Comments on The Perfect Setup - Mandrake/Mandriva 10.2
The Perfect Setup - Mandrake/Mandriva 10.2 This is a detailed description about the steps to be taken to setup a Mandrake 10.2 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). In addition to that I will show how to use Debian's package manager apt on an rpm-based system because it takes care of package dependencies automagically which can save a lot of trouble.
35 Comment(s)
Comments
Thanks a lot for this tutorial, I'll give things a go as soon as I can find the time.
Meanwhile, why did you not use urpmi instead of getting apt? It's integrated in any Mandrake/Mandriva system, and dead easy to set up.
See http://easyurpmi.zarb.org for more info and setup configuration, including selection of ftp servers.
Oh, and normally on Mandrake/Mandriva things are set up to use:
service [servicename] start/stop/restart
so you don't have to type the full path...
Anyway, thanks again for this great article,
Rob
www.mandrake.tips.4.free.fr
If you want the newest packages, apt is always fastest. Urpmi is very slow at getting the the packages into its system. I find that a bit annoying, but otherwise its very handy.
You obviously dont know how they work, they 'newness' of the package depends upon the repository, not the toool which you use to download.
newness means nothing
Shock - Next will be a pinball game !!!
It says Not Configured in Red !
Even if you install the GUI you still have the choice of using it or not after the fact. Mandriva linux actually has some very nice GUI admin tools that let you get the job done very quickly. You can keep the GUI shut down when you are not using it. A nice feature of Mandriva's GUI is it objects fiercely if you try to log in as root, although if you persists it will log root in.
Wether you use apt or urpmi you are getting the same Mandrake packages from the same repositories. I think you're confusing apt (the tool that gets packages from the repository) with the repository itself. Some distros will have more up to date repositories, some, like Mandrake with its 6 monthly release cycle, only update their packages to new versions every release (they backport security fixes).
Saying that apt gets newer packages than urpmi shows that you are using another distro besides Mandrake and confusing that with apt.
Why did you even use Mandrake if you were going to do everything with apt? I have been a VERY happy urpmi user for several years now and I NEVER have dependency problems.
URPMI *resolves* the problems inheirent to using a rpm based distro. It works PERFECTLY. The only time you have problems with it is when you go your own way installing 3rd party rpm's for no reason.
Whether intentional or not; this article contained a lot of anti-mandriva FUD.
Do you guys not see the that 70 percent of the All Time Popular Content articles are different variations of the this same article? Obviously the author wanted to help as many people as possible so he copied most of the unimportant content and added the distro specific pictures. If you don't like apt, then don't use it. It's not anything against any package manager, but a clear bias towards apt. Don't get so defensive about the authors preferences.
By the way, I'm sure the author doesn't use Mandriva so don't get into such a huff about using apt. He likes apt. I'll give you one guess what distro he chooses! Get a thicker skin kids!
The problem is he is misleading people on he correct process for installation. If somebody is going to give incorrect advice they should not give it at all. All of this jokers articles should be treated as unrealiable and pulled.
That was a well written article and a big effort on the authors part to post it up. I completely agree with you. Guys please learn to give credit for the effort of the author.
Having said that, I also think it is absolutely imperative that you guys come up with suggestions/recommendations etc, but look at other aspects of it as well, forget apt.
Any newbies that google into this article in the future - be warned that installing apt is VERY non-standard and will completely screw you over in the future. It is like going out of your way to have a chevy engine installed into a ford car - you will have no documentation for this setup.
The Author obviously has some sort of axe to grind over rpm. He basically added about 6 extra steps (at least) to provide himself with a COMPLETELY unsupported system install. BAD IDEA!!!!
zilla1126
apt is just a front-end for using the standard Mandrake rpm packages. It uses the same repositories as urpmi does so you won't have any problems at all. You won't screw up your system by using apt!
It's a pity but your article, despite your work to present it right, lucks a lot of credit for it seems you don't even know the usage of urpmi. Sagittarius.
From several years of Linux usage I know that at some time you will always have problems with rpm, and be it only that you want to update a machine that's only 2 years old, even with urpmi. Never had any problems with apt...
I am updating my home PC on a daily based with urpmi (it runs "cooker", so on average, around 20 updates or upgrades a day).
I am updating my laptop on which I work (Mandriva 10.2) around once a week for security updates and my parents' PC (Mandriva 10.2) once a month.
