Ever since google started to love https sites, more mass installation of SSLs is required where possible. In general, in addition to more harassment for servers, we also have a degradation in speed. It's good, that HTTP2 the standard has been integrated in all major http servers and browsers for over a year and a half and its support is stable enough. Unfortunately debian stable does not have packages that support HTTP2 in the main http servers. The versions we need for HTTP2 to work are as follows:

For me the mix is ​​big and depending depends on apache or nginx. I haven't played playing debian's apache http2 yet 8 since I didn't have to but in backports the repo is like that, that won't be a big deal. For nginx has already played it several times. In general, the steps are several and relatively simple:

  1. We add the nginx official repo – in debian the version is 1.6.x 🙄
  2. Installing openssl from backports is currently 1.0.2k – this is what we need for ALPN maintenance so that everything can work and be fast
  3. we install our devscripts – here is the moment to share that we will build our package because the official one is compiled with openssl 1.0.1t where ALPN does not work and the browsers do not respond well and the http2 works only if you force it
  4. we increment the version so as not to hold the gypsies with the packages and when there is a new version only to sync sources

Let's start step by step

Add nginx repo

deb http://nginx.org/packages/debian/ codename nginx
deb-src http://nginx.org/packages/debian/ codename nginx

Adding openssl 1.0.2k and the dev library otherwise we will build it again with 1.0.1t which is not our goal

echo 'deb http://ftp.debian.org/debian jessie-backports main' | tee /etc/apt/sources.list.d/backports.list

apt update && apt install libssl-dev -t jessie-backports


Now it remains to add the libraries needed to compile nginx

apt install devscripts

apt build-dep nginx

mkdir nginx-build

cd nginx-build

apt-get source nginx

If you have worked correctly you must have a structure like

~/nginx-build # ll
total 1004
drwxr-xr-x 10 root root   4096 Feb 21 18:37 nginx-1.10.3
-rw-r--r--  1 root root 103508 Jan 31 17:59 nginx_1.10.3-1~jessie.debian.tar.xz
-rw-r--r--  1 root root   1495 Jan 31 17:59 nginx_1.10.3-1~jessie.dsc
-rw-r--r--  1 root root 911509 Jan 31 17:59 nginx_1.10.3.orig.tar.gz

You enter a folder in which the source of nginx is unzipped, in my case it is also nginx-1.10.3 you execute a command with which you increment the version, I personally prefer to add 1 to the current build

debchange --newversion 1.10.3-1

After adding the changelog of your choice, you can proceed to the actual compilation

debuild -us -uc -i -I -b -j6

A little explanation of the command configuration:

-us -uc tell the script not to “signs” .dsc and .changes files. -i and -I cause the script to ignore version control files. -B to generate only a binary package. -j as in make with how many parallel processes to compile 🙂


Once the above process is complete, we should install our new packages. If you already have nginx installed, it's a good idea to uninstall it

apt remove nginx nginx-*

It's also a good idea to back up the nginx folder in / etc. Basically when upgrading from 1.6.5 to 1.10.3 I had no dramas but you never know. The new packs are located in the top-level folder and should be installed with a command such as:

dpkg -i ../*.deb

If everything went smoothly, all you have to do is run the nginx process and configure http2, which is no longer the goal of this article..

I experienced a little drama with the disk on my laptop. After fixing the problem with apt-get update, the following extremely unpleasant end of the process was shining

E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/debian.ipacct.com_debian_dists_sid_contrib_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.

As usual the problem is extremely obvious /var/lib/apt/lists/debian.ipacct.com_debian_dists_sid_contrib_binary-i386 cannot be read correctly. The fix is ​​as simple as the diagnosis of the problem itself:

 rf -f /var/lib/apt/lists/*

In the end, the result is forced synchronization of apt.

My favorite text editor is Geany. It is very minimalist HERE which supports a huge set of languages – shell, php, python, C … etc. It has automatic finishing and at the same time it is very agile. It lacks some other pleasant opportunity, but at the moment it is more than enough for me. I started an online course Python Programming на SoftUni – to refresh my knowledge and upgrade it because I have not adequately monitored what is happening with python 3. The lecturers of the course recommend PyCharm as an IDE for pyton programming, but I do not like it, of course I use Geany for the exercises.

During the lectures I felt painfully 2 lacks

  1. python autocomplete exhales from documentation of functions and methods
  2. no validation for pep8 standard

The good thing is that Geany is flexible enough to configure and can be easily supplemented by missing ones.. Sometimes add python documentation to our IDE:

  • we pull the following script somewhere in our PATH for example / usr / bin and don't forget to make it executable
  • edit the file ~ / .config / geany / filedefs / filetypes.python by adding the following line in the settings section context_action_cmd=pydocw %s. If there is only add the name of the binary from the previous step. We restart Geany if it is released.
  • We already have a context-action that will get you information about the function. I added a shortcut to make it more convenient as I do not understand any functionality. I like this approach a lot because I am very annoyed by the netbeans approach.

