Professional Documents
Culture Documents
First download PuTTy if you are accessing your server through SSH. Just enter the IP
of your server with root login to access your host. As you probably know, Webmin is
a freely available server control panel and we will setup this once we have completed
the LAMP server and Mail Server. Webmin makes more easier for us to fine tune our
linux box.
Before proceeding to install, update the necessary packages with debian with this
command.
Apache configuration file is located at: /etc/apache2/apache2.conf and your web folder
is /var/www
To check whether php is installed and running properly, just create a test.php in
your /var/www folder with phpinfo() function exactly as shown below.
nano /var/www/test.php
# test.php
You can edit necessary values or setup virtual domains using apache configuration
file.
If you want to use CAPTCHA or for dynamic image generation with php scripts for
image verification to stop SPAM or automated robots, then it is absolutely necessary
to get php gd library installed with php. Here is the command
Thats it!! Point your browser to http://domain/test.php and the php configuration
settings will show GD library will be enabled for PNG, GIF, JPG etc.
Once you run this command, apache will tell you that this rewrite module is enabled.
You can find mod_rewrite enabled and show up in your test.php file.
I often experienced page not found 404 error with debian/ubuntu versions eventhough
your apache runs with mod-rewrite. To fix this, you will need to edit the following file
to make some changes.
nano /etc/apache2/sites-enabled/000-default
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>
Upload the .htaccess file to your server and restart apache. /etc/init.d/apache2 restart
Make sure your .htaccess file has 644 permission as otherwise you get permission denied
error.
Note: If you have already installed php4, you should make a slight change like this.
apt-get install mysql-server mysql-client php4-mysql
By default mysql creates user as root and runs with no passport. You might need to
change the root password.
To Create User
You must never use root password, so you might need to create a user to connect to
mysql database for a PHP script. Alternatively you can add users to mysql database by
using a control panel likewebmin or phpMyAdmin to easily create or assign database
permission to users. We will install Webmin and phpmyadmin during later once we
complete basic mail LAMP installation.
PhpMyAdmin Installation
PhpMyAdmin is a nice web based database management and administration software
and easy to install and configure under apache. Managing databases with tables
couldnt be much simpler by using phpmyadmin.
To setup under apache all you need to do is include the following line
in /etc/apache2/apache2.conf
Include /etc/phpmyadmin/apache.conf
As a beginner to linux it took about almost a month for me for proper installation of
mail server and fixing necessary problems. I had real nightmares to configure this and
so i decided that my hardwork would be helpful to linux community.
Note: If you install Postfix/Dovecot mail server you will ONLY be able to send mail
within your network. You can only send mail externally if you install SASL
authentication with TLS. As otherwise you get nasty "Relay Access Denied" error.
During installation, postfix will ask for few questions like name of server and answer
those questions by entering your domain name and select Internet site for postfix.
Postfix configuration file is located at:/etc/postfix/main.cf. You can edit this file using
popular text editor nano /etc/postfix/main.cf
/etc/init.d/postfix restart
/etc/init.d/postfix stop
/etc/init.d/postfix start
In some linux versions, the above might not work so you can install by specifying
individual package names.
Before we proceed we need to make some changes with dovecot configuration file . Double
check the following entries in the file if the values are entered properly.
nano /etc/dovecot/dovecot.conf
I have noticed that in some ubuntu versions, most of the above parameters are not
specified. You will need to insert the values if not specified or left empty. If you dont
uncomment and change disable_plaintext_auth to no, you will get "plain text
authentication error" from outlook or mail clients.
adduser <user_name>
Caution: Always create a separate user to test your mail or ftp. DO NOT LOGIN
WITH ROOT ACCESS.
Restart Dovecot:
/etc/init.d/dovecot restart
Now, you can use your outlook express to test whether your new mail server is
working or not. Just enter username: <user_name> with password in outlook.
Remember you will NOT be able to send email outside your network, you will be
only be able to send within your domain or local network. If you attempt to send
email you get nasty "relay access denied" error from outlook express. However, you
should have no problems in receiving your email from outlook. Inorder to send email
external email you will need to configure SASL authentication as described below.
3c. Configure SASL Authentication with TLS
SASL Configuration + TLS (Simple authentication security layer with transport layer
security) used mainly to authenticate users before sending email to external server,
thus restricting relay access. If your relay server is kept open, then spammers could
use your mail server to send spam. It is very essential to protect your mail server from
misuse.
Let us set up SMTP authentication for our users with postfix and dovecot.
Edit the postfix configuration file /etc/postfix/main.cf and enter the few lines to enable
authentication of our users
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = yourdomain.com
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
On the Dovecot side you also need to specify the dovecot authentication daemon
socket. In this case we specify an absolute pathname. Refer to this postfix manual here
Edit /etc/dovecot/dovecot.conf
Look for the line that starts with auth default, before that insert the lines below.
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
Now, rename previous auth default to auth default2. If you dont rename this then
dovecot server will give you error like multiple instances of auth default.
Test whether your mail server works or not with your outlook express. Configure a
user with a user name <user_name> (without @domain) and make sure that you
select my server requires authentication. Under settings select same
as incoming mail server
NOTE:
1. If you dont enable My server requires authentication in outlook you cannot send emails
to external recipients and you get relay access denied error.
3. Dont forget to create a new user before you authenticate using outlook.
or you can use nano to create .forward file. Just Delete .forward file if you dont want any
forwarding.
Include /etc/squirrelmail/apache.conf
wget http://downloadpath/webmin-x.x.xx.tar.gz
tar xzf webmin-x.x.x.tar.gz
cd /webmin-x.x.x
./setup.sh
The installation program will ask series of questions and most values will be
automatically set by default.
Once done, point your browser
to: http://ip.address:10000 or http://www.domainname:10000
Login into your webmin and you can do almost anything with your server.
5. Webalizer Installation
Webalizer is a visitor statistics software shows you nice graphic based on visitors, hits
and pageviews of your site. It is indeed very easy to configure and run webalizer
under apache. Webalizer runs as a daily cron job to monitor your server stats.
Now edit the webalizer configuration file located at: /etc/webalizer.conf and locate a
line with LogFile /var/log/apache/access.log.1 and change to the correct name
access.log as shown below.
LogFile /var/log/apache2/access.log
/usr/bin/webalizer
Point your browser to http://domain/webalizer and you must see some pretty nice
visitor statistics of your site.
Change the following settings in /etc/vsftpd.conf so that you allow local users and
allow write using ftp.
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
Before you connect using ftp client, you will need to create local users and group. Do
not upload files using root.
# CD to /home/<user> and create a symbolic link to /var/www as this is the public html
folder.
ln -s /var/www www
Now you can connect to ftp and upload files. Once you upload all necesarry files in
the public html folder, make sure all the files have 755 permission as otherwise you
will get permission denied/forbidden error from apache.
By default, vsftp does not show dotted files in the server, especially .htaccess,
eventhough you have successfully uploaded the files. This could be frustrating
especially if you are using .htaccess for authentication or rewriting friendly URLs. To
fix this just add force_dot_files=YES in your vsftp configuration file /etc/vsftpd.conf
Webmin Package: VSFTP also available as webmin package. You can easily change
settings from webmin for vsftp.
clamscan -R /folders
freshclam
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your
command line. Then add the following line and save the file.
This will run the cron job daily @ 1.02 AM by scanning the public html. You can
change the folder to whatever you want for mail etc.
I found Quick n Dirty Firewall pretty interesting. You can copy and run the shell script
to set up your quick firewall.
22 (SSH)
23 (Telnet)
25 110 (email)
10000 (webmin)
80 (http)