The Perfect Setup - SUSE 9.3

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Wed, 2005-07-20 15:08. :: ISPConfig | SuSE

This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

The Perfect Setup - SUSE 9.3

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited: 07/20/2005

This is a detailed description about the steps to be taken to setup a SUSE 9.3 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). In addition to that I will show how to use Debian's package manager apt on an rpm-based system because it takes care of package dependencies automagically which can save a lot of trouble.

I will use the following software:

  • Web Server: Apache 2.0.x
  • Mail Server: Postfix (easier to configure than sendmail; has a shorter history of security holes than sendmail)
  • DNS Server: BIND9
  • FTP Server: proftpd (ISPConfig will not work with vsftpd on SUSE 9.2)
  • POP3/IMAP: I will use Maildir format and therefore install Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably and is ready for the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Requirements

To install such a system you will need the following:

1 The Base System

Boot from your first SUSE 9.3-CD and select Installation from the boot screen:

Accept the license:

The SUSE installer (called YaST - Yet another Setup Tool) starts.

Select your language:

Skip the media check:

The installer analyzes your system and makes some automatic installation decicions which it lists on the following screen (Installation Settings). You can change each of its choices by navigating to the appropriate headline. First, I change the keyboard layout (I don't have an English (US) keyboard...):

I select my new keyboard layout and click on Accept:

Then I want to have a look at the partitioning. You can accept YaST's proposal or create your own partitions. In this case, I accept YaST's proposal. For my purposes one big /-partition and a swap partition are a good choice:

Next, I adjust the time zone:

Back on the Installation Settings screen, you can also choose the software you want to install if you know what you are doing. In this example, I will leave YaST's package choice unchanged. I will install the software I need to run a web/email/ftp server manually after the base installation has finished. So we click on Accept as we're done here:

Accept the flash-player license next:

Click on Install:

The hard disk is being formatted:

The package installation starts:

After the basic package installation the system reboots. Remove the SuSE CD and go sure to boot from the hard disk:


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Fri, 2006-08-25 12:01.
Great tutorial. I had relaying problems One was the smtp users was not authorized to send mail relay The /etc/pam.d/smtp was missing copying the /etc/pam.d/pop3 and renaming it to smtp worked with the cp ./pop3 ./smtp command worked. The other problem was that user outside of local network could not send mail. The mail server is behind a CISCO PIX 515 firewall. Cisco by default, in its configuration, it has a fixup for the SMTP protocol on port 25. Disabling fixup on port 25 solved the problem.
Submitted by Anonymous (not registered) on Wed, 2006-02-01 09:41.
Apt is a great tool, but on rpm based systems (apt4rpm) it's too slow, the fastest and most powerfull tool I've know for this systems is y2pmsh that may only be found on SuSE, besides, YaST installer is easier for newbies and is as powerfull as apt, unless it's slower. I personally prefer y2pmsh over apt cause of apt is too automatized for my likes, tgz too complicate, and haven't use emerge (for Gentoo) y2pmsh gives you more control even than apt on Debian.
Submitted by Anonymous (not registered) on Mon, 2005-12-05 09:29.

Has anyone tried to use ispconfig and this guide on SLES 9.

The os installs libreadline 4 and apt wants lib readline 5 , and I am unable to get SLES to update to libreadline 5 and work , seems like the whole os wants to use libreadline 4.

Any advice ?

Submitted by Anonymous (not registered) on Wed, 2006-02-22 19:27.
I found that this script does not work for SLES9. SLES9 has a differen dbrm and bash shell version which is not compatible with a few functions the apt and others are trying to do. Best stick to the Professional edition for these instructions!
Submitted by Anonymous (not registered) on Sat, 2005-11-12 19:50.
I've used this guide in various permutations to do server installs for both testing, production and hosting and it's a live saver.

Just one question: Does anybody have a link to a guide that will help in optimizing the server for high traffic web sites. I have one that servers just under .5 million pages per month and I find the server a tad sluggish. It's a p4 3Gh, 2GB memory Intel server.

I've googled and have not found anything that really helps with this.

Thanks

Brenton
Submitted by Anonymous (not registered) on Fri, 2005-11-11 19:28.

