Debian Etch
From LinodeWiki
Ok, so you've just got that shiny new Linode and you've installed Debian Etch. So where do we go from here?
Contents |
[edit] General Setup
Well lets start by setting up a few basics:
Use the Linode console to access your server via ssh.
[edit] Stop and disable sshd
I'm going to stop and disable the ssh service and only use the console for access. If you don't want to you can just ignore the following steps:
/etc/init.d/ssh stop touch /etc/ssh/sshd_not_to_be_run
[edit] Upgrade the base system
Now lets upgrade the existing system to the latest:
apt-get update apt-get dist-upgrade
[edit] Setup Static IP address to network interface
I've got two IP address and I want to make them both static. If you've only got one you can just ignore this bit, as the defaul install will use DHCP to setup your IP address automatically.
For this example I'm going to use IP addresses 10.10.10.10 and 10.10.10.11 you should use the two IP addresses assigned to you in place of these if you have them.
Edit /etc/network/interfaces
iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 broadcast 10.10.10.255 gateway 10.10.10.1 auto eth0:1 iface eth0:1 inet static address 10.10.10.11 netmask 255.255.255.0 broadcast 10.10.10.255
[edit] Set the timezone
Lets set the time zone to our home location:
ln -sf /usr/share/zoneinfo/Australia/NSW /etc/localtime
[edit] Set the hostname
Now set the hostname of the machine. We'll be calling it "server":
echo server > /etc/hostname hostname -F /etc/hostname
[edit] Setup the servers host name resolution
Edit /etc/hosts
127.0.0.1 localhost.localdomain localhost 10.10.10.10 server.example.com server
[edit] User Accounts
[edit] Setup the skeleton directory structure
First lets setup the skeleton directory, so when we create new users the directories and files in the skeleton directory is copied into the new users home directory.
cd /etc/skel mkdir public_html mkdir logs mkdir Maildir touch public_html/index.html
[edit] Add User Accounts
Lets create accounts for a couple of the cows, to allow them to host their websites and collect mail.
adduser girlie adduser littleone
[edit] Setup FTP Server
The cows are going to need an FTP server so they can copy stuff to their accounts. I'll be installing vsftp for this purpose.
[edit] Install vsftpd
aptitude install vsftpd
[edit] General configuration
Edit /etc/vsftpd.conf
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022
There will be no anonymous FTP logins; Users with local accounts can login and upload files; All files created by local users will have permissions 755. (7-0, 7-2, 7-2)
[edit] Start the FTP Server
/etc/init.d/vsftpd start
[edit] Setup the DNS
[edit] Install Bind 9
Lets install Bind 9, so we can run our own DNS server.
aptitude install bind9 dnsutils
[edit] Add the main domain to the zone
The domain example.com will be owned by the server, girlie will own example.net and littleone will own example.org
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
allow-query { any; };
};
zone "example.net" {
type master;
file "/etc/bind/db.example.net";
allow-query { any; };
};
zone "example.org" {
type master;
file "/etc/bind/db.example.org";
allow-query { any; };
};
[edit] Setup the options to Bind 9
Edit /etc/bind/named.conf.options
// Restrict zone transfers
allow-transfer { localhost; };
// Disable any queries for domains we don't own
allow-query { localhost; };
// Disable recursive queries except from internal/local sources
allow-recursion { localhost; };
[edit] Setup the zone file for the server
In this example we will use 10.10.10.10 and 10.10.10.11 for our IP addresses, that way if someone copies this example into a real DNS server, we won't break things. Use the one that is assigned to your linode.
Edit /etc/bind/db.example.com
$TTL 86400
$ORIGIN example.com.
@ IN SOA ns1.example.com. dns.example.com (
2007123101
2H
15M
1W
1D )
IN NS ns1.example.com.
IN NS ns2.example.com.
IN A 10.10.10.10
IN MX 10 server.example.com.
server.example.com. IN TXT "v=spf1 a -all"
ns1 IN A 10.10.10.10
ns2 IN A 10.10.10.11
server IN A 10.10.10.10
www IN A 10.10.10.10
mail IN CNAME example.com.
ftp IN CNAME example.com.
example.com. IN TXT "v=spf1 a mx ~all"
[edit] Setup the zone file for any hosted domains
The zone file for hosted domains will all be similar in this case, with only the domain names changing. Girlie's zone file is below. Littleone's will be the same with example.org substituted for example.net
$TTL 86400
$ORIGIN example.net.
