The Perfect Setup - Fedora Core 4

This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

The Perfect Setup - Fedora Core 4

Version 1.3
Author: Falko Timme
Last edited: 01/03/2006

This is a detailed description about the steps to be taken to setup a Fedora Core 4 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). In addition to that I will show how to use Debian's package manager apt on an rpm-based system because it takes care of package dependencies automagically which can save a lot of trouble.

I will use the following software:

  • Web Server: Apache 2.0.x
  • Mail Server: Postfix (easier to configure than sendmail; has a shorter history of security holes than sendmail)
  • DNS Server: BIND9
  • FTP Server: proftpd
  • POP3/IMAP servers
  • Webalizer for web site statistics

In the end you should have a system that works reliably and is ready for the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Requirements

To install such a system you will need the following:

1 The Base System

Boot from your Fedora Core 4 CD (CD 1) or DVD.

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the Fedora installer appears:

Choose your language next:

Select your keyboard layout:

We want to install a server so we choose Server here:

Now we have to partition our hard disk. You can choose to let the Fedora installer do the partitioning, or you can do it yourself. I want to create a small /boot partition (less than 100 MB) with the file system ext3, a swap partition and a huge / partition (again with ext3):

Now the boot loader GRUB will be installed. You can leave the default settings unchanged and click on Next:

Share this page:

60 Comment(s)

Add comment

Comments

From: at: 2005-07-25 15:54:11

Hi,

Thanks for your advice. However, I tend to disagree with the linux distro you've chosen. Fedora Core, is too bleeding edge for production purpose, at least on servers. I'd suggest using something more "Enterpris class" like Red Hat Enterprise Linux" or SUSE server edition. Don't have money? There are alternatives like RHEL-clones: CentOS, Whitebox Linux, Tao Linux. This article will probably apply more or less to those.


Another wise choice would be Debian. I probably forget other ones...

From: at: 2005-07-25 21:27:48

Browse a little bit on HowtoForge, and you'll find tutorials for Debian, Fedora, Mandrake/Mandriva and SuSE. So whichever distro you prefer, it's likely that you find a howto here. :)

From: at: 2005-08-03 15:59:49

I am a very newbie at FC4 and am running thru this guide.? I like it.

One thing that happened was an error with pop3s? said something about directory not found or something....? I know i really should have written it down - but i was hoping someone know what i mean. :)

From: at: 2005-08-21 13:39:13

Why do I need 777 permission for this folder? It's there another way around?

From: at: 2005-08-28 17:06:28

Did uou ever get a resolution on this item, i'm currently having the same problem?

From: at: 2005-07-26 01:33:03

Why is 'too bleeding edge' bad? Can you cite some examples of people being bit by this?

From: at: 2005-07-26 02:50:15

Regarding bleeding edge programs, not necessarily distributions exactly. Substantical breakage and substantial security issues due to lack of testing and maturity. Incompatibility with scripts, other programs, and certain environments.

Why it's good. More features which aid in better interoperability, add new and exiciting things that just make sense. Testing is the only way to get bad bugs out, bleeding edge is only one of many steps. Someone has to do it. In production environments its usage is questionable, especially when used on big servers serving hundreds or thousands of people.


Why fedora could be bad. Bloat.

From: at: 2005-07-26 17:33:15

If you don't use bleeding edge features, Fedora is not bad than you though. However, you got to admit developers love to try new features which is a natural step. In fact, do you know Wikipedia and SourceForge uses Fedora as server?

From: at: 2005-07-26 19:59:27

Kernel.org also. I believe source forge has a few. Etc etc...

I didn't say Fedora was cutting edge, another person did. Cutting edge isnt bad it's questionable. If you turn it off or recompile older stuff manually, you won't have any problems with the untested nature of bleeding edge. :)

From: at: 2005-08-30 18:04:13

Fedora Core 4 will no longer have updates 2 years from it's release. And seeing as it starts to get adopted about 1 year into it's release that gives you about 1 year of security fixes, and then you have to rebuild your server/environment to FC5.

From: at: 2005-07-26 14:37:46

I know of many ISPs and hosting solutions that use Fedora Core as their image for their Xen virtual machines. It's not "too bleeding edge." You can turn on the bleeding edge featureset of Fedora, but the default install is not very bleeding edge at all.You should try Gentoo with the unstable masks removed if you want bleeding edge.

From: at: 2010-11-24 18:54:04

Sorry, but I disagree.

I have an old server with this Distro/Version, and Fedora is very stable.

Anyway, distro is matter of taste: enjoy it.

Thanks Falko.

