PDA

View Full Version : The Perfect Setup - Debian Sarge (3.1)


cchamb2
27th February 2006, 14:55
I'm looking at the step by step instructions included at
http://www.howtoforge.com/perfect_setup_debian_sarge, and I have a few
questions that relate to local implementation and some different
assumptions, as follows:

Stage 1 - Basic installation

1) If I'm doing a CD-based install, I asusme it's safe to include graphical
desktop packages and add the CD's at the end of the basic installation
process via Synaptic. This lessens a reliance on network connectivity and
lets me add the stable packages from the 16-CD (total) download (updates and security updates are still installed via the network).

2) Since exim is removed anyway, I assume that any answer on the basic
installation for mail server configuration is fine.

Stage 2 - Installing and configuring the rest of the system

3) I anticipate the final network hardware configuration to be as follows:

Network connection -> Router/Gateway Server -> Smart Switch ->Servers

I have a router in place that restricts port access and can support up to 5
static IP's from my network provider. In other words, it can accept traffic
for up to 5 static IP's on specified ports and route traffic based on those
five IP's and the specified port for the traffic to any specific internal
computer.

This leaves everything except the router/gateway configurable, and makes
static IP support concentrate on the router/gateway server.

Additionally, and for the moment only, I am using a dynamic DNS service that
handles DNS service dynamically to the domain of "charles.is-a-geek.net".
This dynamic DNS service can also handle MX service as well. Periodically,
as needed, I update the DNS service with my current DSL IP address. This IP
address is my test ISP address.

How does this affect the network settings in /etc/network/interfaces?

4) In setting this up, I anticipate putting the end users in
/home/~username, since there will be relatively few local end users (end
users physically located near this server). Towards this end, I have
mounted a six-drive RAID array (45.5 gigs at the moment, but that can be
changed) running the reiserFS file system at /home, not at /var, and I've
left the /var directory as a logfile repository. How does this affect the
/etc/fstab entries? I've already tried a reboot and the RAID array doesn't
like the errors=remount-ro option under the reiserFS, and it disabled
/dev/md0 when I rebooted.

Page 4 - Configuring mail services

5) In configuring POP3, the command line of "openssl genrsa -des3 -rand
/etc/hosts -out smtpd.key 1024" generates an error and stops the script file
when run as part of a script, but it runs just fine by itself and the rest
of the script following it runs just fine. Is this normal?

6) First "telnet localhost 25" and then "ehlo localhost" gets a mostly
correct response; however, it still identifies the system as
"localhost.localdomain". There is also no "STARTTTLS" entry. Did I miss
something?

STAGE 5 (Perl update)

7) When I got to the point of installing modules needed by SpamAssassin, I
found that a new CPAN version was available. I installed it when prompted.
The following three installations (HTML Parser, DB_File, and Net DNS all
appaeared to fail, but upon rerunning them I got "up-to-date" messages. Did
I miss something, or was this normal?

And, two more generic questions:

8) What changes in this setup do I need to make in order to (if possible)
put a user's mail either under his /home directory, or under a separate
directory which can then be included in his/her disk quota? I'm looking to
end up specifying a set disk quota (say 40 megs) for a disk quota per user,
to consist of mail, web, and ftp space.

9) (Off topic) Do I need to worry about this if I install ISPConfig, or
will ISPConfig watch both mail and ftp quotas?

falko
28th February 2006, 00:26
1) If I'm doing a CD-based install, I asusme it's safe to include graphical
desktop packages and add the CD's at the end of the basic installation
process via Synaptic. This lessens a reliance on network connectivity and
lets me add the stable packages from the 16-CD (total) download (updates and security updates are still installed via the network).
Keep in mind that this is a server setup. What's a server worth without a working internet connection? Also, servers usually don't have a desktop.

2) Since exim is removed anyway, I assume that any answer on the basic
installation for mail server configuration is fine.
Yes.

3) I anticipate the final network hardware configuration to be as follows:

Network connection -> Router/Gateway Server -> Smart Switch ->Servers


The server can also be connected directly to the internet (e.g. if it's in a data center).

Additionally, and for the moment only, I am using a dynamic DNS service that
handles DNS service dynamically to the domain of "charles.is-a-geek.net".
This dynamic DNS service can also handle MX service as well. Periodically,
as needed, I update the DNS service with my current DSL IP address. This IP
address is my test ISP address.

How does this affect the network settings in /etc/network/interfaces?
/etc/network/interfaces isn't affected at all by this. You should have static IP addresses in there.

4) In setting this up, I anticipate putting the end users in
/home/~username, since there will be relatively few local end users (end
users physically located near this server). Towards this end, I have
mounted a six-drive RAID array (45.5 gigs at the moment, but that can be
changed) running the reiserFS file system at /home, not at /var, and I've
left the /var directory as a logfile repository. How does this affect the
/etc/fstab entries? I've already tried a reboot and the RAID array doesn't
like the errors=remount-ro option under the reiserFS, and it disabled
/dev/md0 when I rebooted.How do you mean that question?


