In transition

From Anarchaserver

This page is used to detail the work achieved around the VM In Transition - Transitional

...because there is nothing more ephemeral than digital culture...


How to use Yunohost web services

The "How to use Yunohost" is in this specific page


Installation of yunohost in a LXC container

Create the container with a debian stretch base as root :

lxc-create -n transitional -t debian -- -r stretch

Edit the config to set-up the network

nano /var/lib/lxc/transitional/config

it shoud look like :

lxc.network.type = veth
lxc.network.hwaddr = 00:16:3e:cd:ad:29
lxc.network.flags = up
lxc.network.link = lxc-nat-bridge
lxc.network.name = eth0
# you have to set a specific IP for this container (here .2)
lxc.network.ipv4 = 10.0.3.2
lxc.network.ipv4.gateway = 10.0.3.1
lxc.rootfs = /var/lib/lxc/transitional/rootfs
lxc.rootfs.backend = dir
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.tty = 4
lxc.utsname = transitional
lxc.arch = amd64
lxc.start.auto = 1

Modify + record, then start the container

lxc-start -n transitional

Log in the container as root

lxc-attach -n transitional

Then you have a shell in the container and can proceed to the installation

root@transitional:/#
apt update
apt upgrade
apt install net-tools nano git nload htop iputils-ping curl
curl https://install.yunohost.org | bash


Setting-up the proxy in front apache

ToDo

SSLProxyEngine On

Installing Yunohost for deploying quickly various web services

Yunohost uses nginx, therefore when installing Debian, do not check the option "Web server", if not Apache will eat port 80

  • Instal Git
sudo apt-get install git
  • Clone the repository of installation of YunoHost
git clone https://github.com/YunoHost/install_script /tmp/install_script
  • The root user need to have a password, if it is not the case, create one (if not the install script will fail):
sudo passwd root
  • Launch the install script
cd /tmp/install_script && sudo ./install_yunohostv2
  • You need then to connect to the server through a web browser, once the install process is over, the server screen (if there is one) will indicate the IP where you need to connect
  • You will need to define an administrator password
  • And a domain name, either you dispose of a domain or sub-domain that you direct towards the server, either you can use a dyndns proposed by yunohost, for instance anarchaserver.nohost.me
  • Once everything is achieved, you can install applications, and the overall results looks like:

640px-Yunohostlabo.png


Post Post installation : tuning the configuration

  • A few security things : https://yunohost.org/#/security_en
  • For Jirafeau, to remove the need for a password to upload, remove the password at line 77 of /var/www/jirafeau/lib/config.local.php
$cfg['upload_password'] = array();

Change Theme for the user portal

Debug install

If "Error: An error occurred during LDAP operation", than it is possible to reset the post install :

wget https://raw.githubusercontent.com/YunoHost/yunoScripts/master/resetPostinstall.sh
chmod +x resetPostinstall.sh
./resetPostinstall.sh

In my case, the ldap package was broken so :

apt update
apt --fix-broken install

Then

 ./resetPostinstall.sh
yunohost tools postinstall --debug

To reset the admin password in LDAP :

yunohost-reset-ldap-password

To make a regen conf of LDAP

yunohost service regen-conf ldap --force

Restore a backup of your ldap database too

yunohost backup restore --system conf_ldap --debug


DNS troubleshooting inside a container

It seems that DNS resolution is limited @tachanka to certain adresses :

So there is a need to change dns servers in the yunohost container as yunohost relies on dnsmasq with its own dns server list

nano /etc/resolv.dnsmasq.conf
nameserver 209.51.171.179
nameserver 216.66.15.28
nameserver 216.66.15.23

or FFDN ones if it doesn't work

nameserver 80.67.169.12
nameserver 80.67.169.40


DNS debug

nslookup
> server 127.0.0.1
> set debug   
> host x.org
dig @8.8.8.8 x.org
netstat -atun | grep 53
cat /var/log/syslog |grep dnsmasq
dnsmasq.service: Failed to reset devices.list: Operation not permitted

not important !

nano /lib/systemd/system/dnsmasq.service
localectl and hostnamectl

Tester si dns requêtes arrivent au host

sudo tcpdump -X -i lxc-nat-bridge dst port 53 |grep x.org
sudo tcpdump -X -i eth0 host 209.51.171.179 and port 53