The Perfect Server - Ubuntu Intrepid Ibex (Ubuntu 8.10)

Version 1.0
Author: Falko Timme
Last edited 10/30/2008

This tutorial shows how to set up an Ubuntu Intrepid Ibex (Ubuntu 8.10) server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc.

I will use the following software:

  • Web Server: Apache 2.2 with PHP 5.2.6, Python, and Ruby
  • Database Server: MySQL 5.0
  • Mail Server: Postfix
  • DNS Server: BIND9
  • FTP Server: proftpd
  • POP3/IMAP: I will use Maildir format and therefore install Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Insert your Ubuntu install CD into your system and boot from it. Select your language:

Then select Install Ubuntu Server:

Choose your language again (?):

Then select your location:

Choose a keyboard layout (you will be asked to press a few keys, and the installer will try to detect your keyboard layout based on the keys you pressed):

The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Share this page:

38 Comment(s)

Add comment

Comments

From: Anonymous at: 2008-11-01 19:05:25

oops… posted comment to the wrong tutorial. a reboot after the upgrade and reconfiguring/rerunning the console setup worked fine. no problems so far…

From: Anonymous at: 2008-10-31 15:38:17

following these details got me stuck at the following:

Setting up console-setup (1.25ubuntu3) ...

Installing new version of config file /etc/init.d/keyboard-setup ...

Installing new version of config file /etc/init.d/console-setup ...

 * Setting up console font and keymap...

 
 is there a clear way to cleanly complete the upgrade?

From: Anonymous at: 2008-11-07 19:39:00

Thanks for a great tutorial.

I have a few comments. I think a note saying something to the effect of "you *must* install /all/ these programs if you want to use ISPConfig" would be a useful addition to the tutorial.

I tried leaving out Quota and ProFTPd (as I don't need them) and ISPConfig barfed when I tried to install it the first time. "ISPConfig runs on it out of the box" I respectfully disagree. To illustrate my point, I list here my failed installation attempts and the reasons for failure. Remember, this is on a box which has just completed the above tutorial. Hopefully those who didn't fall for these mistakes will get a chuckle out of them.

Try #1: The Ubuntu devs (in their infinite wisdom) have changed the /bin/sh link from /bin/bash to /bin/dash, thus completely breaking ISPConfig's setup. That's an easy problem to solve (see the link I post in #5).

Try #2: The setup script erroneously thinks I'm running Debian. This leads to a problem in line 76 of "setup2", whose fix is here.

Try #3: Line 821 of install.php doesn't like the database I've prepared in MySQL specially for it. Apparently, this database must NOT exist before installing. Also, I find the installer has deleted the install directory, which means I can't make a change and restart the install. I delete the database and start again.

Try #4: Line 821 of install.php doesn't like the user I prepared for it either. According to a post buried somewhere in the forum, you must use a MySQL root user to install the database.

Try #5: This one almost worked, but for some reason ISPConfig didn't save *any* of the settings I entered during install.

Try #6: I have high hopes for this one. The generated SSL certificate is corrupt if Firefox and Opera are to be believed. Both refuse to connect to ISPConfig. But I think this can be fixed post-install using these instructions. Thanks to David Yin for posting them. It's a good thing I'm patient, since each install attempt takes the better part of an hour on this slow server. But I think my point is made - ISPConfig does NOT install out of the box on Ubuntu 8.10 Server.

From: admin at: 2008-11-07 21:55:45

I really don't understand your point. All you have to do is follow the tutorial and install ISPConfig - nothing else. Nowhere is it said that you need to create a database or a database user for ISPConfig. I also don't understand your other points. I've completed this setup so many times and *never* had any problems installing ISPConfig.

From: Anonymous at: 2008-11-07 23:52:42

Yeah, I was half expecting that reaction. I'm not having a go or anything. Apologies if I gave that impression.

I was trying to give some constructive criticism on the article, but halfway through it sort of turned into a newbie guide for what to do when ISPConfig fails to install on Intrepid. Apologies again for being offtopic. I just didn't want to say "hey, you said this, you were wrong" without backing it up.