5) In configuring POP3, the command line of "openssl genrsa -des3 -rand
/etc/hosts -out smtpd.key 1024" generates an error and stops the script file
when run as part of a script, but it runs just fine by itself and the rest
of the script following it runs just fine. Is this normal?What script? This command should be run directly on the command line.

6) First "telnet localhost 25" and then "ehlo localhost" gets a mostly
correct response; however, it still identifies the system as
"localhost.localdomain". There is also no "STARTTTLS" entry. Did I miss
something?
What's in /etc/postfix/main.cf?
If STARTTLS is missing, then I guess you didn't follow the tutorial close enough.


7) When I got to the point of installing modules needed by SpamAssassin, I
found that a new CPAN version was available. I installed it when prompted.
The following three installations (HTML Parser, DB_File, and Net DNS all
appaeared to fail, but upon rerunning them I got "up-to-date" messages. Did
I miss something, or was this normal?

I don't know if this is normal. But you can install SpamAssassin, and if spamassassin -V doesn't give back errors, then it's fine.
And, two more generic questions:

8) What changes in this setup do I need to make in order to (if possible)
put a user's mail either under his /home directory, or under a separate
directory which can then be included in his/her disk quota? I'm looking to
end up specifying a set disk quota (say 40 megs) for a disk quota per user,
to consist of mail, web, and ftp space.
If you're using reiserfs instead of ext3, it is possible that quota will not work.

9) (Off topic) Do I need to worry about this if I install ISPConfig, or
will ISPConfig watch both mail and ftp quotas?
ISPConfig will watch these quotas (if quota is working, see above), and it will also take care of user creation (though not in /home/~username), etc.

cchamb2
4th March 2006, 16:12
>>1) If I'm doing a CD-based install, I asusme it's safe to include graphical
>> desktop packages and add the CD's at the end of the basic installation
>>process via Synaptic. This lessens a reliance on network connectivity and
>>lets me add the stable packages from the 16-CD (total) download
>>(updates and security updates are still installed via the network).

>Keep in mind that this is a server setup. What's a server worth without a
>working internet connection? Also, servers usually don't have a desktop.

As I learn about this distribution, it saves a lot of time to [re]install what
I need from CD rather than from the Internet. The reason for the
desktop is that it looks familiar and I haven't done pure command
lline interface in a long time.
================================

>>2) Since exim is removed anyway, I assume that any answer on the basic
>>installation for mail server configuration is fine.

>Yes.

Then I can leave my notes intact on that subject.
====================================

>>3) I anticipate the final network hardware configuration to be as follows:

>>Network connection -> Router/Gateway Server -> Smart Switch ->Servers

>The server can also be connected directly to the internet (e.g. if it's in a data center).

Correct. But the most recent advice I have regarding an ISP setup is to impose a gateway or router for security purposes between the server(s) and the rest of the Internet.

The configuration as described above only requies a static IP on the router or gateway server, with packets being routed according to port to the various servers that make up the ISP.

===========================

>>Additionally, and for the moment only, I am using a dynamic DNS service >>that handles DNS service dynamically to the domain of "charles.is-a->>geek.net". This dynamic DNS service can also handle MX service as well. >>Periodically, as needed, I update the DNS service with my current DSL IP >>address. This IP address is my test ISP address.

>>How does this affect the network settings in /etc/network/interfaces?

>/etc/network/interfaces isn't affected at all by this. You should have static
>IP addresses in there.

But originating or based on what? The setup as described above only needs
one static IP at this point, and that is set in the router/gateway. Later on, it
will need additional IP's (one for incoming modem pool connections and a
couple possible for DNS service), but that's a separate issue. As it stands
now, dynamic DNS for directing packets from the Internet to this server,
and configuring the router to pass traffic based on port, works just fine.

dynDNS.org is what provides this DNS service.

==================================

>>4) In setting this up, I anticipate putting the end users in
>>/home/~username, since there will be relatively few local end users (end
>>users physically located near this server). Towards this end, I have
>>mounted a six-drive RAID array (45.5 gigs at the moment, but that can be
>>changed) running the reiserFS file system at /home, not at /var, and I've
>>left the /var directory as a logfile repository. How does this affect the
>>/etc/fstab entries? I've already tried a reboot and the RAID array doesn't
>>like the errors=remount-ro option under the reiserFS, and it disabled
>>/dev/md0 when I rebooted.

>How do you mean that question?

I'd like to put all user (local and remote) directories under /home.
It makes backups and restores much easier, as /home is one
backup and the rest of the system is a second backup.
It's easier to administer. And /var becomes solely used for
log files.

