There is a new revision of this tutorial available for Ubuntu 16.10 (Yakkety Yak).

The Perfect Server - Ubuntu 14.04 (Apache2, PHP, MySQL, PureFTPD, BIND, Dovecot, ISPConfig 3) - Page 3

On to the next step...

 

4. Get root Privileges

After the reboot you can login with your previously created username (e.g. administrator). Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

(You can as well enable the root login by running

sudo passwd root

and giving root a password. You can then directly log in as root, but this is frowned upon by the Ubuntu developers and community for various reasons. See http://ubuntuforums.org/showthread.php?t=765414.)

 

5. Install The SSH Server (Optional)

If you did not install the OpenSSH server during the system installation, you can do it now:

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Ubuntu 14.04 server and follow the remaining steps from this tutorial.

 

6. Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange behavior on Ubuntu and Debian; to fix this, we install vim-nox:

apt-get install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)

 

7. Configure The Network

Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.2.251 and the DNS servers 192.168.1.200, 192.168.1.225 and 8.8.8.8 - starting with Ubuntu 12.04, you cannot edit /etc/resolv.conf directly anymore, but have to specify your nameservers in your network configuration - see

man resolvconf

for more details):

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.2.251
        netmask 255.255.255.0
        network 192.168.2.251
        broadcast 192.168.2.255
        gateway 192.168.2.254
        dns-nameservers 192.168.1.200 192.168.1.225 8.8.8.8 

Then restart your network:

service networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1       localhost
192.168.2.251   server1.example.com     server1

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now run

echo server1.example.com > /etc/hostname
service hostname restart

Afterwards, run

hostname
hostname -f

Both should show server1.example.com now.

 

8. Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this:

vi /etc/apt/sources.list

#

# deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/ trusty main restricted

#deb cdrom:[Ubuntu-Server 14.04  LTS _Trusty Tahr_ - Release amd64 (20130423.2)]/ trusty main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://de.archive.ubuntu.com/ubuntu/ trusty main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ trusty universe
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty universe
deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu trusty partner
# deb-src http://archive.canonical.com/ubuntu trusty partner

## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu trusty main
# deb-src http://extras.ubuntu.com/ubuntu trusty main

Then run

apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any). If you see that a new kernel gets installed as part of the updates, you should reboot the system afterwards:

reboot

 

9. Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <-- No

If you don't do this, the ISPConfig installation will fail.

 

10. Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

We can disable it like this:

service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

 

11. Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.

 

Share this page:

19 Comment(s)

Add comment

Comments

From:

Thanks for your numerous fine tutorials

I use the proposed 64bit ISO

There is no file:

[email protected]:~# /etc/init.d/hostname restart
bash: /etc/init.d/hostname: Datei oder Verzeichnis nicht gefunden


From:

the same error here

From: MadTrappeer

I have been building LAMP servers for a few years now. I leave the network cable unplugged and allow DHCP to fail. When offered I then configure the network manually.This just plain saves time. Just plug it in after that so that it can pick up the time zone and do the update etc.

From: Anonymous


 

What can I do to fix?

 [email protected]:/etc/init.d# /etc/init.d/hostname restart

bash: /etc/init.d/hostname: No such file or directory

 


From:

Please use this command instead: 

 service hostname restart

 The Tutorial has been updated as well.

From:

My /etc/apt/sources.list files looks like this-

 
## modifications made here will not survive a re-bundle.
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## b.) add sources in /etc/apt/sources.list.d
#
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
deb http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty main

## distribution.
deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates main
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## review or updates from the Ubuntu security team.
deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty universe
deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## your rights to use the software. Also, please note that software in 
## security team.
# deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty multiverse
# deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
## Uncomment the following two lines to add software from the 'backports'
## N.B. software from this repository may not have been tested as
## newer versions of some applications which may provide useful features.
## or updates from the Ubuntu security team.
# deb-src http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
## Uncomment the following two lines to add software from Canonical's
## This software is not part of Ubuntu, but is offered by Canonical and the
# deb http://archive.canonical.com/ubuntu trusty partner

deb-src http://security.ubuntu.com/ubuntu trusty-security main
deb-src http://security.ubuntu.com/ubuntu trusty-security universe


 
do i have to downgrade to saucy ?? 
 

