HowtoForge - Linux Howtos in English English|HowtoForge.de - Linux-Howtos auf Deutsch Deutsch

The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10) - Page 7

Submitted by falko (Contact Author) (Forums) on Thu, 2007-10-18 13:33. ::

18 Webalizer

To install webalizer, just run

apt-get install webalizer

 

19 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.

 

20 Install Some Perl Modules Needed By SpamAssassin (Comes With ISPConfig)

Run

apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl

 

21 ISPConfig

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it. Please check out the ISPConfig installation manual: http://www.ispconfig.org/manual_installation.htm

 

21.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as Ubuntu's suExec is compiled with /var/www as Doc_Root. Run

/usr/lib/apache2/suexec -V

and the output should look like this:

root@server1:~# /usr/lib/apache2/suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"
root@server1:~#

So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).

The following screenshot is taken from an ISPConfig installation in expert mode. If you want to use ISPConfig, then don't change the default web root:

 

22 Links

up

Copyright © 2007 Falko Timme
All Rights Reserved.
print: this | all page(s) | login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please do not use the comment function to ask for help! If you need help, please use our forum: http://www.howtoforge.com/forums
Comments will be published after administrator approval.
addendum for installing ISPConfig on a 64 bits Gutsy Gibbon
Submitted by Gerlag (Contact Author) (Forums) on Mon, 2008-01-14 20:50.

I don’t know if this applies to 64 bit systems only.  (I installed ISPConfig successfully on a Xeon 3210 system)
In case of error message: ”Cannot find OpenSSL's <evp.h>" followed by lots of error messages, last error message is "The PHP binary coming with ISPConfig does not work properly on your system!"  you will need to install the ssl-devel package in order to get the missing <evp.h> file.

Use the command:

sudo apt-get install libssl-dev

and reinstall ISPConfig as described in the manual

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Further SSL configuration (if no ISPconfig is installed)
Submitted by chillifire (Contact Author) (Forums) on Sun, 2007-11-04 02:18.

This Howto is very useful, but appears to rely heavily on the assumption that ISPconfig will be installed. In particular SSL is not working out of the box in this configuration. I found In needed to go through the following steps for apache 2.2.4:
Apache2 SSL
Generate the certificateSince Ubuntu 7.04, certificate creation has been changed:
Create directories

mkdir /usr/share/share/ssl-cert /etc/apache2/ssl

Create a certificate:.

/usr/sbin/make-ssl-cert /usr/share/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Enable the SSL module

sudo a2enmod ssl

Listen to port 443

echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf

Create and enable the SSL site

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Modify it so it looks something like this

NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>
<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>

</virtualhost>
...and enable it

sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80
<virtualhost *:80>

...and enable it

sudo a2ensite ssl

don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80<virtualhost *:80>

Mod rewriteIt's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. First you'll have to enable the module

sudo a2enmod rewrite

Then add the following to /etc/apache2/sites-available/default

RewriteEngine   onRewriteCond     %{SERVER_PORT} ^80$RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]RewriteLog      "/var/log/apache2/rewrite.log"RewriteLogLevel 2

Create directory for pidfile; it may be missing

sudo mkdir -p /var/run/apache2sudo chown -R www-data /var/run/apache2

Fix ports.confYou may have to remove a double-up Listen Command for port 443 (SSL)

vi /etc/apche2/ports.conf

should look like this

Listen 80<IfModule mod_ssl.c>Listen 443</IfModule>

Don't forget to restart apache

sudo /etc/init.d/apache2 force-reload
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Thanks for the addition as I
Submitted by barkle (Contact Author) (Forums) on Tue, 2008-01-29 16:11.
Thanks for the addition as I do not want to ISPconfig. SAdly there are no line carriages for the code you posted, therefore I cannot differ when a command or line is ended. Could you please reformat the part beginning from "RewriteEngine" and explicitely say between which lines this has to be inserted? Thank you.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
@barkle
Submitted by Jaac (Contact Author) (Forums) on Thu, 2008-02-28 02:53.

The lines you mean, which are added to the default(port80) site, are;

quote: 

Then add the following to /etc/apache2/sites-available/default

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

Good Luck! 

 

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Security concerns...
Submitted by cscracker (Contact Author) (Forums) on Tue, 2008-04-08 05:49.

Ubuntu has no root password by default for security reasons. By setting one, you are taking a risk. You can use "sudo -i" or "sudo su" without setting a root password to get a root prompt as an administrator.

As well, if you do set the root password and install OpenSSH server, by default, root is permitted to log on, which is a very risky move, especially if the server is accessible from the internet. To disable root logons via ssh, edit /etc/ssh/sshd_config, and change "PermitRootLogins yes" to "PermitRootLogins no". This is normally a non-issue, because root normally does not have a password and therefore cannot log on to the system at all.

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf