The Perfect Setup - Fedora Core 4

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Mon, 2005-07-18 14:44. :: Fedora | ISPConfig

This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

The Perfect Setup - Fedora Core 4

Version 1.3
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited: 01/03/2006

This is a detailed description about the steps to be taken to setup a Fedora Core 4 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). In addition to that I will show how to use Debian's package manager apt on an rpm-based system because it takes care of package dependencies automagically which can save a lot of trouble.

I will use the following software:

  • Web Server: Apache 2.0.x
  • Mail Server: Postfix (easier to configure than sendmail; has a shorter history of security holes than sendmail)
  • DNS Server: BIND9
  • FTP Server: proftpd
  • POP3/IMAP servers
  • Webalizer for web site statistics

In the end you should have a system that works reliably and is ready for the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Requirements

To install such a system you will need the following:

1 The Base System

Boot from your Fedora Core 4 CD (CD 1) or DVD.

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the Fedora installer appears:

Choose your language next:

Select your keyboard layout:

We want to install a server so we choose Server here:

Now we have to partition our hard disk. You can choose to let the Fedora installer do the partitioning, or you can do it yourself. I want to create a small /boot partition (less than 100 MB) with the file system ext3, a swap partition and a huge / partition (again with ext3):

Now the boot loader GRUB will be installed. You can leave the default settings unchanged and click on Next:


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by china phone (not registered) on Fri, 2010-11-26 09:37.
do not have a fixed IP address, furthermore, I have a Linksys gateway router that insists on assigning my server an IP through the DHCP, regardless of how I configure my server. For example, I've tried to set my IP as 192.168.1.100, which my router does not see. Instead, my router assigns my server something like 192.168.1.102, depending on how may clients I have running on the router at the time. This creates all kinds of problems, usally that I cannot access the internet from my server.
Submitted by Anonymous (not registered) on Thu, 2006-01-19 11:11.
It is applicable to i386 (Intel) architecture, not the other way around (not ppc (Mac), not x86_64 (AMD) either).
Submitted by hootoo (not registered) on Mon, 2009-07-06 06:46.
Thanks for tharing this.
Submitted by Anonymous (not registered) on Fri, 2006-01-06 10:36.

Getting named to work was giving me bloody hell. Whenever I tried to start the service, it would fail. I went through the log and got a:

  • could not configure root hints from '/etc/db.cache': file not found

error message. Since I had no idea what chroot was doing nor what a 'prison' is, this error was making no sense to me. /etc/db.cache is a file and it exists! I'm sure of it.

Finally, I discovered that we are setting up named to run in a 'prison', which means it thinks the directory /var/named/chroot/etc/ is the root top directory. I got the problem fixed by copying db.cache to the prison, like so:

  • cp -f /etc/db.cache /var/named/chroot/etc/
If only I knew what was going on I could have saved an hour of my life :(

Submitted by Anonymous (not registered) on Wed, 2005-12-21 19:28.
Why do you suggest to create a virtual NIC eth0:0 when eth0 already exists? What is the purpose of this extra NIC?
Submitted by Anonymous (not registered) on Mon, 2006-01-09 06:17.

Most companies who sell Fully-Qualified Domain Names will require the subscriber to have at least two public IP addresses, which are assigned by an ISP, for a Primary and Secondary Domain Name System. Ideally, these would be on (at least) two seperate computers with two seperate accounts with seperate power supplies to decrease the chance of the domain name being down entirely.

Most DIY'ers don't have two computers to do this with, or two different ISP accounts. Since both IP addresses (primary and secondary) will be coming into the same cable into the same NIC, then the computer has to be told to listen for both IP addresses on the same NIC (ie. MAC address), thus a virtual NIC.

If you have two different ISP accounts coming into two different NIC's, then this is not needed, you would assign the NICs as normal (eth0 and eth1, for example).

