The Perfect Setup - Mandrake/Mandriva 10.2 - Page 5

MySQL (4.1)

apt-get install MySQL MySQL-client libmysql14-devel

/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap

It should show a line like this:

tcp        0      0 *:mysql                 *:*                     LISTEN      6621/mysqld

If it does not, edit /etc/sysconfig/mysqld and remove --skip-networking from the Variable MYSQLD_OPTIONS:

# (oe) Remove --skip-networking to enable network access from
# non local clients. Access from localhost will still work.
MYSQLD_OPTIONS=""

# (oe) set TMPDIR and TMP environment variables
TMPDIR="${datadir}/.tmp"
TMP="${TMPDIR}"

and restart your MySQL server:

/etc/init.d/mysqld restart

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

Postfix With SMTP-AUTH And TLS

apt-get install cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-plain libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-login postfix imap

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mydomain = example.com'
postconf -e 'myhostname = server1.$mydomain'
postconf -e 'mydestination = /etc/postfix/local-host-names, localhost.example.com'

Edit /etc/postfix/sasl/smtpd.conf. It should look like this:

# SASL library configuration file for postfix
# all parameters are documented into:
# /usr/share/doc/cyrus-sasl-2.*/options.html

# The mech_list parameters list the sasl mechanisms to use,
# default being all mechs found.
mech_list: plain login

# To authenticate using the separate saslauthd daemon, (e.g. for
# system or ldap users). Also see /etc/sysconfig/saslauthd.
pwcheck_method: saslauthd
saslauthd_path: /var/lib/sasl2/mux

# To authenticate against users stored in sasldb.
#pwcheck_method: auxprop
#auxprop_plugin: sasldb
#sasldb_path: /var/lib/sasl2/sasldb2

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

Now start Postfix, saslauthd, imap and pop3:

chkconfig imap on
chkconfig imaps on
chkconfig ipop3 on
chkconfig pop3s on
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
/etc/init.d/xinetd restart

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system's shell.

Apache With PHP

apt-get install apache2-mod_php php-cli php-ini php-gd php-xml php-ldap php-xmlrpc php-domxml php-imap php-mysql php-pear php-readline php-xslt php432-devel curl libcurl3-devel perl-libwww-perl ImageMagick

Now edit /etc/httpd/conf.d/70_mod_php.conf and comment out the AddType lines:

<IfDefine HAVE_PHP4>
<IfModule !mod_php4.c>
LoadModule php4_module extramodules/mod_php4.so
</IfModule>
</IfDefine>

<IfModule mod_php4.c>
PHPINIDir /etc
</IfModule>

<IfModule mod_mime.c>
#AddType application/x-httpd-php .php
#AddType application/x-httpd-php .php3
#AddType application/x-httpd-php .php4
#AddType application/x-httpd-php .phtml
#AddType application/x-httpd-php-source .phps
</IfModule>

Edit /etc/httpd/conf/apache-mime.types and comment oout the following lines:

#application/x-perl             perl pl
#application/x-php php php3 php4

Edit /etc/httpd/conf/httpd2.conf and add the following line to the LoadModule section:

LoadModule php4_module    extramodules/mod_php4.so

(Although this line is already in /etc/httpd/conf.d/70_mod_php.conf this is very important because otherwise the command httpd -t will report errors instead of Syntax OK when the virtual hosts created by ISPConfig contain lines like php_admin_flag safe_mode On or the like!)

Restart Apache:

/etc/init.d/httpd restart

Share this page:

37 Comment(s)

Add comment

Comments

From: at: 2005-08-03 11:06:50

Thanks a lot for this tutorial, I'll give things a go as soon as I can find the time.

Meanwhile, why did you not use urpmi instead of getting apt? It's integrated in any Mandrake/Mandriva system, and dead easy to set up.

See http://easyurpmi.zarb.org for more info and setup configuration, including selection of ftp servers.

Oh, and normally on Mandrake/Mandriva things are set up to use:

service [servicename] start/stop/restart

so you don't have to type the full path...

Anyway, thanks again for this great article,

Rob

www.mandrake.tips.4.free.fr

From: at: 2005-08-16 18:15:44

If you want the newest packages, apt is always fastest. Urpmi is very slow at getting the the packages into its system. I find that a bit annoying, but otherwise its very handy.

From: at: 2005-08-17 11:41:05

You obviously dont know how they work, they 'newness' of the package depends upon the repository, not the toool which you use to download.

From: at: 2005-08-17 19:50:12

newness means nothing

From: at: 2005-08-23 06:10:16

Shock - Next will be a pinball game !!!

From: at: 2005-08-23 06:20:14

It says Not Configured in Red !