So far so good. Then I really want to have validation of the code I write – whether I write it according to generally accepted standards or I write some ugliness. Basically I found it again tutorials how things happen but it's a bit outdated – Geany has everything built into it, you just need to install the pep8 package. In Debian apt-get install pep8 works in the other distros you have to find out for yourself how the magic happens. In the Build menu, the second button (at least for me) is Lint after clicking it you will find how ugly code you have created 😀

Screenshot from 2016-01-11 20-42-21

Here's a general outline of how to make your Geany work better with Python while still being fast without making your CPU want to pull the bullet.

Because of some (not very clear reasons to me) I forgot to upgrade the postgresql daemon in the distribution upgrade on one of my Debian servers. The Postgresql daemon has the nice feature of not starting to use its new version (unlike Mysql) until we are convinced, that the new one is fully compatible with the launch – extremely useful in large databases. The update process itself is limited to the following 2 steps:

  • pg_dropcluster
  • pg_upgradecluster

The pg daemon must be stopped before you can drop the cluster!

pg_dropcluster 9.4 main

This command passes quickly, then we move on to the essential part – the upgrade itself

pg_upgradecluster 9.1 main
Disabling connections to the old cluster during upgrade...
Restarting old cluster with restricted connections...
Creating new cluster 9.4/main ...
config /etc/postgresql/9.4/main
data   /var/lib/postgresql/9.4/main
locale en_US.UTF-8
Flags of /var/lib/postgresql/9.4/main set as -------------e-C
port   5433
Disabling connections to the new cluster during upgrade...
Roles, databases, schemas, ACLs...
Fixing hardcoded library paths for stored procedures...
Upgrading database postgres...
Analyzing database postgres...
Fixing hardcoded library paths for stored procedures...
Upgrading database template1...
Analyzing database template1...
Fixing hardcoded library paths for stored procedures...
Upgrading database xpqt...
Analyzing database xpqt...
Re-enabling connections to the old cluster...
Re-enabling connections to the new cluster...
Copying old configuration files...
Copying old start.conf...
Copying old pg_ctl.conf...
Copying old server.crt...
Copying old server.key...
Stopping target cluster...
Stopping old cluster...
Disabling automatic startup of old cluster...
Configuring old cluster to use a different port (5433)...
Starting target cluster on the original port...
Success. Please check that the upgraded cluster works. If it does,
you can remove the old cluster with

pg_dropcluster 9.1 main

If everything went smoothly you should receive a message like the above which prompts you to get rid of the old data from pg.

pg_dropcluster 9.1 main

At the end of this tarpan, you can now start your process again. For me, the bases are small and unfortunately I can't estimate how long the significant upgrade takes..

The new one Debian Stable has been a fact for about a week and my hands were itching to upgrade my virtual machine next to it but I didn't have any time until today. Since my day started early, I decided to dedicate time to the upgrade. I changed my source list by changing wheezy to jessie

sed -i "s/wheezy/jessie/g" /etc/apt/sources.list && apt-get update

They thundered here 2 mirrors:

  • MariaDB – from this mirror no longer needs Jessie includes a version 10.0.6 in myself which I didn't like very much. After 5.5 michetodb and mysql are not quite compatible which is why at the moment I turned back to mysql 5.5.42 – it is the default in jessie
  • DotDeb – i used it before for php55 here is also redundant because jessie comes with 5.6.7-1

After I lost the unnecessary mirrors and turned from MariaDB to Mysql apt-get dist-upgrade went clean, reboot and I was already with Debian 8.0. I opened my web server and to my surprise it worked here, the story is long – in a few words my Nginx is further compiled from source with additional directives. dpkg -l nginx-full 1.2 mdaaa someone forgot to unhold-not the packages. Unhold and upgrade everything is according to plan nginx broke 😆 . Nginx works processing requests and the php-fpm process is up and runnign but the php code does not execute and does not spit errors 🙄 MY FAVORITE.

After some searching for information about the changes, I found the following passage

Fastcgi configuration issues ============================

nginx shipped a modified fastcgi_params, which declared SCRIPT_FILENAME fastcgi_param. This line has now been removed. From now on we are also shipping fastcgi.conf from the upstream repository, which includes a sane SCRIPT_FILENAME parameter value.

So, if you are using fastcgi_params, you can try switching to fastcgi.conf or manually set the relevant params.

Bingo. I changed the virtual hosts to use fastcgi.conf instead of making rough interventions and everything worked. Then I hit a quick diff to see the difference between the 2 configs

diff /etc/nginx/fastcgi_params /etc/nginx/fastcgi.conf
> fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

Which reminded me that pouring large configurations into virtual hosts is not a cool idea. It remains to recompile my Nginx again with the add-ons I want mod_sec + pagespeed but this can wait. It is far more important, that my rule is repeated if you do not have the review from 3rd sources and custom performances Debian does not break at dist-upgrade!

https://www.youtube.com/watch?v = gEQCny6zNF0