The Perfect Setup - Mandrake/Mandriva 10.2

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2005-07-19 00:09. :: ISPConfig | Mandriva

This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

The Perfect Setup - Mandrake/Mandriva 10.2

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited: 07/19/2005

This is a detailed description about the steps to be taken to setup a Mandrake 10.2 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). In addition to that I will show how to use Debian's package manager apt on an rpm-based system because it takes care of package dependencies automagically which can save a lot of trouble.

I will use the following software:

  • Web Server: Apache 2.0.x
  • Mail Server: Postfix (easier to configure than sendmail; has a shorter history of security holes than sendmail)
  • DNS Server: BIND9
  • FTP Server: proftpd
  • POP3/IMAP servers
  • Webalizer for web site statistics

In the end you should have a system that works reliably and is ready for the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Requirements

To install such a system you will need the following:

1 The Base System

Boot from your Mandrake 10.2 CD (CD 1) or DVD. Press Enter to start the installation:

Choose your language next:

Accept the license and click on Next:

Select Standard as the Security level and leave the field Security Administrator empty:

Now we have to partition our hard disk. You can choose to let the Mandrake installer do the partitioning, or you can do it yourself. I want to create a small /boot partition (less than 100 MB) with the file system ext3, a swap partition and a huge / partition (again with ext3):

Click on Next if you have all three CDs of the Mandrake Download Edition:

Select None and click on Next:


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Sat, 2005-10-29 21:34.
It seems that in most of these ISP Server Setup howtos from here are all the same basically, and apt-get does not work well on any of them, always missing packages, tried diff servers and the same thing
Submitted by Anonymous (not registered) on Sat, 2005-10-29 21:54.
I followed the howto line by line to setup my webserver and it worked fine for me. Later I got an error installing ispconfig, but the guys in the forum helped me. Have you tried posting your problems there?
Submitted by Anonymous (not registered) on Tue, 2005-09-27 06:17.

While there's nothing wrong with apt its completely unnecessary to use it on Mandrake/Mandriva as it already has urpmi/RPMDrake, which is just as good as apt. Also all the repositories for Mandrake/Mandriva are made for urpmi as well. To anyone reading this I'd suggest skipping the bit about installing apt and instead head over to http://easyurpmi.zarb.org (or google for 'easyurpmi if that's down) and setup the software repositories. You can then use the urpmi command or the Mandrake Control Centre GUI to install whatever you want.

Other than that its a really good article, I just find it a bit strange that the author spent all this time doing these things on Mandriva but never learnt to use its software installation system.

Submitted by till (registered user) on Wed, 2005-09-28 08:47.
I don't know why you all have problems with me using apt? In the end it doesn't matter at all if you use apt or urpmi, it's just a matter of what you prefer personally. No reason to start a religious war...
Submitted by Anonymous (not registered) on Sun, 2006-02-19 01:47.
The difference between apt and urpmi on Mandrake is that urpmi is tested for Mandrake. You shouldn't install apt because you don't need to install apt. All it does is complicate the setup process. For anybody who is interested in using Mandrake/Mandriva, I would suggest reading the other howto, http://www.howtoforge.com/perfect_setup_mandriva_2006. Even if you are installing 10.2, there are very few differences between that and 2006, and that howto actually does things in a way that won't break Mandrake.
Submitted by Anonymous on Fri, 2005-09-23 05:08.

Hello everyone,

I applaud the effort however this setup should be called a perfect setup for HSP (Hosting Service Provider), An ISP/WISP Provides Dialup, Broadband, Wireless Broadband, hosting, email and such services. And several other packages should be added to this setup one being a billing system (Such as FreeSide) that would allow said ISP/WISP to collect monies on services provided. Also you would need a CRM system such as Request Tracker to track customer care and troubleshooting info. Then there is the ever present Authorization, Accounting, and Authentication part of being an ISP/WISP that needs to be addressed, that would be a Radius Server (such as FreeRadius), How are you going to authenticate a user on your network without that (ldap is not the proper AAA Radius you want)? So not to be a pain but your document although a little light on security is a good start for a beginner, But for the serious ISP/WISP there is a whole lot more to think about. I am in the process of addressing this problem with my own distro and step by step documentation on how to setup an ISP/WISP. There is just not enuf info on how to set this up. Also for you guys who are thinking about it Start with atleast 2 servers and seperate the services offered.

Server 1 - Web, Email, Webmail, Primary DNS and Radius <- Frontend Server

Server 2 - Database, CRM, Billing system and Secondary DNS <- Backend Server

This is not how mine is but it should be.

I know, I am an owner of an ISP/WISP

Michael A Cooper

BCCISP.net

Submitted by Anonymous (not registered) on Wed, 2010-08-18 22:41.

Hi Michael

 I note that you said you were in the "process of addressing this problem with my own distro and step by step documentation on how to setup an ISP/WISP" how far have you gone. This is something I would like to venture into given enough time and resource to learn.

Would be greatful if you have any material to share.

 

Regards Tim

Submitted by Anonymous on Tue, 2005-09-13 01:43.

I'm sorry, but your partitioning scheme is not one that should be installed on a server. Along with the base security level, this is bad news for all concerned. Security level should be set to higher at a minimum, and you should have at minimum the following partitions:

/
/etc
/var
/home
/var/www
/swap


Your article isn't bad, but could use some thought before anyone uses it on a production server.

Submitted by Anonymous on Mon, 2005-09-19 19:32.

even thats too lite.

/

/boot

/etc

/home

/usr

/var/www

/var/mysql

/var/ftp


All services should be in a chroot env. Var and home should be on seperate disks. (that way you can swap out os while leaving data intact).

Submitted by Anonymous (not registered) on Fri, 2005-10-14 01:56.
I get tired of reading about how it's a good idea to setup your hard drive partitions in in a myriad of different ways. Everyone seems to have an opinion on the matter. What's even worse, depending on who you talk to, everyone has a different idea on the swap partition. In these days of cheap arrays and redundant hard drives, I don't see a reason to be creating all those partitions. You lose a hard drive, you plug another one back in. That way, you don't have to worry about leaving enough room for the /usr partition, or the /var partition and then a couple of years down the road finding out that you really didn't make the partition big enough and now you are screwed. A lot of these ideas are driven by old school hard core linux people, who besides their inability to communicate effectively with other non-linux people will never admit that their ways are flawed. I've been messing with linux for a little over a year, and getting help from linux "experts" is almost like pulling teeth. I really like it when I get comments like "RTFM newbie!" . A lot of the documentation is vague if not downright cryptic. It's getting better though, and those days are coming to an end. If linux is going to survive, these old ideas and the old linux people need to wake up and get with the program!
Submitted by Anonymous (not registered) on Wed, 2005-12-28 17:24.
Could not have said it better!
Submitted by Anonymous on Tue, 2005-08-23 02:55.
Its an interesting build but not very secure. I also think that when a certain distro defaults to a certain package handler it would make sense to use the distro's default. Debian uses apt. Mandy uses urpmi. Not too big of a deal but it could be. Also not too much security was discussed. An apache server that's not secured properly will be someone else's in a matter of minutes. MySQL should be secured also. I've built many web and email servers and I think I have a pretty secure web server build How-To on my sight. The email server is on the way. You may want to check them out and incorporate some of the security measures. They are just best practices for securing a given app. Check it out at http://www.linuxloader.com

PDR60

Submitted by Anonymous on Wed, 2005-08-17 00:19.
there is no need to use apt-get in Mandrake 10.2 or any other Mandrake Edition , since urpmi, rpmDrake and Mandrake Update take care of all dependencies for correct instalation. General speeking those who want to use apt-get are the ones who use debian once.
Submitted by Anonymous on Wed, 2005-08-10 10:29.

My initial reply died because of problems with the weird comment editor in firefox ... and in the mean time it seems many have noted the urpmi vs apt issue.

However, I would note that apt in Mandriva is still subject to the limiations of rpm, and uses the same media information (hdlists) as urpmi, so I fail to see the value of claims that "you will always have problems with rpm ... Never had any problems with apt...".

