Ubuntu installĀ²
Below a write-down of the steps I performed to install 2 ubuntu 7.10 servers (webserver + mysql database server) with IPMI.
Reminders:
start services with
- /etc/init.d/mysql start (or stop)
- /etc/init.d/apache2 start (or stop or reload or force-reload)
- Connect to database server: mysql -u root -p --host
Not done:
- SSL on Apache
- DenyHosts (prevent ssh dictionary attacks): see http://packages.ubuntu.com/edgy/net/denyhosts and http://denyhosts.sourceforge.net/
Steps
=====
OS installation
- Change router so desktop gets ip address in 192.168.111.x range
- Connect to ipmi (192.168.111.111) and change ip to 192.168.1.200. Mount ubuntu iso by opening console in browser (http://192.168.1.200) and click on the diskette icon in the right top and choose "mount iso".
- Go to console and reboot.
- Follow instruction steps for Ubuntu (check keyboard: Belgian keyboard gives problems with IPMI, but virtual keyboard and ssh work ok.).
- Remove virtual drive (iso) and reboot.
apt-get
- Remove (comment) line in /etc/apt/sources.list with a dependency on the cd-rom
ntpd
- sudo apt-get install ntp
- sudo vi /etc/ntp.conf; add
server be.pool.ntp.org
server pool.ntp.org
Apache 2
- /etc/init.d/apache2 start (or stop or reload or force-reload)
- sudo a2enmod deflate
- sudo a2enmod headers
- sudo a2enmod expires
- set up name-based virtual hosting following http://httpd.apache.org/docs/2.0/vhosts/name-based.html
PHP
- Copy contents from http://cvs.php.net/viewvc.cgi/php-src/php.ini-recommended?revision=1.179.2.11.2.23.2.1 to php.ini and set variables as needed
- sudo apt-get install php5-gd
eAccelerator
- sudo apt-get update
- sudo apt-get install php5-dev (needed for phpize5)
- Install eaccelerator following the guide from http://eaccelerator.net/wiki/InstallFromSource and http://2bits.com/articles/installing-eaccelerator-0-9-5-1-on-ubuntu-feisty-7-04.html
- Don't forget:
- mkdir /var/cache/eaccelerator
- chmod 644 /var/cache/eaccelerator
- the login credentials for control.php are in the file itself (admin/eAccelerator): change them!
Varnish
- sudo apt-get install varnish --> error in dpkg (see http://ubuntuforums.org/archive/index.php/t-438794.html)
- sudo apt-get install libc6-dev
- sudo apt-get remove varnish
- sudo apt-get install varnish
- Management: telnet 127.0.0.1 6082 (see http://varnish.projects.linpro.no/wiki/ManagementPort) (exit with ctrl+] and quit)
- varnishstat shows statistics
- Varnish by default listens on http://127.0.0.1:6081/
- sudo vi /etc/default/varnish: change 6081 to 80
- sudo vi /etc/apache2/ports.conf: change 80 to 81
- sudo vi /etc/varnish/vcl.conf
- varnish vcl docs: "man vcl"
- Test response headers with GET -ed http://www.example.com
- Show varnish logs in apache format: sudo varnishncsa
MySQL
- /etc/init.d/mysql start (or stop)
- Connect to database server: mysql -u root -p --host onthoo2
- MySQL data is located under /var/lib/mysql/
- Change mysql root password:
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';
mysql> FLUSH PRIVILEGES;
CVS
- sudo apt-get install cvs
SVN
- sudo apt-get install subversion
- pipe through varnish
Java
- sudo apt-get install sun-java6-jdk
- See https://help.ubuntu.com/community/Java
Tomcat
- Disable port 8080, enable AJP on port 8009
- Change proxy allow in apache2:
<Proxy *>
AddDefaultCharset off
Order deny,allow
#Deny from all
Allow from webserver
</Proxy>
ImageMagick (compile from source for newer version 6.3.7)
- Download sources from ImageMagick website
- sudo apt-get install libjpeg62
- sudo apt-get install libjpeg62-dev
- sudo ldconfig
- cd ImageMagick-6.3.7
- sudo ./configure --prefix=/usr
- sudo make
- sudo make install
Google sitemap generator
- See https://www.google.com/webmasters/tools/docs/en/sitemap-generator.html
- Modified log path from /var/log/httpd/ to /var/log/apache2/
- Added crontabs to /etc/cron.daily
- Changed python2.4 to python2.5 in crontabs
AWStats
- sudo apt-get install awstats
- sudo apt-get install libgeo-ipfree-perl
- vi awstats.conf.local:
LogFormat=1
AllowToUpdateStatsFromBrowser=1
AllowFullYearView=3
- vi awstats.www.pets.be.conf:
LogFile="/var/log/apache2/www.pets.be/access.log"
SiteDomain="www.pets.be"
HostAliases="localhost 127.0.0.1 dierenasielen.be dierenasiel.be refugespouranimaux.be pups.be asiel.org"
- sudo /usr/lib/cgi-bin/awstats.pl -config=www.pets.be -update
Exim (mail sender)
- See https://help.ubuntu.com/7.10/server/C/exim4.html
- Don't forget to run 'sudo update-exim4.conf' when the wizard has finished
Logwatch
- sudo apt-get install logwatch
- default conf is in /usr/share/logwatch/
- add /etc/logwatch/conf/logwatch.conf:
# Default person to mail reports to. Can be a local account or a
# complete email address.
MailTo = logwatch@example.com
# Default person to mail reports from. Can be a local account or a
# complete email address.
MailFrom = root@example.com
Firehol (firewall) on both servers
- sudo apt-get install firehol
- sudo vi /etc/firehol/firehol.conf:
webserver:
database server:
- Patch for iptables warnings (see https://bugs.launchpad.net/ubuntu/+source/firehol/+bug/78017):
- sudo sed 's/%q/%b/g' /lib/firehol/firehol > TMPFILE && sudo mv TMPFILE /lib/firehol/firehol
- sudo chmod 744 /lib/firehol/firehol
- sudo firehol start
- Check with "sudo iptables -L"
IPMI
- change admin username and password
- require https
- use Java Sun plugin
- set invalid login retries and retry timout
- setup ipmitool if you need to change the ip address on which ipmi listens (see https://help.ubuntu.com/community/IPMI):
- sudo apt-get install ipmitool
- cd /usr/share/ipmitool
- sudo cp ipmi.init.basic ipmi.init.ubuntu
- sudo vi ipmi.init.ubuntu (and remove the if loop around the 'modprobe ipmi_si # try new module name' line) - see https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/110992
- change ip address: sudo ipmitool -I open lan set 1 ipaddr 85.158.x.x
- change default gateway: sudo ipmitool -I open lan set 1 defgw ipaddr 85.158.x.x
- change netmask sudo ipmitool -I open lan set 1 netmask 255.255.255.x
- browse to http(s)://85.158.x.x
Backup
- See http://ubuntuforums.org/showthread.php?t=35087
- Complete backup of the system:
vi /var/backups/fullimage:
tar cvpzf /backup/fullimage.tgz --exclude=/proc --exclude=/lost+found
--exclude=/backup/ --exclude=/mnt --exclude=/sys /
- Restore backup with "tar xvpfz /backup/fullimage.tgz -C /"
- Special backup scripts in /var/backups
- crontab -e:
0 3 * * * /var/backups/backup-all
Reminders:
start services with
- /etc/init.d/mysql start (or stop)
- /etc/init.d/apache2 start (or stop or reload or force-reload)
- Connect to database server: mysql -u root -p --host
Not done:
- SSL on Apache
- DenyHosts (prevent ssh dictionary attacks): see http://packages.ubuntu.com/edgy/net/denyhosts and http://denyhosts.sourceforge.net/
Steps
=====
OS installation
- Change router so desktop gets ip address in 192.168.111.x range
- Connect to ipmi (192.168.111.111) and change ip to 192.168.1.200. Mount ubuntu iso by opening console in browser (http://192.168.1.200) and click on the diskette icon in the right top and choose "mount iso".
- Go to console and reboot.
- Follow instruction steps for Ubuntu (check keyboard: Belgian keyboard gives problems with IPMI, but virtual keyboard and ssh work ok.).
- Remove virtual drive (iso) and reboot.
apt-get
- Remove (comment) line in /etc/apt/sources.list with a dependency on the cd-rom
ntpd
- sudo apt-get install ntp
- sudo vi /etc/ntp.conf; add
server be.pool.ntp.org
server pool.ntp.org
Apache 2
- /etc/init.d/apache2 start (or stop or reload or force-reload)
- sudo a2enmod deflate
- sudo a2enmod headers
- sudo a2enmod expires
- set up name-based virtual hosting following http://httpd.apache.org/docs/2.0/vhosts/name-based.html
PHP
- Copy contents from http://cvs.php.net/viewvc.cgi/php-src/php.ini-recommended?revision=1.179.2.11.2.23.2.1 to php.ini and set variables as needed
- sudo apt-get install php5-gd
eAccelerator
- sudo apt-get update
- sudo apt-get install php5-dev (needed for phpize5)
- Install eaccelerator following the guide from http://eaccelerator.net/wiki/InstallFromSource and http://2bits.com/articles/installing-eaccelerator-0-9-5-1-on-ubuntu-feisty-7-04.html
- Don't forget:
- mkdir /var/cache/eaccelerator
- chmod 644 /var/cache/eaccelerator
- the login credentials for control.php are in the file itself (admin/eAccelerator): change them!