Submitted by Anonymous (not registered) on Wed, 2005-10-12 20:00.
Someone is submited problem
Submitted by Anonymous on Sat, 2005-08-06 17:14.
When I get to the command "quotacheck -avugm" I get a command not found error. I have been through the instructions twice and have followed them exactly each time but it has happened twice. I have installed everything as instructed. Any suggestions?
And hi REPLAY
Submitted by Anonymous on Sat, 2005-08-06 17:18.
I got it, had to be logged in as root
BUT I HAVE that problem and it is not logged problem
And Second problem is in
"E: coulden't find package imap..."
But I runed
apt-get update
End got
E:Some index files failed to download, they have been ignored, or old ones used instead.
What is going on here :))
Submitted by admin (registered user) on Thu, 2005-10-13 08:58.
About your imap problem: I've just added a short explanation on http://howtoforge.com/perfect_setup_fedora_core_4_p3, just below the part where I describe which repositories should be used in /etc/apt/sources.list. Read this closely, and you'll understand your problem.
Submitted by Anonymous (not registered) on Mon, 2005-10-03 23:00.

I'm thinking maybe that PostFix is configured wrong, but I'm not sure how to debug. Some of my webpages make use of the mail() function. Which has worked on other hosts...but under my ISPConfig host (which is being hosted and setup using the Perfect Setup for FC4), I get the follow in root's mail:

----- The following addresses had permanent fatal errors -----
dave@network.net
(reason: 550 <dave@network.net>: Recipient address rejected: User unknown in local recipient table)
(expanded from: dave@network.net)

----- Transcript of session follows -----
... while talking to [127.0.0.1]:
>>> DATA
<<< 550 <dave@network.net>: Recipient address rejected: User unknown in local recipient table
550 5.1.1 dave@network.net... User unknown
<<< 554 Error: no valid recipients

I double checked /etc/alternatives and found that mta --> /usr/sbin/sendmail.sendmail

changed to mta --> /usr/sbin/sendmail.postfix

and my error message (in roots mail) changed to:

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

The Postfix program

<dave@network.net>: unknown user: "dave"

so I double-checked /etc/postfix/local-host-names and found:

localhost
....etc...
network.net
## MAKE MANUAL ENTRIES BELOW.....

but my setup in ISPConfig for that site shows that I'm using an external mailserver (and how would the mail() from PHP care about that?!)...and I have the MX record setup in DNS to point to the 'real' mail server. I know DNS is setup properly, as mail to this address/site from any other client works/goes through...just can't use the mail() function properly?!

Any help, always appreciated - as I have a bruised forehead from banging!?

-dave-

Submitted by Anonymous (not registered) on Wed, 2005-11-02 23:58.
Just a quick answer: The problem is not with your MTA (Postfix) or any other steps outlined in this HowTo but most probably with FC4's implementation of SELinux which disallows your webserver (Apache?) to use the Postfix sendmail binary (for security reasons). This is a common problem with PHP's mail() function, Apache and SELinux. Perhaps this could help: http://fedora.redhat.com/docs/selinux-apache-fc3/
Submitted by admin (registered user) on Tue, 2005-10-04 09:08.
Can you post this in the forums, please? This problem is too complex to be handled in the comments section.
Submitted by Anonymous (not registered) on Sat, 2005-10-01 02:36.

What directory do I need to be in for this symlink:

ln -s ../../ chroot

Thanks for the killer article!

Submitted by Anonymous (not registered) on Sat, 2005-10-01 23:35.

I don't know how many times I read it - and did not see it. It is in there.

Thank you!

Submitted by Anonymous (not registered) on Tue, 2005-09-27 03:51.

First let me say that this is an excellent HOWTO and I really appreciate the effort to help everyone out --Thanks Falko!

I do not have a fixed IP address, furthermore, I have a Linksys gateway router that insists on assigning my server an IP through the DHCP, regardless of how I configure my server. For example, I've tried to set my IP as 192.168.1.100, which my router does not see. Instead, my router assigns my server something like 192.168.1.102, depending on how may clients I have running on the router at the time. This creates all kinds of problems, usally that I cannot access the internet from my server.

