15 July 2011

Installing Debian as a Web Server

I recently explored OpenSuse as a web server but I found it was was too bloated for my minimal needs so I turned to Debian for a smaller solution. It has long been my distro of choice as I admire it’s ‘minimal’ approach and subsequent lack of system requirements. However, not being a Linux guru I admit I find the lack of documentation difficult.
There is an official guide to installing a Debian Web server here:http://www.aboutdebian.com/internet.htm
Below are my notes.

NB:This is only a 'bare bones' install guide to get a Debian instance  running and by no means a guide to producing a fully fledged production ready secured system.

Installing the OS
  1. Download it from: http://www.debian.org/
    e.g. debian-7.1.0-ia64-netinst.iso via bittorrent
  2. Mount the iso or burn the image to disk and boot from it.
  3. Read the introduction to the installer here: http://www.debian.org/releases/stable/i386/ch06s01.html.en
  4. Answer the questions when asked. I answered:
    • Primary network interface eht0 or 1
    • Hostname (computer name)
    • Domain name (network name or localdomain)
    • Root password (something memorable!)
    • User full name and username and password
    • Disk partition, I used:
      • Guided, use full disk
      • Separate /home /usr etc partition
    • De-select Graphical desktop and choose: Web Server; Mail Server (for scripts to use); SSH Server (and leave standard system utils).
    • Install GRUB boot loader in root: yes.
Root Access
Install sudo so you can run root commands as normal user:
  • Login as root then run:
    apt-get -y install sudo
  • Add [username] to Sudoers:
    adduser [username] sudo
  • Logout and login as [username]: logout
Network
Check configuration with:
sudo ifconfig
NB: If you get command not found then check /sbin/ is in your $PATH variable: echo $PATH. If not add it with: PATH=$PATH:/sbin/
If you need to add a network device:
  • sudo nano /etc/udev/rules.d/70-persistent-net.rules
    Enter the MAC address etc
  • Then add it to the interfaces list:
    sudo nano /etc/network/interfaces
  • Add a new entry:
    auto ethX
    Then either DHCP:
    iface ethX inet dhcp
    OR static:
    iface eth0 inet static
           address 192.168.1.10
           netmask 255.255.255.0
           network 192.168.1.0
           broadcast 192.168.1.255
           gateway 192.168.11.
    But changing your IP numbers accordingly.
    Where X is the number e.g. eth1
  • Then fire it up and restart networking:sudo ifconfig ethX up
    sudo /etc/init.d/networking restart
Updates
  1. Log in as root and do updates:
    sudo aptitude update && sudo aptitude dist-upgrade
    To get the latest updates and install them.
  2. Enter Y when prompted then reboot: sudo shutdown -r now
Hostname
  1. Set the hostname if not already set (should have been done during install):
    sudo echo "[hostname]" > /etc/hostnamesudo hostname -F /etc/hostname
  2. Add an entry for the site into /etc/hosts if it doesn’t already exist:
    sudo vi /etc/hosts127.0.0.1 localhost[server IP] [site domain name] [host name]
Remote Access (SHH)
See previous post.

Secure it
  • Edit hosts.allow to include default Linux box
    sudo vi /etc/hosts.allow
    Add line:
    ALL: [your ip prefix eg. 192.168.0.]
  • sudo cp /etc/hosts.deny /etc/hosts.deny.YYYYMMDD
  • sudo vi /etc/hosts.deny
    Add line:
    ALL: ALL EXCEPT localhost
FTP
I wanted to install FTP so I can upload files to the web server:
  • sudo apt-get install vsftpd
  • Select standalone installation
  • stop the service with: sudo /etc/init.d/vsftpd stop
  • Edit the config: sudo vi /etc/vsftpd.conf
    • Restrict users to their home directory. Uncomment the line: chroot_local_user=YES
  • Start it: sudo /etc/init.d/vsftpd start
Mono
Mono is the ASP.Net project for Linux: http://pkg-mono.alioth.debian.org/
To install: apt-get install libapache2-mod-mono mono-apache-server2
Add Accounts for Each Website
I want per website user accounts so they are locked into their own folder:
  • adduser [domain_name] (I replaced dots in the name with underscores)
  • Logout and login as the new user
  • make a directory for the user to store their www files:
    mkdir public_html
Miscellaneous
  • Check Open Ports: netstat –an; or netstat –p
  • Remove package: sudo apt-get --purge remove package-name
  • Remove unecessary packages: apt-get autoremove
  • Shutdown: sudo /sbin/shutdown –h now
    (-h = halt)
Posted by at No comments:
Labels:

01 July 2011

Installing openSuse as a Web Server

I recently set up a webserver using openSuse. Whilst I used to use Debian Linux for Java web hosting that was a while ago and I’ve forgotten a lot of the things that were a bit annoying to figure out/remember. If you’re like me and have been dealing with Windows machines for a bit too long I hope these pointers come in handy.

For the uninitiated openSuse is an open source version (distribution) of Linux. It is distributed as 32bit or 64 bit so you need to know which version to choose. If you don’t know then it’s likely to be 32 bit.

These instructions are for the latest version (11.4) as at writing.

A Note on System Administration with YaST

OpenSuse uses a program called YaST to manage the computer’s setup. To load the YaST control center: click on Application Launcher (green orb bottom left); select computer and YaST. It will ask for an admin/root password before loading. If you don’t supply one it will time out and not load.

Sometimes I find it looks like it’s going to load and then just simply doesn’t! Annoying, but you can run it from a terminal window by typing:
sudo /sbin/yast2
and entering the root password.

A note for Windows users

penSuse uses one-click to select, not two, so the Application Launcher is selected by clicking but the sub menus are selected by hovering over the icon, however their sub menus are selected by clicking!

