<![CDATA[FOG Server – Full Migration from an old HTTPS‑FOG to a new Server (Debian 12)]]>FOG Server – Full Migration from an old HTTPS‑FOG to a new Server (Debian 12)

This guide explains how to fully back up an older FOG server and restore it to a freshly installed server – especially for installations using HTTPS communication between server and clients.

⚠️ Note:

  • Modern FOG versions only allow TLS 1.2.
  • Older Windows FOG clients may not connect anymore → update required!
  1. Create backup from the old FOG server

In the old FOG web interface:

FOG Configuration → Configuration Save → Export Database → Export
➜ Save the SQL backup

Backup the SSL certificates:

sudo bash -c '
set -euo pipefail

DEST="/root/fogcerts"
mkdir -p "$DEST/CA"

echo "[1/5] Collecting files …"
# Collect mandatory files (if present)
cp -a /opt/fog/snapins/ssl/.srvprivate.key            "$DEST/"           2>/dev/null || true
cp -a /opt/fog/snapins/ssl/CA/.fogCA.key              "$DEST/CA/"        2>/dev/null || true
cp -a /opt/fog/snapins/ssl/CA/.fogCA.pem              "$DEST/CA/"        2>/dev/null || true
cp -a /opt/fog/snapins/ssl/CA/.fogCA.srl              "$DEST/CA/"        2>/dev/null || true
cp -a /var/www/fog/management/other/ssl/srvpublic.crt "$DEST/"           2>/dev/null || true
cp -a /var/www/fog/management/other/ca.cert.pem       "$DEST/"           2>/dev/null || true
cp -a /var/www/fog/management/other/ca.cert.der       "$DEST/"           2>/dev/null || true

# Optional helpful templates/CSR (if present)
cp -a /opt/fog/snapins/ssl/ca.cnf                     "$DEST/"           2>/dev/null || true
cp -a /opt/fog/snapins/ssl/req.cnf                    "$DEST/"           2>/dev/null || true
cp -a /opt/fog/snapins/ssl/fog.csr                    "$DEST/"           2>/dev/null || true

echo "[2/5] Hardening permissions …"
chown -R root:root "$DEST"
chmod 700 "$DEST"
[ -f "$DEST/.srvprivate.key" ] && chmod 600 "$DEST/.srvprivate.key"
[ -f "$DEST/CA/.fogCA.key"   ] && chmod 600 "$DEST/CA/.fogCA.key"

echo "[3/5] Listing content …"
ls -lah "$DEST" || true
ls -lah "$DEST/CA" || true

echo "[4/5] Creating checksums …"
( cd "$DEST" &&   find . -type f \( -name "*.key" -o -name "*.crt" -o -name "*.pem" -o -name "*.der" \) -print0   | xargs -0 sha256sum > SHA256SUMS.txt )

echo "[5/5] Creating archive …"
ARCH="/root/fogcerts_$(date +%F).tar.gz"
tar -czf "$ARCH" -C /root fogcerts
chmod 600 "$ARCH"

echo
echo "Done. Archive: $ARCH"
echo "To list archive content: tar -tzf $ARCH"
echo "To verify checksums: cat /root/fogcerts/SHA256SUMS.txt"
'

Save the archive (e.g. fogcerts_YYYY-MM-DD.tar.gz) using WinSCP
→ Old server may now be shut down

  1. Prepare new Debian-12 server
  • Install Debian 12 without GUI but WITH SSH server
  • Allow root login via SSH (/etc/ssh/sshd_config)
  • Configure IP & reboot
  • Connect via PuTTY as root
  1. Install FOG server
apt update && apt install git -y
cd /root
cd /root
git clone https://github.com/FOGProject/fogproject.git
cd fogproject/bin
./installfog.sh

Configure FOG as usual

  1. Import database from the old server

In the new FOG web interface:

• FOG Configuration → FOG Settings

  • Save mysqlpass (under Storage Nodes)
  • Save TFTP FTP Password (under TFTP Server)

• Storage → DefaultMember → Save Management Password

• Configuration Save → Import Database
→ Select the SQL backup & import it

Afterwards: Enter the three passwords back in their original places

  1. Copy certificates to the new server

Transfer the archive to /root
(e.g. fogcerts_2025-10-25.tar.gz)

Stop services:

systemctl stop apache2
systemctl stop FOGImageReplicator
systemctl stop FOGScheduler

Extract archive:

cd /root
tar -xzf fogcerts_*.tar.gz

Copy certificates & set permissions:

# Private Keys & CA
cp -a /root/fogcerts/.srvprivate.key /opt/fog/snapins/ssl/
cp -a /root/fogcerts/CA/.fogCA.key /opt/fog/snapins/ssl/CA/
cp -a /root/fogcerts/CA/.fogCA.pem /opt/fog/snapins/ssl/CA/
[ -f /root/fogcerts/CA/.fogCA.srl ] && cp -a /root/fogcerts/CA/.fogCA.srl /opt/fog/snapins/ssl/CA/

# Server Public Cert & CA Public
cp -a /root/fogcerts/srvpublic.crt /var/www/fog/management/other/ssl/
cp -a /root/fogcerts/ca.cert.pem /var/www/fog/management/other/
cp -a /root/fogcerts/ca.cert.der /var/www/fog/management/other/

chown -R fogproject:www-data /opt/fog/snapins/ssl
chmod 600 /opt/fog/snapins/ssl/.srvprivate.key
chmod 600 /opt/fog/snapins/ssl/CA/.fogCA.key

chown -R www-data:www-data /var/www/fog/management/other

Start services:

systemctl start apache2
systemctl start FOGImageReplicator
systemctl start FOGScheduler
  1. Rebuild boot images (with certificate)

Install required software:

apt-get update
apt-get install -y git build-essential gcc make binutils perl mtools   liblzma-dev libssl-dev zlib1g-dev pkg-config nasm libiberty-dev uuid-dev   xz-utils cpio gcc-aarch64-linux-gnu

Rebuild PXE boot loaders:

cd /root/fogproject/utils/FOGiPXE
# Select one CA certificate path:
CA=/var/www/fog/management/other/ca.cert.pem
# or:
# CA=/opt/fog/snapins/ssl/CA/.fogCA.pem

bash ./buildipxe.sh "$CA"

Copy new files:

# Standard loader (without 10s delay)
cp -av /root/fogproject/packages/tftp/* /tftpboot/

# Optional 10s-delay loaders:
# cp -av /root/fogproject/packages/tftp/10secdelay/* /tftpboot/

Restart TFTP service:

systemctl restart tftpd-hpa

FINISHED
If all steps were successful, clients will securely reconnect using HTTPS again.

]]>http://forums.fogproject.org/topic/18033/fog-server-full-migration-from-an-old-https-fog-to-a-new-server-debian-12RSS for NodeThu, 14 May 2026 04:49:43 GMTSun, 26 Oct 2025 10:09:05 GMT60