Freitag, 13. Februar 2026

Yunohost Peertube Setup Wasabi S3 Storage

Der Storage kann nicht in der Admin-Oberfläche von Peertube eingestellt werden, es muss auf die Konsole zurückgeriffen werden. Ich habe die Installation mit Yunohost durchgeführt, hier wird erwähnt, dass man die Konfiguration updatefähig macht, in dem man eine neue Datei /var/www/peertube/config/local.yaml anlegt. Wir direkt die /var/www/peertube/config/production.yaml bearbeitet wird das beim nächsten Update überschrieben

Wasabi konfigurieren

Zuerst lege ich den bucket "peertube-data" an, dann in meinem Wasabi-Account eine neue Richtlinie an, sodass wenn aus irgend einem Grund meine Konfigurationsdatei nach außen geht nur der Zugriff auf den einen S3 Bucket frei ist und nicht auf alle Buckes in meinem Account. 


{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": "s3:*",

      "Resource": [

        "arn:aws:s3:::peertube-data/*",

        "arn:aws:s3:::peertube-data"

      ]

    }

  ]

}

Dann lege ich den user peertube an und weise ihm nur diese eine Richtlinie zu. 


Peertube konfigurieren

 per ssh auf den Server, Datei anlegen 


vi /var/www/peertube/config/local.yaml


und dann folgenden Inhalt einfügen, in meinem Beispiel für den eu-central-2 (Frankfurt) Speicher von Wasabi:


object_storage:

  enabled: true

  endpoint: 's3.eu-central-2.wasabisys.com'

  region: 'eu-central-2'

  credentials:

    access_key_id: '<<access-key-id>>'

    secret_access_key: '<<long-secret-access-key>>'


  videos:

    bucket_name: 'peertube-data'

    prefix: 'videos/'


  streaming_playlists:

    bucket_name: 'peertube-data'

    prefix: 'streaming-playlists/'


  user_exports:

    bucket_name: 'peertube-data'

    prefix: 'user-exports/'


  original_video_files:

    bucket_name: 'peertube-data'

    prefix: 'original-video-files/'


  captions:

    bucket_name: 'peertube-data'

    prefix: 'captions/'



Die Prefixe kann man auch auslassen, mir gefällts besser weil es dann im Bucket schön strukturiert ist. 

Jetzt die Rechte korrekt setzen, dann yunohost neu starten und während man ein Video hochlädt schauen ob ein fehler im Log auftaucht:

chown peertube:www-data /var/www/peertube/config/local.yaml
systemctl restart peertube
journalctl -u peertube -f

Wenn ein Fehler Auftritt, dann sieht man es nachdem die Transkodierung des Videos abgeschlossen ist im Video, wo steht, dass das Video nicht verschoben werden konnte oder im Log. 

Wenn alles passt schauts so aus:

...
info: Creating job to send video creation of https://tube.srv.com/videos/watch/bd77446b-2a00-4a11-8c2b-69a9faa1299f.                                                                                                                                                                 
info: Creating job to send announce https://tube.srv.com/videos/watch/bd77446b-2a00-4a11-8c2b-69a9faa1299f/announces/3.                                                                                                                                                              
info: Creating job to send announce https://tube.srv.com/videos/watch/bd77446b-2a00-4a11-8c2b-69a9faa1299f/announces/1.                                                                                                                                                              
info: Notifying user usr of the publication of its video https://tube.srv.com/videos/watch/bd77446b-2a00-4a11-8c2b-69a9faa1299f.       

...


Quellen:

https://docs.wasabi.com/docs/how-do-i-set-up-wasabi-for-user-access-separation

Eingestellt von um Keine Kommentare:

Dienstag, 2. September 2025

Fixing “no shared cipher” with OpenVPN on Ubuntu 24.04 (NetworkManager)

Solution

If your VPN stopped working after upgrading to Ubuntu 24.04 and logs say “Data channel cipher negotiation failed (no shared cipher)”, set the data-ciphers list on your NetworkManager VPN connection to include both modern AEAD and legacy CBC ciphers.

