DEDICATED SERVER HANDBOOK™ Second Edition
A Beginner’s Guide to Setting Up A Dedicated Server LINUX Edition Congratulations on your decision to set yourself up with your own dedicated server. One of the main factors that turns people off from getting their own dedicated server is the overhead involved of setting up all of the various services around it. This guide is designed to counter this factor by providing a simple step-by-step process to getting yourself set up - with free tools wherever possible. We’ll cover important topics, including: • • • • • •
BIND DNS Server The Apache Webserver PHP & CGI MySQL Database Sendmail & Postfix Mail Servers and more!
In addition to this eBook, there are several companion videos where you can watch over my shoulder as I implement the techniques mentioned in this book. I hope to help you make the most out of your new dedicated server, without having to drive yourself nuts!
Issac G ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-=`~!@#$%^&*()_+,./<>?[]\{}|
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Table of Contents Table of Contents ...................................................................................................................... 2 Disclaimer ............................................................................................................................. 3 Introduction ............................................................................................................................... 4 Why Dedicated? .................................................................................................................... 4 Dedicated or Virtual Dedicated? ........................................................................................... 4 Links in this book.................................................................................................................. 5 Chapter 1 – Domains ................................................................................................................. 7 Getting Your Domain............................................................................................................ 7 Introduction to Domains and DNS ........................................................................................ 9 Chapter 2 – The Webmin Control Panel ................................................................................. 10 Getting Started With Your New Server .............................................................................. 10 Installing Webmin ............................................................................................................... 14 Binary Install (Recommended) ........................................................................................... 16 Debian Based Binary Install................................................................................................ 17 RedHat Based Binary Install ............................................................................................... 19 Manual Install (Not For the Faint of Heart) ........................................................................ 21 Post-Install Configuration of Webmin ................................................................................ 24 Chapter 3 – DNS ..................................................................................................................... 32 Introduction to DNS Servers ............................................................................................... 32 Configuring DNS with Bind ............................................................................................... 34 Using a 3rd Party DNS Provider .......................................................................................... 41 Chapter 4 – Users & FTP ........................................................................................................ 43 Users ................................................................................................................................... 43 SFTP ................................................................................................................................... 47 Normal FTP......................................................................................................................... 49 No FTP ................................................................................................................................ 52 Chapter 5 – The Webserver ..................................................................................................... 53 The Apache Webserver ....................................................................................................... 53 Preparing The Web Root..................................................................................................... 54 Configuring a VirtualHost inside Apache ........................................................................... 56 Installing Perl/CGI .............................................................................................................. 59 Installing PHP ..................................................................................................................... 60 Secure (HTTPS) VirtualHosts............................................................................................. 62 Chapter 6 – Database ............................................................................................................... 68 MySQL ............................................................................................................................... 68 Configuring MySQL using Webmin ................................................................................... 68 Installing phpMyAdmin ...................................................................................................... 72 Configuring MySQL using phpMyAdmin .......................................................................... 76 Chapter 7 – Email .................................................................................................................... 81 How Email Works ............................................................................................................... 81 Configuring Sendmail ......................................................................................................... 82 AntiVirus Scanning ............................................................................................................. 87 Configuring MX Records for Incoming Mail ..................................................................... 92 Anti-Spam Techniques: SPF ............................................................................................... 93 Chapter 8 – Log-File Analysis ................................................................................................ 96 Webalizer ............................................................................................................................ 96 Creating a Server-Wide Report ........................................................................................... 97 Creating a Per-Website Report.......................................................................................... 101