The RAID array is currently formatted reiserFS, but changing
the filesystem for the RAID array is simple at this point - it's
not so simple later on.

Is this possible? Can I put the remote users under /home, and
can I use the reiserFS file system for this?

How does doing this change the setup in /etc/fstab? I'm running down
a related issue where /etc/fstab does not like the "errors=remount-ro"
on a reiserFS file system.

==================
>>5) In configuring POP3, the command line of "openssl genrsa -des3 -rand
>>/etc/hosts -out smtpd.key 1024" generates an error and stops the script >>file when run as part of a script, but it runs just fine by itself and the rest
>>of the script following it runs just fine. Is this normal?

>What script? This command should be run directly on the command line.

My bust <g>. I took all groups of italicized lines to be potentially one
script to cut, paste, and execute in a terminal window. Back to a
reinstall to watch each one.

================
>>6) First "telnet localhost 25" and then "ehlo localhost" gets a mostly
>>correct response; however, it still identifies the system as
>>"localhost.localdomain". There is also no "STARTTTLS" entry. Did I miss
>>something?

>What's in /etc/postfix/main.cf? If STARTTLS is missing, then I guess
>you didn't follow the tutorial close enough.

I live, I learn (see above).

======================
>>7) When I got to the point of installing modules needed by SpamAssassin, I
>>found that a new CPAN version was available. I installed it when prompted.
>>The following three installations (HTML Parser, DB_File, and Net DNS all
>>appaeared to fail, but upon rerunning them I got "up-to-date" messages. >>Did I miss something, or was this normal?

>I don't know if this is normal. But you can install SpamAssassin, and if
>Code: spamassassin -Vdoesn't give back errors, then it's fine.

Then it's fine.

======================
>>8) What changes in this setup do I need to make in order to (if possible)
>>put a user's mail either under his /home directory, or under a separate
>>directory which can then be included in his/her disk quota? I'm looking to
>>end up specifying a set disk quota (say 40 megs) for a disk quota per user,
>>to consist of mail, web, and ftp space.

>If you're using reiserfs instead of ext3, it is possible that quota will not work.

Then I guess I need ext3 on the RAID array. Answers part of the questions
on putting the [remote] users under /home on a RAID array.

==================
>>9) (Off topic) Do I need to worry about this if I install ISPConfig, or
>>will ISPConfig watch both mail and ftp quotas?

>ISPConfig will watch these quotas (if quota is working, see above), and
>it will also take care of user creation (though not in /home/~username), etc

Then the users *have* to be under /var, as quota enforcement is FAR more
important that ease of backup.

falko
4th March 2006, 19:41
>>Additionally, and for the moment only, I am using a dynamic DNS service >>that handles DNS service dynamically to the domain of "charles.is-a->>geek.net". This dynamic DNS service can also handle MX service as well. >>Periodically, as needed, I update the DNS service with my current DSL IP >>address. This IP address is my test ISP address.

>>How does this affect the network settings in /etc/network/interfaces?

>/etc/network/interfaces isn't affected at all by this. You should have static
>IP addresses in there.

But originating or based on what? The setup as described above only needs
one static IP at this point, and that is set in the router/gateway. Later on, it
will need additional IP's (one for incoming modem pool connections and a
couple possible for DNS service), but that's a separate issue. As it stands
now, dynamic DNS for directing packets from the Internet to this server,
and configuring the router to pass traffic based on port, works just fine.

dynDNS.org is what provides this DNS service.
If your server is in a local network behind a router, then you can assign a static local IP address to your server (e.g. 192.168.0.100).


If you use ReiserFS, you'll most probably have problems with quota.
I suggest that if you install ISPConfig, you specify a web root like /var/www and then use Maildir for your email (you must then have a POP3/IMAP daemon installed that works with Maildir, like Courier or Dovecot). Because then all your web spaces and users' home directories and mailboxes are in /var/www, and you only need to back up this directory. :)

cchamb2
9th March 2006, 11:29
If your server is in a local network behind a router, then you can assign a static local IP address to your server (e.g. 192.168.0.100).

I'll have to play with this and learn from it. I made the changes as described in The Perfect Setup, and promptly lost all Internet connectivity. I then uncommented the old lines, and commented out the new lines, and Internet connectivity was returned.

If you use ReiserFS, you'll most probably have problems with quota.
Not a big deal. Performance is a lower concern than being able to implement a *simple* backup plan, and backing up /var and then backing up the rest of the system is simple enough.

I suggest that if you install ISPConfig, you specify a web root like /var/www and then use Maildir for your email (you must then have a POP3/IMAP daemon installed that works with Maildir, like Courier or Dovecot). Because then all your web spaces and users' home directories and mailboxes are in /var/www, and you only need to back up this directory. :)

As mentioned in The Perfect Setup. It shall be done.