From: at: 2005-09-03 18:07:24

Even if you install the GUI you still have the choice of using it or not after the fact. Mandriva linux actually has some very nice GUI admin tools that let you get the job done very quickly. You can keep the GUI shut down when you are not using it. A nice feature of Mandriva's GUI is it objects fiercely if you try to log in as root, although if you persists it will log root in.

From: Anonymous at: 2005-09-27 05:25:05

Wether you use apt or urpmi you are getting the same Mandrake packages from the same repositories. I think you're confusing apt (the tool that gets packages from the repository) with the repository itself. Some distros will have more up to date repositories, some, like Mandrake with its 6 monthly release cycle, only update their packages to new versions every release (they backport security fixes).

Saying that apt gets newer packages than urpmi shows that you are using another distro besides Mandrake and confusing that with apt.

From: at: 2005-08-09 00:49:12

Why did you even use Mandrake if you were going to do everything with apt? I have been a VERY happy urpmi user for several years now and I NEVER have dependency problems.

URPMI *resolves* the problems inheirent to using a rpm based distro. It works PERFECTLY. The only time you have problems with it is when you go your own way installing 3rd party rpm's for no reason.

Whether intentional or not; this article contained a lot of anti-mandriva FUD.

From: at: 2005-08-10 20:52:14

Do you guys not see the that 70 percent of the All Time Popular Content articles are different variations of the this same article? Obviously the author wanted to help as many people as possible so he copied most of the unimportant content and added the distro specific pictures. If you don't like apt, then don't use it. It's not anything against any package manager, but a clear bias towards apt. Don't get so defensive about the authors preferences.

By the way, I'm sure the author doesn't use Mandriva so don't get into such a huff about using apt. He likes apt. I'll give you one guess what distro he chooses! Get a thicker skin kids!

From: at: 2005-09-03 18:12:01

The problem is he is misleading people on he correct process for installation. If somebody is going to give incorrect advice they should not give it at all. All of this jokers articles should be treated as unrealiable and pulled.

From: Anonymous at: 2005-10-28 02:08:35

That was a well written article and a big effort on the authors part to post it up. I completely agree with you. Guys please learn to give credit for the effort of the author.

Having said that, I also think it is absolutely imperative that you guys come up with suggestions/recommendations etc, but look at other aspects of it as well, forget apt.

From: at: 2005-08-09 00:58:03

Any newbies that google into this article in the future - be warned that installing apt is VERY non-standard and will completely screw you over in the future. It is like going out of your way to have a chevy engine installed into a ford car - you will have no documentation for this setup.

The Author obviously has some sort of axe to grind over rpm. He basically added about 6 extra steps (at least) to provide himself with a COMPLETELY unsupported system install. BAD IDEA!!!!

zilla1126

From: at: 2005-08-09 09:56:10

apt is just a front-end for using the standard Mandrake rpm packages. It uses the same repositories as urpmi does so you won't have any problems at all. You won't screw up your system by using apt!

From: at: 2005-08-09 06:19:25

It's a pity but your article, despite your work to present it right, lucks a lot of credit for it seems you don't even know the usage of urpmi. Sagittarius.

From: at: 2005-08-09 07:55:08

From several years of Linux usage I know that at some time you will always have problems with rpm, and be it only that you want to update a machine that's only 2 years old, even with urpmi. Never had any problems with apt...

From: at: 2005-08-09 08:41:50

I am updating my home PC on a daily based with urpmi (it runs "cooker", so on average, around 20 updates or upgrades a day).

I am updating my laptop on which I work (Mandriva 10.2) around once a week for security updates and my parents' PC (Mandriva 10.2) once a month.


On my parents' PC, I initially installed Mandrake 10.0. Since then, I am doing the upgrade when a new version becomes available with

=> urpmi.removemedia -a

=> easy urpmi for urpmi.addmedia

=> urpmi --auto-select

And never had any problem with urpmi.

I think that you need to have a badly messed up system to have problems with urpmi. I haven't burned a Mandrake/Mandriva CD since 10.0, every install/upgrade I do since then is done via urpmi from the ftp servers.

Tom

From: at: 2005-08-09 17:44:29

I've been using Mandrake/Mandriva since it's inception at v4.3. urpmi has been the best damned tool for resolving rpm dependencies I've ever worked with. I've experimented with Redhat, Suse, and Debian, and come back to Mandrake/Mandriva every time. I've never had urpmi fail like the author claims. In this instance, it may come down to personal choice, and the author, having a Debian background, simply likes apt over urpmi. Personally, I can't see installing something else when the appropriate tool is already in place.

From: at: 2005-09-01 13:57:03

Actually Mandrake started with version 5.1, it was based on RH 5.0 with kde as default and compiled for a pentium processor. I started with 5.3 (based on RH 5.2) and thought it was the first, but the history on the website showed me that the first was indeed 5.1.

