English | 
Deutsch
The Perfect Server - Ubuntu Karmic Koala (Ubuntu 9.10) [ISPConfig 2] - Page 4
On this page
11 Install Some Software
Now we install a few packages that are needed later on. Run
aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential
(This command must go into one line!)
12 Journaled Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, run
aptitude install quota
Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the partition with the mount point /):
vi /etc/fstab
# /etc/fstab: static file system information. # # Use 'blkid -o value -s UUID' to print the universally unique identifier # for a device; this may be used with UUID= as a more robust way to name # devices that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/mapper/server1-root / ext4 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1 # /boot was on /dev/sda5 during installation UUID=9ea34148-31b7-4d5c-baee-c2e2022562ea /boot ext2 defaults 0 2 /dev/mapper/server1-swap_1 none swap sw 0 0 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0 |
To enable quota, run these commands:
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
13 DNS Server
Run
aptitude install bind9
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":
vi /etc/default/bind9
# run resolvconf? RESOLVCONF=yes # startup options for the server OPTIONS="-u bind -t /var/lib/named" |
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
We need to create the file /etc/rsyslog.d/bind-chroot.conf...
vi /etc/rsyslog.d/bind-chroot.conf
... and add the following line so that we can still get important messages logged to the system logs:
$AddUnixListenSocket /var/lib/named/dev/log |
Restart the logging daemon:
/etc/init.d/rsyslog restart
Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
14 MySQL
In order to install MySQL, we run
aptitude install mysql-server mysql-client libmysqlclient15-dev
You will be asked to provide a password for the MySQL root user - this password is valid for the user [email protected] as well as [email protected], so we don't have to specify a MySQL root password manually later on:
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...] # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 [...] |
Then we restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
[email protected]:/etc# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 4145/mysqld
[email protected]:/etc#
Sub pages
Suggested articles
4 Comment(s)
Comments
Hi,
I found out after chrooting the bind9, the status cannot be checked.
i.e.:
[email protected]:/etc/bind# /etc/init.d/bind9 status
* could not access PID file for bind9
i resolved this by editing the /etc/init.d/bind9
i changed #PIDFILE=/var/run/named/named.pid toPIDFILE=/var/lib/named/var/run/named/named.pid
Where your pid file is, you may find by doing : find / -name named.pid
When found, it will show you the exact path. (To find it, bind must be running)
Good luck.
[email protected]:/etc/bind# /etc/init.d/bind9 restart
* Stopping domain name service... bind9 rndc: connect failed: 127.0.0.1#953: connection refused
[: 131: 2652: unexpected operator
[ OK ]
* Starting domain name service... bind9 [ OK ]
[email protected]:/etc/bind#
[email protected]:/etc/bind# /etc/init.d/bind9 status
* bind9 is running
[email protected]:/etc/bind#
how i fix it
thanks
If you're getting this error:
rndc: connect failed: 127.0.0.1#953: connection refused
re-run the command:
chown -R bind:bind /var/lib/named/etc/bind
While editing the config files, you may have accidentally made the config files unreadable by the "bind" user.
I have had great success in the past following the perfect server guides for Ubuntu. This time however it has been over a week of going through the steps over and over again with no luck. Maybe it is because I am setting it up on Ubuntu desktop instead of Ubuntu server, I don't know. What I do know now is this:
1. In step 10 after disabling Apparmor you need to edit the file /etc/apparmor/initramfs or it will keep trying to start up Apparmor. Comment out these lines:
set -e
. /etc/apparmor/functions
mount -n -t securityfs none "${SECURITYFS}"
load_configured_profiles_without_caching
REF: http://www.howtoforge.com/forums/showthread.php?t=40889
2. In step 12 when installing Journaled Quota It kept giving me this error:
quotacheck: Scanning /dev/??? [/] quotacheck: lstat Cannot stat `//home/?????/.gvfs': Permission denied
Guess you'd better run fsck first !
exiting...
It made it so I could not install quota properly which meant ispconfig also wouldnt install. If I rebooted I was in a world of hurt. Answer was not easy to find either cause others in the forum just ignored it like it was silly or something. Thank goodness for Melask:
Just log off from your graphical environment and switch to e.g. tty1 window with the ctrl+alt+F1 keys. Run all the commands there (after u login ofc) and u are ok.
Switch back to kde/gnome with ctrl+alt+F7
REF: http://howtoforge.org/forums/showthread.php?p=218258
3. If you want to use Apparmor you will probably have troubles with Bind9. The fix for that is here:
REF: http://ubuntuforums.org/showthread.php?p=4636681
Now because of this great guide and a couple of fixes here and there I am running this perfect server on an Acer laptop with Ubuntu Netbook Remix.....don't laugh....i have to find something to do.