15 July 2011

Installing Debian as a Web Server

I recently explored OpenSuse as a web server but I found it was was too bloated for my minimal needs so I turned to Debian for a smaller solution. It has long been my distro of choice as I admire it’s ‘minimal’ approach and subsequent lack of system requirements. However, not being a Linux guru I admit I find the lack of documentation difficult.
There is an official guide to installing a Debian Web server here:http://www.aboutdebian.com/internet.htm
Below are my notes.

NB:This is only a 'bare bones' install guide to get a Debian instance  running and by no means a guide to producing a fully fledged production ready secured system.

Installing the OS
  1. Download it from: http://www.debian.org/
    e.g. debian-7.1.0-ia64-netinst.iso via bittorrent
  2. Mount the iso or burn the image to disk and boot from it.
  3. Read the introduction to the installer here: http://www.debian.org/releases/stable/i386/ch06s01.html.en
  4. Answer the questions when asked. I answered:
    • Primary network interface eht0 or 1
    • Hostname (computer name)
    • Domain name (network name or localdomain)
    • Root password (something memorable!)
    • User full name and username and password
    • Disk partition, I used:
      • Guided, use full disk
      • Separate /home /usr etc partition
    • De-select Graphical desktop and choose: Web Server; Mail Server (for scripts to use); SSH Server (and leave standard system utils).
    • Install GRUB boot loader in root: yes.
Root Access
Install sudo so you can run root commands as normal user:
  • Login as root then run:
    apt-get -y install sudo
  • Add [username] to Sudoers:
    adduser [username] sudo
  • Logout and login as [username]: logout
Check configuration with:
sudo ifconfig
NB: If you get command not found then check /sbin/ is in your $PATH variable: echo $PATH. If not add it with: PATH=$PATH:/sbin/
If you need to add a network device:
  • sudo nano /etc/udev/rules.d/70-persistent-net.rules
    Enter the MAC address etc
  • Then add it to the interfaces list:
    sudo nano /etc/network/interfaces
  • Add a new entry:
    auto ethX
    Then either DHCP:
    iface ethX inet dhcp
    OR static:
    iface eth0 inet static
           gateway 192.168.11.
    But changing your IP numbers accordingly.
    Where X is the number e.g. eth1
  • Then fire it up and restart networking:sudo ifconfig ethX up
    sudo /etc/init.d/networking restart
  1. Log in as root and do updates:
    sudo aptitude update && sudo aptitude dist-upgrade
    To get the latest updates and install them.
  2. Enter Y when prompted then reboot: sudo shutdown -r now
  1. Set the hostname if not already set (should have been done during install):
    sudo echo "[hostname]" > /etc/hostnamesudo hostname -F /etc/hostname
  2. Add an entry for the site into /etc/hosts if it doesn’t already exist:
    sudo vi /etc/hosts127.0.0.1 localhost[server IP] [site domain name] [host name]
Remote Access (SHH)
See previous post.

Secure it
  • Edit hosts.allow to include default Linux box
    sudo vi /etc/hosts.allow
    Add line:
    ALL: [your ip prefix eg. 192.168.0.]
  • sudo cp /etc/hosts.deny /etc/hosts.deny.YYYYMMDD
  • sudo vi /etc/hosts.deny
    Add line:
    ALL: ALL EXCEPT localhost
I wanted to install FTP so I can upload files to the web server:
  • sudo apt-get install vsftpd
  • Select standalone installation
  • stop the service with: sudo /etc/init.d/vsftpd stop
  • Edit the config: sudo vi /etc/vsftpd.conf
    • Restrict users to their home directory. Uncomment the line: chroot_local_user=YES
  • Start it: sudo /etc/init.d/vsftpd start
Mono is the ASP.Net project for Linux: http://pkg-mono.alioth.debian.org/
To install: apt-get install libapache2-mod-mono mono-apache-server2
Add Accounts for Each Website
I want per website user accounts so they are locked into their own folder:
  • adduser [domain_name] (I replaced dots in the name with underscores)
  • Logout and login as the new user
  • make a directory for the user to store their www files:
    mkdir public_html
  • Check Open Ports: netstat –an; or netstat –p
  • Remove package: sudo apt-get --purge remove package-name
  • Remove unecessary packages: apt-get autoremove
  • Shutdown: sudo /sbin/shutdown –h now
    (-h = halt)

No comments:

Post a Comment