Upgrading an Apache or Nginx webserver from Ubuntu 16.04 Xenial to Ubuntu 18.04 Bionic

beaver_bg_16x9_web.jpg

In this article we will go through your options for upgrading your webserver to the latest version of Ubuntu.

The "old" Ubuntu Xenial is a Long Term Support release, which is officially supported until 2021, while Ubuntu Bionic is supported til 2023. This essentially means that at the time of writing (2018) you have lots of time to do the upgrade, or you can even skip this version of Ubuntu entirely and go for the next Ubuntu LTS release in 2020.

The (probably) easiest way:
Just migrate your website / application

Here we will just be creating a new server based on a Ubuntu Bionic image and migrate our website / app data as we would do when moving between any two servers.

Pre-requisites

  1. You have access to control DNS for any domains that point to your server
  2. You don't need to, or it would be easy to migrate core components or special server configuration

Usually this approach is the easiest. You will have to judge what is right for you.

Set up a new Ubuntu Bionic server and copy your data

With Webdock it is easy to get a fresh LAMP (Apache) or LEMP (Nginx) webserver based on Ubuntu Bionic. Simply create a server, and you are ready to go.

Usually it is easy to migrate a standard website. Your configuration may differ, so this guide may not be right for you, but in general the steps are:

Pro hackers might do it this way:

  1. SSH in to your server and go to /var/www/html
  2. Run
    mysqldump -u USER -pPASSWORD DATABASENAME > mydb.sql
  3. Run
    zip -r mysite.zip .
  4. Now SSH in to your new server and go to /var/www/html
  5. Run
    wget https://mywebsiteaddress.host.webdock.io/mysite.zip
  6. Unzip all your data
    unzip mysite.zip; rm ./mysite.zip;
  7. Set correct ownership of files
    chown -R www-data:www-data .
  8. Import your database
    mysql -u USER -pPASSWORD DATABASENAME < mydb.sql
    Remember this is the username and password on the NEW server.
  9. Remember to delete the sql dump
    rm ./mydb.sql
  10. Update your website config with the new database name, user and password
  11. Now point your DNS records to your new server, set your server identity and re-generate SSL certificates

Alternatively:

Simply download your files using FTP and export your DB data using PHPMyadmin and then transfer it to your new server. This will be a lot slower than the method above.

Remember to update your website configuration to use the new database credentials, point over your DNS to the new server and re-generate SSL certificates.

The riskier / harder way: Upgrade your system

This guide works for Webdock LAMP/LEMP server stacks. Your results may vary.

With Webdock it is easy to do this in a safe manner. What you would do is make a new snapshot of your existing webserver. Next you would create a new server based on this image. Now you have a staging server on which you can run the upgrade and make sure everything works.

Next you can re-do the steps on your live system if you feel brave, or you can simply take a new snapshot of your staging server and use that to restore your live server. If you have done everything correctly, you should now see no more than ~2-5 seconds of downtime while your live server reboots after being restored.

Start the upgrade

We are opening port 1022 as when you are doing the upgrade over SSH the upgrade tool will open an emergency SSH connection on that port in case anything goes wrong.

apt update; apt install update-manager-core -y; ufw allow 1022; do-release-upgrade -d; 

Answer the questions on-screen

...

If you continue, an additional ssh daemon will be started at port 
'1022'. 
Do you want to continue? 

Continue [yN] <--y
...

Starting additional sshd 

To make recovery in case of failure easier, an additional sshd will 
be started on port '1022'. If anything goes wrong with the running 
ssh you can still connect to the additional one. 
If you run a firewall, you may need to temporarily open this port. As 
this is potentially dangerous it's not done automatically. You can 
open the port with e.g.: 
'iptables -I INPUT -p tcp --dport 1022 -j ACCEPT' 

To continue please press [ENTER] <--ENTER
...

Third party sources disabled 

Some third party entries in your sources.list were disabled. You can 
re-enable them after the upgrade with the 'software-properties' tool 
or your package manager. 

To continue please press [ENTER] <--ENTER

Here you can hit d to see which packages will be removed from the system. It is generally a good idea to do so, so you know what you might need to re-install later. Hit q to return to the upgrade.

Fetching and installing the upgrade can take several hours. Once the 
download has finished, the process cannot be canceled. 