(works bestwhen you can’t change the OpenVPN server. If youre just working with one server its easyer to change cipher on Server to a GCM-cypher because thats default from version 2.5 on in openvpn)

Add a universal cipher list:

nmcli connection modify "YOUR_VPN" +vpn.data "data-ciphers=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC:AES-128-CBC"

Reconnect:

nmcli connection down "YOUR_VPN"

nmcli -w 60 connection up "YOUR_VPN" --ask

Optional (security warning fix):

nmcli connection modify "YOUR_VPN" +vpn.data "remote-cert-tls=server"


In many environments this single change is enough. Do not add compat-mode or data-ciphers-fallback via NetworkManager; those options are not supported there and can prevent the connection from starting.


Background


Ubuntu 24.04 ships OpenVPN 2.6. Defaults changed to AEAD ciphers (AES-GCM/ChaCha20), while many servers still require CBC (e.g., AES-128-CBC or AES-256-CBC).


NetworkManager’s OpenVPN plugin in 24.04 does not support compat-mode or data-ciphers-fallback, so adding those options breaks the profile.


Symptom in logs


AUTH: Received control message: AUTH_FAILED, Data channel cipher negotiation failed (no shared cipher)


Reference: Step-by-step fix and troubleshooting


Verify current VPN settings (NetworkManager)


Show OpenVPN key/values:

nmcli -f connection.id,type,vpn.data connection show "YOUR_VPN"


If you see compat-mode or data-ciphers-fallback in vpn.data, remove them:

nmcli connection modify "YOUR_VPN" -vpn.data "compat-mode=2.4"

nmcli connection modify "YOUR_VPN" -vpn.data "data-ciphers-fallback=AES-128-CBC"


Set the cipher list (works for both modern and legacy servers)


Recommended universal list:

nmcli connection modify "YOUR_VPN" +vpn.data "data-ciphers=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC:AES-128-CBC"


If your server explicitly requires a specific CBC cipher/HMAC and may have NCP disabled, set them explicitly too:


nmcli connection modify "YOUR_VPN" +vpn.data "cipher=AES-128-CBC,auth=SHA256"


Replace AES-128-CBC/SHA256 with what your server actually uses (e.g., AES-256-CBC, SHA512).


Fix common warnings and file permission issues


Remove “group or others accessible” warnings and avoid AppArmor denials by moving certs/keys out of $HOME and locking permissions:


sudo mkdir -p /etc/NetworkManager/openvpn-certs

sudo cp /path/to/ca.pem /etc/NetworkManager/openvpn-certs/

sudo cp /path/to/cert.pem /etc/NetworkManager/openvpn-certs/

sudo cp /path/to/cert.key /etc/NetworkManager/openvpn-certs/

sudo chmod 600 /etc/NetworkManager/openvpn-certs/*


Update your VPN profile to point to these new paths:


nmcli connection modify "YOUR_VPN" +vpn.data "ca=/etc/NetworkManager/openvpn-certs/ca.pem,cert=/etc/NetworkManager/openvpn-certs/cert.pem,key=/etc/NetworkManager/openvpn-certs/cert.key"


Enable server cert verification to remove the MITM warning:


nmcli connection modify "YOUR_VPN" +vpn.data "remote-cert-tls=server"


Optionally enforce modern TLS:


nmcli connection modify "YOUR_VPN" +vpn.data "tls-version-min=1.2"


Reconnect and watch logs live


Reconnect:

nmcli connection down "YOUR_VPN"

nmcli -w 60 connection up "YOUR_VPN" --ask


Live logs:

sudo journalctl -b -u NetworkManager -t nm-openvpn -n 100 -f


or only the tag, simplified:

sudo journalctl -f -t nm-openvpn -o cat


If you still see “no shared cipher,” double‑check that:


The cipher in data-ciphers actually matches what the server allows (e.g., AES-128-CBC).

If the server disables NCP, you may need to set both cipher and auth explicitly (see step 2).

Your keys/certs are readable by root-only (600) and accessible (no AppArmor denials).


Alternative: Use the native OpenVPN client (bypass NetworkManager)

But be aware no gui is availible out of the box. 

If you want to avoid NetworkManager quirks entirely, you can run OpenVPN directly.


Run:

sudo openvpn --config /etc/openvpn/client/your.conf


Notes and caveats


NetworkManager OpenVPN plugin in Ubuntu 24.04 does not support compat-mode and data-ciphers-fallback; adding them stops the connection from starting.