For some reason when I try to apt-get install gcc I get what I belive is a dependancy error:

The following packages have unmet dependencies:
gcc: Depends: cpp (= 3.3.5-5) but 3.3.5-5.1 is to be installed
E: Broken packages

I tried doing an apt-get install cpp also to update that (not sure what it is though) and it tells me cpp is the newest version.

What am I doing wrong?

Submitted by Anonymous (not registered) on Thu, 2005-12-29 16:58.

Hi,

Don't know why it goes wrong. Just got an solution.

Install gcc via yast (yast2) en re run the apt-get install line. Then you wil see the error is gone,.


Greetings, Martijn Swanink

Submitted by Anonymous (not registered) on Tue, 2005-10-25 11:49.

I get this error:

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.


Starting httpd2 (prefork) Creating new config (0x80eca50) for (null)
Syntax error on line 11 of /etc/apache2/mod_log_config.conf:
Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not included in the server configuration

The command line was:
/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
failed

Submitted by Anonymous on Sat, 2005-09-24 06:13.

=====================================================

configure: error: Try adding --with-zlib-dir=<DIR>. Please check config.log for more information.

ERROR: Could not configure PHP

=====================================================

Error message above, any assistance is appreciated. Btw, where does the config.log file reside?

jaf

jaf@mileswork.com

Submitted by Anonymous on Wed, 2005-09-21 14:40.
How to add or create new postfix e-mail users? I¬ am not use ISPConfig.
Submitted by Anonymous on Tue, 2005-08-30 05:51.
Can anyone advise what I need to do to add PEAR support to this?
Submitted by Anonymous on Tue, 2005-08-30 00:15.
linux:/tmp # chkconfig --add proftpd
proftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
linux:/tmp # /etc/init.d/proftpd restart
: bad interpreter: No such file or directory
Submitted by Anonymous (not registered) on Thu, 2006-08-10 03:47.

Maybe you edit the file  with a Editor on a Microsoft PC, and than uploadet it with win scp?

 

Open the file in MC or VI and delete the returns. 

Submitted by Anonymous on Mon, 2005-09-12 10:10.

Check that your script has¬ not CR LF as line separator (i.e. if you cut-and-paste from a web browser maybe it could be wrong..)

Just in case, use dos2unix for correcting the script.

Regards

Submitted by admin (registered user) on Tue, 2005-08-30 09:22.
Are you logged in as root user and is the script /etc/init.d/proftpd there?
Submitted by Anonymous on Sat, 2005-08-27 00:08.

The author must be a debian fan, why else recommend apt-get --- the horror--- Mandrake urpmi does the same thing in about five lines of typing and server is ready to run with most systems activated with sane defaults. Then with webmin you can fine tune... no crazy typing (i mean come on....) with likely typos.

Geeze even yast is better than this

What a nightmare this set-up is.

Submitted by Anonymous on Sun, 2005-08-28 15:15.
Yast on a remote server, i do not like it. apt-get like he show it here works just fine. Thanks bob
Submitted by Anonymous on Sat, 2005-08-27 00:15.
I forgot to mention that using the default installation software choice results in a system of over 2 gig. Way to much garbage to exploit - Java and Flash on a server? If the os with servers installed and running (no data) is over 700meg, you have done something very wrong.
Submitted by Anonymous on Sun, 2005-08-21 17:53.

Hi,

I'm not sure yet how perfect this way of setting up SuSE is, but for ISPConfig there are some missing parts:

you need to:

apt-get install zlib zlib-devel clamav

then:

freschclam

/etc/init.d/clamd start

this was where I had to start over 3 times, until Ifigured it out.

This might help someone else.

Other than that, this setup seems to be great! I did this yesterday so I haven't had time to do some real testing.

Thankx!

Hyperclock

Submitted by Anonymous on Mon, 2005-08-15 04:21.

Does anyone have the current apt-get location?

rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/ SuSE/9.3-i386 base update security

doesn't seem to work for me.

Submitted by Anonymous on Mon, 2005-08-15 11:02.
Maybe your firewall is blocking?
Submitted by Anonymous on Sun, 2005-08-14 11:08.

ISPconfig install faild by missing zlib zlib-devel for clamav!

run:

apt-get install zlib zlib-devel

before start install ISPconfig!

bolinux

Submitted by Anonymous on Sun, 2005-08-14 00:47.

