Server Howtos
Version 3.0
Aug 2010
Peter Scott
This document describes how to install Debian Lenny for use as a LAMP server. It is not intended for high security end uses, but more for general development/NAS/file server type applications. You may however harden the base install.
The first task, is to download and burn the installer iso. With Debian constantly updating its packages there is little advantage in getting the full cd or 21cd set. Instead use one of the smaller downloads, likethe Netinstall iso. Get this from:
[http://www.debian.org/CD/netinst/]
Its a good idea to use a download method that supports resuming like an ftp cliient or a http download manager, or Bittorrent. Also it pays to check the md5 sum, burn it slowly and verify the burn. Linux can be fussy.
Old hardware
If you are using old hardware you may require a boot floopy to get the cd to boot. If if so copy these three files off the etch cd1 onto a working windows box
/tools/rwwrtwin.zip
/tools/diskio.zip
/install/smb.bin
Running rawrite and choosing sbm.bin img will create a boot floopy, which when booted will boot the cd.
While on this topic you dont need to worry about large HDDs in old computers, linux doesnt pay a lot of attention to bios limitations.
Assumptions
The following setup guide assumes the following:
You can change these as you come across them in the guide.
OS Installation
After booting the installer cd, use the console standard install which is the default, and use the hints below to answer the questions.
Partitioning
Choose manual partitioning. You want to put the system on the first smallish partition and all your data on the bigger partition. You can use symlinks to put key parts of /var onto partiton 3.
Part #1 4GB / ext3
Part #2 1GB swap
Part #3 GB /home ext3
Networking
hostname: farm.homeip.net
domain: homeip.net
Configure one interface for now (static):
IP address: 192.168.0.1
Netmask: 255.255.255.0
Gateway: 192.168.0.254
Dns: 192.168.0.254
Users
Choose a memorable but secure root password and dont forget it, plus one ordinary user. In the examples below we assume your root password of secret, and the ordinary user as cow, password moo.
Packages
At the task selection stage, select to use a ftp mirror. Do a base install only. Not even the std system. This ensures a lean starting point.
Final
Grub, yes install it on the mbr.
If you get a debconf screen for exim or other packages just click cancel, or defaults and you will configure these later.
That much should get you though the base installation, and you should have a login screen. Login as root.
CHECKS
Before going further double check your hostname is correct, and that your network interface is set up static (even if you installed on dhcp):
hostname
farm.homeip.net
hostname -s
farm
hostname -d
homeip.net
hostname -f
farm.homeip.net
Check these key networking files:
nano /etc/recolv.conf
nameserver 192.168.0.254
nano /etc/hosts
127.0.0.1 localhost
192.168.0.1 farm.homeip.net farm
nano /etc/hostname
farm.homeip.net
Test your net connection:
ping www.google.com
If no response check out :
nano /etc/network/interfaces
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.254
ifdown eth0
ifup eth0
Tweak bash to make a few things easier. Uncomment the syntax highlighting line and a few changes as below.
nano /root/.bashrc
//change/add
uncomment syntax highlighting lines, and:
alias ll=`ls -al`
alias cd..=`cd ..`
alias df=`df -h`
alias md=`mkdir`
alias rd=`rmdir`
A few extra tools:
aptitude install ntpdate ftpcopy modconf less
In Linux you dont really reboot much, but if you changed much above particuarly in the network department, nows a good time to reboot the machine.
reboot
Remote Control
At this stage we are done working at the actual server. Install ssh so you can continue the setup on your own workstation using a ssh client. For windows download and install Putty, and WinSCP.
You will use Putty to open a terminal on your windows workstation and connect to the server via your LAN. WinSCP is used to move files between your workstation and the server.
aptitude install openssh-server
Now login with Putty on port 22, address root@192blablabla.168.0.1,your root password secret. Now you have mouse cut and paste (using middle or right click) and the howto on your desktop.
If you really want ftp access to the box, then use proftp or vsftp.
aptitude install proftpd
nano /etc/proftpd/proftpd.conf
//add
UseReverseDNS off
IdentLookups off
//change
TimeoutIdle 3600
TimeoutNoTransfer 3600
But generally youll find WinSCP capable.