Page 2 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Disclaimer The information contained in this material (including but not limited to any manuals, CDs, recordings, screenshots, MP3s or other content in any format) is based on sources and information reasonably believed to be accurate as of the time it was recorded or created. However, this material deals with topics that are constantly changing and are subject to ongoing changes RELATED TO TECHNOLOGY AND THE MARKET PLACE AS WELL AS LEGAL AND RELATED COMPLIANCE ISSUES. Therefore the completeness and current accuracy of the materials cannot be guaranteed. These materials do not constitute legal, compliance, financial, tax, accounting, or related advice. The end user of this information should therefore use the contents of this program and the materials as a general guideline and not as the ultimate source of current information and when appropriate the user should consult their own legal, accounting or other advisors. Any case studies, examples, illustrations are not intended to guarantee, or to imply that the user will achieve similar results. In fact, your results may vary significantly and factors such as your market, personal effort and many other circumstances may and will cause results to vary. THE INFORMATION PROVIDED IN THIS PRODUCT IS SOLD AND PROVIDED ON AN "AS-IS" BASIS WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, OF ANY KIND WHETHER WARRANTIES FOR A PARTICULAR PURPOSE OR ANY OTHER WARRANTY. IN PARTICULAR SELLER SHALL NOT BE LIABLE TO USER OR ANY OTHER PARTY FOR ANY DAMAGES, OR COSTS, OF ANY CHARACTER INCLUDING BUT NOT LIMITED TO DIRECT OR INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, OR OTHER COSTS OR DAMAGES, IN EXCESS OF THE PURCHASE PRICE OF THE PRODUCT OR SERVICES. THESE LIMITATIONS MAY BE AFFECTED BY THE LAWS OF PARTICULAR JURISDRICTIONS AND STATES AND AS SUCH MAY BE APPLIED IN A DIFERENT MANNER TO A PARTICULAR USER. THE RIGHT TO EVALUATE AND RETURN THIS PRODUCT IS GUARANTEED (PLEASE REFER TO THE TERMS OF THE GUARANTEE). THEREFORE IF THE USER DOES NOT AGREE TO ACCEPT THE PRODUCT OR SERVICES ON THESE TERMS, THE USER SHOULD NOT USE THE PRODUCTS OR SERVICES. INSTEAD, THE PRODUCT AND ALL RELATED MATERIALS SHOULD BE RETURNED IMMEDIATELY TO THE SELLER AND THE USER'S MONEY WILL BE REFUNDED. IF THE USER DOES NOT RETURN THE MATERIALS AS PROVIDED UNDER THE GUARANTEE, THE USER WILL BE DEEMED TO HAVE ACCEPTED THE PROVISIONS OF THE DISCLAIMER.
Page 3 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Introduction Why Dedicated? First, let’s tackle the basics: Why would you want a dedicated server, rather than getting a shared hosting account? There are several advantages and disadvantages to each. The primary advantage of having your own dedicated server is the ultimate level of control that you have. Having said that, the primary disadvantage of having your own server is also the ultimate level of control that you have. What do I mean by that? You have the power to set up anything you (or your programmers) need to set up to get the most out of your website or service. You don’t have to deal with compatibility issues or supported software which is a common limitation of shared hosting providers. You don’t have to share resources with other clients (so some other client with a screwy site won’t bring down your website with it). You can do whatever you want, however you want, whenever you want. The absolute utopia of any webmaster and of every freelance programmer. The flip side is that you need a deeper understanding in how web servers work and how to set one up, since you’re completely responsible for making sure that everything works right. This level of responsibility is usually the reason that most people decide it’s just not worth the money or hassle to have the control. Hopefully, with the help of this guide that will become a non-issue.
Dedicated or Virtual Dedicated? There are 2 popular types of dedicated hosting packages out there today. Dedicated servers and Virtual Dedicated Servers (also know as Virtual Private Servers or VPS servers, and sometimes referred to as cloud computers). The former as pretty straightforward: you get a computer – much like the one you’re using to read this – installed with either a Linux or a special Server version of Microsoft windows. The computer is located in your hosting provider’s collocation facility, with many other customers’ computers, and hooked into their (usually) hi-speed internet lines. A virtual dedicated server isn’t really a physical computer at all. It’s basically a hybrid between shared hosting and dedicated servers. The way it works is that your hosting provider starts with a big powerful server, and then slices that into smaller computing units, using a special piece of software. Each computing unit gets its own Page 4 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
independent operating system and IP address and is kept separate from the others (and from the host computer). The result is that you get the flexibility and control of having administrator (or root) control over your server and software, and it’ll (usually) be priced cheaper than your own hardware. Until recently, you’d usually get a lot less resources (CPU, RAM and disk-space, not to mention I/O access times) than you would with your own real dedicated hardware. However, with the advent of cloud computing services like Amazon EC2, this is no longer such a concern. Think of it as the difference between getting a slice of pizza with onions and mushrooms, versus getting your own personal sized pizza with the same. If you get the slice, others might get some of your toppings and you might get some of theirs. You might get a slightly bigger or slightly smaller piece, depending on how well they slice the pie, and you might have to get it heated up before it’s served to you. It’s basically what you want, but it’s shared by its nature and it might show. That’s what a VPS is – a slice of the server that the hosting company has in place. You’ll get whatever toppings you want, and you have complete freedom to eat it any way you want, but it came from a “generic” pie made with the intention of serving it to multiple customers. A dedicated server is your own pie – you can definitely get a personal sized one for a cheaper price, or a whole pie if you need that much, but whatever you get, it will be made especially for you and serve your exact needs. It’ll also usually always be a tad more expensive, yet not necessarily as much as people tend to assume. You can find some great VPS solutions from my own private label hosting company at http://www.thededicatedserverhandbook.com/hosting.php where I set up a great deal for beginners: as a valued customer, choose ANY plan, and I'll give you a full week free hosting. You don't even need to pay in advance for this; just choose what server you want, and I'll only start charging after a week. That's my free gift to you to help you get the best out of this book! We’ve also got links to dedicated hosting and shared hosting providers, and you can use the contact form to request custom-built servers that match your needs. The servers offered come preequipped with Webmin and are fully compatible with the software packages that we’ll be covering in the book.
