Professional Documents
Culture Documents
Build Perfect Server With Ubuntu 9.10-Fullcirclemagazine
Build Perfect Server With Ubuntu 9.10-Fullcirclemagazine
The articles contained in this magazine are released under the Creative Commons Attribution-Share Alike 3.0
Unported license. This means you can adapt, copy, distribute and transmit the articles but only under the following conditions:
You must attribute the work to the original author in some way (at least a name, email or URL) and to this magazine by name ('full circle magazine') and
the URL www.fullcirclemagazine.org (but not attribute the article(s) in any way that suggests that they endorse you or your use of the work). If you alter,
transform, or build upon this work, you must distribute the resulting work under the same, similar or a compatible license.
Full Circle Magazine is entirely independent of Canonical, the sponsor of Ubuntu projects and the views and opinions in the magazine should in no
way be assumed to have Canonical endorsement.
Requirements
To install such a system you
will need the Ubuntu 9.10 Now you have to partition
server CD, available here: your hard disk. For simplicity's
http://releases.ubuntu.com/rele sake, I select Guided, use
Dev Graphics Internet M/media System
ases/9.10/ubuntu-9.10-server- entire disk and set up LVM. This
i386.iso (32-bit) or: will create one volume group
http://releases.ubuntu.com/rele with two logical volumes—one
ases/9.10/ubuntu-9.10-server- Choose your language for the / file system, and
CD/DVD HDD USB Drive Laptop Wireless amd64.iso (64-bit) (again), location, and keyboard another one for swap. Of
layout. course, the partitioning is
Preliminary Note
totally up to you—if you know
T
The installer checks the what you're doing, you can
his tutorial shows how
installation CD and your also set up your partitions
to prepare an Ubuntu In this tutorial, I use the host hardware, and configures the manually. You may find it
9.10 (Karmic Koala) name , network with DHCP if there is a helpful in future months if you
server for ISPConfig 3, with IP address DHCP server on the network: set up separate /home and /var
and how to install ISPConfig 3 and gateway .
on it. ISPConfig 3 is a partitions.
These settings might differ for
webhosting control panel that you, so you have to replace
allows you to configure the them where appropriate.
following services through a
web browser: Apache web
server, Postfix mail server,
The Base System
Enter the host name. In this
MySQL, MyDNS name server,
Insert your Ubuntu install example, my system is called
PureFTPd, SpamAssassin,
CD into your system and boot server1.example.com, so I
ClamAV, and many more.
from it. Select your language enter server1:
L
community for various reasons. # The primary network
ast month, we did the (See aptitude install vim-nox interface
basic Ubuntu Server auto eth0
http://ubuntuforums.org/showth iface eth0 inet static
installation from CD, read.php?t=765414) You don't have to do this if
address 192.168.0.100
and got to the point of you use a different text editor netmask 255.255.255.0
Install The SSH Server
rebooting into the installed such as joe or nano. network 192.168.0.0
system. broadcast 192.168.0.255
(Optional) Configure The Network
gateway 192.168.0.1
Get Root Privileges If you did not install the Restart your network with:
Because the Ubuntu
OpenSSH server during the installer has configured our
After the reboot you can /etc/init.d/networking
system installation, you can do system to get its network restart
login with your previously
it now: settings via DHCP, we have to
created username (e.g.
administrator). Because we change that now because a Then edit /etc/hosts:
aptitude install ssh openssh-
must run all the steps from this server server should have a static IP
address. Edit vi /etc/hosts
Both should show Change The Default Shell has advantages (think of this -
after you have done a week of
It is a good idea to
now. synchronize the system clock
trouble-shooting because some
/bin/sh is a symlink to with an NTP (network time
service wasn't working as
Edit sources.list And /bin/dash, however we need
/bin/bash, not /bin/dash.
expected, and then you find
protocol) server over the
Internet. Simply run
Update Your Linux Therefore we do this:
out that everything was OK,
only AppArmor was causing the
Installation dpkg-reconfigure dash problem). Therefore, I disable it
aptitude install ntp ntpdate
W
netstat -tap | grep mysql
e can install update-alternatives: error:
General type of mail alternative link
Postfix, Courier, The output should look like
configuration: /usr/share/man/man5/maildir.5
Saslauthd, MySQL, .gz is already managed by
this:
Enter:
rkhunter, and maildir.5.gz.
binutils - with a single root@server1:~# netstat -tap
System mail name: | grep mysql
command: We want MySQL to listen on
Enter:
all interfaces, not just tcp 0 0 *:mysql *:* LISTEN
(but using your .com)
(Prefix each command with localhost. Therefore we edit 6267/mysqld
sudo, if appropriate). /etc/mysql/my.cnf and
SSL certificate required root@server1:~#
comment out the line bind-
aptitude install postfix Enter:
address = 127.0.0.1:
postfix-mysql postfix-doc During the installation, the
mysql-client mysql-server Next we install maildrop as SSL certificates for IMAP-SSL
courier-authdaemon courier- vi /etc/mysql/my.cnf
follows: and POP3-SSL are created with
authlib-mysql courier-pop
courier-pop-ssl courier-imap [...] the hostname localhost. To
SpamAssassin, And
pear php-auth php5-mcrypt
rm -f /etc/courier/pop3d.pem mcrypt php5-imagick aptitude install pure-ftpd-
Clamav imagemagick libapache2-mod- common pure-ftpd-mysql quota
suphp quotatool
and modify the following two
files - replacing CN=localhost To install amavisd-new, Edit the file /etc/default/pure-
You will see the following
with SpamAssassin, and ClamAV, ftpd-common:
question:
''CN=server1.example.com' we run:
(and you can also modify the vi /etc/default/pure-ftpd-
aptitude install amavisd-new Web server to reconfigure common
other values, if necessary):
spamassassin clamav clamav- automatically:
vi /etc/courier/imapd.cnf daemon zoo unzip bzip2 arj Enter: and make sure that the start
nomarch lzop cabextract apt-
listchanges libnet-ldap-perl mode is set to standalone and
[...] Configure database for
CN=server1.example.com libauthen-sasl-perl clamav- set VIRTUALCHROOT=true:
docs daemon libio-string- phpmyadmin with dbconfig-
[...]
perl libio-socket-ssl-perl common? [...]
vi /etc/courier/pop3d.cnf libnet-ident-perl zip libnet- Enter: STANDALONE_OR_INETD=standalon
dns-perl e
[...] [...]
Then run the following
Install Apache2, PHP5,
CN=server1.example.com VIRTUALCHROOT=true
[...] command to enable the [...]
phpMyAdmin, FCGI, Apache modules suexec,
quotacheck -avugm
quotaon -avug wget Then we make the script Jailkit is needed only if you
http://heanet.dl.sourceforge. executable, and create the want to chroot SSH users. It
net/sourceforge/mydns-
Install MyDNS ng/mydns-1.2.8.27.tar.gz
system startup links for it: can be installed as follows
(important: Jailkit must be
tar xvfz mydns- chmod +x /etc/init.d/mydns
Before we install MyDNS, we installed before ISPConfig - it
1.2.8.27.tar.gz
need to install a few update-rc.d mydns defaults cannot be installed
prerequisites: cd mydns-1.2.8 afterwards!):
SCRIPTNAME=/etc/init.d/$NAME
cd jailkit-2.10 Next month, in the final
# Gracefully exit if the package has been removed. installment, we will install
test -x $DAEMON || exit 0 ./configure
SquirrelMail and ISPConfig3,
case "$1" in make giving you the perfect server,
start) ready to go!
echo -n "Starting $DESC: $NAME" make install
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b cd ..
echo "."
;; rm -rf jailkit-2.10*
stop)
Install fail2ban
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --stop --oknodo --quiet \
--exec $DAEMON
echo "." This is optional but
;;
reload|force-reload) recommended, because the
echo -n "Reloading $DESC configuration..." ISPConfig monitor tries to show
start-stop-daemon --stop --signal HUP --quiet \ the fail2ban log:
--exec $DAEMON
echo "done." aptitude install fail2ban
;;
T
continue.
o install the D. Set pre-defined settings
for specific IMAP servers
SquirrelMail webmail C Turn color on Back at the Main Menu, To install ISPConfig 3 from
client, run: S Save data enter: to save data, and you the latest released version, do
Q Quit will see: this (replacing ISPConfig-
3.0.1.6.tar.gz with the latest
aptitude install squirrelmail Command >>
Data saved in config.php version) :
Press enter to continue
Then, create the following Enter: cd /tmp
symlink... Back at the Main Menu,
Now, you will see a list of enter to quit. wget
ln -s IMAP server options entitled: http://downloads.sourceforge.
/usr/share/squirrelmail/ Afterwards you can access net/ispconfig/ISPConfig-
/var/www/webmail Please select your IMAP 3.0.1.6.tar.gz?use_mirror=
SquirrelMail under:
server:
http://server1.example.com/we tar xvfz ISPConfig-
... and configure SquirrelMail:
Enter the word: bmail 3.0.1.6.tar.gz
php -q install.php
http://server1.example.com:80
80/
or:
http://192.168.0.100:8080/