Agreed that I got a little bit creative with the database, but being a security-conscious server administrator I thought that rather than let ISPConfig take complete control of MySQL I would handle it myself. That is, give it a limited user rather than root access. I guess I need to let ISPConfig install and then tighten the screws.

I'll try again. :) My two points are:

1. I think the article would be improved by a sentence saying "you must install all these programs for ISPConfig to work, you may NOT leave any of them out".

2. I think you're wrong when you say "ISPConfig runs on it out of the box".

From: at: 2009-01-29 04:37:38

I'm not "having a go" either, and I can honestly say that so far, NOTHING having to do with getting ISPConfig running has worked, out-of-the-box or otherwise.  I guess that as comments have been made, the tutorials have either been updated, and/or the distribution configuration, because many of the warnings about making some change seem to already be made for me, but I still check.

Specifically, I have a T-1 connection with a block of 32 static IP addresses and have created all of the proper entries for my external DNS hosting to point my domain I wish to host to one of my IP addresses.  Done long ago, DNS has propagated, the address resolves fine from anywhere on the 'net with a simple ping to my domain name.

I have a small computer system running a dual-core Intel x86 CPU, 1 Gb of RAM, and a new 120 Gb hd, with a temporarily connected DVD-ROM drive for the purpose of getting this machine running, since it will become a headless server.

During the install, I chose not to let it detect my keyboard (the 2nd attempt and thereafter), because I can manually choose it faster than the setup can detect it, and noticed no errors due to an improperly chosen keyboard, but still, even though I went through this How-To literally to the letter, I haven't yet been able to even see a log-in page in any web browser for ISPConfig on any computer or with any browser I can try it with so far, which includes IE, Firefox, Seamonkey, and Lynx.

I usually have made it through the "Perfect Server" installation and setup with no visible wounds, but have no idea why I am so far completely unable to get ISPConfig to install to any level of functionality.  All of their web help for this points back to this How-to, or to their mostly incomplete Wiki, the forum, where I've yet to find anyone posting about similar problems, or their install guide, which takes me full circle...

Regardless of the author's experiences, I beg to differ in that I can certainly vouch for the fact that this most certainly isn't working "out of the box", and I'm about to wipe and reload from a clean install (for the 8th time).

Sadly enough, at some point soon, my employer will be forcing me to produce results, which may mean buying another license/copy of some flavor of Microsloft server, and setting up IIS, since they know I can get a website up with that combination...

To the author--I believe that you are and have successfully running this, but I just can't figure out the missing links/steps that have fallen below your radar, so they didn't get explicitly listed here and those with sufficient experience don't stumble over those most obvious barriers, but those of us so far down in knowlege are finding them impassable walls.

I will keep trying, but by no later than Monday, I have to have some visible signs of success that my upper management will both recognize and be happy with.  No excuses. 

From: at: 2008-11-18 22:05:11

The server install process went without snag, however the ISPConfig had a snag trying to install.

"Flex" was missing.  So I installed it, and ISPConfig installed, but I was unable to get it to work - it deleted after reboot?

I'm going through the setup process again on another fresh machine, and think this will work out fine.

- Geoff

 

From: mind at: 2008-11-26 18:44:07

./setup script gives some errors then building extensions

checking for MySQL support... yes
checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... no
configure: error: Cannot find MySQL header files under /usr.
Note that the MySQL client library is not bundled anymore!
ERROR: Could not configure PHP
cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
mv: cannot stat `binaries/aps.tar.gz': No such file or directory
mv: cannot stat `binaries/spamassassin.tar.gz': No such file or directory
mv: cannot stat `binaries/uudeview.tar.gz': No such file or directory
mv: cannot stat `binaries/clamav.tar.gz': No such file or directory
mv: cannot stat `binaries/cronolog': No such file or directory
mv: cannot stat `binaries/cronosplit': No such file or directory
mv: cannot stat `binaries/ispconfig_tcpserver': No such file or directory
mv: cannot stat `binaries/zip': No such file or directory
mv: cannot stat `binaries/unzip': No such file or directory
tar: spamassassin.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `spamassassin': No such file or directory
tar: uudeview.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `uudeview': No such file or directory
tar: clamav.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `clamav': No such file or directory
tar: aps.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `ispconfig_tmp': No such file or directory
cp: cannot stat `dist.info': No such file or directory
All prerequisites are fulfilled.
Here we go...
chmod: cannot access `./install.php': No such file or directory
Please enter your MySQL server:Please enter your MySQL server:^C

From: bosaka at: 2009-01-26 13:00:31

server1.example.com is this what you plan to name your website?

