~Brian's~ Websites: Buddy Hyphen Baker Website Network: [Dot US/Dot Com/Dot/ORG]

[~Brian~]

22 hours ago, ~Brian~ said:

The Next thing we need to do, is to choose a replacement for certbot-auto, which has been replaced with a newer version of certbot, which uses snaps/snapd, which is basically another package manager, which I am told is a "resource hog".  This will have to be done in the next 60 to 90 days.

Brian

I believe that I have found a suitable replacement for certbot-auto:  It's GetSSL, a bash script that will allow me to establish what domains I have, and then simply renew them on command, and it can be CRON'D, meaning that it will run for each domain with enough frequency so that I don't have to renew them myself when they expire:  I will probably make the thing renew at 15 and 30 days, that way, I don't lose the certificates, or the LOCK ICONS on my network sites.

I will implement this tomorrow, and update when this is done

Brian

[~Brian~]

GETSSL  2.45 DOWNLOADED:  I downloaded the script I need from github, and also was looking at the doc files.  I ran the script, and it made cfg files I need, but I have yet to implement the changes yet, as I want to see if I can use my original certs and keys and integrate them into the config files (as the script allows you to use the services of letsencrypt/eff services) rather than being the script you NEED to use to deal with ssl certificates.  There are many different script choices you can use, you just have to know how to work with it.

Brian

[~Brian~]

GETSSL was too difficult to deploy, because I needed my keyfiles for all of the domains, and each domain had a config, and i was NOT going to mess around with command switches and have to enter all the stuff in the config files: 

To deal with this:  I am now using acme.sh - and when I issued each command at the # prompt, One at a time, like this:

./acme.sh --issue -d buddy-baker.info -w /var/www/mallard.dkpi/public
./acme.sh --issue -d buddy-baker.com -w /var/www/eagle.bbdc/public
./acme.sh --issue -d buddy-baker.us -w /var/www/html
./acme.sh --issue -d buddy-baker.org -w /var/www/bluejay.bbdo/public

When issued, I got a bunch of text, a "Green Success" and it created output like:

[Thu Dec 2 15:04:51 EST 2021] Your cert is in: /root/.acme.sh/buddy-baker.org/buddy-baker.org.cer
[Thu Dec 2 15:04:51 EST 2021] Your cert key is in: /root/.acme.sh/buddy-baker.org/buddy-baker.org.key
[Thu Dec 2 15:04:51 EST 2021] The intermediate CA cert is in: /root/.acme.sh/buddy-baker.org/ca.cer
[Thu Dec 2 15:04:51 EST 2021] And the full chain certs is there: /root/.acme.sh/buddy-baker.org/fullchain.cer
root@cardinal:~/acme.sh

There is a cron that runs to update the certs, and it looks like the BBWN is back online and set up right

Phew!!  Feel better now   Certs like this EXPIRE every 90 days, so when that happens, I will command a renewal ;0

Brian

Edited December 2, 2021 by ~Brian~
Edited info and removed inaccurate line in the posting/Added Further information

[~Brian~]

Today, Made changes so that the certificate and domain keys pointed to the  the directory they are supposed to be, and it appears that the script is working well on the renewals.  I think I was getting errors before today because I needed to know what info should be placed in for the certs and keys.

Everything is OK, Apache2 service has been restarted, and system rebooted once for good measure

Brian

[~Brian~]

NEXT THINGS TO DO:  I will Now concentrate on adding missing content that was lost on BBDC. [Store Website] we lost the SQL Database for that site and had to restore the older database that was backed up in JUNE of 2019, so I will be restoring content to this site, and also making additions to BBUS, so we have a picture gallery for people to see - I may move that to BBDC if the majority of the pictures are store related. 

I am still waiting to meet with the hostee for BBDI - Him and I will discuss changes he wants to see as well.

Brian

[~Brian~]

Today, I am backing up all of my data bases for all of my websites, and also all of my website data for every domain. When I am finished, hopefully I will be able to do this on a more consistent basis, and I will be able to crawl in the back up of the database files. The last time I tried to cron this, according to some thing that was written in the script, all that did was back it up once, and then end up giving me every single database with the file size of a big fat zero.

Today I logged into my SQL server and then manually backed up every single file, check them for file size, and then I am now backing up all of the domains. Should take me maybe less than an hour to do that. All databases appear to be backing up fine, so all I have to do is make sure that I back up the database Directory you when I do a full back up.

