In transition
This page is used to detail the work achieved around the VM In Transition - Transitional
...because there is nothing more ephemeral than digital culture...
How to use Yunohost web services
The "How to use Yunohost" is in this specific page
Installation of yunohost in a LXC container
Create the container with a debian stretch base as root :
lxc-create -n transitional -t debian -- -r stretch
Edit the config to set-up the network
nano /var/lib/lxc/transitional/config
it shoud look like :
lxc.network.type = veth lxc.network.hwaddr = 00:16:3e:cd:ad:29 lxc.network.flags = up lxc.network.link = lxc-nat-bridge lxc.network.name = eth0 # you have to set a specific IP for this container (here .2) lxc.network.ipv4 = 10.0.3.2 lxc.network.ipv4.gateway = 10.0.3.1 lxc.rootfs = /var/lib/lxc/transitional/rootfs lxc.rootfs.backend = dir
# Common configuration lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration lxc.tty = 4 lxc.utsname = transitional lxc.arch = amd64 lxc.start.auto = 1
Modify + record, then start the container
lxc-start -n transitional
Log in the container as root
lxc-attach -n transitional
Then you have a shell in the container and can proceed to the installation
root@transitional:/# apt update apt upgrade apt install net-tools nano git nload htop iputils-ping curl curl https://install.yunohost.org | bash
Setting-up the proxy in front apache
ToDo
- There is a need to put in vhost a specific parameter : https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine
SSLProxyEngine On
Installing Yunohost for deploying quickly various web services
- Reference website: https://yunohost.org/#/
- List of apps and services maintained by Yunohost https://yunohost.org/#/apps_en
- Lists of apps and services maintained by the community https://yunohost.org/#/apps_in_progress_en
- For installing Yunohost in a Debian Jessie, we use the following script https://yunohost.org/#/install_on_debian_en
Yunohost uses nginx, therefore when installing Debian, do not check the option "Web server", if not Apache will eat port 80
- Instal Git
sudo apt-get install git
- Clone the repository of installation of YunoHost
git clone https://github.com/YunoHost/install_script /tmp/install_script
- The root user need to have a password, if it is not the case, create one (if not the install script will fail):
sudo passwd root
- Launch the install script
cd /tmp/install_script && sudo ./install_yunohostv2
- You need then to connect to the server through a web browser, once the install process is over, the server screen (if there is one) will indicate the IP where you need to connect
- You will need to define an administrator password
- And a domain name, either you dispose of a domain or sub-domain that you direct towards the server, either you can use a dyndns proposed by yunohost, for instance anarchaserver.nohost.me
- Once everything is achieved, you can install applications, and the overall results looks like:
Post Post installation : tuning the configuration
- A few security things : https://yunohost.org/#/security_en
- For Jirafeau, to remove the need for a password to upload, remove the password at line 77 of /var/www/jirafeau/lib/config.local.php
$cfg['upload_password'] = array();
Debug install
If "Error: An error occurred during LDAP operation", than it is possible to reset the post install :
wget https://raw.githubusercontent.com/YunoHost/yunoScripts/master/resetPostinstall.sh chmod +x resetPostinstall.sh ./resetPostinstall.sh
In my case, the ldap package was broken so :
apt update apt --fix-broken install
Then
./resetPostinstall.sh yunohost tools postinstall --debug
To reset the admin password in LDAP :
yunohost-reset-ldap-password
To make a regen conf of LDAP
yunohost service regen-conf ldap --force
Restore a backup of your ldap database too
yunohost backup restore --system conf_ldap --debug
DNS troubleshooting inside a container
It seems that DNS resolution is limited @tachanka to certain adresses :
So there is a need to change dns servers in the yunohost container as yunohost relies on dnsmasq with its own dns server list
nano /etc/resolv.dnsmasq.conf nameserver 209.51.171.179 nameserver 216.66.15.28 nameserver 216.66.15.23
or FFDN ones if it doesn't work
nameserver 80.67.169.12 nameserver 80.67.169.40
DNS debug
nslookup > server 127.0.0.1 > set debug > host x.org dig @8.8.8.8 x.org netstat -atun | grep 53
cat /var/log/syslog |grep dnsmasq dnsmasq.service: Failed to reset devices.list: Operation not permitted
not important !
nano /lib/systemd/system/dnsmasq.service localectl and hostnamectl
Tester si dns requêtes arrivent au host
sudo tcpdump -X -i lxc-nat-bridge dst port 53 |grep x.org sudo tcpdump -X -i eth0 host 209.51.171.179 and port 53