From: at: 2008-12-09 05:01:36

If you want to use Putty to complete the setup remotely as specified in step 5 on page 3,  you should use a password that has no capital letters. 

 For some stupid reason, putty will fail even though you are using the correct IP, correct username, and correct password, if the password has any capitals in it.

 If your password does, you can change it at the command prompt with the "passwd" command.

You should do that for both your user account AND the super user if you intend to use "sudo su" over Putty.

*****************************  EDIT  EDIT  EDIT 2009-01-20  ******************

I got PuTTy to work on a brand new install, perhaps it only fails sometimes, perhaps if the first letter of the password is a capital letter.

From: at: 2008-12-09 05:12:46

If you want to use Putty to complete the setup remotely as specified in step 5 on page 3,  you should use a password that has no capital letters. 

 For some stupid reason, putty will fail even though you are using the correct IP, correct username, and correct password, if the password has any capitals in it.

 If your password does, you can change it at the command prompt with the "passwd" command.

You should do that for both your user account AND the super user if you intend to use "sudo su" over Putty.

From: at: 2008-12-17 23:44:43

Actually, I have not had any difficulty with capitals in passwords using putty. Not sure why it does not seem to work for you.

From: at: 2008-12-13 04:12:56

Use

apt-get dist-upgrade

 to upgrade your kernel too, in step 8 before you

reboot

 I was having trouble on my Dell 9200 with 7300LE Nvidia video card.  It would hang on reboot at the very end.  Processes shutdown, but it would not finally turn the power off for the restart.  Restart failed, so I had to physically hold the button down for 10 seconds to cycle the power off & on.  It would happen with another equivalent reboot command,

init 6

, too.

But this bug was fixed in an updated kernel.  To get that updated kernel, use this apt-get dist-upgrade command.

********************** EDIT  EDIT EDIT 2009-01-20 *****************

**********************     MORE INSTRUCTIONS     *******************

I noticed this grub file must be altered, to fix this reboot hang problem on a Dell 9200.

http://ubuntuforums.org/showthread.php?t=1001648&page=2

We’ll make a script to edit your /boot/grub/menu.lst file automatically. Make a folder, and add the path to this new folder to your $PATH environment variable, so that the bash shell of the command line will function on the script you will create inside that folder.

echo $PATH
export PATH=$PATH:/tempscript
echo $PATH
mkdir tempscript
cd /tempscript

Then make a script to edit the grub file. Start the vi text editor to create the file:

vi alter_menu

then press "i" to enter insert mode:

i

Cut & paste this script into the file (make sure you're not also pasting the HTML tags of this text too, because you are copying it from the browser):

#!/bin/bash
MENU='/boot/grub/menu.lst'
cat $MENU | while read LINE
do
   if [[ $LINE =~ ^$ ]]; then
     echo $LINE
   elif [[ $LINE =~ ^[^kernel] ]] || [[ $LINE =~ .*bin$ ]]; then
     echo $LINE
   elif [[ $LINE =~ ^kernel.* ]]; then
     echo $LINE reboot=b
   fi
done

Press [ESC] to exit insert mode of the vi editor, then press

ZZ

to save the script file and exit the editor. Now run the script and clean up:

chmod 777 alter_menu
alter_menu > /boot/grub/menu.lst.tmp
mv /boot/grub/menu.lst.tmp /boot/grub/menu.lst
cd ../../../../../../../../..
rm -r /tempscript

It is necessary to reboot manually one more time with the manual power button if your machine suffers from this problem, So that the server’s grub can boot with these new settings.

From: Anonymous at: 2009-01-25 15:34:23

I had to set the DNS server address in /etc/resolv.conf to get the dns to work.