Anyone have a solution? This all started with a simple project to upgrade my perfectly running server from PHP4 to PHP5 and Apache 1.3 to 2.0. About 8 days later, I have no hair, bags under my eyes, and I'm about to get fired from my job! I'm afraid without a MS in computer science, Linux is an impossibility! Just me venting fustration ....really though, this is just the first problem I have to solve before I can move on. Thanks!

Submitted by Anonymous (not registered) on Fri, 2005-12-09 12:53.
I have only recently begun using Linux as well, so I understand some of your frustration. This might help for the static IP thing. 1. Go to 'System Settings' and click on the 'Network' icon. 2. When prompted, enter in the root password, if not logged in as root (which they say not to do). You should get a screen that lists your network adapters at this point. 3. Click on the network adapter (usually will have a device name like eth0) and then click on the 'Edit' icon at the top of the window. The first screen that is displayed should have a place for you to change this network interface to use a static rather than dynamic IP. One other note. While following this how to, when adding the virtual interface I had to follow the same process for editing the new interface obviously assigning it a different IP from my eth0 interface. On this virtual interface, I also had to choose the 'Hardware Device' tab at the top and check the box next to 'device Alias number' and then I used the number 0 for my device alias number, which is where the name eth0:0 comes from, I think. I hope this helps. W. Melvin
Submitted by till (registered user) on Wed, 2005-09-28 08:42.
Please post this problem in the forums: http://www.howtoforge.com/forums
Submitted by Anonymous on Sat, 2005-09-17 00:17.
I do not run my server behind a router and have a static IP. Do I need to make virtual interface for my network interface?
Submitted by admin (registered user) on Sat, 2005-09-17 21:27.
No, if you only have one IP, you do not need a virtual network interface.
Submitted by Anonymous on Mon, 2005-09-26 08:05.

What's the reason for it though? I don't mean to be thick .....

Thanks in advance

Submitted by Anonymous on Thu, 2005-09-01 20:32.
Hey, Love the artical........I am new to linux. Ihave it all set up. However, I am unsure of what ports I need to open! I assume I need ports:

FTP 21

SSH 22

SMTP 25

Apache 80, 443

Name Serv 81

N E way, do I need any other ports open?

Thanks!

Submitted by Anonymous on Sat, 2005-09-03 07:52.
but i coudn't install ispconfig because of this error:

checking lex output file root... ./configure: line 2422: lex: command not found

configure: error: cannot find output from lex; giving up

ERROR: Could not configure PHP

What can i do?



Submitted by Anonymous on Sat, 2005-09-03 08:09.

The package flex is missing. Install the flex package:

apt-get install flex

Delete the install_ispconfig directory and unpack the installer tar.gz file again, before trying the ispconfig installation again.

Submitted by Anonymous on Sat, 2005-09-03 08:19.
That was quick man, i'll try it now, thanks a lot
Submitted by Anonymous on Mon, 2005-08-22 23:13.

Many thanks for what seems to have been a pretty straight forward installation . I do have though a couple of daft questions !

  • what are the default login details for the administration panel (http://www.mydomainname.com:81) ? I never got prompted anywhere !
  • can i change the port 81 ?

Regards

Submitted by Anonymous on Mon, 2005-08-22 23:31.

goodness am i daft !

admin:admin people !


although should i suggest some mention of it would be great in the howto ?! (saying that it might be there and i am blind!)

thanks Falko

regards

Submitted by Anonymous on Mon, 2005-08-22 17:05.
When I try to save /etc/sysconfig/network-scripts/ifcfg-eth0:0, KEDIT gives me the following error. "Could not save to remote file". Help!!!
Submitted by Anonymous on Sat, 2005-09-24 07:04.

Here is the way I did it,

cp /etc/syscong/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

then I did this

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

And that was it and changed the DEVICE from eth0 to eth0:0

then IPADDR from 192.168.1.10 to 192.168.1.11

colon-> ESC -> wq!

and done

Hope this helps

Submitted by Alex (not registered) on Tue, 2009-12-08 04:14.

Ya, it does help.