@ IN SOA ns1.example.com. dns.example.com (
2007123101
2H
15M
1W
1D )
IN NS ns1.example.com.
IN NS ns2.example.com.
IN A 10.10.10.10
IN MX 10 server.example.com.
www IN A 10.10.10.10
mail IN CNAME example.net.
ftp IN CNAME example.net.
[edit] Start bind
/etc/init.d/bind9 start
[edit] Add bind to the nameserver list
Edit /etc/resolv.conf and replace everything with:
nameserver 127.0.0.1
[edit] Setup Web Server
The cows want to run a website, so were going to need a web server. We'll be installing Apache 2 on our server to do this job.
[edit] Install Apache 2
aptitude install apache2
Now as we want to run websites for two different users and for the server itself, we are going to need virtual hosting.
[edit] Set the virtual host directory settings
We are going to setup the servers website as a virtual hosted site. To do this we only need to add the IP address of the server to the following sections in the default site.
Edit /etc/apache2/sites-available/default
# Use name-based virtual hosting. NameVirtualHost 10.10.10.10:80 # Default virtual host - replaces main server <VirtualHost 10.10.10.10:80>
[edit] Setup other virtual hosts pointing to the users home directory
Let's setup girlie's site first.
Edit /etc/apache2/sites-available/example.net
<VirtualHost 10.10.10.10:80> ServerName example.net ServerAlias www.example.net DocumentRoot "/home/girlie/public_html" ScriptAlias /cgi-bin/ /home/girlie/cgi-bin/ </VirtualHost>
Now let's setup littleone's site.
Edit /etc/apache2/sites-available/example.org
<VirtualHost 10.10.10.10:80> ServerName example.org ServerAlias www.example.org DocumentRoot "/home/littleone/public_html" ScriptAlias /cgi-bin/ /home/littleone/cgi-bin/ </VirtualHost>
Now enable example.com, example.net and example.org:
a2ensite example.com a2ensite example.net a2ensite example.org
You will need to reload apache for that last action to apply:
/etc/init.d/apache2 reload
[edit] Apache MPM
The default MPM (Multi-processing Module) for Apache is Prefork. It's a very good idea to use ITK which allows you to run each of your vhost under a separate uid and gid, thus configuration and files for one vhost no longer have to be readable for all the other vhosts. To install ITK:
apt-get install apache2-mpm-itk
You will need to specify the username and group for the vhost. Changes are required for your vhost file, for instance /etc/apache2/sites-available/example.com might have these lines:
<IfModule mpm_itk_module> AssignUserId girlie girlie </IfModule>
Reload apache configuration:
/etc/init.d/apache2 reload
[edit] Setup PHP
Girlie wants to run a CMS that requires PHP. So let's install PHP5 for her. If you want PHP4 just change the 5 to a 4 in the following examples. I'm also going to install the php5-mysql libraries at the same time to avoid doing it later.
[edit] Install PHP5
aptitude install php5 php5-pear php5-mysql php5-suhosin
[edit] Configure PHP5
Once PHP 5 is installed you probably need to tune a little bit the configuration file located in /etc/php5/apache2/php.ini
error_repoting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR display_errors = Off log_errors = On error_log = /var/log/php.log max_execution_time = 300 memory_limit = 64M
[edit] Setup mod_python
[edit] Install mod_python
apt-get install mod_python
[edit] Enable mod_python
To enable python support to site example.net, you need add the following to the site's file in /etc/apache/sites-available/example.net:
AddHandler mod_python .py PythonHandler mod_python.publisher PythonDebug On
[edit] Install and setup MySQL
Lucky we installed those php5-mysql libraries earlier.
[edit] Install MySQL
aptitude install mysql-server
Note: mysql-server is a meta-package that currently pulls mysql-server-5.0.
Again, no changes to the configuration file was required, but it's located here: /etc/mysql/my.cnf
To change MySQL root password, issue the command (replace mysql-server-5.0 with the package pulled by mysql-server):
dpkg-reconfigure mysql-server-5.0
[edit] Setup user MySQL databases
What we want to do now is allocate one mysql database for Girlie and one for Littleone. To do this we need to login to mysql
mysql –u root –p
and create a database for girlie and grant privilege to girlie to access her database.
create database girlie; grant all on girlie.* to girlie identified by ‘girlies_mysql_password’;
now create a database for littleone and grant privilege to littleone to access his database.
create database littleone; grant all on littleone.* to littleone identified by ‘littleones_mysql_password’;
now that's done, we can exit mysql
quit