Also bear in mind that (different to desktop use) almost everything you will do on the server, requires you to be logged in as root. You will quickly learn how powerful root is, and how easy it is to do destructive things to the box. Knowing this, always try to work calmly and examine every command line twice before you hit enter. Have good backups.
Post installation
Aptitude refresher
Use aptitude and not apt-get becasue it has better dependecny handling.
Remove the cd mirror by commenting it out: (below assumes NZ, choose your nearest mirror)
nano /etc/apt/sources.list
deb http://ftp.nz.debian.org/debian etch main contrib non-free
deb http://security.debian.org etch/updates main contrib non-free
Update the base system:
aptitude update
aptitude upgrade
Configuring Postifx
aptitude install postfix
Yes, remove exim, and replace with Postfix. Initially at the debconf screen (but can also do this at any stage with dpkg-reconfigure postfix)
Select `Internet site with smarthost`
and enter the smtp address of your isp.
Enter your mail domain as farm.homeip.net
But afterwards fix the config files so that you have at least:
nano /etc/postfix/main.conf
myhostname = farm.homeip.net
mydomain = farm.homeip.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = farm.homeip.net, localhost
relayhost = smtp.myisp.co.nz
mynetworks = 127.0.0.0/8, 192.168.0.0/24
canonical_maps =hash:/etc/postfix/canonical
nano /etc/mailname
farm.homeip.net
Now you have to tell postfix what to do with incoming mail and outgoing mail:
nano /etc/aliases
mailer-daemon: root
postmaster: root
nobody: root
hostmaster: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: cow@farmblablabla.com # this should be a real isp address of yours
nano /etc/postfix/canonical
root@farmblablabla.homeip.net cow@farmblablabla.com
apache@farmblablabla.homeip.net cow@farmblablabla.com
www-data@farmblablabla.homeip.net cow@farmblablabla.com
nobody@farmblablabla.homeip.net cow@farmblablabla.com
In the former this makes roots mail get redrirected to your own email address, good for getting the various errors and warnings the server will generate. In the latter case, email generated by web scripts and the like will be remapped so as to appear to have come from your email address rather that something unreplyable (with possible delivery hassles) like apache@farmblablabla.homeip.net. Now finish up with:
postmap /etc/postfix/canonical
newaliases
/etc/init.d/postfix restart
Install LAMP
aptitude install apache2 php5 mysql-server php5-mysql
MYSQL Setup
Firstly, Mysql has a root password of its own. Use can use the same password as your system root if you want.
Login to mysql client, one database called farm, and allow access to it by user cow, password moo:
mysql -u root mysql -p
create database farm;
grant ALL privileges on farm.*
to cow@localhost
identified by `moo`;
exit;
Apache setup
First we want to create a place on your /home partition to store the webroot files.
rm -rf /var/www/
md -vp /home/www-data/html
ln -s /home/www-data /var/www
echo `<php print phpinfo(); ?>` > /var/www/html/index.php
chown cow:cow -R /home/www-data
Then configure apache virtualhost to look like so:
nano /etc/apache2/sites-available/default
NameVirtualHost *
<VirtualHost *>
ServerAdmin cow@farmblablabla.com
DocumentRoot /var/www/html/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
Php setup
nano /etc/php/apache/php.ini
RegisterGlobals off
Lamp test
You should now have a working LAMP setup, test you have a phpinfo page as your homepage when you browse to http://192.168.0.1/ Then, check you can login to mysql from a webpage.
Misc
Cron setup
Make a start on your root cron, which you will use more in the next pages:
nano /root/mycron
50 4 * * sun /usr/sbin/ntpdate nz.pool.ntp.org
51 4 1 * * /sbin/hwclock -w
Nb: trap for new players, there must be a newline at the end of the last line.
Load cron, and view root crontab:
crontab /root/mycron
crontab -l
Perl Librarys
As a PHP budding developer youll inevitably end up needing some kind of console scripting language aswell, for cron scripts and stuff. Perl will be the easiest to pick up.
I usually find i need these extra libs:
aptitude install libwww-perl libdate-calc-perl
aptitude install libemail-mime-encodings-perl
Thats just a basic lamp server, with no firewall, not much security in general and isnt suitable for production use yet. But you can use it happily on your LAN for web development, NAS, media server, or keep going and install Webspaces CMS to make a multifunctional intranet server.