<< HOWTO-Index
NEW!
Visit my Linux forums!
 This Howto is also available on HowtoForge! If you have also written tutorials, you can publish them there.
The Perfect
Setup - Fedora Core 3
Version 1.0
Author: Falko Timme
<ft [at] falkotimme [dot] com>
Last edited: 07/16/2005
This is a detailed
description about the steps to be taken to setup a Fedora Core 3 based
server that offers all services needed by ISPs and hosters (web server (SSL-capable),
mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server,
POP3/IMAP, Quota, Firewall, etc.). In addition to that I will show how to use
Debian's package manager apt
on an rpm-based system because it takes care of package dependencies automagically
which can save a lot of trouble.
I will use the
following software:
- Web Server:
Apache 2.0.x
- Mail Server:
Postfix (easier to configure than sendmail; has a shorter history of security
holes than sendmail)
- DNS Server:
BIND9
- FTP Server:
proftpd
- POP3/IMAP servers
- Webalizer for
web site statistics
In the end you
should have a system that works reliably and is ready for the free webhosting
control panel ISPConfig
(i.e., ISPConfig runs on it out of the box).
I want to say first
that this is not the only way of setting up such a system. There are many ways
of achieving this goal but this is the way I take. I do not issue any guarantee
that this will work for you!
Requirements
To install such
a system you will need the following:
1 The Base System
Boot from your
Fedora Core 3 CD (CD 1) or DVD.

It can take a long
time to test the installation media so we skip this test here:

The welcome screen
of the Fedora installer appears:

Choose your language
next:

Select your keyboard
layout:

We want to install
a server so we choose Server
here:

Now we have to
partition our hard disk. You can choose to let the Fedora installer do the partitioning,
or you can do it yourself. I want to create a small /boot
partition (less than 100 MB) with the file system ext3,
a swap partition and a
huge / partition (again
with ext3):






Now the boot loader
GRUB will be installed.
You can leave the default settings unchanged and click on Next:

On to the network
settings. The default setting here seems to be to configure the network interfaces
with DHCP, but we are
installing a server, so static IP addresses are not a bad idea... Click on the
Edit button at the top
right. In the window that pops up uncheck Configure
using DHCP and give your network card a static IP address (in this
tutorial I'm using the IP address 192.168.0.100
for demonstration purposes):

Set the hostname
manually, e.g. server1.example.com,
and enter a gateway (e.g. 192.168.0.1)
and up to three DNS servers (e.g. 145.253.2.75
and 193.174.32.18):

On the next screen
we select No firewall
(there's a firewall coming with ISPConfig that we want to use) and disable SELinux:

Click on Proceed
(remember, we are going to use the ISPConfig firewall):

Select the default
language for the system:

Choose your time
zone:

Give root
a password:

Now we are to select
the package groups we want to install. Select Editors,
Text Based Internet,
Server Configuration Tools,
Web Server, Mail
Server, DNS Name Server,
FTP Server, MySQL
Database, Network Servers,
Development Tools, Administration
Tools and System Tools
and click on Next:


The installer tells
you which CDs it will need to install the selected packages:

The installation
begins. This will take a few minutes:

Finally, the installation
is complete, and you can remove your CD/DVD from the computer and reboot it:

2 Installing And Configuring
The Rest Of The System
Configure Additional
IP Addresses
Let's assume our
network interface is eth0.
Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0
which looks like this:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.100
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
TYPE=Ethernet
|
Now we want to
create the virtual interface eth0:0
with the IP address 192.168.0.101. All we have to do is to create the file
/etc/sysconfig/network-scripts/ifcfg-eth0:0
which looks like
this:
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
TYPE=Ethernet
|
Afterwards we have
to restart the network:
/etc/init.d/network
restart
Setting The
Hostname
echo server1.example.com
> /etc/hostname
/bin/hostname -F /etc/hostname
Install apt
For Fedora
apt is the packaging
system used on Debian. Since it cares much better for package dependencies than
rpm it would be nice if we could use it on our new Fedora system. This would
save us a lot of hassle. Fortunately, apt has been ported to a lot of rpm based
distributions, and is also available for Fedora Core 3 (you will love it...
:-)).
rpm -ivh http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/3/apt/apt-0.5.15cnc6-1.1.fc3.fr.i386.rpm
Edit /etc/apt/sources.list.
It should contain the following lines:
rpm http://ayo.freshrpms.net fedora/linux/3/i386 core updates freshrpms
rpm http://ayo.freshrpms.net fedora/linux/3/i386 tupdates
rpm-src http://ayo.freshrpms.net fedora/linux/3/i386 core updates freshrpms
rpm-src http://ayo.freshrpms.net fedora/linux/3/i386 tupdates
rpm http://ayo.freshrpms.net fedora/linux/2/i386 core updates freshrpms
rpm http://ayo.freshrpms.net fedora/linux/1/i386 core updates freshrpms
|
Run
apt-get update
Install
Some Software
apt-get install which fetchmail
wget bzip2 unzip zip nmap openssl lynx fileutils ncftp
Quota
apt-get install quota
Edit /etc/fstab
to look like this (I added ,usrquota,grpquota
to LABEL=/
(mount point /):
# This file is edited by fstab-sync - see 'man fstab-sync' for details
LABEL=/ / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs defaults 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
LABEL=SWAP-sda3 swap swap defaults 0 0
/dev/hdc /media/cdrecorder auto pamconsole,ro,exec,noauto,managed 0 0
/dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0
|
Then run:
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
DNS-Server
apt-get install bind-chroot
chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
chkconfig --levels 235 named on
/etc/init.d/named start
Bind will run in
a chroot jail under /var/named/chroot/var/named/.
MySQL
apt-get install
mysql mysql-devel mysql-server
chkconfig --levels
235 mysqld on
/etc/init.d/mysqld start
Now check that
networking is enabled. Run
netstat -tap
It should show
a line like this:
tcp 0 0 *:mysql *:* LISTEN 6621/mysqld
|
If it does not,
edit /etc/my.cnf, comment
out the option skip-networking:
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
|
and restart your
MySQL server:
/etc/init.d/mysqld restart
Run
mysqladmin -u root password
yourrootsqlpassword
to set a password
for the user root (otherwise
anybody can access your MySQL database!).
Postfix With
SMTP-AUTH And TLS
apt-get install cyrus-sasl
cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix imap
postconf -e 'smtpd_sasl_local_domain
='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' > /usr/lib/sasl2/smtpd.conf
echo 'mech_list: plain login' >> /usr/lib/sasl2/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days
3650
postconf -e 'smtpd_tls_auth_only
= no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
Now start Postfix,
saslauthd, imap and pop3:
chkconfig
--levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig imap on
chkconfig imaps on
chkconfig ipop3 on
chkconfig pop3s on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/xinetd restart
To see if SMTP-AUTH
and TLS work properly now run the following command:
telnet
localhost 25
After you have
established the connection to your postfix mail server type
ehlo
localhost
If you see the
lines
250-STARTTLS
and
250-AUTH
everything is fine.

Type
quit
to return to the
system's shell.
Apache With
PHP
apt-get install php php-devel
php-domxml php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xmlrpc php-rrdtool
curl curl-devel perl-libwww-perl ImageMagick
chkconfig --levels 235
httpd on
/etc/init.d/httpd start
Proftpd
apt-get install proftpd
chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start
Webalizer
To install webalizer,
just run
apt-get install webalizer
Synchronize
the System Clock
If you want to
have the system clock synchronized with an NTP server do the following:
apt-get install rdate
rdate
-s 128.2.136.71
Create /var/spool/cron/root:
# update time with ntp server
0 3,9,15,21 * * * /usr/bin/rdate -s 128.2.136.71 | logger -t NTP
|
Then run
chmod 600 /var/spool/cron/root
/etc/init.d/crond restart
Install some
Perl Modules needed by SpamAssassin (comes with ISPConfig)
Installation
using the Perl Shell
Login to your command
line as root and run the following command to start the Perl shell:
perl -MCPAN -e shell
If you run the
Perl shell for the first time you will be asked some questions. In most cases
the default answers are ok.
Please note: If
you run a firewall on your system you might have to turn it off while working
on the Perl shell in order for the Perl shell to be able to fetch the needed
modules without a big delay. You can switch it on afterwards.
The big advantage
of the Perl shell compared to the two other methods described here is that it
cares about dependencies when installing new modules. I.e., if it turns out
that a prerequisite Perl module is missing when you install another module the
Perl shell asks you if it should install the prerequisite module for you. You
should answer that question with "Yes".
Run the following
commands to install the modules needed by SpamAssassin:
install HTML::Parser
install DB_File
install Net::DNS
(when prompted to enable tests, choose no)
install Digest::SHA1
q (to leave the Perl shell)
If a module is
already installed on your system you will get a message similar to this one:
HTML::Parser
is up to date.
Successful installation
of a module looks like this:
/usr/bin/make
install -- OK
The End
The configuration
of the server is now finished, and if you wish you can now install ISPConfig
on it.
A Note On SuExec
If you want to
run CGI scripts under suExec, you should specify /var/www
as the home directory for websites created by ISPConfig as Fedora's suExec is
compiled with /var/www
as Doc_Root.
Run /usr/sbin/suexec -V,
and the output should look like this:

To select /var/www
as the home directory for websites during the installation of ISPConfig do the
following: When you are asked for the installation mode, select the expert
mode.

Later during the
installation you are asked if the default directory /home/www
should be the directory where ISPConfig will create websites in. Answer n
and enter /var/www as
the home directory for websites.

Links
NEW!
Visit my Linux forums!
 This Howto is also available on HowtoForge! If you have also written tutorials, you can publish them there.
<< HOWTO-Index
|