System Administration

Dropbox provides a wrapper package to download Dropbox for Linux if you want to run the latest Dropbox. It WILL NOT update Dropbox automagically. When an update to the software is available, you’ll get a popup window notifying you. The window has two buttons - ‘Exit Dropbox’ and ‘Update’. Choosing update brings you to the Dropbox for Linux page which does nothing for you, Instead, you need to:

1. Exit Dropbox.
2. Delete the directory ~/.dropbox-dist (or rename it id you’re not comfortable deleting it). This directory contains only the program files, not your files or settings.
3. Restart Dropbox. The updated version should now download.

FYI - the download page also contains instructions for a headless istall via command line on a server.

My Macbook pro died and I decided a get a shiny new Windows laptop that I could convert to a Linux laptop. I partitioned the disk and created a dual boot with Linux Mint and Windows. Linux Mint installled like a champ and has been running happily ever since. I don’t think I have booted to Windows but twice in the last year.

Moving to a new OS did mean that I needed to rewrite some of the scripts I use on a regular basis. One of the scripts updates DNS records at Linode with my current IPv4 and IPv6 WAN addresses and is run as a cron job. It’s a bash script I first wrote about here. The updated script can be found here.

Ah, the trials and tribulations of upgrading Debian 12 Bookworm to Debian 13 Trixie! I learned a valuable lesson this weekend with the update - always read the apt listchanges email. Always.

The upgrade itself went smoothly with no errors during the packages upgrading/installing. I run three main services on my server - nginx, exim, and dovecot. On reboot, all three had issues with the upgraded packages.

nginx

I received the following error in my nginx error.log:

For quite a while, I’ve been getting the “nf_conntrack: automatic helper assignment is deprecated and it will be removed soon” warning at boot. So I can’t say I was too surprised when I started getting “kernel: nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.”

Back in January/February 2017 there was a post on the Linux-Kernel mailing list submitting a patch to print out the warning so firewall admins would at least have notice. As best as I can tell from reading a ton of stuff, the warning is logged if a packet which would have otherwise traversed your firewall didn’t because there was no helper available. More information can be found at Secure use of iptables and connection tracking helpers.

Noticed these lines in journalctl when nginx didn’t start after a reboot:

Dec 10 17:43:30 mail1 nginx[3485]: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/etc/letsencrypt/live/www.example.com/fullchain.pem"
Dec 10 17:43:30 mail1 nginx[3485]: nginx: [emerg] bind() to [<IPv6 address>]:80 failed (99: Cannot assign requested address)
Dec 10 17:43:30 mail1 nginx[3485]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Unit entered failed state.
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Dec 10 17:52:35 mail1 systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument

Hmmm…