From: at: 2005-08-09 11:37:46

an ISP would have all accounts in mysql, have postfix use mysql, proftpd/pureftpd use mysql, all users virtual, drop saslauthd (is deprecated) and use sasl2 only which knows sql/mysql/postgresql, hmm what else... Ah, use VirtualDocumentRoot/VirtualScriptAlias for apache.

... ah database driven dns server like powerdns/mydns and others that i can't remember now. That's the start for and ISP setup.

My impresion is that your article is good, just that it starts people in a bit of a wrong direction.

From: at: 2005-08-09 12:02:45

I dont think that small ISP's want to have all services in a database. If the database fails, alls services fail. A database driven setup might be good if you have a large server farm, database replication etc. but not for a small ISP.

From: at: 2005-08-10 09:29:08

My initial reply died because of problems with the weird comment editor in firefox ... and in the mean time it seems many have noted the urpmi vs apt issue.

However, I would note that apt in Mandriva is still subject to the limiations of rpm, and uses the same media information (hdlists) as urpmi, so I fail to see the value of claims that "you will always have problems with rpm ... Never had any problems with apt...".

Anyway, the other comments I wanted to make were:

  1. You should use a higher security level on a production server, as msec will lock the server down so that the server is more difficult to compromise/abuse if a service (running as non-root) is exploited. For example, only users in the ctools group will be allowed to use compilers, only users in the wheel group will be able to use su, only users in the ntools group will be able to use network tools such as ping, nmap etc (and many other features).
  2. Disk quotas can be setup during partitioning, however you may have to click "Toggle to expert mode". You shuld have considered the partitioning strategy a bit better, I would have partitioned so that users had no write access to any partition that holds binaries (ie seperate /home, /var/tmp and /tmp).
  3. You could add a contrib medium during installation, which would allow you to install *all* the packages you wanted during installation.
  4. Unselecting all package categories would allow you to have a more minimal install, but you would then probably want to check "Individual package selection".
  5. If you checked "Automatic time synchronisation", you wouldn't have had to install outdated software (rdate) and set it up manually to run via cron, instead you would be using ntpd to continually keep the clock correct.
  6. If you had setup a contrib medium, you would have been able to install all the other software you installed via urpmi, with 'urpmi webalizer "perl(HTML::Parser)" "perl(Digest::SHA1)"
  7. Regarding choices of software/virtual users etc, I would point out that LDAP could be used for everything, including postfix virtual users, proftpd virtual users, BIND (which Mandriva ships with sdb_ldap) with zone information in LDAP ... but I guess ispconfig may not support all of these features.

From: at: 2005-08-16 23:19:26

there is no need to use apt-get in Mandrake 10.2 or any other Mandrake Edition , since urpmi, rpmDrake and Mandrake Update take care of all dependencies for correct instalation. General speeking those who want to use apt-get are the ones who use debian once.

From: at: 2005-08-23 01:55:44

Its an interesting build but not very secure. I also think that when a certain distro defaults to a certain package handler it would make sense to use the distro's default. Debian uses apt. Mandy uses urpmi. Not too big of a deal but it could be. Also not too much security was discussed. An apache server that's not secured properly will be someone else's in a matter of minutes. MySQL should be secured also. I've built many web and email servers and I think I have a pretty secure web server build How-To on my sight. The email server is on the way. You may want to check them out and incorporate some of the security measures. They are just best practices for securing a given app. Check it out at http://www.linuxloader.com

PDR60

From: at: 2005-09-13 00:43:19

I'm sorry, but your partitioning scheme is not one that should be installed on a server. Along with the base security level, this is bad news for all concerned. Security level should be set to higher at a minimum, and you should have at minimum the following partitions:

/
/etc
/var
/home
/var/www
/swap


Your article isn't bad, but could use some thought before anyone uses it on a production server.

From: at: 2005-09-19 18:32:45

even thats too lite.

/

/boot

/etc

/home

/usr

/var/www

/var/mysql

/var/ftp


All services should be in a chroot env. Var and home should be on seperate disks. (that way you can swap out os while leaving data intact).

From: Anonymous at: 2005-10-14 00:56:13

I get tired of reading about how it's a good idea to setup your hard drive partitions in in a myriad of different ways. Everyone seems to have an opinion on the matter. What's even worse, depending on who you talk to, everyone has a different idea on the swap partition. In these days of cheap arrays and redundant hard drives, I don't see a reason to be creating all those partitions. You lose a hard drive, you plug another one back in. That way, you don't have to worry about leaving enough room for the /usr partition, or the /var partition and then a couple of years down the road finding out that you really didn't make the partition big enough and now you are screwed. A lot of these ideas are driven by old school hard core linux people, who besides their inability to communicate effectively with other non-linux people will never admit that their ways are flawed. I've been messing with linux for a little over a year, and getting help from linux "experts" is almost like pulling teeth. I really like it when I get comments like "RTFM newbie!" . A lot of the documentation is vague if not downright cryptic. It's getting better though, and those days are coming to an end. If linux is going to survive, these old ideas and the old linux people need to wake up and get with the program!

