The Perfect Setup - Ubuntu 6.06 LTS Server (Dapper Drake)

Version 1.1
Author: Falko Timme
Last edited 12/01/2006

This is a detailed description about how to set up a Ubuntu 6.06 LTS (Dapper Drake) based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.).

I will use the following software:

  • Web Server: Apache 2.0
  • Database Server: MySQL 5.0
  • Mail Server: Postfix
  • DNS Server: BIND9
  • FTP Server: proftpd
  • POP3/IMAP: I will use Maildir format and therefore install Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

My system's IP address in this tutorial is 192.168.0.100, and my hostname is server1.example.com.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Requirements

To install such a system you will need the following:

2 The Base System

Insert your Ubuntu install CD into your system and boot from it. Select Install to the hard disk - I did not try Install a LAMP server because I like to have full control over what gets installed to my system:

The installation starts, and first you have to choose your language:

Then select your location:

Choose a keyboard layout:

The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Enter the hostname. In this example, my system is called server1.example.com, so I enter server1:

Now you have to partition your hard disk. I will create one big partition (with the mount point /) and a little swap partition so I select Erase entire disk:

Share this page:

64 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-06-05 17:55:14
From: at: 2007-10-18 19:54:21

I'm not sure how the PHP to MSSQL even got introduced into this thread but the link listed is gone and I'm unable to track it down with a google search. If anyone needs this functionality and got to this page seaching then take a look at this: http://www.howtoforge.com/php5_mssql_debian_etch_free_tds_unix_odbc

From: Anonymous at: 2006-07-03 05:51:39

Interestingly, I have an older machine that I was intending to put a LAMP server of for my own education.  The server CD does not boot up to the menu shown in the first screen capture of this article so there is no option to do a turn-key LAMP installation on this older machine.

This article, therefore, comes in quite handy to allow me to carry on with a LAMP server installation without that turn-key option.

Thanks for the detailed instructions. 

From: Anonymous at: 2006-07-31 19:40:56

The screen does not appear on my new laptop either.

So this tutorial is the way to go ...

From: Anonymous at: 2006-07-16 08:15:02

I have written a basic yet hopefully helpful tutorial on how to setup the LAMP configuration for Linux beginners. It includes resources on setting up Apache2, MySQl5,PhP5 and FTP as well as WebMin in an informal semi how-to. http://www.cjfay.com/lamp.html.

From: Anonymous at: 2006-08-27 09:54:07

I think you downloaded the Live-CD. I had that to!

From: rawoo at: 2006-09-12 00:58:49

Hi,

I've edited /etc/host as instructed in this how-to. The command hostname -f shows the complete domain name, but hostname itself does not; just shows the hostname. Rebooting the system does not make a difference. Is there some other file that must be modified

Example

hostname yields ---> server1

hostname -f yields ---> server1.example.com

 

Any ideas?

 

Thanks,

Richard

From: at: 2007-11-27 21:19:57
From: admin at: 2007-02-23 12:46:41
From: at: 2007-02-23 06:56:24

I can not find the root password for VMware image anywhere. Could you please tell, what it is? 

From: Anonymous at: 2010-09-23 15:43:27

thanks by the information, was of exelent help, there are another site with a very easy way to install tomcat and web mail in unix, solaris and ubuntu  check --> http://unixymas.blogspot.com/  is exelente for built with a few resources a server mail.

see you later

From: Anonymous at: 2006-06-13 02:09:15

On Step 5: i.e. Configure The Network

I wasn't able to connect with Putty after completing steps 5 thru 6. So I restarted still no change.

I then remembered that I had to add the "dns-namserver XX.XXX.XX.XX XXX.XX.XXX.XX. to the /etc/network/interfaces when it came to Ubuntu BrezzyBadger 5.10 perfect "ISP-Server Setup - Ubuntu 5.10 "Breezy Badger"" (the sister to this guide; but for Brezzy) yesterday. At the bottom of the info you add your DNS servers addresses. Replace the XXX's for whatever it or they are.