 Continue [yN]  Details [d] <--y
 ┌────────────────────────────────┤ Configuring openssh-server ├────────────────────────────────┐      
 │ sshd_config: A new version (/tmp/file89l4Ov) of configuration file /etc/ssh/sshd_config is   │      
 │ available, but the version installed currently has been locally modified.                    │      
 │                                                                                              │      
 │ What do you want to do about modified configuration file sshd_config?                        │      
 │                                                                                              │      
 │                     install the package maintainer's version                                 │      
 │                     keep the local version currently installed                               │      
 │                     show the differences between the versions                                │      
 │                     show a side-by-side difference between the versions                      │      
 │                     start a new shell to examine the situation                               │      
 │                                                                                              │      
 │                                                                                              │      
 │                                            <Ok> 

If you are using Nginx, you will be asked this question:

 Configuration file '/etc/nginx/nginx.conf'
  ==> Modified (by you or by a script) since installation.
  ==> Package distributor has shipped an updated version.
    What would you like to do about it ?  Your options are:
     Y or I  : install the package maintainer's version
     N or O  : keep your currently-installed version
       D     : show the differences between the versions
       Z     : start a shell to examine the situation
  The default action is to keep your current version.
 *** nginx.conf (Y/I/N/O/D/Z) [default=N] ? <--ENTER
 ┌────────────────────────────────┤ Configuring unattended-upgrades ├────────────────────────────────┐   
 │ A new version (/etc/apt/apt.conf.d/50unattended-upgrades.ucftmp) of configuration file            │   
 │ /etc/apt/apt.conf.d/50unattended-upgrades is available, but the version installed currently has   │   
 │ been locally modified.                                                                            │   
 │                                                                                                   │   
 │ What do you want to do about modified configuration file 50unattended-upgrades?                   │   
 │                                                                                                   │   
 │                       install the package maintainer's version                                    │   
 │                       keep the local version currently installed                                  │   
 │                       show the differences between the versions                                   │   
 │                       show a side-by-side difference between the versions                         │   
 │                       show a 3-way difference between available versions                          │   
 │                       do a 3-way merge between available versions                                 │   
 │                       start a new shell to examine the situation                                  │   
 │                                                                                                   │   
 │                                                                                                   │   
 │                                              <Ok>   

Here you can hit d to see which packages will be removed from the system. It is generally a good idea to do so, so you know what you might need to re-install later. Hit q to return to the upgrade.

Remove obsolete packages? 

55 packages are going to be removed. 

 Continue [yN]  Details [d] <--y
Restart required 

To finish the upgrade, a restart is required. 
If you select 'y' the system will be restarted. 

Continue [yN] <--y

You will now be disconnected. You can ping your server to watch when it comes back up - a Webdock server should come up in -10 seconds.

Close the firewall port we opened earlier

ufw deny 1022

Re-enable unattended security upgrades

cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
"Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
//
};
EOF

Re-install packages which are typically removed during the upgrade

We have to add our PPAs again as the ones on the system point to Xenial packages

add-apt-repository ppa:certbot/certbot -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:ondrej/apache2 -y
apt-add-repository ppa:ondrej/php -y

If you are using a different version of PHP on your server, you should of course replace the version number here with what you are using

apt update; apt upgrade -y; apt autoremove -y; apt install php-imagick php7.2-curl -y;

# if you are using Nginx

apt install python-certbot-nginx -y

# if you are using Apache

apt install python-certbot-apache -y

Answer the questions on screen

You may want to install the new versions of the php.ini files, but be aware this might break your php application

    ┌────────────────────────────────┤ Modified configuration file ├────────────────────────────────┐      
    │ php.ini: A new version (/usr/lib/php/7.2/php.ini-production.cli) of configuration file        │      
    │ /etc/php/7.2/cli/php.ini is available, but the version installed currently has been locally   │      
    │ modified.                                                                                     │      
    │                                                                                               │      
    │ What do you want to do about modified configuration file php.ini?                             │      
    │                                                                                               │      
    │                     install the package maintainer's version                                  │      
    │                     keep the local version currently installed                                │      
    │                     show the differences between the versions                                 │      
    │                     show a side-by-side difference between the versions                       │      
    │                     start a new shell to examine the situation                                │      
    │                                                                                               │      
    │                                                                                               │      
    │                                            <Ok>    
    ┌────────────────────────────────┤ Modified configuration file ├────────────────────────────────┐      
    │ php.ini: A new version (/usr/lib/php/7.2/php.ini-production) of configuration file            │      
    │ /etc/php/7.2/fpm/php.ini is available, but the version installed currently has been locally   │      
    │ modified.                                                                                     │      
    │                                                                                               │      
    │ What do you want to do about modified configuration file php.ini?                             │      
    │                                                                                               │      
    │                     install the package maintainer's version                                  │      
    │                     keep the local version currently installed                                │      
    │                     show the differences between the versions                                 │      
    │                     show a side-by-side difference between the versions                       │      
    │                     start a new shell to examine the situation                                │      
    │                                                                                               │      
    │                                                                                               │      
    │                                            <Ok>  

Restart PHP-FPM and your web server

If you are using Nginx

systemctl restart php7.2-fpm; systemctl restart nginx;

If you are using Apache

systemctl restart php7.2-fpm; systemctl restart apache2;

Your server is now upgraded!

Your server is now upgraded and you should test that everything works. You should also be aware that when upgrading like this, the new way of configuring network interfaces - Netplan more information here - will not be active and your network config is left unchanged in /etc/network/interfaces.

Webdock has auto-detection if how networks are managed in your container, so migrating this container across the Webdock platform will work just fine.

We can upgrade your server for you

Be in touch with Webdock support and we will sort out a custom Service Level Agreement that works for you!