The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10)

Version 1.0
Author: Falko Timme
Last edited 10/18/2007

This tutorial shows how to set up a Ubuntu Gutsy Gibbon (Ubuntu 7.10) based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of Ubuntu Gutsy Gibbon, but should apply to the 64-bit version with very little modifications as well.

I will use the following software:

  • Web Server: Apache 2.2
  • Database Server: MySQL 5.0
  • Mail Server: Postfix
  • DNS Server: BIND9
  • FTP Server: proftpd
  • POP3/IMAP: I will use Maildir format and therefore install Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Insert your Ubuntu install CD into your system and boot from it. Select Install to the hard disk:

The installation starts, and first you have to choose your language:

Then select your location:

Choose a keyboard layout (you will be asked to press a few keys, and the installer will try to detect your keyboard layout based on the keys you pressed):

The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Share this page:

9 Comment(s)

Add comment

Comments

From: at: 2008-04-23 21:19:56

Should add a note that if the user plans to setup ISPConfig the mysql password should not containg characters that are special to the shell like $, &, etc...


A password like pa$$word would cause ISPConfig to return an error at the very end of the setup:



Please enter your MySQL password: pa$$word
ERROR 1045 (28000): Access denied for user 'root'@locahost' (using password: YES) The provided MySQL password is wrong!


vale

From: at: 2008-01-24 04:17:56

then you have to add those two line at the end of /etc/postfix/main.cf

virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

and comment out the previus mydestination = ...

to avoid errors like "Relay access denied" and "...loops back to itself" and undelivered mail in incoming mailbox

From: at: 2008-01-31 21:58:47

As discussed in this thread


http://www.howtoforge.com/forums/showthread.php?t=17924&highlight=php5-common


can you remove the php5-json from STEP 16?


 I know I should just make a note to myself, but I figured why not just ask one of the admins to update the guide.

From: at: 2007-11-04 01:18:45

This Howto is very useful, but appears to rely heavily on the assumption that ISPconfig will be installed. In particular SSL is not working out of the box in this configuration. I found In needed to go through the following steps for apache 2.2.4:


Apache2 SSL


Generate the certificate

Since Ubuntu 7.04, certificate creation has been changed:

Create directories


mkdir /usr/share/share/ssl-cert /etc/apache2/ssl

Create a certificate:.


/usr/sbin/make-ssl-cert /usr/share/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Enable the SSL module


sudo a2enmod ssl

Listen to port 443


echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf

Create and enable the SSL site


sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this

NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>
<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>

</virtualhost>
...and enable it

sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80
<virtualhost *:80>
...and enable it

sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80
<virtualhost *:80>

Mod rewrite

It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite.
First you'll have to enable the module

sudo a2enmod rewrite
Then add the following to /etc/apache2/sites-available/default

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
Create directory for pidfile; it may be missing

sudo mkdir -p /var/run/apache2
sudo chown -R www-data /var/run/apache2

Fix ports.conf

You may have to remove a double-up Listen Command for port 443 (SSL)

vi /etc/apche2/ports.conf
should look like this

Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
Don't forget to restart apache

sudo /etc/init.d/apache2 force-reload

From: at: 2008-01-14 19:50:17

I don’t know if this applies to 64 bit systems only.  (I installed ISPConfig successfully on a Xeon 3210 system)
In case of error message: ”Cannot find OpenSSL's <evp.h>" followed by lots of error messages, last error message is "The PHP binary coming with ISPConfig does not work properly on your system!"  you will need to install the ssl-devel package in order to get the missing <evp.h> file.


Use the command:


sudo apt-get install libssl-dev


and reinstall ISPConfig as described in the manual

From: at: 2008-01-29 15:11:06

Thanks for the addition as I do not want to ISPconfig. SAdly there are no line carriages for the code you posted, therefore I cannot differ when a command or line is ended. Could you please reformat the part beginning from "RewriteEngine" and explicitely say between which lines this has to be inserted? Thank you.

From: at: 2008-02-28 01:53:36

The lines you mean, which are added to the default(port80) site, are;


quote: 


Then add the following to /etc/apache2/sites-available/default


RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2



Good Luck! 

 

From: at: 2008-04-08 04:49:01

Ubuntu has no root password by default for security reasons. By setting one, you are taking a risk. You can use "sudo -i" or "sudo su" without setting a root password to get a root prompt as an administrator.


As well, if you do set the root password and install OpenSSH server, by default, root is permitted to log on, which is a very risky move, especially if the server is accessible from the internet. To disable root logons via ssh, edit /etc/ssh/sshd_config, and change "PermitRootLogins yes" to "PermitRootLogins no". This is normally a non-issue, because root normally does not have a password and therefore cannot log on to the system at all.

From: Anonymous at: 2008-09-27 03:01:18

Thanks for giving detailed step by step instructions. I didn't install ISPConfig, but I found the rest of the howto very helpful - informative, detailed and up-to-date.


I actually ran this on a hardy heron installation. apt-get couldn't find php5-ps. When I checked at http://packages.ubuntu.org I found this is available upto gutsy and then also planned for intrepid but not in hardy repos... would this break anything ? (Haven't been facing any thing unexplainable so far)