Like this:

from:

address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
To:
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
dns-nameserver XX.XXX.XXX.XXX XXX.XX.XX.XX
It worked for the BrezzyInstall & now it's working for the DrapperDrake ISP Server Setup.

You may not need to do this but I did. I take no responsibility for this addition for I don't know if it affects other parts of the installation or creates a security hole. Maybe somebody would know if this is a Comp-Sec issue or not.... I'd be interested in finding out....

I added the dns-nameserver entries because it did get me quickly to a desktop enviroment (thru Putty) so I did'nt have to re-type all the remaining steps out by hand. I already did that 3 days ago & the digits still aren't the same- but typing it out longhand is great (IMHO) for developing my muscle memory when it comes to getting the commands typed quickly & the commands & paths into your long-term brain area....

peace Michael Scott

From: Anonymous at: 2006-06-13 12:10:02

You don't need to enable the root account. You can stay logged at root using :

sudo -s

From: Anonymous at: 2006-07-12 21:26:07

Until I did this to the /etc/hostname file, I kept receiving permission errors when setting up the mysql root passwords following the instructions on the next page. Thanks for posting this tip!

From: rainer at: 2006-10-22 08:02:55

yeah! that was it ;)

after i edited /etc/hostname everything worked fine on mysql setup and further ISPConfig setup

vi /etc/hostname

instead of:

server1

there should be:

server1.example.com

From: Anonymous at: 2006-06-24 18:51:08

Great tutorial!!! Love it. Thanks

From: Anonymous at: 2006-06-24 21:32:38

On the steps to configure hostname, it does not work to only do the steps listed.

 

I found that I had to edit /etc/hostname

 

From: Anonymous at: 2006-07-20 17:40:56

We found it necessary to also manually setup our DNS server when not using DHCP. This was done by creating a file:
/etc/resolv.conf

The file should look something like this:

search domain.tld
nameserver xxx.xxx.xxx.xxx

From: Anonymous at: 2006-08-27 07:30:48

It is mutch easyer if you shutdown DHCP then you can configure it in the installation.

From: at: 2007-08-06 20:34:34

    I've gotten to this point with very little trouble.  Very clear and concise instructions.  I look forward to going through many more. 

Again...  Thank you  

From: at: 2007-08-23 20:18:26

In Part 5, "Configure the network", the author of this very useful guide forgets to mention something:

Then restart your network:

/etc/init.d/networking restart

 

What he doesn't mention is:

You're not supposed to type that '/etc/init.d/networking restart' in vi          The '/' that takes you to the bottom of the screen is the start of the search function in vi.

First save your work (press <esc>, press the colon and type wq followed by <enter>) and at the command line type the command.


It's true, because I was stuck until I emailed the Ubuntu Forum, and Wim Sturkenboom kindly explained me what I was doing wrong.

Hopefully you'll find this useful, too.  (Thank you, Wim!) 

From: at: 2007-10-15 22:25:58

apt-get install g++ gcc make autoconf libtool flex bison libpam0g-dev openssl libcrypto++-dev libssl0.9.7 libssl-dev ssh devscripts sbuild checkinstall

cd /usr/src
wget http://chrootssh.sourceforge.net/download/openssh-4.5p1-chroot.tar.bz2
bunzip2 openssh-4.5p1-chroot.tar.bz2
tar xvf openssh-4.5p1-chroot.tar
cd openssh-4.5p1-chroot
./configure --exec-prefix=/usr --sysconfdir=/etc/ssh --with-pam
make

make install

mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5

 Run this script

APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done


cp /lib/ld-linux.so.2 /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/

echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd

grep /etc/group -e "^root" -e "^users" > etc/group

/etc/init.d/ssh restart

 

From: Anonymous at: 2006-06-19 17:49:29

The libmysqlclient12-dev should be rather libmysqlclient15-dev

From: Anonymous at: 2006-07-25 03:35:09

libmysqlclient12-dev is now libmysqlclient15-dev

From: Anonymous at: 2006-08-11 02:25:29

No matter how closely these directions are followed, I've been unable to keep mysql happy. After performing the line:

mysqladmin -u server1.example.com -u root password yourrootsqlpassword

After doing that I always get the error:

mysqladmin: connect to server at 'localhost' failed

error: 'Access denied for user 'root'@'localhost' (using password: NO)'

I'm thinking a step or two might not have made it into this write up.