Probably won’t do much on my website for the next week. My brother is here from Texas, and I am going to take some well-deserved important time off. Hopefully, this will re-energize me and give me the strength as well as the will to continue to do what I do best. I also have to go in for an EMG so I don’t know exactly how that will go, but I believe that they will find that my arm is not a problem, and that it is my neck.

I ask everyone here on DD to keep me in their prayers, and to pray for me as I go through the next two or three weeks. I’m not sure exactly what I will find, but I am prepared for the worst if that is what needs to be said, because I’m getting sick of hurting all over my body. At least my website and all of my other pursuits keep me energized, and I love my websites, so that keeps me pretty well level. I’m also glad that I have all the friends I have here on the server, because without them, I would not be the kind of guy that I am,  and I think them for all their help and support.

Happy holidays from BBUS!

Brian
 

 

[~Brian~]

Today,  working to update wordpress and plugins so we can upgrade the server soon.  This time, will be more careful, because the last time I did this, the whole system crashed. 

Scanning in progress..... (12:23 PM EST)

Brian

Edited February 28, 2022 by ~Brian~
Added Additional Information

[~Brian~]

BBWN WEBSITES UPDATE

MARCH 20, 2022 @2200

TYPE: SYSTEM UPDATE/UPGRADE/ SITE UPDATE - Downtime Expected to be 2 weeks

Restarting backup procedure for Debian 11 Upgrade:  Started today prepping for the eventual update and upgrade of Cardinal to Debian 11 - Today, backed up Databases that I need to for the websites on the BBWN, and after that, will make sure all of the plugins/SQL/PHP/PHP Modules/Apache/apache Mods will be able to update without puking out with unknown errors:  I hope to do this before May 31, 2022, and be offline for a few days, but we will have to see whats gonna happen.When we do this, I don't have to worry about having a security issue because I am running 3 versions below where I should be, and I will be able to 'sudo apt-get update | sudo apt-get upgrade' and not have the system throw a tantrum

For more Information as I make the upgrades and updates, Check and follow:   ~Brian's~ Websites: Buddy Hypen Baker Website Network: [Dot US/Dot Com/Dot/ORG]

As I will be updating that, because if I have a record of what I am doing, and what I have done, and what I need to do, I will be LESS likely to FOOBAR the install and restore.

THRIFT STORE UPDATE:  CLEANING/ORGANIZING MARCH 26

This Next Saturday will be the first time I have returned to the office since Mid January.  I will then work with my team to organize and reset my workspaces, and I will have my Surface return soon after that.  Not sure when I will return to Full time status there, but it will be a while, as everyone will have to learn things as we change the way we do things, as we update our mission. 

If all goes well, we should be able to add new information to the online websites, FaceBook, Church Website, and BBUS/BBDC/BBDO, and then I will be able to work on BBDI as well - After today's phone conference, I feel like what I have said makes sense to the one person it needs to make sense to:  We shall see what develops

I wish I had a BIG bag of ?'s and ?right now

Brian

[~Brian~]

Restarting the backup from the console level:  seems as if the connections at my office sometimes reset, and that SUCKS when you are doing a system directory-specific backup operation.  Hope to have this done by end of week, and then maybe I can reinstall with the upgraded system under us

Wish me luck   Will be updating here as it continues

Brian

[~Brian~]

Learned this afternoon that my Charter Cable equipment (Modem and router) apparently were "locked" from access to the router configs - So, They did a test to see if they could open the access, and apparently, they need to roll out here and replace them with updated Spectrum Router and Modem, that CAN be accessed by the cable operator.  THANK GOD I didn't start the reconfig/upgrade of my webserver on BBUS yet, because I would have to make changes that would be now unavailable to me.

They will be here between 8-9AM my time to do the change/upgrade to the newer internet equipment.

Wish me Luck!

Brian

[~Brian~]

CARDINAL DOWN: [4/5/22@8am] As of 8am this morning, Cardinal and all websites on the Network are DOWN pending an update to the MySpectrum app:  Without that, I can get online and do things, but cant SEE any devices on my network, can't EDIT any settings. and I can't manage any port settings or do anything until BOTH the Modem and the ROUTER say "connected" because Spectrum has locked the routers admin panel at 1.1.

They say that tomorrow, the app should have updated and I should be able to manage things again, but we shall see!

Thanks for your interest - Lets hope I dont have to deepsix this castrated router, because they dont want us logging in on the machines

Brian

[~Brian~]

CARDINAL UP @18:15EDT]  As of 18:00EDT, Cardinal has been restarted and all websites on the BBWN have been responding since about 15 minutes ago.

The Culprit was that stupid Spectrum Router that was showing me "pending" on the App:  I got a Netgear to replace it, and paid $104.00 at Wal Mart.  The Spectrum router is still in limbo, and I can't use it to do anything with my server, or to control any devices, and the worst thing is that with the Spectrum router, I cant SEE any of my devices, and THEY apparently opened the ports I requested, but I could NOT connect at ALL to my websites.

This afternoon, got the new router, and rewired the new one in:  I was able to set up the router, and then, OPEN the ports I needed so cardinal is not PENNED up anymore - she can respond on BOTH internal and external IP's.  For the Moment, will ONLY have the required ports open, that are required to access the server, and any wireless devices will connect later.

A Note:  IF you SEE the Tahoma in my Siggy, that means she is UP - If NOT, she is down

Brian

 

[~Brian~]

Today I finished what I think will be the second to the last day of the backup sequence. To do this, I basically took the backed up files that I had, and I turned them all into TARzipped files (I used TGZ extension).  Any files that were just a TAR extension, I specifically redid, and then I turned them into the tar zipped format. The reason I did this is because tires zipped files are smaller in size, which will take up less space on my removable media. I mount it all drives, so the next time that we move files, it will require me take the web files for each house and move them to a 2 TB stick. I have two of these, one for a primary and one for a back up. If I do it right, 260 gigs of the stick will be taken up by the website, and hopefully the Home files will not be quite that big, but in case that happens, I have them sitting on my 8 TB external drive.

One thing that I’m scared about doing this: I hope that I’m able to get the PHP MySQL and all of the necessary modules for Apache to for the version of PHP I will be running. I’ve been told that the most current one would be 7.4, and that’s probably what I will run, whatever DEB11 runs. Then I have to worry about PHP my admin, and I have to make sure that that version that is the most current will not have a bunch of screw ups because I decide to run the most current version. Once I get all of these actually loaded properly, I can then use apt-get update, and apt-get upgrade to make sure everything is fully upgraded. Once this is done, it shouldn’t be too hard, because all I would do is then do this on a regular basis, and the server would update and make sure all of my servers and programs are updated to the most current versions. I don’t think I put PHP eight online yet, but I will use PHP 74. I just have to make sure that I’m using the right modules so that I don’t end up having the entire website network crash – this would mean I would have to go backwards to be able to undo hours of work. This is why I want to make sure that I have all of my files and they’re easily restorable.

One thing I have learned is: if you’re going from DEBIAN (any old version)  ONLY BACKUP THE Files you need: they should be etc, home, var/www, (all of this) and any support programs that are under Apache2 in etc, as well as any intrusion protection programs. You should not back up, or do a complete backup of every single file on your system, because there a certain files that you do not need. It is a lot easier to back up the files you need, and then restore them on a new system, rather than to try to figure out what you are missing, or worrying that you downloaded the wrong thing. It would also help if you take a screenshot of your directories file permissions, because then you would be able to set your permissions correct. Logging in his route and doing it this way will lock the permissions to route unless you do a P option to preserve the permissions on the directories. This can be a pain in the ass if you’re trying to restore the Home directories or anything else that is not native owned by route or by a WWW data.

We shall see what happens tomorrow: I’m not in too much of a hurry now, because at least I have the ability to access my network, I can see everything on it, and most of my files are already backed up. Once this is complete, all I’ll do is bring them forward and install them. If done properly, I will have everything I need, and just be able to make sure we have it. I will make sure the Apache2 directories and all of its modules are available, and that all of my websites can be enabled using a 2EN site. If this works well, and I’m able to run with my websites, the next thing that I will do is to disable all plug-ins domain wide, and go from there. It’s a lot easier to disable all domain plug-ins rather than having to go in there and try to figure out which one is screwing up everything else.

Wish me Luck Folks!

