The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10) - Page 7

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2007-10-18 13:33. ::

18 Webalizer

To install webalizer, just run

apt-get install webalizer

 

19 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.

 

20 Install Some Perl Modules Needed By SpamAssassin (Comes With ISPConfig)

Run

apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl

 

21 ISPConfig

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it. Please check out the ISPConfig installation manual: http://www.ispconfig.org/manual_installation.htm

 

21.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as Ubuntu's suExec is compiled with /var/www as Doc_Root. Run

/usr/lib/apache2/suexec -V

and the output should look like this:

root@server1:~# /usr/lib/apache2/suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"
root@server1:~#

So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).

The following screenshot is taken from an ISPConfig installation in expert mode. If you want to use ISPConfig, then don't change the default web root:

 

22 Links

up

Copyright © 2007 Falko Timme
All Rights Reserved.
add comment | view as pdf view as pdf | print: this | all page(s)
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Thanks for this great howto
Submitted by Anonymous (not registered) on Sat, 2008-09-27 04:01.

Thanks for giving detailed step by step instructions. I didn't install ISPConfig, but I found the rest of the howto very helpful - informative, detailed and up-to-date.

I actually ran this on a hardy heron installation. apt-get couldn't find php5-ps. When I checked at http://packages.ubuntu.org I found this is available upto gutsy and then also planned for intrepid but not in hardy repos... would this break anything ? (Haven't been facing any thing unexplainable so far)

 

reply | view as pdf view as pdf
addendum for installing ISPConfig on a 64 bits Gutsy Gibbon
Submitted by Gerlag (registered user) on Mon, 2008-01-14 20:50.

I don’t know if this applies to 64 bit systems only.  (I installed ISPConfig successfully on a Xeon 3210 system)
In case of error message: ”Cannot find OpenSSL's <evp.h>" followed by lots of error messages, last error message is "The PHP binary coming with ISPConfig does not work properly on your system!"  you will need to install the ssl-devel package in order to get the missing <evp.h> file.

Use the command:

sudo apt-get install libssl-dev

and reinstall ISPConfig as described in the manual

reply | view as pdf view as pdf
Further SSL configuration (if no ISPconfig is installed)
Submitted by chillifire (registered user) on Sun, 2007-11-04 02:18.

This Howto is very useful, but appears to rely heavily on the assumption that ISPconfig will be installed. In particular SSL is not working out of the box in this configuration. I found In needed to go through the following steps for apache 2.2.4:
Apache2 SSL
Generate the certificateSince Ubuntu 7.04, certificate creation has been changed:
Create directories

mkdir /usr/share/share/ssl-cert /etc/apache2/ssl

Create a certificate:.

/usr/sbin/make-ssl-cert /usr/share/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Enable the SSL module

sudo a2enmod ssl

Listen to port 443

echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf

Create and enable the SSL site

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Modify it so it looks something like this

NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>
<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>

</virtualhost>
...and enable it

sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80
<virtualhost *:80>

...and enable it

sudo a2ensite ssl

don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80<virtualhost *:80>

Mod rewriteIt's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. First you'll have to enable the module

sudo a2enmod rewrite

Then add the following to /etc/apache2/sites-available/default

RewriteEngine   onRewriteCond     %{SERVER_PORT} ^80$RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]RewriteLog      "/var/log/apache2/rewrite.log"RewriteLogLevel 2

Create directory for pidfile; it may be missing

sudo mkdir -p /var/run/apache2sudo chown -R www-data /var/run/apache2

Fix ports.confYou may have to remove a double-up Listen Command for port 443 (SSL)

vi /etc/apche2/ports.conf

should look like this

Listen 80<IfModule mod_ssl.c>Listen 443</IfModule>

Don't forget to restart apache

sudo /etc/init.d/apache2 force-reload
reply | view as pdf view as pdf
Thanks for the addition as I
Submitted by barkle (registered user) on Tue, 2008-01-29 16:11.
Thanks for the addition as I do not want to ISPconfig. SAdly there are no line carriages for the code you posted, therefore I cannot differ when a command or line is ended. Could you please reformat the part beginning from "RewriteEngine" and explicitely say between which lines this has to be inserted? Thank you.
reply | view as pdf view as pdf
@barkle
Submitted by Jaac (registered user) on Thu, 2008-02-28 02:53.

The lines you mean, which are added to the default(port80) site, are;

quote: 

Then add the following to /etc/apache2/sites-available/default

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

Good Luck! 

 

reply | view as pdf view as pdf
Security concerns...
Submitted by cscracker (registered user) on Tue, 2008-04-08 05:49.

Ubuntu has no root password by default for security reasons. By setting one, you are taking a risk. You can use "sudo -i" or "sudo su" without setting a root password to get a root prompt as an administrator.

As well, if you do set the root password and install OpenSSH server, by default, root is permitted to log on, which is a very risky move, especially if the server is accessible from the internet. To disable root logons via ssh, edit /etc/ssh/sshd_config, and change "PermitRootLogins yes" to "PermitRootLogins no". This is normally a non-issue, because root normally does not have a password and therefore cannot log on to the system at all.

reply | view as pdf view as pdf