The simplest reliable fix within NM is to set data-ciphers to a list that includes the server’s CBC option.


If you manage the server, consider migrating to AEAD (AES-GCM/ChaCha20-Poly1305). It’s safer and faster, and aligns with OpenVPN 2.6 defaults.


 

Eingestellt von um Keine Kommentare:

Freitag, 29. August 2025

ThinkPad X1 Yoga Gen 7 mit Intel MBIM [8086:7560] funktioniert jetzt unter Ubuntu 24.04! LTE WWAN Modul

Problem

Modem konnte nicht aktiviert werden:

Aug 29 11:35:39 TPX1 ModemManager[2856]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'


Aug 29 11:35:39 TPX1 ModemManager[2856]: <wrn> [modem0] failed enabling modem: Invalid transition


Aug 29 11:35:39 TPX1 ModemManager[2856]: <msg> [modem0] state changed (enabling -> disabled)


Aug 29 11:35:39 TPX1 ModemManager[2856]: <wrn> [modem0] failed waiting for enabled state: disabled


Aug 29 11:35:39 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:39 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (3/10): enable


Aug 29 11:35:39 TPX1 ModemManager[2856]: <msg> [modem0] state changed (disabled -> enabling)


Aug 29 11:35:39 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:39 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled


Aug 29 11:35:41 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:41 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:41 TPX1 ModemManager[2856]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'


Aug 29 11:35:41 TPX1 ModemManager[2856]: <wrn> [modem0] failed enabling modem: Invalid transition


Aug 29 11:35:41 TPX1 ModemManager[2856]: <msg> [modem0] state changed (enabling -> disabled)


Aug 29 11:35:41 TPX1 ModemManager[2856]: <wrn> [modem0] failed waiting for enabled state: disabled


Aug 29 11:35:41 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:41 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (3/10): enable


Aug 29 11:35:41 TPX1 ModemManager[2856]: <msg> [modem0] state changed (disabled -> enabling)


Aug 29 11:35:41 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:41 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled


Aug 29 11:35:43 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:43 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:43 TPX1 ModemManager[2856]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'


Aug 29 11:35:43 TPX1 ModemManager[2856]: <wrn> [modem0] failed enabling modem: Invalid transition


Aug 29 11:35:43 TPX1 ModemManager[2856]: <msg> [modem0] state changed (enabling -> disabled)


Aug 29 11:35:43 TPX1 ModemManager[2856]: <wrn> [modem0] failed waiting for enabled state: disabled


Aug 29 11:35:43 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:43 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (3/10): enable


Aug 29 11:35:43 TPX1 ModemManager[2856]: <msg> [modem0] state changed (disabled -> enabling)


Aug 29 11:35:43 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:43 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled


Aug 29 11:35:45 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:45 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:45 TPX1 ModemManager[2856]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'


Aug 29 11:35:45 TPX1 ModemManager[2856]: <wrn> [modem0] failed enabling modem: Invalid transition


Aug 29 11:35:45 TPX1 ModemManager[2856]: <msg> [modem0] state changed (enabling -> disabled)


Aug 29 11:35:45 TPX1 ModemManager[2856]: <wrn> [modem0] failed waiting for enabled state: disabled


Aug 29 11:35:45 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:45 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (3/10): enable


Aug 29 11:35:45 TPX1 ModemManager[2856]: <msg> [modem0] state changed (disabled -> enabling)


Aug 29 11:35:45 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:45 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled


Aug 29 11:35:47 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:47 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:47 TPX1 ModemManager[2856]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'


Aug 29 11:35:47 TPX1 ModemManager[2856]: <wrn> [modem0] failed enabling modem: Invalid transition


Aug 29 11:35:47 TPX1 ModemManager[2856]: <msg> [modem0] state changed (enabling -> disabled)


Aug 29 11:35:47 TPX1 ModemManager[2856]: <wrn> [modem0] failed waiting for enabled state: disabled


Aug 29 11:35:47 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:47 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (3/10): enable


Aug 29 11:35:47 TPX1 ModemManager[2856]: <msg> [modem0] state changed (disabled -> enabling)


Aug 29 11:35:47 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:47 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled


Aug 29 11:35:49 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:49 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:49 TPX1 ModemManager[2856]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'


Aug 29 11:35:49 TPX1 ModemManager[2856]: <wrn> [modem0] failed enabling modem: Invalid transition


Aug 29 11:35:49 TPX1 ModemManager[2856]: <msg> [modem0] state changed (enabling -> disabled)


Aug 29 11:35:49 TPX1 ModemManager[2856]: <wrn> [modem0] failed waiting for enabled state: disabled


Aug 29 11:35:49 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:49 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (3/10): enable


Aug 29 11:35:49 TPX1 ModemManager[2856]: <msg> [modem0] state changed (disabled -> enabling)


Aug 29 11:35:49 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:49 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled


Aug 29 11:35:51 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:51 TPX1 ModemManager[2856]: <wrn> [modem0] Busy


Aug 29 11:35:51 TPX1 ModemManager[2856]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'


Aug 29 11:35:51 TPX1 ModemManager[2856]: <wrn> [modem0] failed enabling modem: Invalid transition


Aug 29 11:35:51 TPX1 ModemManager[2856]: <msg> [modem0] state changed (enabling -> disabled)


Aug 29 11:35:51 TPX1 ModemManager[2856]: <wrn> [modem0] failed waiting for enabled state: disabled


Aug 29 11:35:51 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:51 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (3/10): enable


Aug 29 11:35:51 TPX1 ModemManager[2856]: <msg> [modem0] state changed (disabled -> enabling)


Aug 29 11:35:51 TPX1 ModemManager[2856]: <msg> [modem0] simple connect started...


Aug 29 11:35:51 TPX1 ModemManager[2856]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled

Lösung

git clone https://github.com/lenovo/lenovo-wwan-unlock.git
cd lenovo-wwan-unlock
chmod +x fcc_unlock_setup.sh
./fcc_unlock_setup.sh


Hintergrund: Lenovo hat dafür erst vor kurzem das Tool veröffentlicht, nun läufts endlich!

journalctl -u ModemManager -f

Aug 29 11:42:56 TPX1 ModemManager[11521]: <msg> [modem0/wwan0mbim0/mbim] MBIM device is not QMI capable

Aug 29 11:42:57 TPX1 ModemManager[11521]: <wrn> [modem0] couldn't load SUPL server: Operation not supported

Aug 29 11:42:57 TPX1 ModemManager[11521]: <msg> [modem0] state changed (unknown -> disabled)

Aug 29 11:42:57 TPX1 ModemManager[11521]: <msg> [modem0] state changed (disabled -> enabling)

Aug 29 11:42:57 TPX1 ModemManager[11521]: <msg> [modem0] simple connect started...

Aug 29 11:42:57 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled

Aug 29 11:42:57 TPX1 ModemManager[11521]: <wrn> [modem0] Busy

Aug 29 11:43:02 TPX1 ModemManager[11521]: <wrn> [fcc unlock dispatcher] forcing exit on fcc unlock operation

Aug 29 11:43:02 TPX1 ModemManager[11521]: <wrn> [modem0] Busy

Aug 29 11:43:02 TPX1 ModemManager[11521]: <wrn> [modem0] couldn't enable interface: 'Invalid transition'

Aug 29 11:43:02 TPX1 DPR_Fcc_unlock_service[11542]: FCC unlock is success

Aug 29 11:43:05 TPX1 ModemManager[11521]: <wrn> [modem0] failed enabling modem: Invalid transition

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] state changed (enabling -> disabled)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <wrn> [modem0] failed waiting for enabled state: disabled

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] simple connect started...

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (3/10): enable

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] state changed (disabled -> enabling)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] simple connect started...