Brian

 

 

 

[~Brian~]

Saturday morning, I completed what I think will be the last major step that I need to take before I end up doing a back up. The reason for the backup and restoration is so that I can update my server from DEB8 to DEB11.  I have been backing up necessary files, then moving them to the back up drive so that I can easily restore what I need before I restore the websites. Because of problems with the last restore, I will take down all plug-ins from where WordPress resides and then I should be able to restore all of it and then find the right plug-ins for the new version. This can be achieved because all I would have to do is do some sort of thing in the directories of all the websites, but I won’t do that until I get DEB11 online.

when this is complete, I will then be able to update all of my plug-ins, my WordPress version, my PHP version, and my MySQL version. It is appropriate to do this at this time, because I don’t have very much information on the current site, and because of the time that we were down because of the pandemic, and amount of time that we were closed, I had time to do this, and I did it at least twice. This time however, I will not make the same mistake twice. I will try very hard to make sure that all of my WordPress installations work properly and that I have the right version. PHP and MySQL are integral to my operation of my website, for without them WordPress does not function at all. Once I get that operational and correct, then I can start worrying about bringing my programs up to full operational readiness.

last week was hell: SPECTRUM told me that they would be able to give me a brand new modem and a brand new router, that would be faster than what I had, because I could not access my router. They insisted that the router that I had was third-party equipment, when it was not third-party equipment at the time it was their equipment. I ended up having a problem when I first came in this week, because I was not able to access the router, nor was I able to see anything on my network at all, which made it impossible for me to know what devices were connected where and what IP addresses were being used, as well as what Mac addresses were being used.

when I am an administrator of my own websites, I can understand that there are security concerns and there are reasons why cable operators do not want individuals who do not understand what they are dealing with or how something works to be messing with the internals of their own equipment. However, I have been running website since 2008, and I know exactly what I am doing, and I am taking extra steps to make sure that I am secure, as well as to understand what it is that I am doing. I am not the type of guy that just starts putting things on and taking things off all willy-nilly all over the place, and I take my websites very seriously and want the best for them. SPECTRUM‘s response when I told them that they “castrated their own router“ was to tell me that there’s no reason that I need to get into my router, and they can open my Port.s.

Really gentlemen: SPECTRUM’s response was nothing short of a big wet fart: they told me they opened the ports  that I requested, but because it was a brand new modem and it was still going through whatever it needed to deal with, I had to wait an extra day and a half for it to be able to come online to be able for me to open my own ports using the My Spectrum app. The result of this ridiculousness is that two days later, I could still not access what I needed, the app was telling me I couldn’t access anything, it didn’t know that I was actually online except to tell me that my modem was functioning, and I was wasting time because I was down. I finally had to bite the bullet,  And take $104 to WAL MART:, and then purchase a new Netgear router to replace the N series that I had:  it took me a few minutes to get everything set up the way I wanted, but soon I was able to get access to the router, and I was able to set up exactly what I needed based on what it told me. I gave my laptop and my desktop the passwords, and then I gave my brother the password so he could log on with his equipment. Then end up going into my website, and unlike what they keep telling me that my porch were open, they were not: therefore, I had to open it myself, and when I did within five seconds, all of my websites were functioning and showing up. All I had to do was decide that I was going to open my Web ports, The SSH porch, and then point that towards my server on the internal address: I waited almost 2 days and a half before I could get to this point and I should’ve just gone up and got me a router in the first place. The result of this downtime why is that I could not send the required email that I needed to do that day, because I was up to the mall trying to destress, and getting the right equipment that works Without  SPECTRUM’s blocking.

Yesterday during the final checks, I copied almost all of the necessary files to the drive that I wanted to archive them on. My plan is that I will end up restoring the files once I end up booting up a copy of the live version – this is because I want to hook up the 8 TB drive and then restore the Home directories the etc directly in the web directories as well as the home directories so that we are basically where we were at the time that we tried to do it the last time.  I just have to make sure that the right web tools are engaged and that we are using the right web software and all of its mods. If everything works according to plan, all I have to do is restore the sites, and then restore the databases and we should be back in business. Luckily I can function with MySQL, but I like to use the web-based portal so I’ll have to put that on.

as time allows next week, I will continue my work to see if I can restore cardinal to its glory days when I did not have to worry about being a few versions out of date. If done correctly that should be easy – but knowing that it happened to me before I am still nervous about doing it – hopefully everything will go according to plan and I will be able to update you as we complete the upgrade.

Wish me luck!

Brian ???????‍?

 

 

[~Brian~]

Right now, installing debian 11, and we shall see what happens.  Took all files I need and put them on the /8TB drive. 

