The Perfect Server - Ubuntu Jaunty Jackalope (Ubuntu 9.04) [ISPConfig 2] - Page 4

11 Install Some Software

Now we install a few packages that are needed later on. Run

aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)

 

12 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

aptitude install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# Use 'vol_id --uuid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# / was on /dev/mapper/server1-root during installation
UUID=b8d265bc-5959-404d-a68e-8dc1c76f18d6 /               ext3    relatime,errors=remount-ro,usrquota,grpquota 0       1
# /boot was on /dev/sda5 during installation
UUID=01e9c3c7-2ad0-4f52-a356-18290517b362 /boot           ext2    relatime        0       2
# swap was on /dev/mapper/server1-swap_1 during installation
UUID=c1e0bcbb-5c73-4bd2-a7b2-8beeb7526200 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

13 DNS Server

Run

aptitude install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

14 MySQL

In order to install MySQL, we run

aptitude install mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as root@server1.example.com, so we don't have to specify a MySQL root password manually later on:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      4318/mysqld
root@server1:~#

Share this page:

11 Comment(s)

Add comment

Comments

From: Anonymous at: 2009-04-30 02:23:33

what do you do about the network interfaces if you are going to use this config on amazon ec2?


new to ec2 and dont know if i should leave it to dhcp or make it static. and if its static what are the values i would use?

From: Boris at: 2009-04-26 17:34:10

# tasksel


[*] Ubuntu Desktop


Press "Tab"  and  "OK"


About 2hr download at 100KB/s


Reboot.


 

From: Anonymous at: 2009-07-07 05:29:58

for this server to be used in a small business of about 15 people... and maybe 100 visitors to the website a day what kind of hardware would be need for the server to run smoothly without putting a hole in my wallet?

From: Anonymous at: 2010-02-21 21:08:18

sorry for this late reply, just leave it alone.Only do the static step if you are using home server, but you aren't so use dhcp

From: Anonymous at: 2010-03-22 15:36:24

Sorry for the late reply, but, with that little traffic and doing nothing else but web hosting, you could get away with an Atom processor or an old Pentium 4 if you do not care about power usage. If you need it rack mountable, I may suggest a SUPERMICRO SYS-5015A-H 1U otherwise just get a cheap system with reliable hardware and make sure you have room to grow over the next 5 years. After 5 years it may be worthwhile to upgrade to faster and more efficient power-per-watt hardware.

From: Lukas at: 2009-10-20 01:05:03

It works perfect, the only problem I have is when I'm restartting server it says


fsck.ext2 unable to resolve 'UUID=...'


fsck died with exit status 8


File system check failed

From: GBot at: 2010-01-08 02:30:51

Should you still install the DNS server in step 13 if you are behind a home router, such as a D-Link or Linksys?

From: chingson at: 2009-06-01 01:44:15

 


Since gmail has large volume of email box, customers will always want more and more...


To get more, dbmail with IMAP is a much  better alternative. Also, spamassassin to reject spam emails are required.


 


BTW, webmail is also a basic of an ISP. Squirrel mail is too .. basic.. and multi-language support is bad. I don't know if there are better alternatives..


 

From: Anonymous at: 2010-07-19 14:53:17

hai,


I am just configure Postfix mailserver follow this tutorial. But when i configure client system its ask for smtp & pop auth password for host. when I give user default password its not taken. Please help me to configure smtp & auth password for host <mail.****.*****>

From: eagle at: 2009-10-05 23:52:03

Hi,


Good tutorial, all worked fine until the Apache2 installation, which had been working from the defaul installation.


When restarting having enabled the various modules the following message was displayed:


 * Starting web server apache2                                                  (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
                                                                         [fail]
Any help/guidance on how to fix gratefully received.


 


Thanks

From: Anonymous at: 2009-08-30 20:30:08

Hi,


 This tutorial is great, though i noticed, trying to run it, that some package are missing to run properly the ISPCONFIG install:


 quota and iptables


 might be good to add them in this list.


 thx