The Perfect Server - Ubuntu Intrepid Ibex (Ubuntu 8.10) - Page 6

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Fri, 2008-10-31 12:13. ::

17 Apache/PHP5/Ruby/Python

Now we install Apache:

apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2-suexec libexpat1 ssl-cert

Next we install PHP5, Ruby, and Python (all three as Apache modules):

apt-get install libapache2-mod-php5 libapache2-mod-ruby libapache2-mod-python php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

Next we edit /etc/apache2/mods-available/dir.conf:

vi /etc/apache2/mods-available/dir.conf

and change the DirectoryIndex line:

<IfModule mod_dir.c>

          #DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
          DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml

</IfModule>

Now we have to enable some Apache modules (SSL, rewrite, suexec, and include):

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

Restart Apache:

/etc/init.d/apache2 restart

We have to fix a small problem with Ruby. If you install ISPConfig and enable Ruby for a web site, .rbx files will be executed fine and displayed in the browser, but this does not work for .rb files - you will be prompted to download the .rb file - the same happens if you configure Ruby manually for a vhost (i.e., it has nothing to do with ISPConfig). To fix this, we open /etc/mime.types...

vi /etc/mime.types

... and comment out the application/x-ruby line:

[...]
#application/x-ruby                             rb
[...]

Restart Apache:

/etc/init.d/apache2 restart

Now .rb files will be executed and displayed in the browser, just like .rbx files.

In the next chapter (17.1) we are going to disable PHP (this is necessary only if you want to install ISPConfig on this server). Unlike PHP, Ruby and Python are disabled by default, therefore we don't have to do it.

 

17.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:

vi /etc/mime.types

[...]
#application/x-httpd-php                                phtml pht php
#application/x-httpd-php-source                 phps
#application/x-httpd-php3                       php3
#application/x-httpd-php3-preprocessed          php3p
#application/x-httpd-php4                       php4
[...]

Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:

vi /etc/apache2/mods-enabled/php5.conf

<IfModule mod_php5.c>
  #AddType application/x-httpd-php .php .phtml .php3
  #AddType application/x-httpd-php-source .phps
</IfModule>

Then restart Apache:

/etc/init.d/apache2 restart

 

18 Proftpd

In order to install Proftpd, run

apt-get install proftpd ucf

You will be asked a question:

Run proftpd: <-- standalone

For security reasons add the following lines to /etc/proftpd/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html):

vi /etc/proftpd/proftpd.conf

[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
[...]

ISPConfig expects the configuration to be in /etc/proftpd.conf instead of /etc/proftpd/proftpd.conf, therefore we create a symlink (you can skip this command if you don't want to install ISPConfig):

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Then restart Proftpd:

/etc/init.d/proftpd restart


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Patrick (not registered) on Tue, 2009-09-01 21:56.

Just a note:

I had to wrap ServerIdents off in the <global> tag for ProFTP to pick it up. i.e.

<global>
ServerIdents off
</global>

Also, it takes a long time for users to log into ftp if you don't add the following line:

UseReverseDNS off

Submitted by Sean (not registered) on Sun, 2008-11-09 17:30.

It would only take another paragraph or two to setup ProFTPD to use SSL/TLS and be a secure FTP server.  I understand firewall setup would be more complicated, but not sending your shell account passwords over the Internet PLAIN TEXT would be worth a little additional effort.  Might be a worthwhile enhancement to an already excellent guide.  Thanks for the guide!

Sean

Submitted by Anonymous (not registered) on Sat, 2008-11-01 19:42.

Ok, thank you for your article, but can you tell me:

1. why don't you use the default email server from tasksel or from the ubuntu server guide?

https://help.ubuntu.com/8.04/serverguide/C/email-services.html

tasksel --task-packages mail-server
dovecot-imapd
procmail
openssl-blacklist
dovecot-common
postfix
mutt
libmysqlclient15off
ssl-cert
bsd-mailx
dovecot-pop3d
libpq5
mailx
mysql-common

Why are you using courier and cyrus-sasl2 instead dovecot?

2.  why you're disable the apparmour and enable root account but you use bind chrooted?

3. why don't you just select lamp server at install and go for the suplimentary needed packages later?

It seems to me that this is not the "perfect ubuntu server", but a platform for ispconfig.

Submitted by admin (registered user) on Sun, 2008-11-02 00:28.

1.) It's just a choice I've made. You can use Dovecot as well.

2.) I did not enable the root account. I disabled AppArmor because otherwise BIND doesn't start.

3.) Because I like to have control over what I install. You can as well install the lamp package if you like that better.

As I said in the introduction, there are many ways to skin a cat.

Submitted by Anonymous (not registered) on Fri, 2008-10-31 15:45.
I just have a question, on how can you have a "reliable" server without a form of RAID? You should have the instructions for RAID.

Thanks

Submitted by admin (registered user) on Fri, 2008-10-31 16:51.

Here you go: http://www.howtoforge.com/software-raid1-grub-boot-debian-etch

I don't want to include this in the tutorial because

a) it would become too long

b) it would lock out the users that have just one hard drive in their servers.

I hope you can understand this.