Followed this to the T. Everything is fine up until apt-get update.

After that I get cannot locate package errors.

apt-get install findutils ncftp readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel

For example ends with ncftp cannot find package error.

As I move along I get more of the same with other packages.

Anyone know what changed? The apt-get update did a bunch of changes. Perhaps the packages can no longer be located?

Please advise.

Submitted by Anonymous on Sun, 2005-08-14 11:13.

edit /etc/apt/sources.list:

rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/ SuSE/9.3-i386 base update security

uncomet the other source, this will fix

bolinux

Submitted by Anonymous on Wed, 2005-08-24 01:32.

I checked the /etc/apt/sources.list and it was a bit different than what you show here. I changed it to match your format and still nothing. You said uncomment the other source. Not sure if you mean the one that is just ahead of the rpm ftp://ftp.gwdg...... line. It starts with rpm ftp://mirrors.mathematik..... that is uncommented. There is then a bit further down a couple commented line starting with http://ftp.gwdg.de/pub/..... and http://linix01.gwdg.de... Which am I supposed to be uncommenting?

I get an error that is as follows: E: Couldn't find package ncftp

Submitted by Anonymous on Thu, 2005-08-25 03:06.
Figured it out. Install apt. Edit sources. Get update. Edit sources. Get update again. All works now.
Submitted by Anonymous on Tue, 2005-08-09 12:58.

I have problem on installing suse 9.3 on Fujitsu-Siemens Amilo D1485(laptop).When i want to install it he can not recognise what hard disk i have , so i can not install it.I don't now what to do.If you can help to fix the problem

Thank You¬

Submitted by Anonymous on Wed, 2005-08-03 01:21.
Antivirus scanning setup would have been the final touch on this howto.
Submitted by till (registered user) on Wed, 2005-08-03 10:04.
Antivirus scanning (ClamAV) comes with ISPConfig! :-)
Submitted by Anonymous on Tue, 2005-08-02 14:58.
proftpd is insecure, and ispconfig does indeed work with vsftpd, and it even supports more configuration modes with vsftpd. The author should check the ispconfig website. Otherwise a good article
Submitted by Anonymous on Tue, 2005-08-02 18:07.
As far as I can tell, the author is one of the main developers of ISPConfig. I think he knows very well what he's writing about... ;-)
Submitted by Anonymous on Tue, 2005-08-02 01:34.
Hi! This seems a very good guide. But can anyone tell me if there is a similar guide for FreeBSD? im kinda new in freebsd but i want to setup something like the above project but using freebsd
Submitted by Anonymous on Sun, 2005-07-31 22:45.

unactive the firewall in any case is good idea is really really bad idea, must config the service and last configure the firewall for accept connection only port services 25 smtp, 110 pop3.

install the XWindow in production service is more problems for security audit in the file system, more o lot files must used by xwindows and desktop software such kde o gnome, in addition the open ports for xwindows in the system is threat for the general security of system.

i recommned *not* install the Xwindow and any graphics tools or desktops eviroments in the server production and never never never unactive the firewall totally, the installation must very small the minimal necesary to run the so, and later add the software need to distinct services no more no less.
Submitted by Anonymous on Mon, 2005-08-01 18:48.
Typically a GUI is not installed on a server because it's resource intensive not because it's dangerous, at least with a properly considered firewall. SuSEfirewall blocks EVERY port not just ports up to 1024 like most firewalls. Running a GUI on SuSE is no more dangerous with the default SuSEFirewall config as anything else. There are always exceptions to every rule. Please be care about repeating the "generic, general accepted norm" if you don't know first hand its validity. Otherwise its FUD!
Submitted by Anonymous on Sun, 2005-07-31 22:40.

unactive the firewall in any case is good idea is really really bad idea, must config the service and last configure the firewall for accept connection only port services 25 smtp, 110 pop3.

install the XWindow in production service is more problems for security audit in the file system, more o lot files must used by xwindows and desktop software such kde o gnome, in addition the open ports for xwindows in the system is threat for the general security of system.

i recommned *not* install the Xwindow and any graphics tools or desktops eviroments in the server production and never never never unactive the firewall totally, the installation must very small the minimal necesary to run the so, and later add the software need to distinct services no more no less.
Submitted by Anonymous on Tue, 2005-08-02 12:55.