From: admin at: 2006-08-14 12:25:12

The Howto is complete.

 Replace "server1.example.com" in the command with the hostanme you entered during setup.

From: rainer at: 2006-10-22 07:59:56

its not enough to edit /etc/hosts as described before

you also have to edit /etc/hostanme 

vi /etc/hostname

instead of:

server1

there should be:

server1.example.com

From: Anonymous at: 2006-08-14 18:48:51

"mysqladmin -u server1.example.com -u root password yourrootsqlpassword"

try to change the first "-u" (user) for a "-h" (host)! :p

 

From: n3m3s1s4u at: 2006-10-14 17:07:22

Start up BIND, and check /var/log/syslog for errors: Well the only thing that was picked up on my end was a reference to /var/cache/bind (file or directory not found) but otherwise everything has gone through fine do i need to worry about this?

From: antoinel12 at: 2006-10-24 05:19:16

I'm unable to execute this command:

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

I use a dyndns dommain name... It tell me that their is no response. Is it a port that I should open on my routher or something else? 

From: at: 2007-02-22 20:33:17

http://www.howtoforge.com/perfect_setup_fedora_core_5_p4

Submitted by Anonymous on Fri, 2006-05-26 02:18.
mysqladmin -h server1.example.com -u root -p password yourrootsqlpassword

Newbie (me) struggled with that one for a short while.

From: at: 2006-11-26 01:02:06

One thing seems to have changed or has been left out: I noticed during ISPConfig installation, that during php compilation it requires g++ to be installed. So maybe add g++ or even build-essentials to the big list of packets that are installed at the top.


Btw, this is really great howto, thank you for your time to write this excellent guide.

From: admin at: 2006-11-26 15:28:30

It wasn't left out. At the time the tutorial was written ISPConfig didn't need g++. This has changed with the newest ISPConfig version (2.2.8) which was released a few days ago.

From: Anonymous at: 2006-07-02 02:05:24

 So here is the error I ran across doing step 11:

 Reading package lists... Done
Building dependency tree... Done
Package postfix-tls is a virtual package provided by:
  postfix 2.2.10-1ubuntu0.1
You should explicitly select one to install.
E: Package postfix-tls has no installation candidate

I found this fix/explanation over at another how to: Postfix 2.2.x includes TLS support and you don't need postifix-tls package....

 I removed: apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail 2 apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail

I found the above info over at http://www.howtoforge.com/perfect_setup_debian_sarge?from=40&comments_per_page=10
 in the comments; page 5...

hope this helps ppl ;-) peace Michael Scott

From: apapadop at: 2006-09-01 12:07:56

In the step

"Afterwards we create the certificates for TLS" the command:

 

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

 

returns the prompt:

Enter pass phrase for smtpd.key:

It isn't obvious for the non-versed what one should do. Should this be a passwordless certificate or not?

The same holds true for the next command also. It requires user input that is not mentioned.

From: at: 2007-03-12 15:02:44

For the CSRs ("certificate signing requests), it's irrelevant whether they have passwords or not; they are removed anyway. (They are intended for those cases where the certificate holder and the certificate signer must communicate over an insecure channel; for self-signed certificates, this is unnecessary.) For the certificates themselves, we have those that are used by software and those that are used by yourself. Software certificates (server certificates in particular) need to access the certificates to start, and since restarts should happen automatically, the certificates must not be secured with a pass phrase. Manual certificates (e.g. the CA certificate used for self signing, if you don't run a trust center) will only be used when running some command in an interactive shell, so it's OK if they have a pass phrase. I agree with apapadop that the right answers to the inputs should be mentioned somewhere. I also think that it's wasteful to have a separate self-signing certificate authority and server key for each of postfix TLS, Apache HTTPS, and other SSL service that the server may offer. It's easier if there is a single certificate for the machine itself, which could be stored e.g. in /etc/ssl/server.