From: Anonymous at: 2005-12-28 16:24:59

Could not have said it better!

From: at: 2005-09-23 04:08:51

Hello everyone,

? ? ? ? ? ? ? ? ? I applaud the effort however this setup should be called a perfect setup for HSP (Hosting Service Provider), An ISP/WISP Provides Dialup, Broadband, Wireless Broadband, hosting, email and such services. And several other packages should be added to this setup one being a billing system (Such as FreeSide) that would allow said ISP/WISP to collect monies on services provided. Also you would need a CRM system such as Request Tracker to track customer care and troubleshooting info. Then there is the ever present Authorization, Accounting,? and Authentication part of being an ISP/WISP that? needs to be addressed, that would be? a Radius Server (such as FreeRadius), How are you going to authenticate a user on your network without that (ldap is not the proper AAA Radius you want)? So not to be a pain but your document although a little light on security is a good start for a beginner, But for the serious ISP/WISP there is a whole lot more to think about.? I am in the process of addressing this problem with my own distro and step by step documentation on how to setup an ISP/WISP. There is just not enuf info on how to set this up. Also for you guys who are thinking about it Start with atleast 2 servers and seperate the services offered.

Server 1 - Web, Email, Webmail,? Primary DNS and Radius <- Frontend Server

Server 2 - Database, CRM, Billing system and Secondary DNS <- Backend Server

This is not how mine is but it should be.

I know, I am an owner of an ISP/WISP

Michael A Cooper

BCCISP.net

From: Anonymous at: 2010-08-18 21:41:02

Hi Michael

 I note that you said you were in the "process of addressing this problem with my own distro and step by step documentation on how to setup an ISP/WISP" how far have you gone. This is something I would like to venture into given enough time and resource to learn.

Would be greatful if you have any material to share.

 

Regards Tim

From: Anonymous at: 2005-09-27 05:17:08

While there's nothing wrong with apt its completely unnecessary to use it on Mandrake/Mandriva as it already has urpmi/RPMDrake, which is just as good as apt. Also all the repositories for Mandrake/Mandriva are made for urpmi as well. To anyone reading this I'd suggest skipping the bit about installing apt and instead head over to http://easyurpmi.zarb.org (or google for 'easyurpmi if that's down) and setup the software repositories. You can then use the urpmi command or the Mandrake Control Centre GUI to install whatever you want.

Other than that its a really good article, I just find it a bit strange that the author spent all this time doing these things on Mandriva but never learnt to use its software installation system.

From: falko at: 2005-09-28 07:47:38

I don't know why you all have problems with me using apt? In the end it doesn't matter at all if you use apt or urpmi, it's just a matter of what you prefer personally. No reason to start a religious war...

From: Anonymous at: 2006-02-19 00:47:31

The difference between apt and urpmi on Mandrake is that urpmi is tested for Mandrake. You shouldn't install apt because you don't need to install apt. All it does is complicate the setup process. For anybody who is interested in using Mandrake/Mandriva, I would suggest reading the other howto, http://www.howtoforge.com/perfect_setup_mandriva_2006. Even if you are installing 10.2, there are very few differences between that and 2006, and that howto actually does things in a way that won't break Mandrake.

From: Anonymous at: 2005-10-29 20:34:45

It seems that in most of these ISP Server Setup howtos from here are all the same basically, and apt-get does not work well on any of them, always missing packages, tried diff servers and the same thing

From: Anonymous at: 2005-10-29 20:54:42

I followed the howto line by line to setup my webserver and it worked fine for me. Later I got an error installing ispconfig, but the guys in the forum helped me. Have you tried posting your problems there?

From: Anonymous at: 2006-01-16 01:59:53

The postfix test with

telnet localhost 25

does not seems to work because the file

/etc/postfix/local-host-names

does not exist... Just do a

touch /etc/postfix/local-host-names

to create an empty file en restart the postfix process with

/etc/init.d/postfix restart

and everything should be working now...

Just a remark, I've done the package installation with urpmi, and not with apt-get...

From: Anonymous at: 2005-12-13 07:33:14

guys,

you will need to install the xorg library. if not then the installation will stop at

make: *** [xdeview] Error 2
ERROR: Could not make UUDeview

use the command below

apt-get install libxorg-x11-devel