Even though apt is a very good update manager, I really don't see why you should install it on Suse as Yast will do the same thing with a nice GUI if you like.

Submitted by Anonymous on Sun, 2005-07-31 22:52.

As far as i know ISPConfig has its own firewall, so you
have to uninstall the SuSe Firewall to use the ISPConfig firewall.

I agree that installing the Xwindow system is not a good idea
for servers.

Submitted by Anonymous on Sun, 2005-07-31 23:15.
Problem is YaST doesn't give you many choices about what to install. I think that's why KDE gets installed. Maybe otherwise the howto would have become too complicated for newbies. Anyway, I'd recommend Debian for a server.
Submitted by Anonymous on Mon, 2005-08-01 11:35.

You can get YAST to install whatever you like. It's just that the absolute default does include a graphical environment and applications. 9.3 is a desktop distro first, not a server distro, so it makes sense for the default to include these things. You can alter them and turn them off by just clicking the Software Packages section in the install summary and then clicking the button to customise the install. It's not tricky in any way...

KDE is installed by default because a DE was needed, and people like to use it.

Submitted by Anonymous on Tue, 2005-08-02 17:53.

Althogh,

If you try to install something with dependancies YAST will just yell at you. APT has enough sense to take care of dependancies and update them if you like.

Alric

Submitted by Anonymous on Sun, 2005-09-25 14:43.
What complete rubbish. YAST has this cute little button at the bottom of the right hand portion of the window that is labelled Check Dependencies. There is also a checkbox labelled Autocheck. Learn to open your eyes properly next time.
Submitted by Anonymous on Tue, 2005-08-09 15:13.
This is not true since YaST would only inform you that some additional (needed ones) packages would be installed. At this point you can decide to proceed or maybe selectively cancel the installation of package(s) that caused some dependencies to be suggested for installation. It is not yelling and it is in fact very comfortable.
Submitted by Anonymous on Sat, 2005-08-06 05:16.

Apache/PHP5 2nd line:

apt-get install php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-dbx php5-debuginfo <<<< no such thing as php5_debuginfo ???

below that:

SuSEconfigI get :

*** WARNING ***
Found /etc/postfix/main.cf.SuSEconfig, exiting...
*** WARNING ***

Submitted by Rodriog Ristow (not registered) on Wed, 2009-09-30 21:49.
  • Problem wenn running apache:

/etc/init.d/apache2 start

or:

/usr/sbin/rcapache2 restart


linux-7hrh:/etc # /usr/sbin/rcapache2 restart

Module "include" is not installed, ignoring.

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.

Module "mod_log_config" is not installed, ignoring.

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.

Syntax error on line 11 of /etc/apache2/mod_log_config.conf:


ok, you have a problem loading include and mod_log_config modules. If you take a look at: /etc/apache2/httpd.conf you'll find where the modules are loaded:

(..)
# generated from APACHE_MODULES in /etc/sysconfig/apache2

Include /etc/apache2/sysconfig.d/loadmodule.conf

(..)

The file /etc/apache2/sysconfig.d/loadmodule.conf has:

(...)

#

# Files in this directory are created at apache start time by /usr/sbin/rcapache2

# Do not edit them!

#

# as listed in APACHE_MODULES (/etc/sysconfig/apache2)

LoadModule actions_module /usr/lib/apache2-worker/mod_actions.so

LoadModule alias_module /usr/lib/apache2-worker/mod_alias.soLoadModule actions_module /usr/lib/apache2-worker/mod_actions.so

LoadModule alias_module /usr/lib/apache2-worker/mod_alias.so

LoadModule auth_basic_module /usr/lib/apache2-worker/mod_auth_basic.so

(...)


Did you read the comments? , than go to: /etc/sysconfig/apache2:

(...)

# your settings

APACHE_MODULES="actions alias auth_... include mod_log_config"

(...)


Now you have a trace of all files and can find out whats wrong.

In my case the lines:

LoadModule include_module /usr/lib/apache2-worker/mod_include.so

LoadModule log_config_module /usr/lib/apache2-worker/mod_log_config.so

were missed. Of course, for this reason I received the original error message.

The problem must to be with the file:

/usr/lib/apache2-worker/mod_include.so

I deleted it and reinstall apache and everything works again!!!!

Good Lock for you to!