Anyway, the other comments I wanted to make were:

  1. You should use a higher security level on a production server, as msec will lock the server down so that the server is more difficult to compromise/abuse if a service (running as non-root) is exploited. For example, only users in the ctools group will be allowed to use compilers, only users in the wheel group will be able to use su, only users in the ntools group will be able to use network tools such as ping, nmap etc (and many other features).
  2. Disk quotas can be setup during partitioning, however you may have to click "Toggle to expert mode". You shuld have considered the partitioning strategy a bit better, I would have partitioned so that users had no write access to any partition that holds binaries (ie seperate /home, /var/tmp and /tmp).
  3. You could add a contrib medium during installation, which would allow you to install *all* the packages you wanted during installation.
  4. Unselecting all package categories would allow you to have a more minimal install, but you would then probably want to check "Individual package selection".
  5. If you checked "Automatic time synchronisation", you wouldn't have had to install outdated software (rdate) and set it up manually to run via cron, instead you would be using ntpd to continually keep the clock correct.
  6. If you had setup a contrib medium, you would have been able to install all the other software you installed via urpmi, with 'urpmi webalizer "perl(HTML::Parser)" "perl(Digest::SHA1)"
  7. Regarding choices of software/virtual users etc, I would point out that LDAP could be used for everything, including postfix virtual users, proftpd virtual users, BIND (which Mandriva ships with sdb_ldap) with zone information in LDAP ... but I guess ispconfig may not support all of these features.
Submitted by Anonymous on Tue, 2005-08-09 12:37.
an ISP would have all accounts in mysql, have postfix use mysql, proftpd/pureftpd use mysql, all users virtual, drop saslauthd (is deprecated) and use sasl2 only which knows sql/mysql/postgresql, hmm what else... Ah, use VirtualDocumentRoot/VirtualScriptAlias for apache.

... ah database driven dns server like powerdns/mydns and others that i can't remember now. That's the start for and ISP setup.

My impresion is that your article is good, just that it starts people in a bit of a wrong direction.

Submitted by Anonymous on Tue, 2005-08-09 13:02.
I dont think that small ISP's want to have all services in a database. If the database fails, alls services fail. A database driven setup might be good if you have a large server farm, database replication etc. but not for a small ISP.
Submitted by Anonymous on Tue, 2005-08-09 07:19.
It's a pity but your article, despite your work to present it right, lucks a lot of credit for it seems you don't even know the usage of urpmi. Sagittarius.
Submitted by Anonymous on Tue, 2005-08-09 08:55.
From several years of Linux usage I know that at some time you will always have problems with rpm, and be it only that you want to update a machine that's only 2 years old, even with urpmi. Never had any problems with apt...
Submitted by Anonymous on Tue, 2005-08-09 09:41.

I am updating my home PC on a daily based with urpmi (it runs "cooker", so on average, around 20 updates or upgrades a day).

I am updating my laptop on which I work (Mandriva 10.2) around once a week for security updates and my parents' PC (Mandriva 10.2) once a month.


On my parents' PC, I initially installed Mandrake 10.0. Since then, I am doing the upgrade when a new version becomes available with

=> urpmi.removemedia -a

=> easy urpmi for urpmi.addmedia

=> urpmi --auto-select

And never had any problem with urpmi.

I think that you need to have a badly messed up system to have problems with urpmi. I haven't burned a Mandrake/Mandriva CD since 10.0, every install/upgrade I do since then is done via urpmi from the ftp servers.

Tom

Submitted by Anonymous on Tue, 2005-08-09 18:44.
I've been using Mandrake/Mandriva since it's inception at v4.3. urpmi has been the best damned tool for resolving rpm dependencies I've ever worked with. I've experimented with Redhat, Suse, and Debian, and come back to Mandrake/Mandriva every time. I've never had urpmi fail like the author claims. In this instance, it may come down to personal choice, and the author, having a Debian background, simply likes apt over urpmi. Personally, I can't see installing something else when the appropriate tool is already in place.
Submitted by Anonymous on Thu, 2005-09-01 14:57.
Actually Mandrake started with version 5.1, it was based on RH 5.0 with kde as default and compiled for a pentium processor. I started with 5.3 (based on RH 5.2) and thought it was the first, but the history on the website showed me that the first was indeed 5.1.
Submitted by Anonymous on Tue, 2005-08-09 01:58.

Any newbies that google into this article in the future - be warned that installing apt is VERY non-standard and will completely screw you over in the future. It is like going out of your way to have a chevy engine installed into a ford car - you will have no documentation for this setup.

