Triggered by needing to upgrade Nextcloud, I finally bit the bullet and decided to upgrade my virtually-hosted Debian server from Debian 9 “stretch” to Debian 10 “buster”.
The upgrade, as usual, was fairly trivial:
apt-get update apt-get upgrade <edit /etc/apt/sources.conf to point to the new version> apt-get update apt-get upgrade apt-get full-upgrade reboot
There were various configuration files which needed tweaking during and after the upgrade. vimdiff was very useful. I also learned a new screen feature – split-screen! (Ctrl-a – |). Finally a shoutout to etckeeper for maintaining a full history of all edits made in /etc.
Post-upgrade Issues and Gotchas
dovecot (imap server)
A huge issue was that I could no longer access my emails from anywhere.
Turns out that dovecot was no longer letting me log in. The mail log file had numerous “Can’t load DH parameters” error entries. I had not merged in a required change to the ssl certificate configuration.
exim4 (mail server)
The second huge issue was that exim was no longer processing incoming mail. Turns out that spamd wasn’t started after the reboot. Fixed by:
systemctl start spamassassin.service systemctl enable spamassassin.service
Another major gotcha: the shorewall firewalls were not automatically re-enabled, and it took me three days to notice. Yikes! I had left the server on sys-v init instead of systemctl and the upgrade had silently switched over. After restarting the firewall, use systemctl enable to configure it to start on bootup.
systemctl start shorewall.service systemctl enable shorewall.service systemctl start shorewall6.service systemctl enable shorewall6.service
bind9 (name server)
Another item was that bind was no longer starting up – it needed a tweak to the apparmor configuration. Appears that on my server the log files are written to a legacy directory and the new default configuration prevented bind from writing into it and hence failing to start up.
- I finally removed dovecot spam from syslog by giving it its own logfiles (tweaking fail2ban accordingly).
- Various PHP options needed tweaking and several new modules needed installing to support Nextcloud (manually installed so no dependency tracking).
- Discovered that phpldapadmin was broken. Manually downloaded and installed an updated version from “testing”.