The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10)

Version 1.0
Author: Falko Timme
Last edited 10/18/2007

This tutorial shows how to set up a Ubuntu Gutsy Gibbon (Ubuntu 7.10) based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of Ubuntu Gutsy Gibbon, but should apply to the 64-bit version with very little modifications as well.

I will use the following software:

  • Web Server: Apache 2.2
  • Database Server: MySQL 5.0
  • Mail Server: Postfix
  • DNS Server: BIND9
  • FTP Server: proftpd
  • POP3/IMAP: I will use Maildir format and therefore install Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Insert your Ubuntu install CD into your system and boot from it. Select Install to the hard disk:

The installation starts, and first you have to choose your language:

Then select your location:

Choose a keyboard layout (you will be asked to press a few keys, and the installer will try to detect your keyboard layout based on the keys you pressed):

The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Share this page:

9 Comment(s)

Add comment

Comments

From: at: 2008-04-23 21:19:56

Should add a note that if the user plans to setup ISPConfig the mysql password should not containg characters that are special to the shell like $, &, etc...

A password like pa$$word would cause ISPConfig to return an error at the very end of the setup:

Please enter your MySQL password: pa$$word
ERROR 1045 (28000): Access denied for user 'root'@locahost' (using password: YES) The provided MySQL password is wrong!

vale

From: at: 2008-01-24 04:17:56

then you have to add those two line at the end of /etc/postfix/main.cf

virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

and comment out the previus mydestination = ...

to avoid errors like "Relay access denied" and "...loops back to itself" and undelivered mail in incoming mailbox

From: at: 2008-01-31 21:58:47

As discussed in this thread

http://www.howtoforge.com/forums/showthread.php?t=17924&highlight=php5-common

can you remove the php5-json from STEP 16?

 I know I should just make a note to myself, but I figured why not just ask one of the admins to update the guide.

From: at: 2007-11-04 01:18:45

This Howto is very useful, but appears to rely heavily on the assumption that ISPconfig will be installed. In particular SSL is not working out of the box in this configuration. I found In needed to go through the following steps for apache 2.2.4:

Apache2 SSL

Generate the certificate

Since Ubuntu 7.04, certificate creation has been changed:

Create directories

mkdir /usr/share/share/ssl-cert /etc/apache2/ssl

Create a certificate:.

/usr/sbin/make-ssl-cert /usr/share/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Enable the SSL module

sudo a2enmod ssl

Listen to port 443

echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf

Create and enable the SSL site

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this
NameVirtualHost *:443
<virtualhost *:443>
        ServerAdmin webmaster@localhost
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/apache.pem

        DocumentRoot /var/www/
        <directory />
                Options FollowSymLinks
                AllowOverride None
        </directory>
        <directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                # Commented out for Ubuntu
                #RedirectMatch ^/$ /apache2-default/
        </directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </directory>
        ErrorLog /var/log/apache2/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </directory>

</virtualhost>
...and enable it

sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80
<virtualhost *:80>
...and enable it
sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default
NameVirtualHost *:80
<virtualhost *:80>

Mod rewrite

It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite.
First you'll have to enable the module
sudo a2enmod rewrite
Then add the following to /etc/apache2/sites-available/default
RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
Create directory for pidfile; it may be missing
sudo mkdir -p /var/run/apache2
sudo chown -R www-data /var/run/apache2

Fix ports.conf

You may have to remove a double-up Listen Command for port 443 (SSL)
vi /etc/apche2/ports.conf
should look like this
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
Don't forget to restart apache
sudo /etc/init.d/apache2 force-reload

From: at: 2008-01-29 15:11:06

Thanks for the addition as I do not want to ISPconfig. SAdly there are no line carriages for the code you posted, therefore I cannot differ when a command or line is ended. Could you please reformat the part beginning from "RewriteEngine" and explicitely say between which lines this has to be inserted? Thank you.

From: at: 2008-02-28 01:53:36

The lines you mean, which are added to the default(port80) site, are;

quote: 

Then add the following to /etc/apache2/sites-available/default

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

Good Luck! 

 

From: at: 2008-04-08 04:49:01

Ubuntu has no root password by default for security reasons. By setting one, you are taking a risk. You can use "sudo -i" or "sudo su" without setting a root password to get a root prompt as an administrator.

As well, if you do set the root password and install OpenSSH server, by default, root is permitted to log on, which is a very risky move, especially if the server is accessible from the internet. To disable root logons via ssh, edit /etc/ssh/sshd_config, and change "PermitRootLogins yes" to "PermitRootLogins no". This is normally a non-issue, because root normally does not have a password and therefore cannot log on to the system at all.

From: at: 2008-01-14 19:50:17

I don’t know if this applies to 64 bit systems only.  (I installed ISPConfig successfully on a Xeon 3210 system)
In case of error message: ”Cannot find OpenSSL's <evp.h>" followed by lots of error messages, last error message is "The PHP binary coming with ISPConfig does not work properly on your system!"  you will need to install the ssl-devel package in order to get the missing <evp.h> file.

Use the command:

sudo apt-get install libssl-dev

and reinstall ISPConfig as described in the manual

From: Anonymous at: 2008-09-27 03:01:18

Thanks for giving detailed step by step instructions. I didn't install ISPConfig, but I found the rest of the howto very helpful - informative, detailed and up-to-date.

I actually ran this on a hardy heron installation. apt-get couldn't find php5-ps. When I checked at http://packages.ubuntu.org I found this is available upto gutsy and then also planned for intrepid but not in hardy repos... would this break anything ? (Haven't been facing any thing unexplainable so far)