Links in this book Page 5 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
If you haven’t already noticed, this eBook is full of useful links to a lot of the services, products and providers that we mention. You may have also noticed that many of these links apparently go to our companion website, cheapdedicatedservers.biz. The reason for this is that we’ve spent a lot of time looking into the best and most affordable solutions that you can use. However, the Internet is a volatile environment and these things can change fast. While the bulk of the information provided in this book will last for a while (and when it’s painfully outdated, we’ll probably release a 3rd edition to deal with that), the deals and sites mentioned may go a lot faster. In order to present you with the best service providers and the best prices, we set these links to go through our website so that we can update them for you in real time so even a year from now, you’ll still be able to use them and rest assured that you’re getting the best deals that the Net has to offer (that we know of, anyway). While we won’t make any guarantees or warrantees about that, we do invite you to email us at newdeals@thededicatedserverhandbook.com if you find something bigger and better than what we offer, and if we agree with you, we’ll update our links for everybody.
Page 6 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 1 – Domains Getting Your Domain Having decided to get a server, our first step into getting up and running is to purchase our own domain. Many shared hosting companies include this in their deals, which usually have 2 major disadvantages to you. The first, and of less concern, is that they’re probably making money off of you; there’s no such thing as a free domain, and if you’re getting one, they’re paying for it; if they’re paying for it, you can assure that they’re charging you for it somewhere along the way. The second, and more problematic, concern is that many times, the hosting provider will register the domain in their name, not yours. This means that an unethical hosting provider could lure you into hosting with them and hold you hostage, once you’ve signed up, with the domain. Since the domain is registered to them, and not you, if you want to leave, they can bring down your entire website by refusing to give you your domain, or point it to your new hosting provider. Since it’s legally registered in their name, there’s nothing you can do to combat that. To get around this issue, it’s important to buy your own domains yourself. Once upon a time, this used to be a potentially expensive hassle, but these days it’s really simple! My personal favorite is to register at GoDaddy. The process is very simple, and I’ll run through it quickly here. On the GoDaddy Homepage you’ll find a search box – simply enter the domain that you want, click Go!, and it will tell you whether the domain you want is available or not.
Page 7 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Once you have found an available domain you can click the “Continue” button to proceed. At this point they may offer you matching domains, if there are available. This is up to you to decide if you need or not, and really isn’t a subject for this particular guide. On the following screen, you’ll be prompted to enter your details, if you’re a new customer. For returning customers they’ll fill in all of the information for you. It’s important to note that legally, this information must be accurate, and will be publicly available (though I’ll tell you how to get around the latter in a bit). Following that they’ll offer you all sorts of extras, most of which you probably don’t need (but you’re welcome to see for yourself). At the checkout screen there are a couple of things worth pointing out: first is that by default they’ll register your domain for two years (you may want less; you may want more. Again, I’m just pointing it out, not telling you what to opt for). Second is the offer for private registration. While not every domain supports this, the gist of the offer is that for an additional yearly fee ($9/yr or so), they’ll register the domain in your name and leave very “generic” information in the public database (and forward any inquiries made about the domain, if any happen to be made, to you as part of the service). I personally usually opt-in for this (and it’s free when you order more than 5 domains). Page 8 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Once you enter your credit card details, the purchase is instant, and you can immediately start using the domain, which brings us to our next topic: DNS.
