Scribbles for my bad memory

You must have known that I just migrated this blog site to a VPS hosted on oracle cloud, while this wiki page is too brief to get a workable environment easily.

Here is the note for this migration.

1. sudo -i
2. Install packages that chyrp will need

    apt install php8.1 php8.1-xml php8.1-fpm php8.1-mysql php8.1-mbstring mysql-server nginx certbot python3-certbot-nginx

3. Set a password for 'root'@'localhost' account on this new mysql server

    ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_new_password';
    FLUSH PRIVILEGES;

4. Run mysql_secure_installation to

• Remove anonymous users
• Disallow root login remotely
• Remove test database and access to it

5. Create a common user for the blog database, and the blog database

    CREATE USER 'blog'@'localhost' IDENTIFIED BY 'superdifficultpassword';
    GRANT ALL PRIVILEGES ON blog.* To 'blog'@'localhost' WITH GRANT OPTION;
    FLUSH PRIVILEGES;
    CREATE DATABASE `blog` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci */ /*!80016 DEFAULT ENCRYPTION='N' */;

6. Put .my.cnf with the following content in home directory

[client]
user=blog
password=yoursuperdifficultpassword
host=localhost

7. Restore the database backup

    mysql blog < blog_20230408-030501.sql

8. Setup nginx and https certificate with certbot
9. Setup renew the certificate by crontab

SHELL=/usr/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
15 0 * * * /usr/bin/certbot --nginx renew > /dev/null

10. Restore previous installation, overwrite with the latest version, do the upgrade, that's it!

answer:

1. Edit the file /etc/systemd/system/multi-user.target.wants/tailscaled.service,
2. Add the line "LogLevelMax=3" in the [Service] section.
3. systemctl daemon-reload
4. systemctl restart tailscaled

Reference

In short,

sudo vim /etc/systemd/logind.conf

Find and uncomment the following lines, and change the values

HandleLidSwitch=lock
HandleLidSwitchExternalPower=lock
HandleLidSwitchDocked=ignore

Save and exit, and 

sudo systemctl restart systemd-logind

You might be surprised why I am using MSYS2 so much these days. In short, my new job doesn't allow me to use Linux at work. I cannot bear the CMD.EXE and PWSH.EXE, they might be great tools for someone else, but definitely not for me.

1. If you visit a shared folder like /c/vagrant, you will get the infamous Too many levels of symbolic links error message. Fortunately, we have a solution: add a new user Environment variable MSYS=nonativeinnerlinks. I assume you know how to add a user environment to the windows system. If it doesn't take effect, save your current work and reboot. I didn't reboot my Windows 11 VM, but I did have restarted the Windows terminal application to ensure the new MSYS2 terminal will work with the links!
2. If you prefer using Git for windows in MSYS2 but don't want to install GitBash because GitBash is also built on MSYS2, Install Git for windows inside MSYS2 will help you! BTW, git_bash_for_windows_is_based_on_msys2_why_not is another very good reference for this topic. I actually got the previous link from the latter article.
3. Change the home directory to /c/Users/your-name. If you copy from the following, don't forget to change david.wei to your Windows username.

$ cat /etc/nsswitch.conf
# Begin /etc/nsswitch.conf
passwd: db
group: db
db_enum: cache builtin
#db_home: cygwin desc
db_home: env windows /c/Users/david.wei
db_shell: cygwin desc
db_gecos: cygwin desc
# End /etc/nsswitch.conf

4. If you run cmd.exe in a msys2 terminal, that %PATH% environment will inherit from the PATH environment in the current bash session.
5. put export MSYS="winsymlinks:lnk" into your .bashrc to get a similar behaviour when you do ln -s Reference

tl;dr

The root cause is that the default route was not set to the router's IP address.

My journey to resolve the issue:

The issue is that port mapping can work with my raspberry pi while it couldn't work with a virtual machine in the same LAN. I firstly think it must be a bug from the router. I upgrade the router to its latest firmware, but it still doesn't work. I google back and forth, I learned much from all kinds of answers, but they were just not my case. I almost decided to give up.

Then I found the following answer from E. van Putten, he answered this question and nobody gave his answer a "Like"!!!

In case you landed on this page because you can't reach a server running inside a Xen Guest from the internet (but can connect locally), then read on...

1. The fritzbox can get confused by different OS'es appearing from the same MAC-address etc. (could happen while you are setting up / experimenting with Xen)
2. The fritzbox has seemingly duplicate entries in the list, but with different settings, you need to delete the portmap from the incorrect entry, cleanup the list and reapply the portmap settings.
3. It might be that your guest OS has no default gateway IP-address set. You'd expect a default gateway set to the local IP-address of your fritzbox.

The symptoms of a missing default gateway is that your LAN PCs can access the server running inside the guest just fine, but external users from the internet cannot connect.

He gave three possible causes, and my case is the third one! here's my solution

opts = {
    :name => "yt-gateway",
    :ip => "192.168.178.173",
    :mem => "1024",
    :cpu => "1"
}
Vagrant.configure("2") do |config|
  config.vm.box = "bento/ubuntu-20.04"
  config.vm.hostname = opts[:name]
  config.vm.network :public_network, ip: opts[:ip], bridge: "eno1"
  config.vm.provision "shell", run: "always", inline: "route add default gw 192.168.178.1 || true"
  config.vm.provider "virtualbox" do |v|
    v.name = opts[:name]
    v.customize ["modifyvm", :id, "--memory", opts[:mem]]
    v.customize ["modifyvm", :id, "--cpus", opts[:cpu]]
    v.customize ["modifyvm", :id, "--name", opts[:name]]
  end
end

I love you E. van!