testing | xfce old debian wheezy | memcached configuration file | testing | tutorial openvpn on debian


How To Create Fast And Reliable Backup Using Rsnapshot

rsync is probably the most common solution for backup on Linux, because it is extremely fast and makes incremental backups (transfer "only differences" between two versions of a file), which is extremely useful in network backups.

However, synchronization (sync) a folder to a backup device, is far from being considered "backup", as it does not keep old versions of files. The problem is solved with rsync as described in the famous article Easy Automated Snapshot-Style Backups with Linux and Rsync, by Mike Rubel.

Update Postgres Major Version in Debian Jessie

Postgresql update is not a trivial task.

According to PostgreSQL Versioning policy:

A major release is numbered by increasing either the first or second part of the version number, e.g. 9.1 to 9.2.

Minor releases are numbered by increasing the third part of the version number, e.g. 9.2.3 to 9.2.4

Upgrading to a minor version is done through the upgrade process of Debian.

For major versions, the process is much more complex. This post describes the upgrading from 9.4 to 9.5 in a Debian (Jessie) server.

A Simple Guide to Obtain and Install an SSL Certificate

More and more companies use SSL certificates (small data files that digitally bind a cryptographic key) to protect their customers sensitive data, as username, password and credit card number, as they are transmitted over the internet.

There is a large number of companies provide SSL certificates (Certificate authorities) - see here - and a wide variety of SSL certificates. So, it is often difficult for the average user to choose the right SSL certificate.

In the following post I describe the process of obtaining and installing a Comodo PositiveSSL SSL certificate on a Debian server with Apache 2.4.10 over port 443 for domain "site.com" There are small differences in this procedure in other operating systems and web servers. You will usually find detailed documentation on the site where you purchased the SSL certificate.

Upgrade Debian 7 Wheezy to 8 Jessie

One of the advantages of Debian operating system is the ability to live update a production server from current to next release. Under normal circumstances you do not have to re-setup the system. So you avoid downtime, something critical for server systems.

There are possibilities this procedure to fail, so you must take a full system backup before.

Debian Jessie ships with Apache 2.4 There are some important changes with this version, which could break your current configuration. Details below.

The same procedure can be applied to desktop machines. There is more complexity in this case, due to graphical desktop environment.

Detailed official documentation is available here: Upgrades from Debian 7 (wheezy).

Here I describe a successful upgrade of a Debian LAMP server system from Wheezy to Jessie.

Debian 8 Jessie Dedicated Web Server Setup Step by Step

Debian 8.0 Jessie was initially released on April 26th, 2015. Jessie is powered by Linux kernel 3.16. Jessie ships with a new default init system, systemd. The sysvinit init system is still available in Jessie. More information here.

In this post I describe a dedicated server setup, using Debian Jessie. It is a Hetzner EX40 dedicated server with IP My blog, my company website and some other web projects will be hosted in this server.

I use DnsMadeEasy for all my DNS needs. I use No IP for email forwarding to Gmail. So I will not setup bind name server or a full blown mail server. Default Debian MTA (exim4) is enough for the server to send emails.

I selected a minimal Debian amd64 server (basic Debian system and SSH). Thanks to Hetzner staff, the server was up and running in less than 10 minutes. As usual, they sent me the IP and root password. Below I describe the whole procedure after this point.

Securing web applications with modsecurity on Debian Wheezy

Mod-security is a (third party) module of Apache (recently Microsoft IIS και NGINX) offering intrusion detection and (some kind of) prevention for web applications, acting as a web application firewall. The mod_security module created by Ivan Ristic (writer of the relevant book), but, now, is actually a service of Trustwave.

Indicative types of attacks:

  • SQL injection attacks
  • XSS cross-site scripting
  • path traversal attacks
  • file inclusion
  • Denial of service (DOS) attack (experimental)
  • Brute force attack (experimental)

How to setup a workstation computer with Debian Wheezy and XFCE4

Debian is an ideal solution for servers. Stability is the main advantage of Debian. At the same time the stable Debian version doesn't contain the most recent packages. So, Debian is not one of first choices for someone who wants to use Linux for Desktop. Probably he/she will choose Ubuntu or Linux Mint or Fedora.

I use Archlinux on my desktop PC. Even if Archlinux is not suitable for the novice Linux user, it is rock solid, it contains cutting edge software and you can find any package you want in its repositories (official or AUR). But, recently, I setup a Fujitsu Siemens AMILO Notebook Xi 3650 with Debian 7 Wheezy and XFCE4. I was surprised with the final result! Not a super cool and fancy desktop, but a nice environment with great support for sound, Flash, Nvidia and any kind of networking "out of the box".

How to setup OpenVPN on Debian server

If you want to access via the internet a computer which is behind a NAT router and it has not direct access to the internet, you need a VPN solution. If the router has not a static IP, you need a Dynamic DNS solution, like No-IP or any other dyndns provider. Most routers support DynDNS "out of the box".

You have to forward UDP port 1194 from the router/gateway to the machine running the OpenVPN server.

OpenVPN is an excellent open source solution. Excellent documentation is available here. OpenVPN also provides commercial services. Here is described the most common scenario, when you are using the community edition of OpenVPN. The server will obtain an IP like and your client computer (laptop, workstation etc) a similar IP e.g. So the connection becomes possible, while OpenVPN is running.

Gmail smarthost with Exim4 on Debian

Setting up your Linux workstation or a virtual machine, there is no public IP or domain available. If you want to send mail from this machine, reverse DNS will fail and you will get the following error message:

Helo command rejected: need fully-qualified hostname

To avoid this situation, exim4 (the default Debian MTA) can be adjusted to use SMARTHOST (in this case a gmail account, but any other smtp server can be used).

How to Install PostgreSQL 9.3 on Debian 7 Wheezy

While MySQL considered as "The world's most popular open source database", PostgreSQL rightly considered as "the world's most advanced open source database".

PostgreSQL architecture is based on CLUSTERS (a group of databases managed by a common service), each containing one or more DATABASES, each containing one or more SCHEMATA.

Generally speaking, SCHEMA in PostgreSQL is the analog of MySQL database.

Excellent documentation is available here.

The following tutorial is based on a Debian 7 base system with systemd, Apache, php5. If you need more information about Debian Wheezy setup, you may read this and this article.

php5 PostgreSQL extension was also installed.

Previous posts Next posts