The Perfect Server - Ubuntu Lucid Lynx (Ubuntu 10.04) [ISPConfig 2] - Page 4

11 Install Some Software

Now we install a few packages that are needed later on. Run

aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)

 

12 Journaled Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

aptitude install quota

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    nodev,noexec,nosuid 0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0       1
# /boot was on /dev/sda1 during installation
UUID=9eef7b6b-5688-456c-8fe2-05ae739e3635 /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

13 DNS Server

Run

aptitude install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to create the file /etc/rsyslog.d/bind-chroot.conf...

vi /etc/rsyslog.d/bind-chroot.conf

... and add the following line so that we can still get important messages logged to the system logs:

$AddUnixListenSocket /var/lib/named/dev/log

Restart the logging daemon:

/etc/init.d/rsyslog restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

14 MySQL

In order to install MySQL, we run

aptitude install mysql-server mysql-client libmysqlclient16-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as root@server1.example.com, so we don't have to specify a MySQL root password manually later on:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6525/mysqld
root@server1:~#

Share this page:

11 Comment(s)

Add comment

Comments

From: scristi at: 2010-04-30 13:31:08

do you have any idea how i could install php 5.2 instead of 5.3 (because some of the software i run doesn't work on php 5.3), i could probably compile it from source, but i'm afraid of the incompatibilities, so i would like to use the previous version of php, that karmic koala used, that is in the repositories

From: Taarik at: 2010-05-15 11:16:17

Hi, You can try the script posted at http://mrkandy.wordpress.com/2010/04/16/install-php-5-2-x-in-ubuntu-10-04-lucid/.  The script works fine (I think)...the only problem is that PHP is not automatically added-back to Apache. When I do  ls /etc/apache2/mods-enabled/, PHP doesn't appear.

From: Anonymous at: 2010-05-21 17:23:49

The screenshots are fine, but can't you make them optional (you know, a button or something?) and put in a Table of Contents? It is hard to find the actual information I need without viewing all the fluff.

From: Anonymous at: 2010-09-08 10:02:02

Thank you for taking the time to write this out!

From: Anonymous at: 2011-07-18 20:23:53

Can we have a button that only shows screenshots?  It's hard to get to the good stuff without all that annoying text in the way.

From: Anonymous at: 2012-04-19 00:44:12

Thank you for the screenshots. And for the person whining about getting through the fluff, you should be thanking the person who took time out to post screenshots. If you disagree I would like to see you do a better job before being critical of someone else efforts.

From: Anonymous at: 2010-05-12 16:01:18

Just want to give you the right address to Putty:


http://www.chiark.greenend.org.uk/~sgtatham/putty/


(The www was missing).


 

From: at: 2010-07-15 12:24:21

sudo su - (su dash) assumes roots' homedir rather than the users'.

From: Heidi Munksgaard at: 2010-12-06 21:03:50

Hi Falko!


Have been struggeling with setting up my Ubuntu server untill I came across this fantastic tutorial.


Just wanted to point out a little typo in the line:


"openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt"


in the section for making TLS certificates. 


the " -in smtpd.csr -signkey smtpd.key -out smtpd.crt" part will give an error of:


"smtpd.csr; No such file or directory."


You need to change the name from "smtpd.csr" to "smtpd.crt" in the "-in smtpd.csr" part in order to avoid this error.


Cheers


Heidi Munksgaard

From: DaGeek247 at: 2010-12-31 20:02:31

i love the tutorial, but i also now understand why programs like xampp  are out there. making your own server is tough.


I am wondering, is there like a shell script (for ubuntu users) that would do all this on its own? The user would have to watch the screen and whatnot, but it would help me alot. i frequently run into types and other problems.

From: Pete Gross at: 2010-05-26 00:25:02

After I did your howto  I tried to connect to https://localhost and got an error of " Error code: ssl_error_rx_record_too_long"


 


I figured the problem out, I just had to run: sudo a2ensite default-ssl 


 


I'd suggest adding this into your howto, so others don't have the same problem.


 


Thanks the howto was great!