The Author obviously has some sort of axe to grind over rpm. He basically added about 6 extra steps (at least) to provide himself with a COMPLETELY unsupported system install. BAD IDEA!!!!

zilla1126

Submitted by Anonymous on Tue, 2005-08-09 10:56.
apt is just a front-end for using the standard Mandrake rpm packages. It uses the same repositories as urpmi does so you won't have any problems at all. You won't screw up your system by using apt!
Submitted by Anonymous on Tue, 2005-08-09 01:49.

Why did you even use Mandrake if you were going to do everything with apt? I have been a VERY happy urpmi user for several years now and I NEVER have dependency problems.

URPMI *resolves* the problems inheirent to using a rpm based distro. It works PERFECTLY. The only time you have problems with it is when you go your own way installing 3rd party rpm's for no reason.

Whether intentional or not; this article contained a lot of anti-mandriva FUD.

Submitted by Anonymous on Wed, 2005-08-10 21:52.

Do you guys not see the that 70 percent of the All Time Popular Content articles are different variations of the this same article? Obviously the author wanted to help as many people as possible so he copied most of the unimportant content and added the distro specific pictures. If you don't like apt, then don't use it. It's not anything against any package manager, but a clear bias towards apt. Don't get so defensive about the authors preferences.

By the way, I'm sure the author doesn't use Mandriva so don't get into such a huff about using apt. He likes apt. I'll give you one guess what distro he chooses! Get a thicker skin kids!

Submitted by Anonymous (not registered) on Fri, 2005-10-28 03:08.

That was a well written article and a big effort on the authors part to post it up. I completely agree with you. Guys please learn to give credit for the effort of the author.

Having said that, I also think it is absolutely imperative that you guys come up with suggestions/recommendations etc, but look at other aspects of it as well, forget apt.

Submitted by Anonymous on Sat, 2005-09-03 19:12.
The problem is he is misleading people on he correct process for installation. If somebody is going to give incorrect advice they should not give it at all. All of this jokers articles should be treated as unrealiable and pulled.
Submitted by Anonymous on Wed, 2005-08-03 12:06.

Thanks a lot for this tutorial, I'll give things a go as soon as I can find the time.

Meanwhile, why did you not use urpmi instead of getting apt? It's integrated in any Mandrake/Mandriva system, and dead easy to set up.

See http://easyurpmi.zarb.org for more info and setup configuration, including selection of ftp servers.

Oh, and normally on Mandrake/Mandriva things are set up to use:

service [servicename] start/stop/restart

so you don't have to type the full path...

Anyway, thanks again for this great article,

Rob

www.mandrake.tips.4.free.fr

Submitted by Anonymous on Tue, 2005-08-16 19:15.
If you want the newest packages, apt is always fastest. Urpmi is very slow at getting the the packages into its system. I find that a bit annoying, but otherwise its very handy.
Submitted by Anonymous (not registered) on Tue, 2005-09-27 06:25.

Wether you use apt or urpmi you are getting the same Mandrake packages from the same repositories. I think you're confusing apt (the tool that gets packages from the repository) with the repository itself. Some distros will have more up to date repositories, some, like Mandrake with its 6 monthly release cycle, only update their packages to new versions every release (they backport security fixes).

Saying that apt gets newer packages than urpmi shows that you are using another distro besides Mandrake and confusing that with apt.

Submitted by Anonymous on Wed, 2005-08-17 12:41.
You obviously dont know how they work, they 'newness' of the package depends upon the repository, not the toool which you use to download.
Submitted by Anonymous on Wed, 2005-08-17 20:50.
newness means nothing
Submitted by Anonymous on Tue, 2005-08-23 07:10.
Shock - Next will be a pinball game !!!
Submitted by Anonymous on Tue, 2005-08-23 07:20.
It says Not Configured in Red !
Submitted by Anonymous on Sat, 2005-09-03 19:07.
Even if you install the GUI you still have the choice of using it or not after the fact. Mandriva linux actually has some very nice GUI admin tools that let you get the job done very quickly. You can keep the GUI shut down when you are not using it. A nice feature of Mandriva's GUI is it objects fiercely if you try to log in as root, although if you persists it will log root in.