Rafael Marangoni

BRLink Servidor Linux Team

From: at: 2005-07-25 23:08:33

The part where you install imap is unclear. The package isnt simply called 'imap'. Dovecot is the only thing found with apt-cache search. This requires additional configuration that you didn't cover. Yum also doesnt have 'imap'

From: at: 2005-07-26 08:52:42

You need to add the line

rpm http://ayo.freshrpms.net fedora/linux/1/i386 core updates freshrpms

into /etc/apt/sources.list, as stated in the tutorial. Then you can install the package imap with apt-get.

You must follow the tutoria line by line, then you won't have problems.

From: at: 2005-07-27 19:48:59

Sorry i have that line (used copy paste) but apt cant still get imap...

couldent find package imap...

can i do it manually some how?

From: at: 2005-07-29 09:21:00

Did you run

apt-get update

after you added the line to /etc/apt/sources.list?

From: at: 2005-07-29 10:40:42

No i did not. that fixed the problem.

Gr8 tutorial Btw.

From: at: 2005-08-02 15:45:30

Hi, I had the same problem... need /1/ not /l/ digit 1 not letter l...

From: at: 2005-08-18 20:28:34

I followed the tutorial. I got tripped up on the imap part - I skipped the earlier part about apt-get (I use yum). But anyway, adding the line to the sources.list doesn't seem to help. Somthing is screwed up. Doesn't FC4 use imap, or is there a way to adapt this tutorial to the dovecot?

# apt-get install imap
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
imap: Depends: libcrypto.so.4
Depends: libssl.so.4
E: Broken packages

From: at: 2005-07-26 02:59:16

Why not just use NTP which will provide nice smooth time updates instead of jumps ??

From: at: 2005-07-31 16:41:44

Sorry but i am a true newbie at linux. When i try to edit etho with this command /etc/sysconfig/network-scripts/ifcfg-eth0? all i get is permission denied. can anyone help me. I am logged in as root. Thanks in advance

From: at: 2005-07-31 20:51:36

Try to chamge the file's permissions:

chmod 644 /etc/sysconfig/network-scripts/ifcfg-eth0

From: at: 2005-08-01 18:22:31

Thanks

had to do the chmod? and then do a vi ifcfg-eth0 to edit the file. was there an easier way?

From: at: 2005-08-05 13:31:41

No matter what is being said in these replies, I DO like this article but it gives a very distinguished straight to the goal direction for a certain task: creating a working hostingserver. Thnx Falko!!

Remark: apt did not work for me, do not know why, but just kept stalling at reading the packages. Used yum instead.

From: at: 2005-08-14 17:28:18

Often times apt will not work because of a firewall.

From: at: 2005-08-06 15:14:42

When I get to the command "quotacheck -avugm" I get a command not found error. I have been through the instructions twice and have followed them exactly each time but it has happened twice. I have installed everything as instructed. Any suggestions?

From: at: 2005-08-06 15:18:33

I got it, had to be logged in as root

From: battery at: 2008-12-18 02:27:09

Why it's good. More features which aid in better interoperability, add new and exiciting things that just make sense. Testing is the only way to get bad bugs out, bleeding edge is only one of many steps. Someone has to do it. In production environments its usage is questionable, especially when used on big servers serving hundreds or thousands of people.

From: at: 2005-08-13 02:48:38

I was struggleing allong until I found this, very easy for follow format as well as being complete. Thank you for this how-to!

From: at: 2005-08-22 15:24:28

This is only perfect for those who are Linux savvy. Way short on detail. Typical of the whole Linux community, "Keep as cryptic and obscure as conceivably possible". How do they ever expect the rest of the world to change over from Winndows.

From: at: 2005-08-22 16:05:25

When I try to save /etc/sysconfig/network-scripts/ifcfg-eth0:0, KEDIT gives me the following error. "Could not save to remote file". Help!!!

From: admin at: 2005-08-22 16:15:51

Try to use another editor, kedit thinks this is a url because it contains ":".

From: at: 2005-08-22 16:40:52

Many thanks.

From: at: 2005-09-24 06:04:15

Here is the way I did it,

cp /etc/syscong/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

then I did this

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

And that was it and changed the DEVICE from eth0 to eth0:0

then IPADDR from 192.168.1.10 to 192.168.1.11

colon-> ESC -> wq!

and done

Hope this helps

From: Alex at: 2009-12-08 03:14:19

Ya, it does help.

I used to use windows, and now since I have to learn php and how to use apache, it turned out kind of unfamiliar, so I need your guys help.

Now I got my own website running on Linux and thanks for the comment.

From: at: 2005-08-22 22:13:45

Many thanks for what seems to have been a pretty straight forward installation . I do have though a couple of daft questions !