Introduction to Domains and DNS At this point, we have a domain, which is a good (and important!) start. Now we need to tell users on the internet how to turn that domain into an IP address. To elaborate on this a little bit, a domain in itself doesn’t do anything. Registering a domain means that you control all of the information in that domain, but it doesn’t contain the information (the websites, email, etc) itself. Every computer on the internet, from servers to the computer that you’re using now, has an IP address, which is a unique numeric identifier that points to your computer. Servers need them so that computers like yours can talk to them and request information, and computers like yours need them so that the servers know who’s asking for the information and where to send the requested information back to. However, IPs are difficult to remember and keep track of (and occasionally change), whereas domains are static (they don’t change suddenly). DNS is a special type of server (actually it’s a service, not a server, to be more accurate) which has one job: to tie those easy-to-remember domain addresses to those hard-to-remember IP addresses. That way, you just need to remember the domain name; when you type it in, behind the scenes a DNS server will turn it into the appropriate IP address. When you get a dedicated server, you’ll be provided with an IP address, but nothing more, so now we need to take that IP address and the domain(s) that you got in the previous chapter and plug them all into a DNS server. While it’s possible to host your own DNS server on a dedicated server, if you’re only hosting a few (< 5) domains on the server, in my opinion it’s impractical. There are many solutions for hosted DNS. My favorite is ZoneEdit, who offer the first 5 domains hosted for free. You can use them for more, too, but at that point you might just want to do it on your own. We’re going to change topics for a bit (it was important to mention DNS now, but if you want to host DNS yourselves, we still have some work to do before we can).
Page 9 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 2 – The Webmin Control Panel Getting Started With Your New Server Now that we’re all set up with our domain, we’re ready to get started with our server. We likely received several points of information in our welcome email: • • • • • •
Username Password Primary IP OS Version Control Panel URL Mail Server
In order to simplify the set up and management process, we’re going to use a free web-based control panel, called Webmin (short for WEB adMINistration). There are several other popular control panels out there, including Plesk and cPanel, but they all cost money. Webmin is open-source software and, as such, is completely free. The first thing we want to do is find out whether or not our hosting provider already set this up for us. To do this, we’ll browse to our primary IP on port 10000, which is the default port for Webmin, using our web browser as follows: [NOTE: For this example, we’ll pretend your primary IP is 192.168.2.55. This is not a public IP address, and won’t get you the results you expect if you actually try using it, so make sure to replace it with the IP your hosting provider gave you in your Welcome Email.] So to start, browse to http://192.168.2.55:10000/ using your favorite browser. You’ll get one of three results. 1) You get an error page (like Internet Explorer can’t display the webpage). If this is the case, your ISP did not pre-install Webmin for you. No worries just continue to Installing Webmin, below. 2) You get an “Error – Bad Request” message, as shown below:
Page 10 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
In this case, the server is already running in the recommended “secure” mode, and you should replace the http:// in the URL with https:// and try again (or click the link, if your IP is displayed there, as in this example). You’ll likely get a security warning that your browser doesn’t recognize the certificate authority used to sign the certificate (in MSIE 7, it’ll look like this, and you need to click on “Continue to this website”)
Page 11 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
For the curious, this doesn’t mean that the security is in any way negotiated, or otherwise not completely secure. It only means that you didn’t shell out $35/yr or more to a Certificate Authority (like GoDaddy, GeoTrust, Thawte, Verisign or others) who pay a lot of money every year to have certificates that they provide NOT popup messages like this. However, the data between our computers and the webmin control panel will still be encrypted, which is what we really care about. Once we continue, we should get a login screen as shown in option 3, below. 3) We get a login screen which looks like the one below:
Page 12 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
The login screen might not look exactly like the one above, since different vendor-installed versions of webmin might have different “skin”s, but not to worry, the important options will be consistent regardless of the skin. At this point, you should log in using the username and password supplied in your welcome mail. In this example, my username was “user” and I got the following screen:
Page 13 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
This is the main screen inside Webmin. If you get this far, you can skip “Installing Webmin”, and continue to “Initial Server Configuration”, below.