I used to use windows, and now since I have to learn php and how to use apache, it turned out kind of unfamiliar, so I need your guys help.

Now I got my own website running on Linux and thanks for the comment.

Submitted by admin (registered user) on Mon, 2005-08-22 17:15.
Try to use another editor, kedit thinks this is a url because it contains ":".
Submitted by Anonymous on Mon, 2005-08-22 17:40.
Many thanks.
Submitted by Anonymous on Mon, 2005-08-22 16:24.
This is only perfect for those who are Linux savvy. Way short on detail. Typical of the whole Linux community, "Keep as cryptic and obscure as conceivably possible". How do they ever expect the rest of the world to change over from Winndows.
Submitted by Anonymous on Sat, 2005-08-13 03:48.
I was struggleing allong until I found this, very easy for follow format as well as being complete. Thank you for this how-to!
Submitted by Anonymous on Sat, 2005-08-06 16:14.
When I get to the command "quotacheck -avugm" I get a command not found error. I have been through the instructions twice and have followed them exactly each time but it has happened twice. I have installed everything as instructed. Any suggestions?
Submitted by Anonymous on Sat, 2005-08-06 16:18.
I got it, had to be logged in as root
Submitted by battery (not registered) on Thu, 2008-12-18 03:27.
Why it's good. More features which aid in better interoperability, add new and exiciting things that just make sense. Testing is the only way to get bad bugs out, bleeding edge is only one of many steps. Someone has to do it. In production environments its usage is questionable, especially when used on big servers serving hundreds or thousands of people.
Submitted by Anonymous on Fri, 2005-08-05 14:31.

No matter what is being said in these replies, I DO like this article but it gives a very distinguished straight to the goal direction for a certain task: creating a working hostingserver. Thnx Falko!!

Remark: apt did not work for me, do not know why, but just kept stalling at reading the packages. Used yum instead.

Submitted by Anonymous on Sun, 2005-08-14 18:28.

Often times apt will not work because of a firewall.

Submitted by Anonymous on Sun, 2005-07-31 17:41.
Sorry but i am a true newbie at linux. When i try to edit etho with this command /etc/sysconfig/network-scripts/ifcfg-eth0¬ all i get is permission denied. can anyone help me. I am logged in as root. Thanks in advance
Submitted by Anonymous on Mon, 2005-08-01 19:22.

Thanks

had to do the chmod¬ and then do a vi ifcfg-eth0 to edit the file. was there an easier way?

Submitted by Anonymous on Sun, 2005-07-31 21:51.

Try to chamge the file's permissions:

chmod 644 /etc/sysconfig/network-scripts/ifcfg-eth0

Submitted by Anonymous on Tue, 2005-07-26 03:59.
Why not just use NTP which will provide nice smooth time updates instead of jumps ??
Submitted by Anonymous on Tue, 2005-07-26 00:08.

The part where you install imap is unclear. The package isnt simply called 'imap'. Dovecot is the only thing found with apt-cache search. This requires additional configuration that you didn't cover. Yum also doesnt have 'imap'

Submitted by Anonymous on Tue, 2005-07-26 09:52.
You need to add the line
rpm http://ayo.freshrpms.net fedora/linux/1/i386 core updates freshrpms

into /etc/apt/sources.list, as stated in the tutorial. Then you can install the package imap with apt-get.

You must follow the tutoria line by line, then you won't have problems.

Submitted by Anonymous on Wed, 2005-07-27 20:48.

Sorry i have that line (used copy paste) but apt cant still get imap...

couldent find package imap...

can i do it manually some how?

Submitted by Anonymous on Fri, 2005-07-29 10:21.

Did you run

apt-get update

after you added the line to /etc/apt/sources.list?

Submitted by Anonymous on Fri, 2005-07-29 11:40.

No i did not. that fixed the problem.

Gr8 tutorial Btw.

Submitted by Anonymous on Tue, 2005-08-02 16:45.

Hi, I had the same problem... need /1/ not /l/ digit 1 not letter l...

Submitted by Anonymous on Thu, 2005-08-18 21:28.