OpenSuse Installation

  1. Download it here:
    http://www.opensuse.org/
    This will take a while so come back after you’ve had some tea!
  2. Install by mounting the ISO e.g. if you’re using a virtual machine or ripping the image to a CD/DVD.
  3. Boot from the image.

Desktop Effects

I like to disable these as I don’t think they add much and they really slow things down, especially via a remote connection:

  1. Load Applications/System Settings.
  2. Under ‘Workspace Appearance and Behaviour’ click ‘Desktop Effects’ and select disable at the top.

Network Access

Before you can do anything you need to update it… before you do that you need to check you have network access. Load up a browser and see if you can load Google or BBC home page. You can also run the command: /sbin/ifconfig to show the IP config information.
If not then in YaST:

    1. Select Network Devices/Network Settings
    2. Under Overview, select the relevant ethernet controller and ensure it is starting at boot, assigned DHCP and assigned to the ‘External Zone’ (if these settings are appropriate).
    3. Under Hostname/DNS enter the Hostname (I use server name) and Domain Name (I have a domain name I use for internal stuff or you can make one up).
    4. Check you have network access using a browser.

VNC

I needed remote access as I run the machine headless (without monitor). In YaST:

  1. Select Network Services/Remote Administration (VNC) and enable, also enable the rules in the firewall.
  2. Connect using a client like TightVNC and connecting to [openSuse IP address]:1 (the :1 essentially denotes ‘desktop 1’)
    You can find the IP address by running /sbin/ifconfig

As of writing there seems to be a problem between TightVNC client and IPv4 and IPv6 entries in the /etc/hosts file. To fix this give the IPv4 line an alias:

  1. sudo vi /etc/hosts
  2. Edit the line: 127.0.0.1 localhost
    to become: 127.0.0.1 localhost ipv4-localhost
    (press i to insert then Esc :wq to save and exit)
  3. Then in YaST/Network Services/Network Services (xinetd) edit the Service vnc1 to be:
    -noreset -inetd -query ipv4-localhost -geometry 1024×768 -depth 16

I found the solution here: http://dx3webs.com/wordpress/2010/03/how-to-fix-vnc-in-opensuse-11-2/

Updates

  1. Either configure auto updates or apply manually. In YaST.
    1. Configure automatic updates (I’d recommend):
      1. Select Software in the left hand pane and ‘Software Management’ in the right hand one.
      2. In the search box that appears enter ‘update’ without the quotes and click search.
      3. Scroll to the bottom of the search results and tick ‘yast2-online-update-configuration
      4. Restart YaST and you should see
    2. OR apply manually:
      1. Select YaST/Software/Online Update
      2. It will come up with a list of updates (mine had 90+). Click Apply.
        It may ask for the root password and some T&Cs acceptance, more than once… hence the recommendation to auto update.

Time Sync (UTP)

I like to set up a time server sync so that the system always remains up to date:

  1. YaST/Network Services/NTP Configuration
  2. Start NTP Daemon ‘Now and on Boot’
  3. Add Server Sync with a suitable address (when entering choose ‘Select’ to choose from a list) e.g. uk.pool.ntp.org

Web Server

I use Apache but their are other alternatives out there. In YaST:

    1. Open Software/Software Management.
    2. Enter http and click search.
    3. Select yaast2-htttp-server (a configuration package). It will require other packages (the actual apache server ones) so just accept those too.
    4. Once installed restart YaST and run the configuration wizard under Network Services/HTTP Server.

AppCache files

AppCache manifest files are part of HTML5 and need to be served as mime type text/appcache which unfortunately they are not by either IIS or Apache by default as of writing (er why?!). Add:
AddType text/cache-manifest .appcache
to the relevant config file (server config, virtual host, directory or .htaccess). e.g.

  • In a terminal window type: sudo vi /etc/apache2/httpd.conf.local
  • Press i to enter insert mode
  • Type: AddType text/cache-manifest .appcache
  • Press Esc then type :wq Enter to save and quit
  • sudo vi /etc/sysconfig/apache2
  • Navigate to APACHE_CONF_INCLUDE_FILES=””
  • Enter /etc/apache2/httpd.conf.local
  • Esc :wq Enter to quit, then restart Apache

putting its name into APACHE_CONF_INCLUDE_FILES in
#       /etc/sysconfig/apache2 -- this will make system updates
#       easier :)


See:
http://httpd.apache.org/docs/current/mod/mod_mime.html#AddType
For more information on appcache files see:
http://www.html5rocks.com/en/tutorials/appcache/beginner/

Mono

To run .Net applications you’ll need Mono (http://www.mono-project.com/) installed:

  1. Open Software/Software Management.
  2. Enter mono and click search.
  3. Install apache2-mod_mono and other packages
  4. Run command:
    sudo a2enmod mono
    to load the module into Apache.

Or you can use the installer: http://www.mono-project.com/InstallerInstructions

More on Mod_mono here: http://www.mono-project.com/Mod_mono

FTP Server

I wanted an FTP server so I can upload files tot he server without having to configure file sharing. In YaST:

  1. Open Software/Software Management.
  2. Enter ftp and click search.
  3. Click the boxes next to pure-ftp and yast2-ftp-server (the latter is used to configure pure) and click Accept.
  4. Restart YaST and under Nework Services you should now be able to configure FTP.

TFTP

I also wanted to be able to boot machines from this, using TFTP:

  1. YaST/Software Management/Search: tftp
  2. Select yast2-tftp-server (Configuration), accept and install.
  3. Restart YaST and go to Network Services/TFTP, and it will request installing more packages, so install them.
  4. Configure as enabled and open port in firewall

You might also like to configure your local DNS to resolve tftp.[your domain] to resolve to that server’s IP.

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)