(Running  Ubuntu 8.10 server in VirtualBox under Vista with two netw adapters, the VBox network on secondary host interface, and InternetConnectionSharing turned on in Vista)

From: Anonymousjames at: 2008-11-13 22:07:34

some of the apt-get commands don't work due to the fact that the package names have changed oh and he doesn't explain how he got uuid for the fstab file  from where???  y? cause i need to find my own ????  oh and the nameserver

"The /etc/resolv.conf file could look something like this:

 
 
 
 
 
 
nameserver 192.168.2.1
nameserver 160.123.76.1
nameserver 196.41.0.131

"Rute by Paul Sheer 2002 available online (you have to know your dns server ip addy)

2 stars it will get you there if you work at it  a little confused but hey tutorials go  out of date
linux newbie and IT professional

From: Anonymous at: 2008-12-03 05:21:32

after i restarted the mysql when it disconected then tried to restart it failed, now what do i do?

From: sudopeople at: 2009-04-29 22:23:29

root@puter:/etc/postfix/ssl# /etc/init.d/saslauthd start
etc/default/saslauthd: 50: to: not found
  * Starting SASL Authentication Daemon saslauthd
  * No run directory defined for saslauthd, not starting

Make sure your OPTIONS line reads:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

I copied and pasted the line from the tutorial which shouldn't have happened:

 OPTIONS="-c -m /var/run/saslauthd" to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

doh!

From: at: 2009-03-30 04:35:26

how do I fix this problem No run directory defined for saslauthd, not starting

From: Ben at: 2008-11-02 02:52:49

Just setup my linux box and it all worked great with one minor exception.

My server was not accepting mail for my domain with the following error in the syslog:

"Relay access denied"...

The fix is that in the 'Other destinations to accept mail' setting in the Postfix setup I needed to add my domain, excluding the server name.  Possible my stupidity, but it wasn't clear to me in the write-up. 

It may be more clear to write:

Other destinations to accept mail for (blank for none): <-- example.com, server1.example.com, localhost.example.com, localhost.localdomain, localhost

 I ended up just adding my domain to the Postfix config file and everything worked.  Edit the following line in /etc/postifx/main.conf :

Change from:

mydestination = server1.example.com, localhost.example.com, localhost.localdomain, localhost

 to:

mydestination = example.com, server1.example.com, localhost.example.com, localhost.localdomain, localhost

 

Hope this helps...

 PS.  Fantastic Post...

From: Joel barnard at: 2008-11-06 18:59:05

After the setup i was unable to telnet to localhost, i checked the log and found there was a "numerical error", so I opened up the config file (editor /etc/postfix/main.cf) and found a period "." in the following spot... (see after the 1)

 [...]
smtpd_tls_loglevel = 1.
[...]

Remove that period, save the file, restart postfix and saslauthd and it should all be fine.

From: Mallegonian at: 2008-12-03 01:19:33

Thanks for the great guide! After installing postfix I couldn't telnet to localhost port 25 - it connected, but no 220 or ehlo response. /var/log/syslog showed "Dec  2 20:11:40 myserver postfix/tlsmgr[5678]: fatal: open database /var/lib/postfix/smtpd_scache.db: Permission denied"

To fix it, I ran, as root,

chown postfix:postfix /var/lib/postfix/smtpd_scache.db; chown postfix:postfix /var/lib/postfix/smtpd_scache.db

I have Ubuntu 8.10 dist-upgraded from 8.04, fully patched as of Dec 2.

From: Sean at: 2008-11-09 16:30:56

It would only take another paragraph or two to setup ProFTPD to use SSL/TLS and be a secure FTP server.  I understand firewall setup would be more complicated, but not sending your shell account passwords over the Internet PLAIN TEXT would be worth a little additional effort.  Might be a worthwhile enhancement to an already excellent guide.  Thanks for the guide!

Sean

From: Anonymous at: 2008-11-01 18:42:41

Ok, thank you for your article, but can you tell me:

1. why don't you use the default email server from tasksel or from the ubuntu server guide?

https://help.ubuntu.com/8.04/serverguide/C/email-services.html

tasksel --task-packages mail-server
dovecot-imapd
procmail
openssl-blacklist
dovecot-common
postfix
mutt
libmysqlclient15off
ssl-cert
bsd-mailx
dovecot-pop3d
libpq5
mailx
mysql-common

Why are you using courier and cyrus-sasl2 instead dovecot?