From: at: 2007-02-05 19:46:55

If you have trouble with telnet not connecting read here :

http://www.postfix.org/faq.html#noalias

: )


 

From: at: 2007-02-25 14:15:15

postconf -e 'myhostname = server1.example.com'

changed to:

postconf -e 'myhostname = mail.example.com'

 looked better on dnsreport.com

From: at: 2007-03-12 15:10:20

At least in Debian-based distros (like Ubuntu), changes for service foo should go into /etc/default/foo, not directly to /etc/init.d/foo. In this case, the PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid" option should go to /etc/default/saslauthd, where it will override the PIDFILE setting from /etc/init.d/saslauthd. Background: /etc/default/saslauthd is a "conffile"; changes in it won't be touched by updates. /etc/init.d/saslauthd is not a conffile and may be overwritten by the next update.

From: Anonymous at: 2006-06-12 18:13:31

13.1 Disable PHP Globally

I didn't disable PHP globally and ISPConfig ver. 2.2.3 commented out this line.

... btw. great work, thanx for this HOWTO

Tazi

From: Anonymous at: 2006-08-03 05:57:21

The link to http://proftpd.linux.co.uk/localsite/Userguide/linked/userguide.html no longer works

 I think http://www.proftpd.org/localsite/Userguide/linked/userguide.html is the same page.

From: pavlom at: 2006-10-09 08:41:37

Following this howto I found that the login to the ftp server was very slow. I fixed it addind the following line to /etc/proftpd.conf:

IdentLookups off

 

I hope this will be useful to you all.

From: at: 2007-01-16 23:12:01

I found that when i suued the command

 apt-get install proftpd proftpd-common ucf

there was a conflict between proftpd and proftpd-common and it would not install.  I omitted proftpd-common and just installed proftpd and ucf.  I also noticed that it gets installed to

 /etc/proftpd/ so the next step to edit the conf file should be

vi /etc/proftpd/proftpd.conf

Great Work.  as 6.06 is deemed LTS I plan on sticking with this setup.

WaveQam 

 

From: at: 2007-06-25 14:09:49

Just to add to your ptoftpd comment...

Ubuntu 6.06 LTS identifies itself as "Debian Unstable" to the ISPconfig installer.  So while ISPconfig is compatable with Ubuntu, it does not know it is being installed on Ubuntu. 

This is a problem because Ubuntu places the proftpd config in /etc/proftpd/prtoftpd.conf while Debian Unstable places it in /etc/proftpd.conf.  As a result, proftpd does not work correctly for ISPconfig installs!!!

I discussed this with ISPconfig support.  I made a suggestion, but they had a better one.  If we execure the following command, we will be linking the config files new location to the old location, making everyone happy, and most importantly, giving your ISPconfig end users the best possible ftp experience.

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Run this command after you install proftpd.

Thanks go to Ubuntu for their long term support version, LTS is what all admins need to make their life easier.  Thanks also go to ISPconfig for their great control panel, making web reselling affordable again.  And last, but not least, thanks to Falko for showing us how it all comes together in a perfect way!

 

George

From: Anonymous at: 2006-06-07 07:23:42

Why don't you create a preconfigured VmWare virtual machine with this setup and ISPConfig installed and publish it on vmware website?...That would become the "Perfect Virtual Machine" :)...thanks

From: Anonymous at: 2006-06-05 17:07:52

Great work Falko!!! =)

From: Anonymous at: 2006-06-05 21:53:31

I know ubuntu is Debian based, but I prefer to run Debian, since it probably has less unneeded stuff. How much different is your guide for Debian (afaik it should be very simular if not identical... or at least I hope so) Or am I missing something?

From: admin at: 2006-06-05 22:44:06
From: Anonymous at: 2006-06-05 22:54:55

I really wish you had posted this a few days ago... But I probably learned more from doing the exact same thing myself...