On my parents' PC, I initially installed Mandrake 10.0. Since then, I am doing the upgrade when a new version becomes available with
=> urpmi.removemedia -a
=> easy urpmi for urpmi.addmedia
=> urpmi --auto-select
And never had any problem with urpmi.
I think that you need to have a badly messed up system to have problems with urpmi. I haven't burned a Mandrake/Mandriva CD since 10.0, every install/upgrade I do since then is done via urpmi from the ftp servers.
Tom
I've been using Mandrake/Mandriva since it's inception at v4.3. urpmi has been the best damned tool for resolving rpm dependencies I've ever worked with. I've experimented with Redhat, Suse, and Debian, and come back to Mandrake/Mandriva every time. I've never had urpmi fail like the author claims. In this instance, it may come down to personal choice, and the author, having a Debian background, simply likes apt over urpmi. Personally, I can't see installing something else when the appropriate tool is already in place.
Actually Mandrake started with version 5.1, it was based on RH 5.0 with kde as default and compiled for a pentium processor. I started with 5.3 (based on RH 5.2) and thought it was the first, but the history on the website showed me that the first was indeed 5.1.
an ISP would have all accounts in mysql, have postfix use mysql, proftpd/pureftpd use mysql, all users virtual, drop saslauthd (is deprecated) and use sasl2 only which knows sql/mysql/postgresql, hmm what else... Ah, use VirtualDocumentRoot/VirtualScriptAlias for apache.
... ah database driven dns server like powerdns/mydns and others that i can't remember now. That's the start for and ISP setup.
My impresion is that your article is good, just that it starts people in a bit of a wrong direction.
I dont think that small ISP's want to have all services in a database. If the database fails, alls services fail. A database driven setup might be good if you have a large server farm, database replication etc. but not for a small ISP.
My initial reply died because of problems with the weird comment editor in firefox ... and in the mean time it seems many have noted the urpmi vs apt issue.
However, I would note that apt in Mandriva is still subject to the limiations of rpm, and uses the same media information (hdlists) as urpmi, so I fail to see the value of claims that "you will always have problems with rpm ... Never had any problems with apt...".
Anyway, the other comments I wanted to make were:
- You should use a higher security level on a production server, as msec will lock the server down so that the server is more difficult to compromise/abuse if a service (running as non-root) is exploited. For example, only users in the ctools group will be allowed to use compilers, only users in the wheel group will be able to use su, only users in the ntools group will be able to use network tools such as ping, nmap etc (and many other features).
- Disk quotas can be setup during partitioning, however you may have to click "Toggle to expert mode". You shuld have considered the partitioning strategy a bit better, I would have partitioned so that users had no write access to any partition that holds binaries (ie seperate /home, /var/tmp and /tmp).
- You could add a contrib medium during installation, which would allow you to install *all* the packages you wanted during installation.
- Unselecting all package categories would allow you to have a more minimal install, but you would then probably want to check "Individual package selection".
- If you checked "Automatic time synchronisation", you wouldn't have had to install outdated software (rdate) and set it up manually to run via cron, instead you would be using ntpd to continually keep the clock correct.
- If you had setup a contrib medium, you would have been able to install all the other software you installed via urpmi, with 'urpmi webalizer "perl(HTML::Parser)" "perl(Digest::SHA1)"
- Regarding choices of software/virtual users etc, I would point out that LDAP could be used for everything, including postfix virtual users, proftpd virtual users, BIND (which Mandriva ships with sdb_ldap) with zone information in LDAP ... but I guess ispconfig may not support all of these features.
there is no need to use apt-get in Mandrake 10.2 or any other Mandrake Edition , since urpmi, rpmDrake and Mandrake Update take care of all dependencies for correct instalation. General speeking those who want to use apt-get are the ones who use debian once.
Its an interesting build but not very secure. I also think that when a certain distro defaults to a certain package handler it would make sense to use the distro's default. Debian uses apt. Mandy uses urpmi. Not too big of a deal but it could be. Also not too much security was discussed. An apache server that's not secured properly will be someone else's in a matter of minutes. MySQL should be secured also. I've built many web and email servers and I think I have a pretty secure web server build How-To on my sight. The email server is on the way. You may want to check them out and incorporate some of the security measures. They are just best practices for securing a given app. Check it out at http://www.linuxloader.com
PDR60
I'm sorry, but your partitioning scheme is not one that should be installed on a server. Along with the base security level, this is bad news for all concerned. Security level should be set to higher at a minimum, and you should have at minimum the following partitions:
/
/etc
/var
/home
/var/www
/swap
Your article isn't bad, but could use some thought before anyone uses it on a production server.
even thats too lite.
/
/boot
/etc
/home
/usr
/var/www
/var/mysql
/var/ftp
All services should be in a chroot env. Var and home should be on seperate disks. (that way you can swap out os while leaving data intact).
I get tired of reading about how it's a good idea to setup your hard drive partitions in in a myriad of different ways. Everyone seems to have an opinion on the matter. What's even worse, depending on who you talk to, everyone has a different idea on the swap partition. In these days of cheap arrays and redundant hard drives, I don't see a reason to be creating all those partitions. You lose a hard drive, you plug another one back in. That way, you don't have to worry about leaving enough room for the /usr partition, or the /var partition and then a couple of years down the road finding out that you really didn't make the partition big enough and now you are screwed. A lot of these ideas are driven by old school hard core linux people, who besides their inability to communicate effectively with other non-linux people will never admit that their ways are flawed. I've been messing with linux for a little over a year, and getting help from linux "experts" is almost like pulling teeth. I really like it when I get comments like "RTFM newbie!" . A lot of the documentation is vague if not downright cryptic. It's getting better though, and those days are coming to an end. If linux is going to survive, these old ideas and the old linux people need to wake up and get with the program!
Could not have said it better!
Hello everyone,
? ? ? ? ? ? ? ? ? I applaud the effort however this setup should be called a perfect setup for HSP (Hosting Service Provider), An ISP/WISP Provides Dialup, Broadband, Wireless Broadband, hosting, email and such services. And several other packages should be added to this setup one being a billing system (Such as FreeSide) that would allow said ISP/WISP to collect monies on services provided. Also you would need a CRM system such as Request Tracker to track customer care and troubleshooting info. Then there is the ever present Authorization, Accounting,? and Authentication part of being an ISP/WISP that? needs to be addressed, that would be? a Radius Server (such as FreeRadius), How are you going to authenticate a user on your network without that (ldap is not the proper AAA Radius you want)? So not to be a pain but your document although a little light on security is a good start for a beginner, But for the serious ISP/WISP there is a whole lot more to think about.? I am in the process of addressing this problem with my own distro and step by step documentation on how to setup an ISP/WISP. There is just not enuf info on how to set this up. Also for you guys who are thinking about it Start with atleast 2 servers and seperate the services offered.
Server 1 - Web, Email, Webmail,? Primary DNS and Radius <- Frontend Server
Server 2 - Database, CRM, Billing system and Secondary DNS <- Backend Server
This is not how mine is but it should be.
I know, I am an owner of an ISP/WISP
Michael A Cooper
BCCISP.net
Hi Michael
I note that you said you were in the "process of addressing this problem with my own distro and step by step documentation on how to setup an ISP/WISP" how far have you gone. This is something I would like to venture into given enough time and resource to learn.
Would be greatful if you have any material to share.
Regards Tim
While there's nothing wrong with apt its completely unnecessary to use it on Mandrake/Mandriva as it already has urpmi/RPMDrake, which is just as good as apt. Also all the repositories for Mandrake/Mandriva are made for urpmi as well. To anyone reading this I'd suggest skipping the bit about installing apt and instead head over to http://easyurpmi.zarb.org (or google for 'easyurpmi if that's down) and setup the software repositories. You can then use the urpmi command or the Mandrake Control Centre GUI to install whatever you want.
Other than that its a really good article, I just find it a bit strange that the author spent all this time doing these things on Mandriva but never learnt to use its software installation system.
I don't know why you all have problems with me using apt? In the end it doesn't matter at all if you use apt or urpmi, it's just a matter of what you prefer personally. No reason to start a religious war...
The difference between apt and urpmi on Mandrake is that urpmi is tested for Mandrake. You shouldn't install apt because you don't need to install apt. All it does is complicate the setup process. For anybody who is interested in using Mandrake/Mandriva, I would suggest reading the other howto, https://www.howtoforge.com/perfect_setup_mandriva_2006. Even if you are installing 10.2, there are very few differences between that and 2006, and that howto actually does things in a way that won't break Mandrake.
It seems that in most of these ISP Server Setup howtos from here are all the same basically, and apt-get does not work well on any of them, always missing packages, tried diff servers and the same thing
I followed the howto line by line to setup my webserver and it worked fine for me. Later I got an error installing ispconfig, but the guys in the forum helped me. Have you tried posting your problems there?