From:

If this article is about Ubuntu 14.04 Trusty, why you are using Saucy respositories?

From:

This was a mistake in the guide. I fixed that.

From:

Perfect thank you!

I was going mad to understand why that repository ;)

From:

fyi.

From: Bigdickau


i have been following this tut with interest but when it comes to the first reboon on page the system crashes. 

 getting 110347587] EXT4-fs (cciss!c0d0p1): mounted filesystem without jurnal. 0pts"(null)

the system freezers and i have to do a hard reset 

this is the last line

Any ideas

From: Patrick

Within the Configure the Network, should the network not read 192.168.1.0 rather than 192.168.1.252? 
 
auto eth0
iface eth0 inet static
        address 192.168.1.252
        netmask 255.255.255.0
        network 192.168.1.252   or 192.168.1.0 ???
        broadcast 192.168.1.255
        gateway 192.168.1.254

From:

Your network would be different. It depends on what your gateway is, you can find that on your router box if it is providing DHCP services, and typically it should.

 mine looks like this:

 # This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).


# The loopback network interface

auto lo

iface lo inet loopback


# The primary network interface

auto eth0

iface eth0 inet static

        address 192.168.0.6

        netmask 255.255.255.0

        network 192.168.0.6

        broadcast 192.168.0.255

        gateway 192.168.0.1

        dns-nameservers 209.18.47.61 209.18.47.62

As you can see I am using my ISP nameservers, the tutorial is using local nameservers as my guess is the lesson is based on local access only. My local IP is 192.168.0.6, however I wasn't sure about the broadcast but based on the tutorial it looks like a reserved IP address .255 so I plopped in 0.255. Didn't seem to cause any problems so far. In order to make your server available on the internet you have to open up ports on your router box such as 80 for web access. 22 for ssh access, but I'd refrain until you lock down the machine before opening up port 22, and that can be changed to a different port if you want to make it harder to find. hosts.allow file you can button up who gets to access, but I wouldn't mess with that until you finish the tutorial as I think ISPConfig web interface will get you all set up for that anyway.
 
Of course I'd stand corrected if this is inaccurate. 

From: Renan Altendorf

Fixing multiverse source.list

<pre># See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu/ trusty main restricted
# deb-src http://archive.ubuntu.com/ubuntu/ trusty main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu/ trusty-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ trusty universe
# deb-src http://archive.ubuntu.com/ubuntu/ trusty universe
deb http://archive.ubuntu.com/ubuntu/ trusty-updates universe
# deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## team, and may not be under a free licence. Please satisfy yourself as to 
## your rights to use the software. Also, please note that software in 
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu/ trusty multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ trusty multiverse
deb http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu trusty-security main restricted
# deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
# deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
# deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu trusty partner
# deb-src http://archive.canonical.com/ubuntu trusty partner

## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
deb http://extras.ubuntu.com/ubuntu trusty main
# deb-src http://extras.ubuntu.com/ubuntu trusty main</pre> 

From: Anonymous

The command # service networking restart # does not work on Ubuntu 14.04:

stop: Job failed while stopping
start: Job is already running: networking

See:

https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1301015 and http://askubuntu.com/questions/441619/how-to-successfully-restart-a-network-without-reboot-over-ssh

I used # ifdown eth0 && ifup eth0 # but don`t know if that`s the correct syntax. In fact noone knows that for sure.

From:

Thanks for another great guide.

I notice there is no coverage of firewall settings in this guide, unlike the 10.04 LTS I followed.  I think this needs to be covered because by default, UFW on 14.04 LTS is 'inactive' and requires the command 'ufw enable'.

From: admin

No, the guide is complete as it is. ISPConfig 3 comes with ist own Firewall and this gets configured by the ispconfig installer.

From:

Does one really need to add these repos? It looks like universe and multiverse repos are already enabled in my installation, just not these particular ones. The CD-ROM is also already commented out.

 

 

From: diablo666

Hi the /etc/apt/source.list is worng, only deb-src present....