From: Anonymous at: 2006-06-06 00:37:38

Many thanks :) Your guides are very helpful for us beginners...

From: Anonymous at: 2006-06-07 15:50:34

I'm pretty sure that I can't find any differences between this and the Breezy setup instructions. Good :-)

From: Anonymous at: 2006-06-06 07:53:26

/etc/webalizer.conf :

change : LogFile /var/log/apache/access.log.1

to : LogFile /var/log/apache2/access.log.1

From: Anonymous at: 2006-06-16 12:56:56

I miss one thing in this manual: setup your iptables ! No system should be without one (and I wonder why distributions are still not installing one per default (even if it is just either all open or all closed as the only two options))

From: admin at: 2006-06-17 11:25:17

iptables is installed. Run

iptables -L

and you'll see.

You can configure the iptables firewall with the firewall administration that comes with ISPConfig.

From: at: 2007-03-12 12:16:17

I also had to install IPTables manually, but I'm installing ISPConfig into an OpenVZ Ubuntu VE. The VE template might be a little different than a normal Ubuntu intsall.

From: Anonymous at: 2006-06-13 08:42:10

Nice job falko!
Some comments:
You do not have to enable the root account. For security reasons it is disabled in Ubuntu and all management should be done via sudo. Just type in "sudo -s" and type in again you password to get a root shell.
For upgrading to the recent version of all packages I think it is better to user "apt-get update" and then "apt-get dist-upgrade". Otherwise some depending packages are not updated in the correct order.

From: Anonymous at: 2006-08-21 21:55:51

Really a good job!

For sudo and/or sudo -s I have problems to understand the security reasons. It is, with that default  setting an attacker needs only to know one password to do very nasty things with root privileges from network. Instead with a root account,  disabling sudo or limiting it, setting Rootlogin  to No in the sshd config file and maybe changing the root account (b.e. calling it newby) the attacker need to know at least 2 password and 2 user names to gain root privileges, but maybe I'm missing something.

From: Anonymous at: 2006-07-11 16:04:13

This tutorial was very helpful.  A perfect example of good documentation.  I only had one issue when I walked through the install.  There was a permissions error when creating the certificates.  All I had to do was change the permissions on the certificate directory while I was building them.  I then changed the permissions back after I had finished.  Other than that small issue, it was a superb tutorial!

Thanks! 

From: Anonymous at: 2006-07-24 01:51:29

What a fine job in this tutorial! I found it very useful - great comments and explanations of 'why' things get changed. I especially like the fact of being able to copy/paste as opposed to your tutorial for 'breezy badger' :). Everything seemed to install as advertised. Great job. Thanks!

From: admin at: 2006-07-24 07:48:28

The Breezy Badger tutorial is also copy & paste. If it didn't work for you, then you must have done something wrong...

From: Anonymous at: 2006-07-25 04:10:04

Excellent work indeed. If I could have one request, it would be to provide a little bit of info on why each thing is being installed, and how to start using it.

From: steven_twente at: 2006-09-27 12:07:15

Just wanted to say thank you for this great tutorial! I've literally been able to copy all the commands from this howto to my ubuntu server (except the parts where I had to fill in details about my server/domain/etc ofcourse...) and I got no errors what so ever. After this howto ISPconfig runs perfectly as well. Great job!

From: at: 2007-03-09 22:27:51

Thanks for a great tutorial,

however, it took me quite some time to find out how to install ISP config. I got this error

"ERROR: The PHP binary coming with ISPConfig does not work properly on your system! The installation routine stops here!

The fix is posted in another thread. However, I think it can be posted here as well


>>jnsc solved it. You must run
>>rm -f /bin/sh
>>ln -s /bin/bash /bin/sh
>>and afterwards you can install ISPConfig 2.2.7 on Edgy. :)
>>http://www.howtoforge.com/forums/showthread.php?t=7716

I would probably save /bin/sh before deleting it, i.e.

cp /bin/sh /bin/sh.copy

if it is needed later on ..

thanks though! 

From: moh at: 2009-09-06 14:28:36

good good