Research and Development
This is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you.
Please read LAMP Howto article first.
To install such a system you will need the following:
Insert your Debian Lenny network installtion CD into your system and boot from it. Select Install (this will start the text installer - if you prefer a graphical installer, select Graphical install).
Choose your language, your location, your keyboard layout. The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network. Enter the hostname. In this example, the system is called server1.example.com, so the hostname is server1 and the domain name is example.com.
Now you have to partition your hard disk. Please consider the partitioning guidelines from my previous article. Afterwards, your new partitions are created and formatted.
After base system installation, give the root user a password (and confirm it). Create a normal user account.
Next you must configure apt. Because you are using the Debian Lenny Netinstall CD which contains only a minimal set of packages, you must use a network mirror. Select the country where the network mirror that you want to use is located (usually this is the country where your Debian Lenny system is located). Then select the mirror you want to use. Set the HTTP proxy if you are using one. Next, apt is updating its packages database.
You need a web server, DNS server, mail server, and a MySQL database, but nevertheless do not select any of them now because you will want to have full control over what gets installed on the system. Install the needed packages manually later on. Therefore just select Standard system and hit Continue. The required packages are downloaded and installed on the system.
When asked Install the GRUB boot loader to the master boot record, select Yes.
The base system installation is now finished. Remove the Debian Lenny Netinstall CD and hit Continue to reboot the system.
Debian Lenny does not install OpenSSH by default, therefore we do it now. Run
apt-get install ssh openssh-server
From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Lenny server and follow the remaining steps from this tutorial.
Because the Debian Lenny installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.100.250). Please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work and we'd have to reboot the whole system.
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.100.250
netmask 255.255.255.0
network 192.168.100.0
broadcast 192.168.100.255
gateway 192.168.100.253
Then restart your network:
/etc/init.d/networking restart
Then edit /etc/hosts and make it look like this:
127.0.0.1 localhost.localdomain localhost
192.168.100.250 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Now run
echo server1.example.com > /etc/hostname
/etc/init.d/hostname.sh start
Afterwards run
hostname
hostname -f
It is important that both show server1.example.com now.
Run apt-get update to update the apt package database and apt-get upgrade to install the latest updates (if any).
It is a good idea to synchronize the system clock with an NTP (Network Time Protocol) server over the Internet. Simply run
apt-get install ntp ntpdate
and your system time will always be in sync.
Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon \
courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 \
libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 \
rkhunter binutils
You will be asked the following questions:
New password for the MySQL "root" user: **<-- yourrootsqlpassword**
Repeat password for the MySQL "root" user: **<-- yourrootsqlpassword**
Create directories for web-based administration? **<-- No**
General type of mail configuration: **<-- Internet Site**
System mail name: **<-- server1.example.com**
SSL certificate required **<-- Ok**
You want MySQL to listen on all interfaces, not just localhost, therefore edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[...]
Then restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
server1:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 6612/mysqld
server1:~#
During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates
cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem
and modify the following two files. Replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):
Edit /etc/courier/imapd.cnf:
[...]
CN=server1.example.com
[...]
Edit /etc/courier/pop3d.cnf:
[...]
CN=server1.example.com
[...]
Then recreate the certificates:
mkimapdcert
mkpop3dcert
and restart Courier-IMAP-SSL and Courier-POP3-SSL:
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges \
libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip \
libnet-dns-perl
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert \
libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid \
apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp
You will see the following question:
Web server to reconfigure automatically:
Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include:
a2enmod suexec rewrite ssl actions include
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit the file /etc/default/pure-ftpd-common and change the start mode from inetd to standalone and set VIRTUALCHROOT=true:
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp (comment out the line beginning with ftp stream tcp):
[...]
#:STANDARD: These are standard services.
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
[...]
Restart inetd afterwards:
/etc/init.d/openbsd-inetd restart
Then start PureFTPd:
/etc/init.d/pure-ftpd-mysql start
Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the root partition):
# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1
/dev/sda5 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
Before MyDNS, install a few prerequisites:
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
MyDNS is not available in the Debian Lenny repositories, therefore build it yourself as follows:
cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz
tar xvfz mydns-1.2.8.25.tar.gz
cd mydns-1.2.8
./configure
make
make install
Next, create the start/stop script for MyDNS (/etc/init.d/mydns):
#! /bin/sh
#
# mydns Start the MyDNS server
#
# Author: Philipp Kern .
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg
# and Ian Murdock .
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --stop --oknodo --quiet \
--exec $DAEMON
echo "."
;;
reload|force-reload)
echo -n "Reloading $DESC configuration..."
start-stop-daemon --stop --signal HUP --quiet \
--exec $DAEMON
echo "done."
;;
restart)
echo -n "Restarting $DESC: $NAME"
start-stop-daemon --stop --quiet --oknodo \
--exec $DAEMON
sleep 1
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0
Then make the script executable and create the system startup links for it:
chmod +x /etc/init.d/mydns
update-rc.d mydns defaults
Vlogger and webalizer can be installed as follows:
apt-get install vlogger webalizer
Open /etc/webalizer/webalizer.conf and change the following line from
#Incremental no
to
Incremental yes
Jailkit is needed only if you want to chroot SSH users. It can be installed as follows:
apt-get install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*
This is optional but recommended
apt-get install fail2ban
To install the SquirrelMail webmail client, run
apt-get install squirrelmail
Then create the following symlink:
ln -s /usr/share/squirrelmail/ /var/www/webmail
and configure SquirrelMail:
squirrelmail-configure
Tell SquirrelMail that you are using Courier-IMAP/-POP3:
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color on
S Save data
Q Quit
Command >>
SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.
Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.
Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server
quit = Do not change anything
Command >>
Set the following parameters:
imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true
Press any key to continue...
And complete the config:
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color on
S Save data
Q Quit
Command >>
Afterwards you can access your SquirrelMail in browser under http://server1.example.com/webmail or http://192.168.100.250/webmail.
The system is now ready for use. Enjoy.