Wednesday, August 01, 2007

Installing A LAMP System With Fedora Core 6

Version 1.1
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 12/01/2006
This is a detailed description about how to set up a Fedora Core 6 based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of Fedora Core 6, but should apply to the 64-bit version with very little modifications as well.
I will use the following software:
  • Web Server: Apache 2.2.3
  • Database Server: MySQL 5.0.22
  • Mail Server: Postfix
  • DNS Server: BIND9 (chrooted)
  • FTP Server: proftpd
  • POP3/IMAP server: dovecot
  • Webalizer for web site statistics
In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
 

Requirements

To install such a system you will need the following:
 

Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.
 

1 Install The Base System

Boot from your Fedora Core 6 DVD or CD (CD 1).
It can take a long time to test the installation media so we skip this test here:
The welcome screen of the Fedora installer appears. Click on Next:
Choose your language next:
Select your keyboard layout:
I'm installing Fedora Core 6 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?
Next we do the partitioning. Select Remove linux partitions on selected drives and create default layout. This will give you a smalll /boot partition and a large / partition which is fine for our purposes:
We want to remove all Linux partitions (remember, this is a fresh system), so we answer Yes to the following question:
On to the network settings. The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit button at the top right. In the window that pops up uncheck Configure using DHCP and give your network card a static IP address and netmask (in this tutorial I'm using the IP address 192.168.0.100 and netmask 255.255.255.0 for demonstration purposes) Uncheck Enable IPv6 support and enable Activate on boot:
Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) and two DNS servers (e.g. 145.253.2.75 and 193.174.32.18):
Choose your time zone:
Give root a password:
Now we select the software we want to install. Uncheck Office and Productivity and check Software Development and Web server instead. Do not select Fedora Extras - on my installation it caused the installer to stop! This seems to be a bug. Then check Customize now, then click on Next:
Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web Server, Administration Tools, Base, Java, and System Tools and click on Next:
Click on Next to start the installation:
The installer asks you if you have the required installation media at hand. Click on Continue:
The installation begins. This will take a few minutes:
Finally, the installation is complete, and you can remove your DVD or CD from the computer and reboot it:
After the reboot, you will see this screen. Leave it by hitting Exit:
Now, on to the configuration...

2 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:
vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1

::1 server1.example.com server1 localhost.localdomain localhost
It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.
 

3 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this section.)
Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which looks like this:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.0.255
HWADDR=00:0C:29:11:31:55
IPADDR=192.168.0.100
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
Now we want to create the virtual interface eth0:0 with the IP address 192.168.0.101. All we have to do is to create the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 which looks like this (we can leave out the HWADDR line as it is the same physical network card):
vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
Afterwards we have to restart the network:
/etc/init.d/network restart
 

4 Configure The Firewall

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall).
Run
system-config-securitylevel
Select Disabled and press OK.
To check that the firewall has really been disabled, you can run
iptables -L
afterwards. The output should look like this:
[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 

5 Disable SELinux

SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
Edit /etc/selinux/config and set SELINUX=disabled:
vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Afterwards we must reboot the system:
shutdown -r now
 

6 Install Some Software

Now we install some software packages that are needed later on:
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++

7 Quota

To install quota, we run this command:
yum install quota
Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):
vi /etc/fstab
/dev/VolGroup00/LogVol00 /                       ext3    defaults,usrquota,grpquota        1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
Then run
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
to enable quota.
 

8 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:
yum install bind-chroot
Next, we change a few permissions and start BIND:
chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
chkconfig --levels 235 named on
/etc/init.d/named start
BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).
 

9 MySQL (5.0)

To install MySQL, we do this:
yum install mysql mysql-devel mysql-server
Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
Now check that networking is enabled. Run
netstat -tap
It should show a line like this:
tcp        0      0 *:mysql                     *:*                         LISTEN      2008/mysqld
If it does not, edit /etc/my.cnf and comment out the option skip-networking:
vi /etc/my.cnf
#skip-networking
and restart your MySQL server:
/etc/init.d/mysqld restart
Run
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
to set a password for the user root (otherwise anybody can access your MySQL database!).


Need a vacation? Get great deals to amazing places on Yahoo! Travel.

0 Comments: