Monthly Archives: August 2006

Build a Hosting Server with Debian Sarge, Webmin, Virtualmin

These are my notes for building a hosting server with Debian, webmin, virtualmin.
I put them here so I know they are here and always available.

After the plain Debian Sarge install, do this:

——————————————————
1) Edit /etc/apt/sources.list and upgrade system

#
#deb file:///cdrom/ sarge main
#
deb cdrom:[Debian GNU/Linux 3.1 r0a _Sarge_ – Official i386 Binary-1 (20050607)]/ unstable contrib main
#
deb http://security.debian.org/ stable/updates main contrib
## Debian Stable (sarge)
deb http://ftp.us.debian.org/debian/ testing main contrib non-free
deb-src http://ftp.us.debian.org/debian/ testing main contrib non-free
#
## Aggiornamenti della sicurezza
deb http://security.debian.org/ sarge/updates main contrib
deb-src http://security.debian.org/ sarge/updates main contrib
#

then

>apt-get update
>apt-get upgrade

——————————————————
2) Download the apache source and recompile it to use /home instead of /var/www as the –suexec-docroot

Download the apache source:

# cd /usr/src
# apt-get source apache
# apt-get build-dep apache

In the main apache archive edit the file debian/rules and change the –suexec-docroot to /home directory (or a subdirecty where the domains are stored). Then build and install the modified package:

# dpkg-buildpackage -b
# dpkg -i ../apache_version-revision_arch.deb

This process needs to be performed for each update of the apache package.
My current is 1.3.34-2

For suexec to work properly all files that should be run with suexec must run through cgi. For php change the apache config file httpd.conf as follows:

AddHandler cgi-script .php .cgi .sh .pl

This tells apache to treat php (and perl) scripts as cgi scripts. Now, every section where CGIs should be enabled needs:

Options +ExecCGI

——————————————————
3) Install bind

# apt-get install bind
# apt-get install libapache-mod-ssl

——————————————————
4) Install Webmin

Install webmin

# wget http://belnet.dl.sourceforge.net/sourceforge/webadmin/webmin-1.270.tar.gz
# tar -xvzf webmin-1.270.tar.gz
# cd webmin-1.270
# ./setup.sh /usr/local/webmin

——————————————————
5) Install Postfix

# apt-get install postfix

Then, in the webmin Postfix module, browse to Postfix:Virtual Domains. Enter a type of database, and a filename for the virtual map database into the Domain mapping lookup tables field. For Linux is
hash:/etc/postfix/virtual.
Save and apply.

Next, we’ll to move the mail spool to the /home partition.
Browse to Postfix:Local Delivery.
Edit the Spool directory option and enter /home/mail.
Save and Apply.

In order for POP or IMAP to work, those servers will need to know how to find the mail spool. The easiest thing to do is to create a symbolic link from /var/spool/mail to /home/mail.

# ln -s /home/mail /var/spool/mail

——————————————————
6) Configure apache

a- Apache must be configured for Virtual Hosting.
From within Webmin go to Apache:Networking and Addresses, enter either a local address or select the “Include all addresses” option.
Then click Save.
Or add a line like this to the http.conf file:

NameVirtualHost 192.168.1.248

b- In httpd.conf change the lines Options e Allowoverride with these:

AllowOverride All
Options Indexes Includes FollowSymLinks MultiViews

and change the block dealing with the “public_html” Userdir with this block:

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#

AllowOverride All
Options Indexes Includes FollowSymLinks MultiViews

Order allow,deny
Allow from all

Order deny,allow
Deny from all

c- Comment alias images

# Alias /images/ /usr/share/images/

#
# Options MultiViews
# AllowOverride None
# Order allow,deny
# Allow from all
#

——————————————————
7) Install Webalizer, Logrotate, Proftpd

Simple as that:

# apt-get install webalizer
# apt-get install logrotate
# apt-get install proftpd

——————————————————
8) Install virtualmin

Download it
# wget http://download.webmin.com/download/virtualmin/virtual-server-2.611.wbm.gz

And install it from the “Webmin Modules” module

——————————————————
9) Install MySQL

# apt-get install mysql-server

——————————————————
10) Let’s now install some useful libs

# apt-get install libdbi-perl libdbd-mysql-perl libdigest-md5-perl libdigest-sha1-perl libimage-size-perl libmime-lite-perl libmime-perl libcompress-zlib-perl libmime-base64-perl liburi-perl libhtml-tagset-perl libhtml-parser-perl libwww-perl libwww-perl libgd-perl libmailtools-perl libunicode-maputf8-perl libstorable-perl libtime-hires-perl
# apt-get install libxml-parser-perl
# apt-get install libapache-mod-php4 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-gmp php4-imap php4-ldap php4-mcal php4-mcrypt php4-mhash php4-ming php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick

——————————————————
11) Speed tips

Since I have to cope with poor man’s hardware, these are very precious tips

a- Reduce the number of ttys started in your /etc/inittab:

# comment out lines 2,3,etc and leave only no 1
1:2345:respawn:/sbin/getty 38400 tty1
#2:2345:respawn:/sbin/getty 38400 tty2
#3:2345:respawn:/sbin/getty 38400 tty3

b- Tune MySQL to use less memory for cache. The best is to use the my-small.cnf sample config as /etc/my.cnf. Below is an example of what to put in /etc/my.cnf.

[mysqld]
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-locking
set-variable = key_buffer=16K
set-variable = max_allowed_packet=1M
set-variable = thread_stack=64K
set-variable = table_cache=4
set-variable = sort_buffer=64K
set-variable = net_buffer_length=2K

c- MySQL uses 10MBs of RAM for InnoDB tables. Remove support for InnoDB tables if you do not use them. To remove support for InnoDB, put the following lines in /etc/my.cnf

[mysqld]
skip-innodb

d- Tune Apache to only have a small number of spare children running. An example of the Apache configuration section:

StartServers 1
MinSpareServers 1
MaxSpareServers 5
ServerLimit 64
MaxClients 64
MaxRequestsPerChild 4000

——————————————————
12) Install Greylisting for Postfix
The postgrey package is a greylisting implementation for postfix.
It is pretty simple to set-up and stops from 70% to 90% of spam.
If you want to know more go here.

apt-get install postgrey

webmin go to Servers:Postfix Configuration:SMTP Server Options and on

“Restrictions on recipient addresses”

put this string:

check_policy_service inet:127.0.0.1:60000,reject_unauth_destination

Save and Apply.

Then check what’s happening on /var/log/mail.log.

——————————————————
I’ve picked something here and there to put this together. If someone finds that I am infringing their copyright, please let me know and I will delete/change the offending part. thank you