Will keep you updated as we proceed.

Brian

[~Brian~]

Now, I am moving files from my backup drive to a /restore/ directory, so EVERYTHING I would need will be on the root of the filesystem.  Then, I will choose what I need, and run the installs for apache2, php and mysql.  I have to be careful that I don't install stuff like 'lighthttpd' or anything like that, and I have to make sure we have all the right apace2 modules, so that my websites will work.

Copying still in progress

Brian

 

[~Brian~]

This morning, did some work on the home directory, and set all of the users and groups to proper UID's, and also set the group and password files so they are back to normal.

Right now, I have my backup drive mounted on /8TB, and I am working to restore my domains/websites.  This may take some time, since I want to make sure something does NOT crash us out.  To do that, I'll have to restore all modules, and make sure that wordpress works well, so I have to make sure that plugins and modules respond cirrectly, an that I can access the sites' dashboard, and then download the updated plugins for PHP 7.4, and my websites are being un Gzipped now, so they will be back in the web directories they occupy soon.  Apache seems to work now, so we just have to tinker a little more.

Brian

[~Brian~]

CARDINAL STATUS AS OF 14:17 FRIDAY APRIL 22, 2022

UPGRADE/UPDATE: Cardinal is now running Debian 11, SSH, PHP 7.4, MYSQL 8, Apache2 2.4.53, ssl,  and all available mods that should be running to my knowledge.  It also looks like all sites will respond on ports 80 and 443, BUT I will wait to get that done - as LONG as I don't have to reinvent the wheel activating the plugins the BBWN sites need, I should be OK:  I will keep web services STOPPED for security reasons through the weekend to insure that we don't have any unforseen issues:  I believe by tuesday, we should be all set, once I correct the apache config files that are throwing errors, and I DO have all of the sql databases for each site.

 

FILES:  These have been moved to the /home, /etc and /var/www/site_dir/ on the system - as we continue to move forward, I am adding functionality back in.  I have a small issue with the BBDI site, and rather than trying to muck with that now, I just commanded a 'service apache2 stop' for the time being until I can make adjustments to config files.  It does appear that php 7.4/phpmyadmin is responding, and I will be restoring databases next week.  In the Meantime, webservices are "condition orange" until I return.

That's all from here, for NOW

Brian

 

[~Brian~]

Yesterday, turned  my server off because I wanted to make sure That we had proper security measures installed. I was unable to actually finish the install for all of the things that would be necessary for me to be able to reenable the BBWN websites, because The Apache to config test failed because of something that had to do with the configuration of a line that was in the old config’s. Far as I knew, they can fix should’ve worked properly, but because I wanted to make sure that I was on top of it, working on the problem as it was doing it, I turn the server off to make sure that we do not have anybody trying to do anything underhanded.

When I reactivate the server, I will bring services back up slowly, and I will try very carefully to troubleshoot each one of them, so we can get to the bottom of any problems. Luckily I have backed up everything I think I need, so I have everything backed up on the system. The problem I have with the new set up is that everything goes into/media/Brian/HUGERIDICULOUS UUID/with lotsa letters and numbers 10 miles long/mydirectoy/

hopefully sometime next week, I will be able to troubleshoot this and get Cardinal back online. I am happy to report however, that most of the problems that I think I was experiencing have not been as bad as I thought. Once I get database is back online, and run WordPress and do the upgrade, I should be able to find, because I have a list of every single one of these plug-ins, which ones were OK, which ones have current versions that work with 7.4 PHP, and which ones were not usable at all. If I’m able to find the ones that I know works with my old version, and I’m able to find ones that match and update, I should be able to simply just reinstall the plug-ins.

To Do that, I simply go into The plug-ins directories, and rename the directorial Where they live, and once that is done, WordPress will think there are no plug-ins installed. With the list that I have compiled, I will then go in and find the ones that I think work, see if there’s a match, and then it’s all the ones that work.

some of my sites do not have exact plug-ins, which means that one site may not have exactly the same plug-ins as the other four. For this, I will have to go in, find out which ones I have, and see if I can find ones I need. The one thing that I am confused about, and worried about, is that PHP 7.4 or my sequel will end up complaining for some reason. If it doesn’t, I should be OK, because I have all of my actual information from my last back up, so I should be able to restore what I had prior to the crash that happened before I had to revert back to Debian 8.

Debian 11 has security features that 8.3 lacks, All I have to do is make sure that I can apt-get update / apt-get upgrade to  Make sure that I am fully up to speed.  I will have to work to see if I can get this done this week, because of my illness, but I will work through it.

I will Continue to update this thread as necessary ??

Brian

[~Brian~]

UPDATE [4/26/22 @14:22 EDT]. I have successfully restored the files, directories, and the databases for all websites.  However, I am still working on a couple of things, so that all sites function CORRECTLY - site BBDI has been deactivated until I figure out why the hell I have a mod rewrite statement in there, and I think that was something that I added to a file - I don't NEED that statement at all, as that site does NOT redirect to 301 - Permanent.   I am not sure why other sites are getting loaded, so I will have to figure that out after removing the errant lines from the config.

I will also be working to restore other functionality:  Now that I have a working website domain for each config, I can go get the plugins for PHP 7.4.28 and since MYSQL 8.0 seems to work, and I can then REMOVE these and redownload them, I should be OK:  NOW, the Tahoma stands by, so that indicates that the sites are back online, we just have to work the plugins

Almost Home - Thank GOD I did it this way this time

Brian

 

[~Brian~]

FRIDAY, APRIL 29:08:30A EDT:  Today, going to correct the SSL cert locations for SSL to work right, and get BBDI working right: 

ADDED this for my information

https://community.letsencrypt.org/t/certbot-went-to-hell-cant-update-debian-and-need-certbot-1-9-0-but-not-available-anywhere/166014/44

ll'l give you one and you can do the rest from there.

Change:

 

SSLCertificateFile    /etc/letsencrypt/live/www.buddy-baker.us/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.buddy-baker.us/privkey.pem

To:

SSLCertificateFile    /root/.acme.sh/buddy-baker.us/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/buddy-baker.us/buddy-baker.us.key

Restart Apache and check the site works securely.

Now, I have to do that for all of the sites running on my SSL

Brian

[~Brian~]

ADDED THE FOLLOWING to assist me with site configuration: (May 1, 2022 @12:14 EDT)

https://community.letsencrypt.org/t/installed-debian-11-cant-get-certificate-to-activate-ssl-times-out-every-time/176906

You know you're not using Let's Encrypt, right?

Add a --server letsencrypt to your command.

You can also set LE as a default, run this as a separate command:

acme.sh --set-default-ca --server letsencrypt

 

[~Brian~]

UPDATE ON SERVICES AS OF MAY 3, 2022 @17:18EDT

MAILERS:  Added ALPINE to make it easier to manage mailboxes from shell.  ALPINE is a Spin off of the popular mail client PINE, which stands for Program for Internet News and E-Mail, which was developed by the University of Washington. (UW). PINE was the first client I used on a Linux/Unix Environment.  Will also make sure sendmail is installed if it isn't and needs to be

PHP Version:  7.4 Installed with all extensions (Have to remember to install ALL of them for each version of PHP and MYSQL ?)

WEBMIN:  Installed and  Updated to most current version - Needed Webmin Modules installed - Will add more as needed.

PHPMYADMIN:  Installed:    No Errors on access. Access to page is NOT hindered by White Screens of Death / php code showing:  Fixed by uninstalling PHPmyadmn, php, and mysql, then reinstalling everything, which will cause all the right extensions to be installed if you call for your version [7.0/7.1/7.2/7.3/7.4/8.0/8.1]. You use php -m to see the list of the ones installed [need mysqli and mysqlnd, mod ssl, and mod rewrite, and a couple others, which i will post later]

DATABASES:  All Databases are INSTALLED and Working for All Domains [.us/.com/.org/.info]

WORDPRESS INSTALLS:  All Up to Date, with exception of the Wordpress plugins that have to be investigated and reinstalled on all domains.  Each domain page is responding as required, and this indicates that mysql connections are working and database connection is working OK.  Have to remember to restore databases that are bigger than phpmyadmin allows by using the mysql command line sequences.

SSL/TLS:  SSL Is Responding on Port 443 - Have to add the proper plugin in the system to allow for https:// conversion when someone is going in on Port 80.

SITE CERTIFICATES:  All Domains have their certificates now, and have been renewed and set to auto renew by cron job unless forced.  acme.sh has been backbenched:  I need to have a way to make sure ALL my domains get certificates, and renewals happen without a lot of needless timeouts.  Each cert is being serviced by LetsEncrypt, as ZeroSSL was timing out on one domain or more during renewals.  Installed snaps, snapd, snap core, and certbot to allow me to manage these:  even though they mount to my filesystem, I am sure there will be easier times ahead, because it was a ClusterCluck to deal with all the timeouts.  All sites on BBWN last 90 days, and will autorenew as needed.  All certs will now work as they should, but have to add plugins to the site to make sure everything is buttoned down.

Now We Have to:  Reconfigure SSH to allow for more security, Install/reinstall fail2ban, add necessary files from the backup taken April 4th, (Like motd, issue, and issue.net) and set up a backup scheme for the mysql databases, and files in important directories, (Such as /var, /var/www/, /var, /etc, /root, /home, /home2, /home3 and database data).

That's all from here for now:  been a LONG day, but I am happy and grateful I stick with it till its done, and I  don't give UP

Brian

 

 

Edited May 4, 2022 by ~Brian~
Added Additional Information and Edited some information

[~Brian~]

Good morning:

next on my list for Cardinal: 

1.  WordPress: find all plug-ins that I need, Installing activate. Have to make sure all domains have the same plug-ins if necessary. Some of these are already installed, and all they need to do is be activated, while others seem to play with the PHP, and cause problems. Therefore I have to be careful what I put in, but we will get there. I will do that probably in the next two weeks.

2.  Have to reinstate SSH as originally configured The original configurations allowed only certain groups to be able to log into the server. Once this is restored, everything should be exactly as it is, and this has been really helpful when running my server do you have a properly configured SSH server.

3.  Fail2ban:  Install the latest version of the software. When running Webman test, I Installed the software from the web in console.  For some reason, this thing only bans for as little as 45 minutes, so I will have to take the original 0.8 Jail files, and then activate the jails that I need. My original configuration for fail2ban  had it so that After so many tries, the person is gone for a year. Apparently fail to ban is set to unban and  ban people all over the place, I will have to add pieces of the older configuration to the new config files, and then after that make sure the jails I need a activated the ban cycle is correct, and that we’re able to keep intruders out. If working properly, there are a lot of people who probably would already have been banned, and that is what we have to work on. I don’t think it will take that long, but once I do set this up we’ll be able to have a little bit easier time with it.

3.  Message of the day: these files need to be restored from the etc directly from their previous configuration. Once I get them working properly after correcting The configuration for SSH, this should be really easy. There are two files that need to be restored: one of them is called issue, one of them is called issue.net, It lists information about my Machine to people who may find it on the Internet: basically it is the banner that you see when and before you’re able to login, so it appears above the login prompt. Once this is corrected, I can update the information on this if necessary. I need to update the message of the day and other support files so that they actually show that we are updated and functioning. Once this is done, I will then take all of the files that I use, and I will keep them in a back up location and get rid of any files that are on the route of the drive. Both 8 TB pertition, and the root drive is showing 62% usage: once I clear out files that you needed for restore, the available space should go up on the main drive. I don’t want to end up having a bunch of log files going crazy, so I have to make sure that we take care of this.

so far, server is working fine. I just have to go in now and adjust things for the websites, and then I will end up going in and then collecting other things that need to be fixed. Now that I have version 11, the server should be functioning normally, and I won’t have to worry about being several versions behind. This is been something that has been a long time coming, because the last few times that I tried to make the update, something went wrong or haywire, and I had to go backwards. Now that I have a working version 11, I will configure it so that it’ll be functioning the way I want it to be.  I will then turn all sites SSL, and make sure they have all certificates, because there are a couple places on the system that need this in place. Let’s encrypt has all of the website certificates, and they are good for about 85 to 90 days, actually 90 days, but then it counts down from 90 to let me know how much time is left before renewal. I hated to put the snap demon and everything in it, but this will make it easier to maintain my websites using CERT bot

that’s all from here!

Brian

[~Brian~]

Update: May 8, 2022,  1539 EDT: systems have been restarted after power failure that resulted in modem and router not being able to function. After three restarts of modem and router, restarted Cardinal, which brought up my server and websites. Everything is now responding networkwide including all BBUS  services:  I realized there was a problem when all of my lights on my modem were down.  Additionally, DD has their Twitter feed, and usually @DailyDiHas something there, but I didn’t get to see anything today. This told me that my network was down.

Condition GREEN all services!

Brian

Edited May 8, 2022 by ~Brian~
Added additional information