Varnish
- sudo apt-get install varnish --> error in dpkg (see http://ubuntuforums.org/archive/index.php/t-438794.html)
- sudo apt-get install libc6-dev
- sudo apt-get remove varnish
- sudo apt-get install varnish
- Management: telnet 127.0.0.1 6082 (see http://varnish.projects.linpro.no/wiki/ManagementPort) (exit with ctrl+] and quit)
- varnishstat shows statistics
- Varnish by default listens on http://127.0.0.1:6081/
- sudo vi /etc/default/varnish: change 6081 to 80
- sudo vi /etc/apache2/ports.conf: change 80 to 81
- sudo vi /etc/varnish/vcl.conf
- varnish vcl docs: "man vcl"
- Test response headers with GET -ed http://www.example.com
- Show varnish logs in apache format: sudo varnishncsa
MySQL
- /etc/init.d/mysql start (or stop)
- Connect to database server: mysql -u root -p --host onthoo2
- MySQL data is located under /var/lib/mysql/
- Change mysql root password:
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';
mysql> FLUSH PRIVILEGES;
CVS
- sudo apt-get install cvs
SVN
- sudo apt-get install subversion
- pipe through varnish
Java
- sudo apt-get install sun-java6-jdk
- See https://help.ubuntu.com/community/Java
Tomcat
- Disable port 8080, enable AJP on port 8009
- Change proxy allow in apache2:
<Proxy *>
AddDefaultCharset off
Order deny,allow
#Deny from all
Allow from webserver
</Proxy>
ImageMagick (compile from source for newer version 6.3.7)
- Download sources from ImageMagick website
- sudo apt-get install libjpeg62
- sudo apt-get install libjpeg62-dev
- sudo ldconfig
- cd ImageMagick-6.3.7
- sudo ./configure --prefix=/usr
- sudo make
- sudo make install
Google sitemap generator
- See https://www.google.com/webmasters/tools/docs/en/sitemap-generator.html
- Modified log path from /var/log/httpd/ to /var/log/apache2/
- Added crontabs to /etc/cron.daily
- Changed python2.4 to python2.5 in crontabs
AWStats
- sudo apt-get install awstats
- sudo apt-get install libgeo-ipfree-perl
- vi awstats.conf.local:
LogFormat=1
AllowToUpdateStatsFromBrowser=1
AllowFullYearView=3
- vi awstats.www.pets.be.conf:
LogFile="/var/log/apache2/www.pets.be/access.log"
SiteDomain="www.pets.be"
HostAliases="localhost 127.0.0.1 dierenasielen.be dierenasiel.be refugespouranimaux.be pups.be asiel.org"
- sudo /usr/lib/cgi-bin/awstats.pl -config=www.pets.be -update
Exim (mail sender)
- See https://help.ubuntu.com/7.10/server/C/exim4.html
- Don't forget to run 'sudo update-exim4.conf' when the wizard has finished
Logwatch
- sudo apt-get install logwatch
- default conf is in /usr/share/logwatch/
- add /etc/logwatch/conf/logwatch.conf:
# Default person to mail reports to. Can be a local account or a
# complete email address.
MailTo = logwatch@example.com
# Default person to mail reports from. Can be a local account or a
# complete email address.
MailFrom = root@example.com
Firehol (firewall) on both servers
- sudo apt-get install firehol
- sudo vi /etc/firehol/firehol.conf:
webserver:
version 5
interface eth0 internet
client all accept
server http accept
server ssh accept
database server:
version 5
clients="webserver"
interface eth+ internet
client all accept
server mysql accept src "$clients"
server ssh accept
- Patch for iptables warnings (see https://bugs.launchpad.net/ubuntu/+source/firehol/+bug/78017):
- sudo sed 's/%q/%b/g' /lib/firehol/firehol > TMPFILE && sudo mv TMPFILE /lib/firehol/firehol
- sudo chmod 744 /lib/firehol/firehol
- sudo firehol start
- Check with "sudo iptables -L"
IPMI
- change admin username and password
- require https
- use Java Sun plugin
- set invalid login retries and retry timout
- setup ipmitool if you need to change the ip address on which ipmi listens (see https://help.ubuntu.com/community/IPMI):
- sudo apt-get install ipmitool
- cd /usr/share/ipmitool
- sudo cp ipmi.init.basic ipmi.init.ubuntu
- sudo vi ipmi.init.ubuntu (and remove the if loop around the 'modprobe ipmi_si # try new module name' line) - see https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/110992
- change ip address: sudo ipmitool -I open lan set 1 ipaddr 85.158.x.x
- change default gateway: sudo ipmitool -I open lan set 1 defgw ipaddr 85.158.x.x
- change netmask sudo ipmitool -I open lan set 1 netmask 255.255.255.x
- browse to http(s)://85.158.x.x
Backup
- See http://ubuntuforums.org/showthread.php?t=35087
- Complete backup of the system:
vi /var/backups/fullimage:
tar cvpzf /backup/fullimage.tgz --exclude=/proc --exclude=/lost+found
--exclude=/backup/ --exclude=/mnt --exclude=/sys /
- Restore backup with "tar xvpfz /backup/fullimage.tgz -C /"
- Special backup scripts in /var/backups
- crontab -e:
0 3 * * * /var/backups/backup-all
Labels: server
posted by Pieter Coucke at
Thursday, December 20, 2007
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home