I followed the tutorial. I got tripped up on the imap part - I skipped the earlier part about apt-get (I use yum). But anyway, adding the line to the sources.list doesn't seem to help. Somthing is screwed up. Doesn't FC4 use imap, or is there a way to adapt this tutorial to the dovecot?

# apt-get install imap
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
imap: Depends: libcrypto.so.4
Depends: libssl.so.4
E: Broken packages

Submitted by Anonymous on Mon, 2005-07-25 16:54.

Hi,

Thanks for your advice. However, I tend to disagree with the linux distro you've chosen. Fedora Core, is too bleeding edge for production purpose, at least on servers. I'd suggest using something more "Enterpris class" like Red Hat Enterprise Linux" or SUSE server edition. Don't have money? There are alternatives like RHEL-clones: CentOS, Whitebox Linux, Tao Linux. This article will probably apply more or less to those.


Another wise choice would be Debian. I probably forget other ones...

Submitted by rafatmb (registered user) on Wed, 2010-11-24 19:54.

Sorry, but I disagree.

I have an old server with this Distro/Version, and Fedora is very stable.

Anyway, distro is matter of taste: enjoy it.

Thanks Falko.

Rafael Marangoni

BRLink Servidor Linux Team

Submitted by Anonymous on Tue, 2005-07-26 15:37.
I know of many ISPs and hosting solutions that use Fedora Core as their image for their Xen virtual machines. It's not "too bleeding edge." You can turn on the bleeding edge featureset of Fedora, but the default install is not very bleeding edge at all.You should try Gentoo with the unstable masks removed if you want bleeding edge.
Submitted by Anonymous on Tue, 2005-07-26 02:33.
Why is 'too bleeding edge' bad? Can you cite some examples of people being bit by this?
Submitted by Anonymous on Tue, 2005-08-30 19:04.
Fedora Core 4 will no longer have updates 2 years from it's release. And seeing as it starts to get adopted about 1 year into it's release that gives you about 1 year of security fixes, and then you have to rebuild your server/environment to FC5.
Submitted by Anonymous on Tue, 2005-07-26 03:50.

Regarding bleeding edge programs, not necessarily distributions exactly. Substantical breakage and substantial security issues due to lack of testing and maturity. Incompatibility with scripts, other programs, and certain environments.

Why it's good. More features which aid in better interoperability, add new and exiciting things that just make sense. Testing is the only way to get bad bugs out, bleeding edge is only one of many steps. Someone has to do it. In production environments its usage is questionable, especially when used on big servers serving hundreds or thousands of people.


Why fedora could be bad. Bloat.

Submitted by Anonymous on Tue, 2005-07-26 18:33.
If you don't use bleeding edge features, Fedora is not bad than you though. However, you got to admit developers love to try new features which is a natural step. In fact, do you know Wikipedia and SourceForge uses Fedora as server?
Submitted by Anonymous on Tue, 2005-07-26 20:59.

Kernel.org also. I believe source forge has a few. Etc etc...

I didn't say Fedora was cutting edge, another person did. Cutting edge isnt bad it's questionable. If you turn it off or recompile older stuff manually, you won't have any problems with the untested nature of bleeding edge. :)

Submitted by Anonymous on Mon, 2005-07-25 22:27.
Browse a little bit on HowtoForge, and you'll find tutorials for Debian, Fedora, Mandrake/Mandriva and SuSE. So whichever distro you prefer, it's likely that you find a howto here. :)
Submitted by Anonymous on Wed, 2005-08-03 16:59.

I am a very newbie at FC4 and am running thru this guide.¬ I like it.

One thing that happened was an error with pop3s¬ said something about directory not found or something....¬ I know i really should have written it down - but i was hoping someone know what i mean. :)

Submitted by Anonymous on Sun, 2005-08-28 18:06.
Did uou ever get a resolution on this item, i'm currently having the same problem?
Submitted by Anonymous on Sun, 2005-08-21 14:39.
Why do I need 777 permission for this folder? It's there another way around?