Debian update – continued

Since I was already updating the server, I though I’d install munin as well. I have used munin 20 years ago at the dormitory and I realized, why I liked it. 🙂 Anyway, while I was installing, and checking, I saw that apache started to max out the CPU. After experimenting with it for a while, it turned out that somehow it is related to HTTPs and mod_gnutls. It turned out that I was not the only one with this problem:

Debian Bug report logs – #942737
libapache2-mod-gnutls: mod_gnutls consumes 100% cpu

So one more thing in the server maintenance backlog…

Read More

Debian update

Finally I found some time to update the vanyi.org server. The first step: move from Debian Stretch, before the support expires in June 2022 to Buster. The update was quite uneventful:
# apt-get update
# apt-get dist-upgrade

I’m still checking, but it looks like only 3 things needed manual update in configuration:

  • dovecot (IMAP server)
  • apache
  • ejabberd

Dovecot replaced ssl_parameters with ssl_dh. To fix the configuration I just followed this page. Actually quite simple. First create a dh.pem (can take several minutes, which was at least half an hour in my case);
# openssl dhparam -out /etc/dovecot/dh.pem 4096
Then you need to update /etc/dovecot/dovecot.conf:
ssl_dh=</etc/dovecot/dh.pem
After a restart dovecot works again.

For apache it is even easier, as it is documented on this page. Just enable the socache_dbm module:
# a2enmod socache_dbm

For ejabberd I have not had the time yet.

Read More