Site Tools


Landing page for system administration

What's this?

This Wiki is (provisionally) intended to hold reference documentation for performing system administration on the Hyperion server.

The intention is to move all the information stored here to a more appropriate Wiki solution, as soon as such a solution becomes available.

Security considerations

First things first: do not put any passwords or other authentication information into this Wiki. You should assume that a hacker might be able to grab that information and run with it.

To Be Done Next

The following is an incomplete list of things, which should be done sooner or later. The order does not reflect priority.

If you tackle on of these points, please don't forget to add a [DONE] in front of them.

  • Move Joomla contents over (Latest Joomla or migrate to Drupal?)
  • Move Wordpress contents over (integrate in site with Joomla contents)
  • Setup mail server
  • Move over the phpBB3 forum
  • Rename server from “staging” to something better to avoid things like “staging2” etc. as soon as we get the other planned servers. As “Hyperion” is one of the titans, another titan's name might fit the picture quite well (some of his sisters like Theia and Phoebe came to mind)
  • Setup second vServer for “internal & other stuff”
    • Setup Phabricator!!
      • Setup the AmigaOS project
      • Migrate the Bugzilla DB to Phabricator
      • Migrate the wikis to Phabricator (TBD: Phriction supports user groups, usable or separate wikis?)
      • Connect Phabricator to the AmigaOS SVN
      • Setup for other side projects? (W3D, Games, etc.)
    • Setup mailing list manager and move over all existing mailinglists
      • TBD: Migrate mailing lists to a NNTP server with possible gateway to the forum?
    • Migrate FTP service (vsftpd recommend)

Logging in and performing system administration

How to log in?

As a sysadmin you need to log into the server using SSH.

You cannot log into the server by entering your user name and password.

Your public SSH key file is the only means by which you can log in at all.

How to perform system administration tasks?

You need to use the sudo command in order to perform any privileged shell operations, such as performing a Debian software upgrade (“apt-get upgrade”).

$ sudo apt-get upgrade
[sudo] password for example: 

This will prompt you to enter your shell account password.

Note that logging in does not require you to enter the password, but using the sudo command always does, at least for the first time.

If you used the sudo command and entered the correct password, you will not be prompted to reenter the password unless you haven't used the sudo command in a while.

Existing user accounts (12.2.16)

  • Olaf Barthel
  • Costel Mincea
  • Thomas Frieden
  • Steven Solie
  • George Sokianos (<cm> access suspended. At the moment, there is no reason for George to have access to this server)

Reference material

DNS zone file configuration

The Hyperion servers use two different DNS domains. The Hetzner AG Robot management interface provides the DNS zone files as snapshots only, no history is available. The following pages provide archives for the respective domains:

Adding new admins

Admins are using regular shell accounts, which are privileged in that they can use the sudo command.

Web server configuration

The servers are using Apache2 in the standard Debian configuration, which means:

  • Configuration files reside in /etc/apache2
  • Which ports Apache2 listens to is configured in /etc/apache2/ports.conf
  • Which Apache2 modules are enabled is controlled with the a2enmod (= enable) and a2dismod (= disable) commands
  • Individual web sites/pages are configured through files stored in /etc/apache2/sites-available; which of these are enabled is controlled with the a2ensite (= enable) and a2dissite (= disable) commands
  • Additional configuration file changes can be made by dropping the respective files into /etc/conf.d
  • Manual changes to the global configuration files in /etc/apache2 are discourage; use ports.conf, conf.d and sites-available instead.
  • Do *NOT* use non-standard ports without *VERY* good reason! Rather use dedicated hostnames for the services, which allow securing the services with passwords without interfering with others. Also moving a service to a different host becomes much easier that way.

Configuration for

For testing & pure internal use:

  • a test for a dealer shop
  • for a planned Management wiki

No other web server configurations are enabled.

LetsEncrypt certificates

  • Installed git
    apt-get install git
  • Cloned letsencrypt repository into /root/letsencrypt
    git clone
  • Installed some more dependencies from wheezy-backports with
    apt-get -t wheezy-backports install libaugeas0 libaugeas-dev augeas-lenses
  • Bootstrapped letsencrypt with
    ./letsencrypt-auto --help

    This installed a couple of needed Debian packages.

  • Created letsencrypt certificate and configuration for with
    ./letsencrypt-auto --apache -d

    , set to always redirect to HTTPS.

  • Created cronjob to keep certificate up to date with
    # cat /etc/cron.daily/renew-letsencrypt 
    if ! /root/letsencrypt/letsencrypt-auto renew -m --keep-until-expiring --agree-tos > /var/log/letsencrypt/renew.log 2>&1 ; then
        echo Automated renewal failed:
        cat /var/log/letsencrypt/renew.log
        exit 1
    apachectl graceful
    exit 0

Mail server configuration

Mail servers refer to two different types of services, which are storage and retrieval of E-Mail (IMAP, POP3) and transmission/reception of E-Mail (SMTP).

Not all services may be supported on all servers (yet).

Configuration for

MySQL server configuration

Configuration for

DNS server configuration

Configuration for

MediaWiki server configuration

Configuration for

Bugzilla server configuration

<cm 1.9.15> THIS IS WRONG!! Bugzilla is an internal service and for that reason meant to go to the not-yet-existing 2nd vServer. This vServer ( is per definition only for the public webservices like Drupal (eventually with the contents of the old Joomla and Wordpress installations) as well as the AmigaOS documentation wiki, the support forum and the (main) mail server.

For that reason, the existing bugzilla stuff on “staging” got removed again. The following is therefore only for future reference as soon as the internal server is to be done.

Configuration for

Drupal server configuration

Configuration for

Phabricator server configuration

Will eventually replace Bugzilla. Only basic installation done yet.

Configuration for

start.txt · Last modified: 2016/10/12 21:38 by