I helped Robbster out on #clug today, building php4 for feisty (it’s been dropped after edgy, in favour of php5). If you want to install it, don’t care about security holes, and want to use the debs I created, add this line to your apt sources list, and go wild:

If on the other hand you want to know how to do it (so when the next PHP security hole appears tomorrow, you can build the latest version yourself), read on:

I’ve never used pbuilder before, so it was fun:

Edit /etc/pbuilderrc to point to your closest mirror, and uncomment the COMPONENTSline (so that you get universe included)

Now pbuilder is ready for work. Get the latest sources from debian (Download those 3 files at the end, dsc, orig.tar.gz and diff)

Sit back and watch…

When it’s done, you probably want to create a trivial repository of your debs:

Then add this to your sources.list

Wohoo. Remember to watch out for those security holes…

I’ve just spent an afternoon tweaking an OpenVPN install, and I thought it would be a good idea to document it here. Not the world’s most interesting post, but it’s my method, and I want to document it.

OpenVPN:

The best solution I found was to have the server on it’s own subnet:

This sets up a Windows-friendly, routed OpenVPN. (TAP32, the windows tap driver, can’t handle arbitrary IP routed VPNs, each link has to have a private /30 network)

Then, the Windows client side:

This is nice and simple, and has the advantage of pulling a lot of configuration from the server rather than statically storing it on the client.

WPAD:

My network has Proxy Autodetection. While I wanted DNS queries to go through the VPN, I didn’t want web traffic to. (DNS through vpn, is ugly, but necessary for finding private servers).

My solution was: dnsmasq.conf:

Apache, default site config snippet:

And a fallback, in-case the wpad is already cached, this at the top of the wpad:

Finally, there is a decent way to use openoffice as a file-converter!

I keep an eye on a (currently dysfunctional) e-mail→fax system. The hard part is converting random incoming files to PDF. Especially nasty proprietary-format ones…

I first used WV, a venerable library, which was capable of getting text out of MS word files and into LaTeX. Great for linux sysadmins, but not so good for people who expect their formatting to survive the transition.

Then I moved on to AbiWord. AbiWord has supposedly taken on the WV torch, but it’s given it’s fair share of problems too:

• It’s command-line PDF conversion has been broken for a while
• It’s command-line PS conversion was broken for a while, but has since been fixed.
• Excepting the latest development versions, it requires an X server. I got away with using Xvfb.

Now, I read about unoconv. This looks like exactly what I’ve been looking for! It’ll support all the document types supported by openoffice. Sure the fax server is going to be using a lot more RAM, but this could make it a hell of a lot nicer to work with!

I've migrated my teeny-weenie Xen web/mail server to Debian/etch. It hasn't even been rebooted (it would be a shame to spoil the uptime :-) ):

It runs Lighttpd, a small and fast little webserver, popular in the Rails world. Lighttpd with PHP-fastcgi is probably faster than apache, and uses much less RAM.

With etch, I've finally been able to get mod_rewrite to work. So my Zapiro archive has nice URLs now :-)

Lighttpd has a very nice configuration style:

It's more logical than apache, but you have to watch out for rewrite->redirect->rewrite loops. So if you change to a clean URL syntax, you can't put in rewrites from index.php?/uglurl to /uglyurl because /uglyurl rewrites back to /index.php?/uglyurl, and you get a loop :-)

I’ve done etch upgrades in the past (i.e. before etch came out), and they were sometimes quite hairy. Especially the transition from ssh to openssh-server and openssh-client. I had a few broken upgrades…

Since etch has come out, I’ve been upgraded a few machines, and it’s a piece of cake. In fact the CLUG webserver and backup-server have been upgraded.

My servers tend to use custom kernels without initrds, so upgrading is quite simple. The release notes seem to cover it pretty well. There are only a couple of gotchas I’ve had:

Upgrade vim with an aptitude install vim before you do any dist-upgrading. Personally, I like to use vimdiff for configuration file changes. This means I can keep the configuration file format and comments of the latest package, and my configuration changes from when the machine was originally set up. If vim is half installed, you can’t run vimdiff…

When you are done, you might need to purge hotplug:

You can also remove non-US from your sources.list.