23 of /etc/apache2/sites-enabled/pitp.conf:\nSSLCertificateFile: file '/etc/letsencrypt/live/pitp.phas.ubc.ca/cert.pem' does not exist or is empty\n") Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. # vim /etc/apache2/sites-enabled/pitp.conf # systemctl restart apache2 # certbot certonly --dry-run --apache -d pitp.phas.ubc.ca Saving debug log to /var/log/letsencrypt/letsencrypt.log Simulating a certificate request for pitp.phas.ubc.ca The dry run was successful. # certbot certonly --apache -d pitp.phas.ubc.ca Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for pitp.phas.ubc.ca Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/pitp.phas.ubc.ca/fullchain.pem Key is saved at: /etc/letsencrypt/live/pitp.phas.ubc.ca/privkey.pem This certificate expires on 2025-02-18. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # vim /etc/apache2/sites-enabled/pitp.conf # systemctl restart apache2 ======================================================================== # shutdown -r 23:31 "Maintenance reboot at 11:31pm 25-01-30" Reboot scheduled for Thu 2025-01-30 23:31:00 PST, use 'shutdown -c' to cancel. ===================================================================================================== shutdown -r 23:31 "Maintenance reboot at 11:31pm 2025-02-06" USEC=1738913460000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 11:31pm 2025-02-06 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-03-17" USEC=1742279460000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-03-17 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-03-31" USEC=1743489060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-03-31 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-05-20" USEC=1747809060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-05-20 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-06-05" USEC=1749191460000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-06-05 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-06-26" USEC=1751005860000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-06-26 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-07-03" USEC=1751610660000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-07-03 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-07-29" USEC=1753857060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-07-29 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-09-03" USEC=1756967460000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-09-03 date -d @USEC ===================================================================================================== 25-09-15 # vim /etc/rsyncd.conf # cat /etc/rsyncd.conf # /etc/rsyncd: configuration file for rsync daemon mode # See rsyncd.conf man page for more options. # configuration example: # uid = nobody # gid = nobody # use chroot = yes # max connections = 4 # pid file = /var/run/rsyncd.pid # exclude = lost+found/ # transfer logging = yes # timeout = 900 # ignore nonreadable = yes # dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 # [ftp] # path = /home/ftp # comment = ftp export area # /etc/rsyncd: configuration file for rsync daemon mode uid = root max connections = 5 syslog facility = local5 pid file = /var/run/rsyncd.pid [root] path=/ read only = yes # allow azul zbox borg ctl hosts allow = 142.103.51.4 142.103.236.6 142.103.236.30 142.103.51.25 # systemctl start rsync # systemctl enable rsync Synchronizing state of rsync.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable rsync Created symlink /etc/systemd/system/multi-user.target.wants/rsync.service → /lib/systemd/system/rsync.service. # systemctl status rsync ● rsync.service - fast remote file copy program daemon Loaded: loaded (/lib/systemd/system/rsync.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2025-09-15 11:48:27 PDT; 12s ago Docs: man:rsync(1) man:rsyncd.conf(5) Main PID: 123450 (rsync) Tasks: 1 (limit: 1012) Memory: 788.0K CPU: 10ms CGroup: /system.slice/rsync.service └─123450 /usr/bin/rsync --daemon --no-detach Sep 15 11:48:27 web01.phas.ubc.ca systemd[1]: Started fast remote file copy program daemon. Sep 15 11:48:27 web01.phas.ubc.ca rsyncd[123450]: rsyncd version 3.2.7 starting, listening on port 873 ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-09-29" USEC=1759213860000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-09-29 date -d @USEC ===================================================================================================== # dpkg -S /usr/lib/update-notifier/apt-check update-notifier-common: /usr/lib/update-notifier/apt-check ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-10-06" USEC=1759818660000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-10-06 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-10-06" USEC=1759818660000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-10-06 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:31 "Maintenance reboot at 23:31pm 2025-10-22" USEC=1761201060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:31pm 2025-10-22 date -d @USEC =====================================================================================================