  • what are the default login details for the administration panel (http://www.mydomainname.com:81) ? I never got prompted anywhere !
  • can i change the port 81 ?

Regards

From: at: 2005-08-22 22:31:55

goodness am i daft !

admin:admin people !


although should i suggest some mention of it would be great in the howto ?! (saying that it might be there and i am blind!)

thanks Falko

regards

From: at: 2005-09-01 19:32:36

Hey, Love the artical........I am new to linux. Ihave it all set up. However, I am unsure of what ports I need to open! I assume I need ports:

FTP 21

SSH 22

SMTP 25

Apache 80, 443

Name Serv 81

N E way, do I need any other ports open?

Thanks!

From: at: 2005-09-03 06:52:35

but i coudn't install ispconfig because of this error:

checking lex output file root... ./configure: line 2422: lex: command not found

configure: error: cannot find output from lex; giving up

ERROR: Could not configure PHP

What can i do?



From: at: 2005-09-03 07:09:50

The package flex is missing. Install the flex package:

apt-get install flex

Delete the install_ispconfig directory and unpack the installer tar.gz file again, before trying the ispconfig installation again.

From: at: 2005-09-03 07:19:18

That was quick man, i'll try it now, thanks a lot

From: at: 2005-09-16 23:17:20

I do not run my server behind a router and have a static IP. Do I need to make virtual interface for my network interface?

From: admin at: 2005-09-17 20:27:37

No, if you only have one IP, you do not need a virtual network interface.

From: at: 2005-09-26 07:05:12

What's the reason for it though? I don't mean to be thick .....

Thanks in advance

From: Anonymous at: 2005-09-27 02:51:50

First let me say that this is an excellent HOWTO and I really appreciate the effort to help everyone out --Thanks Falko!

I do not have a fixed IP address, furthermore, I have a Linksys gateway router that insists on assigning my server an IP through the DHCP, regardless of how I configure my server. For example, I've tried to set my IP as 192.168.1.100, which my router does not see. Instead, my router assigns my server something like 192.168.1.102, depending on how may clients I have running on the router at the time. This creates all kinds of problems, usally that I cannot access the internet from my server.

Anyone have a solution? This all started with a simple project to upgrade my perfectly running server from PHP4 to PHP5 and Apache 1.3 to 2.0. About 8 days later, I have no hair, bags under my eyes, and I'm about to get fired from my job! I'm afraid without a MS in computer science, Linux is an impossibility! Just me venting fustration ....really though, this is just the first problem I have to solve before I can move on. Thanks!

From: falko at: 2005-09-28 07:42:51

Please post this problem in the forums: http://www.howtoforge.com/forums

From: Anonymous at: 2005-12-09 11:53:27

I have only recently begun using Linux as well, so I understand some of your frustration. This might help for the static IP thing. 1. Go to 'System Settings' and click on the 'Network' icon. 2. When prompted, enter in the root password, if not logged in as root (which they say not to do). You should get a screen that lists your network adapters at this point. 3. Click on the network adapter (usually will have a device name like eth0) and then click on the 'Edit' icon at the top of the window. The first screen that is displayed should have a place for you to change this network interface to use a static rather than dynamic IP. One other note. While following this how to, when adding the virtual interface I had to follow the same process for editing the new interface obviously assigning it a different IP from my eth0 interface. On this virtual interface, I also had to choose the 'Hardware Device' tab at the top and check the box next to 'device Alias number' and then I used the number 0 for my device alias number, which is where the name eth0:0 comes from, I think. I hope this helps. W. Melvin

From: Anonymous at: 2005-10-01 01:36:33

What directory do I need to be in for this symlink:

ln -s ../../ chroot

Thanks for the killer article!

From: Anonymous at: 2005-10-01 22:35:59

I don't know how many times I read it - and did not see it. It is in there.

Thank you!

From: Anonymous at: 2005-10-03 22:00:30

I'm thinking maybe that PostFix is configured wrong, but I'm not sure how to debug. Some of my webpages make use of the mail() function. Which has worked on other hosts...but under my ISPConfig host (which is being hosted and setup using the Perfect Setup for FC4), I get the follow in root's mail:

----- The following addresses had permanent fatal errors -----
[email protected]
(reason: 550 <[email protected]>: Recipient address rejected: User unknown in local recipient table)
(expanded from: [email protected])

----- Transcript of session follows -----
... while talking to [127.0.0.1]:
>>> DATA
<<< 550 <[email protected]>: Recipient address rejected: User unknown in local recipient table
550 5.1.1 [email protected].. User unknown
<<< 554 Error: no valid recipients

I double checked /etc/alternatives and found that mta --> /usr/sbin/sendmail.sendmail

changed to mta --> /usr/sbin/sendmail.postfix

and my error message (in roots mail) changed to:

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

The Postfix program

<[email protected]>: unknown user: "dave"

so I double-checked /etc/postfix/local-host-names and found:

localhost
....etc...
network.net
## MAKE MANUAL ENTRIES BELOW.....

but my setup in ISPConfig for that site shows that I'm using an external mailserver (and how would the mail() from PHP care about that?!)...and I have the MX record setup in DNS to point to the 'real' mail server. I know DNS is setup properly, as mail to this address/site from any other client works/goes through...just can't use the mail() function properly?!