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (4/10): wait to get fully enabled

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] power state updated: on

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (unknown -> detached)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (detached -> unknown)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <wrn> [modem0] connection attempt cancelled

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] state changed (enabling -> enabled)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (5/10): wait after enabled

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP registration state changed (unknown -> idle)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (unknown -> detached)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <wrn> [modem0] couldn't load operator code: Current operator MCC/MNC is still unknown

Aug 29 11:43:05 TPX1 ModemManager[11521]: <wrn> [modem0] couldn't load operator name: Current operator name is still unknown

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (detached -> unknown)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (unknown -> detached)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (detached -> unknown)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (6/10): register

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (unknown -> detached)

Aug 29 11:43:05 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (detached -> unknown)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (unknown -> detached)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (detached -> unknown)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (unknown -> attached)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (attached -> unknown)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP registration state changed (idle -> registering)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP registration state changed (registering -> home)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] state changed (enabled -> registered)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] 3GPP packet service state changed (unknown -> attached)

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (7/10): wait to get packet service state attached

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (8/10): bearer

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (9/10): connect

Aug 29 11:43:06 TPX1 ModemManager[11521]: <msg> [modem0] state changed (registered -> connecting)

Aug 29 11:43:07 TPX1 ModemManager[11521]: <msg> [modem0] state changed (connecting -> connected)

Aug 29 11:43:07 TPX1 ModemManager[11521]: <msg> [modem0] simple connect state (10/10): all done



Quelle

https://github.com/lenovo/lenovo-wwan-unlock

Eingestellt von um Keine Kommentare:

Freitag, 13. Juni 2025

Upgrading XWiki to Version 17 on Ubuntu – Including Migration to Tomcat 10

In this post, I document how I successfully upgraded XWiki 16.10 to 17.4, including the switch from Tomcat 9 to Tomcat 10, resolving database connection issues, and ensuring proper operation behind a reverse proxy.

✨ Starting Point

  • Ubuntu server 22.04 running XWiki 16.10

  • Tomcat 9 and MariaDB 10.6 installed

  • XWiki operating behind a reverse proxy

  • Goal: Upgrade to XWiki 17 with an up-to-date environment and working proxy configuration. As 17 needs tomcat 10 we upgrade to ubuntu server 24.04

✅ Step-by-Step Guide

1. Prepare the System

apt update
apt upgrade
reboot
dpkg -l | grep -iE 'mysql|mariadb'
apt remove xwiki-tomcat9-mariadb
apt dist-upgrade
reboot
do-release-upgrade

2. Restore the XWiki Repository

After the release upgrade, the file xwiki-stable.list was moved to .distUpgrade in /etc/apt/sources.list.d/. To restore it:

mv xwiki-stable.list.distUpgrade xwiki-stable.list
apt update
apt upgrade

3. Install XWiki & Tomcat 10

apt install xwiki-tomcat10-mariadb

4. Verify Database Connection

Check if MariaDB is running and accessible:

systemctl status mariadb
mysql -u root

5. Update Hibernate Configuration

Edit /etc/xwiki/hibernate.cfg.xml and set the correct password for the XWiki MariaDB user, as the default password in the configuration does not work.

6. Restart Tomcat 10

systemctl restart tomcat10
systemctl status tomcat10

🌟 Running the Upgrade

Important: The URL wiki.mydomain.com did not resolve properly through the proxy. Accessing XWiki via the internal IP of the server was required:

http://10.11.12.1:8080/xwiki
http://10.11.12.1:8080/xwiki/bin/distribution/XWiki/Distribution?xredirect=

There, the upgrade was completed using the Distribution Wizard.

🔧 Configuring the Proxy Correctly

To ensure that XWiki runs smoothly behind the reverse proxy:

  • Edit /etc/tomcat10/server.xml accordingly (ProxyName, ProxyPort, etc.)

  • Optionally, restore the configuration from the previous Tomcat 9 setup or Proxmox backups

Example:

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           proxyName="wiki.mydomain.com"
           proxyPort="443"
           scheme="https"/>

🚀 Conclusion

Upgrading to XWiki 17 and switching to Tomcat 10 on Ubuntu 24.04 can be done cleanly with a bit of patience. Critical elements are:

  • Proper Hibernate and proxy configuration

  • Ensuring a working MariaDB connection via TCP

  • Running the Distribution Wizard via direct IP access if proxy settings are not yet correct

The result is a modern and stable XWiki installation ready for future expansion.


There, the upgrade was completed using the Distribution Wizard.

🔧 Optional: Increase RAM Allocation

To allocate more memory to Tomcat, you can add this line in the JAVA_OPTS in /etc/default/tomcat10:

JAVA_OPTS="-Djava.awt.headless=true -Xmx1024m"



Eingestellt von um Keine Kommentare:
Abonnieren Kommentare (Atom)