Jump to content

User:Misterhaan/Linux Server Install: Difference between revisions

From auWiki
← Older edit
Replacing page with 'this page has been moved to a live guide on track7: [http://www.track7.org/geek/guides/linux-server-setup/ linux server setup: file, ftp, web, and tv]'
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
this guide is the steps i went through when i upgraded my “server” hecubus to fedora 8.  hecubus serves as a file server (samba and nfs), ftp server (pure-ftp), web server (apache, mysql, and php), and personal video recorder (mythtv).  setup for fedora 8 as well as these other packages are detailed.
this page has been moved to a live guide on track7: [http://www.track7.org/geek/guides/linux-server-setup/ linux server setup:  file, ftp, web, and tv]
 
== gnu/linux (fedora) ==
this guide uses [url=/geek/computers.php#hecubus]hecubus[/url] as an example.  in general, the hardware in hecubus is whatever is left over after i upgrade my main machine.  it’s not a server-class machine, but it keeps up okay in the server roles i use it for because there are really only 4 client machines that ever connect to it (the demand on it is relatively light).  some may be able to get acceptable results with less powerful hardware, while others may need more powerful hardware.  specific requirements are listed at the beginning of each section.
 
a dvd drive and several gigabytes of hard drive space are required for installing fedora 8. there are cd images available as well, but this guide uses a dvd image.
 
fedora install disc images are available at [url]http://fedoraproject.org/get-fedora[/url].  i use the i386 install dvd — i recommend using bittorrent to get the image faster, provided you’re comfortable using a bittorrent client.  once downloaded, burn the disc image to a dvd.
 
the fedora install dvd is bootable, so unless your machine is incredibly old, you should be able to simply put the fedora dvd in the dvd drive and boot up the machine to start the fedora installer.
 
once the fedora menu comes up, press enter to install in graphical mode, then choose install or upgrade an existing system.  after a while it asks if you want to test your installation media.  i generally do this the first time installing from a disc to ensure i had a good download.  note that it takes a long time though.  after this step, anaconda (the graphical install program) starts up.
 
choose your language and keyboard, then choose install fedora if given the choice between installing and upgrading.  the next screen lists any hard disks found on the system and allows you to set partitioning options.  i go with the default, then deselect all but my primary hard disk (the other two hold data that i don’t want to lose.  also check the box for review and modify partitioning layout.  upon clicking next, you will be warned that data will be lost, but that’s only on the primary disk since the others were deselected.
 
on the next screen i don’t want to use lvm, so i make a note of the size of swap, then remove the lvm group that was automatically set up (delete volgroup00, then the lvm pv partition).  now create a partition with the type swap the same size as the one in the lvm group, then create an ext3 partition for the rest of the space, mounted at /.  i select [i]force to be a primary partition[/i] on both of these.  the other drives’ partitions should be given a mount point so that you don’t have to manually add them to /etc/fstab later.
 
the next screen allows the boot loader (grub) options to be changed, but i just keep the defaults.  after that is the networking screen (provided anaconda sees your network adapter).  i change hostname to set the hostname manually and enter hecubus since that’s my server’s name.  if you don’t use ipv6 (most people probably don’t), you can click the edit button and uncheck [i]enable ipv6 support[/i] — it may speed things up.
 
next is time zone selection, where i find it easiest to click on the map to choose my time zone.  i also leave the [i]system clock uses utc[/i] box checked.  next it asks you to specify a password for the root user.  since root can do anything this should be a strong password, but you will need it later so make sure you can remember it somehow.
 
after that is software package selection — i deselect everything here and then choose customize now near the bottom, then move on to the next screen.  for desktop environments, deselect gnome and if you’re going to install mythtv, select kde.  for applications, deselect graphical internet.  under development, select development libraries and development tools.  select windows file server from under servers, and deselect mail server.  the other defaults are fine, so click next, wait a while, then click next again and fedora will start installing.  this will likely take a very long time.
 
eventually it will ask you to reboot, and you’ll then get the post-install setup.  on the firewall screen, leave SSH checked but don’t check any others -- we’ll open those as we set up the servers.  i disable selinux, but you may want it on (i’m not sure if it interferes with anything else).  on the date and time screen, go to the network time protocol tab and check enable network time protocol.  this means you won’t have to worry about your system time being off.  on the create user page, i create tempuser with the same as the password — i’ll delete this later after creating users with the ids i want.  the system will reboot again if you turned off selinux.
 
log in with tempuser.  i do this over ssh from a different machine, but you can log into a gui session on the server if you prefer — just start a terminal after you do.  i have my users share a default group so that they are better able to use each others’ files.  to create users and groups, you need to become root.  both [code]su[/code] and [code]su -[/code] will ask you for the root password and then let you become root, but [code]su -[/code] also gives you root’s context (this means you don’t have to specify the path for administrator commands).  you should not log in as root directly.  in the rest of this guide, lines starting with $ can be run by a normal user, but lines starting with # must be run as root.
 
create a group with the id you want (i’m using 700 here) and the name you want (i’m using people):
 
[code]# groupadd -g 700 people[/code]
 
create the user(s) using that group as the default, and set a password or the user(s):
 
[code]# useradd -g people -u 703 misterhaan
# passwd misterhaan[/code]
 
log all the way out, then log in as one of the new users so you can remove the temp user:
 
[code]# userdel tempuser[/code]
 
also turn off services that aren’t needed.  my server doesn’t use bluetooth or ipv6, and i will apply updates manually: 
 
[code]# chkconfig bluetooth off
# chkconfig ip6tables off
# chkconfig yum-updatesd off[/code]
 
== file servers (samba and nfs) ==
samba server allows a linux machine to share some of its directories with windows machines.  nfs allows a linux machine to share some of its directories with other linux machines.  i set up both of these to be accessible only to my subnet, which is 192.168.3.* (in iptables, i write this as 192.168.1.0/24).
 
the requirements for running a file server are hard drive space (the more the better — i have 390 gig total in my server) and a network adapter.
 
edit (as root) the file /etc/samba/smb.conf to set your samba server options.  (not sure what to suggest here)
 
create samba users with smbpasswd -a username (omit the -a to change password of existing user).  allow smb connections from the lan by adding the following lines to /etc/sysconfig/iptables, just before the first line with -j REJECT:
 
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
 
most routers default to 192.168.1.* for lan ip addresses -- change the 192.168.1.0/24 accordingly if yours is different. after the file has been changed, restart the firewall to apply the changes:  service iptables restart.  start the samba service with service smb start, then make it autostart with chkconfig --level 345 smb on.
 
for nfs, edit /etc/exports and add one line per directory to share, in the following format:
 
/path/to/share 192.168.1.0/24(rw,insecure,sync)
 
again, the 192.168.1.0/24 may need to change.  run exportfs -ra to apply the changes made in /etc/exports.  parts of nfs use ports that change when restarted, so the following changes can make force them to use a static port.  edit /etc/sysconfig/nfs and add the following lines (note some of these may only need to be uncommented):
 
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT]32769
MOUNTD_PORT=892
STATD_PORT=662
 
now allow those ports through the firewall with the following in /etc/sysconfig/iptables:
 
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -s 192.168.1.0/24 -m multiport --dports 111,662,875,892,2049,32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp -s 192.168.1.0/24 -m multiport --dports 111,662,875,892,2049,32769 -j ACCEPT
 
portmap runs on port 111, and nfsd uses 2049 by default, so that's where those ports come from (the others are from the port settings).  use service iptables restart to apply the new rules.  start nfs with service nfs start, then make it autostart with chkconfig --level 345 nfs on.
 
== ftp server (pure-ftpd) ==
i like to use pure-ftpd as my ftp server, and i compile and install it myself (not sure if there are rpm packages available).  download the source from http://download.pureftpd.org/pub/pure-ftpd/releases/ -- get the latest version with .tar.bz2 as it's a bit smaller than .tar.gz.
 
i to put things i build and install under /opt/, so the next step is to create /opt/src/ and then cd into it.  extract the pure-ftpd source using tar xjvf /path/to/pure-ftpd-1.0.21.tar.bz2.  the source will extract into a directory named pure-ftpd-1.0.21, so cd into that and run these two commands to configure and install pure-ftpd:
 
./configure --without-banner --with-paranoidmsg --with-virtualchroot --with-ftpwho
make install-strip
cp contrib/redhat.init /etc/rc.d/init.d/pure-ftpd
 
edit /etc/rc.d/init.d/pure-ftpd and change "prog=pure-config.pl" to "prog=pure-ftpd" and "$fullpath /etc/pure-ftpd.conf --daemonize" to "$fullpath -A -Z -S ## -P #.#.#.# -p 50000:50100 -u ### &".  the numbers to fill in are ## = the port you want to serve ftp on (default is 21, but i have reasons to change mine), #.#.#.# = the public (internet) ip of the server, ### = lowest user id that can log in via ftp.  now start and set for automatic start:
 
chmod 755 /etc/rc.d/init.d/pure-ftpd
service pure-ftpd start
chkconfig --add pure-ftpd
 
now ftp should be running, but it's not accessible yet.  open port ## (set above) and ports 50000:50100 (also set above) by adding these lines to /etc/sysconfig/iptables:
 
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport ## -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 50000:50100 -j ACCEPT
 
restart the firewall with service iptables restart.  i run my ftp accessible from the internet (so i can get my stuff when i'm not at home), so since my server is behind a router i also need to forward ports ## and 50000:50100 in my router configuration to my server.
 
this ftp configuration will only allow passive mode connections, and users will only see the contents of their home directory.  for ftp-only users, i create a directory /ftphome/ with subdirectory std/ and other subdirectories for users that should see other directories.  i then create ftp-only users with a command like the following:
 
useradd -g ftpgroupname -u ### -d /ftphome/std -s /sbin/nologin username
 
after creating ftp users, give them passwords with passwd username.  the -d specifies the user's home directory.  i create symlinks in /ftphome/std/ to whatever directories i want to make accessible.  the -s is the shell, and /sbin/nologin means that these users cannot login over ssh.  i also created an ftp group with groupadd -g ### ftpgroupname and put all my ftp-only users with that as the default group.
 
== web server (apache, mysql, php) from source ==
download the latest apache httpd server from http://httpd.apache.org/download.cgi.  you want the unix source bz2 file.  change directory to /opt/src and extract the source with the following command:
 
tar xjvf /path/to/httpd-2.2.6.tar.bz2
 
change directory into the newly-created httpd-2.2.6 and run these commands to compile and install apache httpd server:
 
./configure --prefix=/etc/httpd --enable-module=rewrite --enable-shared=rewrite --enable-module=so
make
make install
 
if you need any special configuration, edit the config file at /etc/httpd/conf/httpd.conf.  i run multiple test sites under multiple ports so i need to do this, but it's not always necessary.  create an apache user with:
useradd -g groupname -u 1## -s /dev/null -d /etc/httpd apache
now create the file /etc/rc.d/init.d/httpd with the following text:
 
#!/bin/sh
#
# Startup script for the Apache Web Server
#
# chkconfig: 345 85 15
# description: Apache is a World Wide Web server.  It is used to serve \
#       HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /etc/httpd/conf/access.conf
# config: /etc/httpd/conf/httpd.conf
# config: /etc/httpd/conf/srm.conf
 
 
# Source function library.
. /etc/rc.d/init.d/functions
 
# See how we were called.
case "$1" in
  start)
echo -n "Starting httpd: "
daemon /etc/httpd/bin/httpd
echo
touch /var/lock/subsys/httpd
;;
  stop)
echo -n "Shutting down http: "
killproc httpd
echo
rm -f /var/lock/subsys/httpd
rm -f /var/run/httpd.pid
;;
  status)
status httpd
;;
  restart)
$0 stop
$0 start
;;
  reload)
echo -n "Reloading httpd: "
killproc httpd -HUP
echo
;;
  *)
echo "Usage: $0 {start|stop|restart|reload|status}"
exit 1
esac
 
exit 0
 
make it executable, start the server, and make it start automatically:
 
chmod 755 /etc/rc.d/init.d/httpd
service httpd start
chkconfig --add httpd
 
next open port(s) through the firewall.  i limit port 80 to my lan but serve my other ports to the internet:
 
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80##:80## -j ACCEPT
 
service iptables restart
 
 
for mysql, create a user named mysql and allow it to use the default group mysql:
 
useradd -r mysql
 
the mysql website seems to be trying to get you to pay for mysql with professional support, but i'm not a business and just want to download the source.  right now, source downloads can be found at http://dev.mysql.com/downloads/mysql/5.0.html#source -- go with the compressed gnu tar archive.  it will want you to register, but there's a small "no thanks" link below that will let you choose a mirror to download from.  once downloaded, change directory to /opt/src/ and extract the archive:
 
tar xzvf /path/to/mysql-5.0.51.tar.gz
 
change to the mysql-5.0.51 directory it extracted to, then run the following to configure and install it:
 
./configure --prefix=/etc/mysql
make
make install
cp support-files/my-small.cnf /etc/my.cnf
cp support-files/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
cd /etc/mysql/
bin/mysql_install_db --user=mysql
chgrp -R mysql .
service mysqld start
chkconfig --add mysqld
cp bin/mysql /usr/bin/
chmod 755 /usr/bin/mysql
mysql -u root
update mysql.user set password=password('rootuserpassword') where user='root';
delete from mysql.user where user='';
flush privileges;
exit
 
to enter mysql again (to create accounts for web sites, create databases) use mysql -u root -p and exit with exit.
 
 
php's gd library needs libjpeg, so download the jpegsrc package from http://www.ijg.org/files/.  run the following to install:
 
cd /opt/src/
tar xzvf /path/to/jpegsrc.v6b.tar.gz
cd jpeg-6b/
./configure --enable-shared
make
make install
 
gd also needs libpng, so download it from http://sourceforge.net/project/showfiles.php?group_id=5624&package_id=5683 -- get the latest version source .bz2 file (not the one that says no-config).  run the following to install:
 
cd /opt/src/
tar xjvf /path/to/libpng-1.2.24.tar.bz2
cd libpng-1.2.24/
./configure
make
make install
 
install the freetype headers (for gd) with the following command:
 
# yum install freetype-devel
 
download the php source from http://www.php.net/downloads.php -- get the bz2 source code package.  run the following to install:
 
$ cd /opt/src/
$ tar xjvf /path/to/php-5.2.5.tar.bz2
$ cd php-5.2.5/
$ ./configure --with-apxs2=/etc/httpd/bin/apxs --with-mysql=/etc/mysql --with-mysqli=/etc/mysql/bin/mysql_config --with-gd --with-freetype-dir=/usr --with-jpeg-dir=/usr/local/lib --with-zlib-dir=/usr/local --enable-mbstring
$ make
# make install
# cp php.ini-dist /usr/local/lib/php.ini
# echo AddType application/x-httpd-php .php >> /etc/httpd/conf/httpd.conf
# service httpd restart
 
 
== web server (apache, mysql, php) from yum ==
 
== personal video recorder (mythtv) ==
add atrpms and freshrpms repositories:
 
cd /etc/yum.repos.d/
wget http://wilsonet.com/mythtv/atrpms.repo
rpm --import http://atrpms.net/RPM-GPG-KEY.atrpms
wget http://wilsonet.com/mythtv/freshrpms.repo
 
edit atrpms.repo and change 2 places to fedora 7 version (see comments)
 
install mythtv from yum:
 
yum -y install mythtv-suite
 
install ivtv drivers (provided your tv card is supported).  make sure to have run yum -y update and rebooted before this step:
 
yum -y install ivtv-firmware
yum -y install ivtv-kmdl-`uname -r`
 
if tv card not installed, shut down, install, and start up.  otherwise just reboot.  verify that /dev/video exists, symlinked to /dev/video# (# is probably 0, but remember it in case it's not).  test with the command cat /dev/video > /tmp/test_capture.mpg.  let that run for a while, then stop it with ctrl-c.  make sure you can play the file.
 
mysql should already be set up with a password set for the root user and also running as a service.  the following lines are likely to improve mythtv database performance if you add them to /etc/my.cnf, but as i don't keep recordings in mythtv for longer than it takes to export them i don't bother:
 
key_buffer = 16M
table_cache = 128
sort_buffer_size = 2M
myisam_sort_buffer_size = 8M
query_cache_size = 16M
 
restart the mysql service if you added those lines to make sure the changes take effect:  service mysqld restart
 
set up the default mysql databases using the provided sql file:
 
mysql -u root -p < /usr/share/doc/mythtv-docs-0.20.2/database/mc.sql
 
 
 
 
mythtv (for fedora 7 with kde, apache, and mysql):
14. as mythtv user, run mythtv-setup (also available under k menu):
  14a. (need to fill in steps here)
15. mythfilldatabase (this grabs tv listings)
16. as root, /sbin/service mythbackend start
17. as mythtv user, run mythfrontend (also available under k menu)
  17a. (need to fill in steps here)
18. as root, /sbin/chkconfig mythbackend on
19. note:  mythweb is installed to /var/www/html/mythweb/ -- normally accesible via http://localhost/mythweb/
20. set up nuvexport for auto-transcode to xvid:
  20a. (need to fill in steps here)

Latest revision as of 11:42, 22 January 2008

this page has been moved to a live guide on track7: linux server setup: file, ftp, web, and tv

Retrieved from "https://wiki.track7.org//wiki//index.php?title=User:Misterhaan/Linux_Server_Install&oldid=244"