Any help, always appreciated - as I have a bruised forehead from banging!?

-dave-

From: admin at: 2005-10-04 08:08:13

Can you post this in the forums, please? This problem is too complex to be handled in the comments section.

From: Anonymous at: 2005-11-02 22:58:12

Just a quick answer: The problem is not with your MTA (Postfix) or any other steps outlined in this HowTo but most probably with FC4's implementation of SELinux which disallows your webserver (Apache?) to use the Postfix sendmail binary (for security reasons). This is a common problem with PHP's mail() function, Apache and SELinux. Perhaps this could help: http://fedora.redhat.com/docs/selinux-apache-fc3/

From: Anonymous at: 2005-10-12 19:00:07

Someone is submited problem
Submitted by Anonymous on Sat, 2005-08-06 17:14.
When I get to the command "quotacheck -avugm" I get a command not found error. I have been through the instructions twice and have followed them exactly each time but it has happened twice. I have installed everything as instructed. Any suggestions?
And hi REPLAY
Submitted by Anonymous on Sat, 2005-08-06 17:18.
I got it, had to be logged in as root
BUT I HAVE that problem and it is not logged problem
And Second problem is in
"E: coulden't find package imap..."
But I runed
apt-get update
End got
E:Some index files failed to download, they have been ignored, or old ones used instead.
What is going on here :))

From: admin at: 2005-10-13 07:58:24

About your imap problem: I've just added a short explanation on http://howtoforge.com/perfect_setup_fedora_core_4_p3, just below the part where I describe which repositories should be used in /etc/apt/sources.list. Read this closely, and you'll understand your problem.

From: Anonymous at: 2005-12-21 18:28:12

Why do you suggest to create a virtual NIC eth0:0 when eth0 already exists? What is the purpose of this extra NIC?

From: Anonymous at: 2006-01-09 05:17:06

Most companies who sell Fully-Qualified Domain Names will require the subscriber to have at least two public IP addresses, which are assigned by an ISP, for a Primary and Secondary Domain Name System. Ideally, these would be on (at least) two seperate computers with two seperate accounts with seperate power supplies to decrease the chance of the domain name being down entirely.

Most DIY'ers don't have two computers to do this with, or two different ISP accounts. Since both IP addresses (primary and secondary) will be coming into the same cable into the same NIC, then the computer has to be told to listen for both IP addresses on the same NIC (ie. MAC address), thus a virtual NIC.

If you have two different ISP accounts coming into two different NIC's, then this is not needed, you would assign the NICs as normal (eth0 and eth1, for example).

From: Anonymous at: 2006-01-06 09:36:14

Getting named to work was giving me bloody hell. Whenever I tried to start the service, it would fail. I went through the log and got a:

  • could not configure root hints from '/etc/db.cache': file not found

error message. Since I had no idea what chroot was doing nor what a 'prison' is, this error was making no sense to me. /etc/db.cache is a file and it exists! I'm sure of it.

Finally, I discovered that we are setting up named to run in a 'prison', which means it thinks the directory /var/named/chroot/etc/ is the root top directory. I got the problem fixed by copying db.cache to the prison, like so:

  • cp -f /etc/db.cache /var/named/chroot/etc/
If only I knew what was going on I could have saved an hour of my life :(

From: Anonymous at: 2006-01-19 10:11:18

It is applicable to i386 (Intel) architecture, not the other way around (not ppc (Mac), not x86_64 (AMD) either).

From: hootoo at: 2009-07-06 05:46:23

Thanks for tharing this.

From: china phone at: 2010-11-26 08:37:06

do not have a fixed IP address, furthermore, I have a Linksys gateway router that insists on assigning my server an IP through the DHCP, regardless of how I configure my server. For example, I've tried to set my IP as 192.168.1.100, which my router does not see. Instead, my router assigns my server something like 192.168.1.102, depending on how may clients I have running on the router at the time. This creates all kinds of problems, usally that I cannot access the internet from my server.