Installing Aegir 2 (and Aegir 3) on Nginx and MariaDB on Debian Jessie (PHP 5.6)

A few quick notes that may be installing Aegir 2.x (and 3.x) on nginx with MariaDB on a Debian Jessie server running PHP 5.6:

If you are familiar with Ansible, I have a playbook for aegir3 available here.

MariaDB/MySQL/Nginx dependancies

  • make sure you install MariaDB and Nginx first, so that dependancies are handled correctly
  • FIXED: you will have to build your own aegir2-provision package, because as of 2014-12-18, it only depends on mysql-client (which would then remove MariaDB and install MySQL). - was fixed in aegir2/aegir3 Debian packages.
  • once you have installed your own aegir2-provision package, you can "apt-get install aegir2" as usual.

NB: if you did the mistake of starting the installation and it defaulted to Apache, you will need to explicitly change your Debconf settings:

# debconf-show  aegir2-hostmaster

Example output:

* aegir/db_password: (password omitted)
  aegir/webserver: apache2
  aegir/db_host: localhost
* aegir/site:
  aegir/db_user: root

Change it with the following command:

echo "set aegir/webserver nginx" | debconf-communicate 

Test with debconf-show again to make sure the value was correctly changed.

IMPORTANT: also change the value of "http_restart_cmd" in /var/aegir/.drush/server_master.alias.drushrc.php (value should be "sudo /etc/init.d/nginx reload").

PHP 5.6 issues

The hostmaster profile will probably fail because of a PHP setting requirement. However, since PHP 5.6, the setting it complains about has been deprecated (see:

I guess I could have temporarily changed my PHP configuration globally, but since Aegir is my only Drupal 6 instance, I temporarily patched its core:

File: /var/aegir/hostmaster-6.x-2.x/includes/

  // added the first "ini_get('mbstring.http_input')"
  // i.e. check if it exists, and if so, actually check the value..
  if (ini_get('mbstring.http_input') && ini_get('mbstring.http_input') != 'pass') {
    return array(UNICODE_ERROR, $t('Multibyte string input conversion in PHP is active and must be disabled. Check the php.ini mbstring.http_input setting. Please refer to the PHP mbstring documentation for more information.', array('@url' => '')));
  // same here:
  if (ini_get('mbstring.http_input') && ini_get('mbstring.http_output') != 'pass') {
    return array(UNICODE_ERROR, $t('Multibyte string output conversion in PHP is active and must be disabled. Check the php.ini mbstring.http_output setting. Please refer to the PHP mbstring documentation for more information.', array('@url' => '')));

Aegir 3 devel problem

As of beta-1, on 2015-04-20, I ran into installation issues because of missing devel dependancies. Hidden in the error log was: "The following modules are required but were not found. Move them into the appropriate modules subdirectory, such as ....". Actually, I didn't have the error printed out. The log just said "Site installation caused an exception" I had to find that string (in /usr/share/drush/commands/provision/platform/drupal/ and print_r() the exception.

Then I found the hostmaster install profile to remove the devel dependancy (/var/aegir/hostmaster-7.x-3.x-beta1/profiles/hostmaster/

IPv6 and SSL

Since all my sites must support IPv6 and must require https, I use the provision_symbiotic drush sub-module for Aegir (download in /var/aegir/.drush/). The module overrides the Apache/Nginx templates for vhosts to always bind '*' in IPv4 and IPv6. This assumes you are using SNI for https.

Aegir was also pesky about running out of IPs for https, so I patched it.

File: /var/aegir/hostmaster-6.x-2.x/profiles/hostmaster/modules/hosting/web_server/ssl/

 * Store the SSL Cert key in the database.
function hosting_ssl_save_key($node) {
  if (empty($node->ssl_enabled)) {
    return 0;

  $client = hosting_get_client($node->client);

  if (!empty($node->ssl_key_new)) {
    $ssl_key = $node->ssl_key_new;
    $result = db_query("SELECT * FROM {hosting_ssl_cert} WHERE ssl_key = '%s'", $ssl_key);
    if ($obj = db_fetch_object($result)) {
      // update
      if ($node->client != null) {
        $obj->client = $client->nid;
      drupal_write_record("hosting_ssl_cert", $obj, 'cid');
      $node->ssl_key = $obj->cid;
    else {
      // insert
      $obj = new stdClass();
      $obj->ssl_key = $ssl_key;
      $obj->client = $client->nid;
      $obj->status = 0;
      drupal_write_record("hosting_ssl_cert", $obj);
/* [ML] removed this:
      if (!hosting_ip_allocate($obj, $node)) {
        form_set_error('ssl_key_new', t("Unable to allocate IP address for certificate, disabling SSL. Allocate more IP addresses to this server then try to enable SSL again."));
        db_query("DELETE FROM {hosting_ssl_cert} WHERE cid = %d", $obj->cid);
        $obj->cid = FALSE;
        $node->ssl_enabled = HOSTING_SSL_DISABLED;
      $node->ssl_key = $obj->cid;

    return $obj->cid;

  return $node->ssl_key;

Work in progress. USE AT YOUR OWN RISK. And feel free to sponsor the Aegir project if you want these things to be fixed for good :-)