2.  why you're disable the apparmour and enable root account but you use bind chrooted?

3. why don't you just select lamp server at install and go for the suplimentary needed packages later?

It seems to me that this is not the "perfect ubuntu server", but a platform for ispconfig.

From: admin at: 2008-11-01 23:28:39

1.) It's just a choice I've made. You can use Dovecot as well.

2.) I did not enable the root account. I disabled AppArmor because otherwise BIND doesn't start.

3.) Because I like to have control over what I install. You can as well install the lamp package if you like that better.

As I said in the introduction, there are many ways to skin a cat.

From: admin at: 2008-10-31 15:51:16

Here you go: http://www.howtoforge.com/software-raid1-grub-boot-debian-etch

I don't want to include this in the tutorial because

a) it would become too long

b) it would lock out the users that have just one hard drive in their servers.

I hope you can understand this.

From: Anonymous at: 2008-10-31 14:45:45

I just have a question, on how can you have a "reliable" server without a form of RAID? You should have the instructions for RAID.

Thanks

From: Patrick at: 2009-09-01 20:56:21

Just a note:

I had to wrap ServerIdents off in the <global> tag for ProFTP to pick it up. i.e.

<global>
ServerIdents off
</global>

Also, it takes a long time for users to log into ftp if you don't add the following line:

UseReverseDNS off

From: Rogerio Martinelli at: 2009-04-06 20:07:44

Look at your apache error log.

i resolved with that.

my problem was with logger so:

sudo apt-get install vlogger

 

all the best

RM

 

From: sims at: 2008-11-02 23:04:36

I don't think that's the best choice for and FTP server. Might want to give vsftpd a try.

From: garfunkle at: 2008-10-31 16:55:33

Been waiting for a perfect server since beta. I use this in a virtual environment to practise my networking skills and so far it's installed great, done everything except ISP Config. Will be testing the features now.

From: Anonymous at: 2010-03-20 14:43:52

Did not see clamav and freshclam installation in this tutorial

From: Tyger at: 2008-11-08 22:52:24

Thanks for an excellent tutorial.

From: clabrown at: 2008-11-21 17:57:52

Thanks very much this is really helpful.

 You may need to add a section about corrections to resolv.conf in the networking section, 7 on page 3. This seems to end up with the gateway's ip for the nameserver, and "home" (I think) for the default "domain" and "search" parameters.

 In my case my gateway does not provide dns, and I had to change the domain and search entries to "mydomain.com".

From: Koop at: 2008-11-25 17:24:08

Falko,

Thanks so much for the killer setup how to's. They literally have taught me everything I know about linux so far.  A great follow up How To would be a how to on how to add functionality to these perfect servers. I want to take this setup, which is running awesome by the way, and add backup, load balancing, and intrusion detection. 

Anyway, awesome so far thanks!

 Koop

From: mrmikey05 at: 2009-03-21 09:16:19

Hey guys. This tut is really perfect. the only problem I have now is, my apache2 failed after installing ispconfig. how do i go about fixing that?

Please direct me to help.

Thanks again for a great tut.

From: Sem Wong at: 2009-02-05 18:26:37

Hey! Thanks for this awesome howto! Thanks to you I got a fully functioning server.

 I got 1 problem here (nothing wrong with the tutorial, since it all works perfect :))
My ISP (Internet Service Provider) blocks all incoming port 80 requests. I would like to know how I can change the listening port so I can put it at port 88 :).

1 more thing, Which ports do I have to portforward for all the things? ftp is port 21 and the mail server?

thanks in advance,
Sem Wong.

From: Sonic at: 2009-02-28 15:22:48

Al of your settings work like a charm. The only thing that doesn't work, is the installation of Ispconfig.

 When all the settings are in place, and he is restarting all services, the apache2 server "fails".

 When I manually want to start it, it also fails.. Now I'm really stuck with a non working server...

 

Please help :-/

From: willebanksIII at: 2010-02-19 12:30:43

Howdy all,

I have been cutting and pasting one line at a time within each blue box. Can I just select everything within the whole box? I bet I can but I really don't feel like experimenting and breaking something.

I realize I'm not suppose to ask questions here but I figure a yes or no answer will get the job done!

Thanks,

Will