Installing Webmin If you got a “Page cannot be displayed” error above, chances are that your hosting provider did not preinstall Webmin for you. Since Webmin is free, there’s no worry – we have 2 simple options. The first, obviously, is to ask our hosting provider to install it for us. If they can’t, won’t or otherwise give an option that you don’t like, we can easily install it on our own. As of the time of this writing, the current version of Webmin is 1.530 and all names, paths, URLs, etc will reflect that. However, you can always visit their homepage at http://www.webmin.com/ to get the up-to-date version (links to the downloads are on the top-left) To start, we’ll need an SSH (Secure SHell) client to get a command shell on our server. If you don’t have an SSH client already, you can get a free one at Page 14 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
http://mirror.mirimar.net/putty/download.html [if you use this, please consider making a donation to the mirror maintainer, by browsing to http://mirror.mirimar.net/ and clicking “Make a donation to help support this mirror site”] Download putty.exe (or whichever package is good for your current home PC) and run it on your PC – it doesn’t need an installer. You’ll be greeted by the following screen:
Enter your IP address as shown above, ensure that SSH is selected (unless your welcome email specifically mentioned to use Telnet, in which case select that and make sure to install SSH later). You’ll probably get a prompt like this one:
Page 15 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Just click “Yes”. When prompted enter your username and password, and you’ll get a screen similar to the one below:
Now we want to download and install webmin. To do this, we’ll need administrative privileges. If you logged in as username root you already have them and you’ll have a # instead of the $ (to the left of the little green block as shown above). If you don’t, we’ll use a utility called sudo (or Super User DO) to run with administrative privileges.
Binary Install (Recommended) Page 16 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
There are 2 types of binary installers available. One for DEB based package managers and one for RPM based package managers. RedHat variants (SuSe, CentOS, Fedora, etc) tend to use RPMs, while Debian variants (Ubuntu, Knoppix, etc) use the DEB format. If you don’t know what you have, try the Debian way first, and then if things look very different than from what you see in the screenshots, go for the RedHat way. In either case, we’re going to have to first install the Webmin package from the Webmin website, and then let our package manager install the package and any prerequisites. This sounds a lot harder than it actually is, so let’s just get into doing it.
Debian Based Binary Install First, we’ll download the package by running the following command: wget http://prdownloads.sourceforge.net/webadmin/webmin_1.530_ all.deb
Page 17 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Next, we’ll tell the package manager about the package by attempting to install it. At this point, we’ll need administrative privileges. If you logged in as root, you can omit the sudo in the following commands. If not, the first time you run sudo it will reprompt you for your password as a security measure. sudo dpkg –i webmin_1.530_all.deb
If we have all of the necessary prerequisites, this will install Webmin for us. In my example, there are still prerequisites, which we’ll now ask our package manager to update the list of available packages and install any missing prerequisites needed by Webmin (Note: we could not have done this in one step above, since our package manager didn’t know about our Webmin package until just now). sudo aptitude install webmin This will offer to install the missing packages (and may notify you of other packages pending update - we’ll get to those soon). Just type Y (or press enter) when prompted.
Page 18 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
This should install the necessary prerequisites and start up the Webmin server on the default port 10000. You’ll be able to login with your existing username and password
RedHat Based Binary Install The RedHat install process is somewhat simpler than its Debian counterpart since the package installer and package manager are more tightly integrated. First, we’ll fetch the package (RPM actually has an HTTP client builtin so we could theoretically download and install in one command, but this has occasionally made problems – to avoid those, we’ll just do it in 2 steps). Page 19 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
wget http://prdownloads.sourceforge.net/webadmin/webmin1.530-1.noarch.rpm
Now we’ll install it (and all prerequisites) in one shot: rpm -ivh webmin-1.530-1.noarch.rpm
Page 20 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
This should install the necessary prerequisites and start up the Webmin server on the default port 10000. You’ll be able to login with your existing username and password.
Manual Install (Not For the Faint of Heart) First, we’ll download Webmin by running the following command: wget http://prdownloads.sourceforge.net/webadmin/webmin1.530.tar.gz
Following that, we’ll need to unpack it (same idea as unzipping): tar –zxvf webmin-1.530.tar.gz (this will produce a lot of output, showing each file as it’s unpacked) Now we’re going to install the program. If you logged in as root, you can omit the sudo in the following commands. If not, the first time you run sudo it will re-prompt you for your password as a security measure. Page 21 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
sudo sh webmin-1.530/setup.sh /usr/local/webmin This will launch the installer, as shown below:
At this point, we can just press [enter] to accept the default values for each question, if you wish. However, it’s advisable to set a port number other than 10000 (so that people can’t easily detect that you’re running a Webmin server) and you can set a username and password when prompted.
Page 22 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Now we can browse to our IP address as described earlier at http://192.168.2.55:10000/ Login using the credentials you provided; if you didn’t provide any, use username “admin” with no password. Click on “Webmin” in the navigation menu, and then on “Webmin Users”. If you set up credentials earlier, you can leave those as-is. Otherwise, we’ll use default system credentials, as follows: 1) Click on “admin”. Inside, change username from “admin” to “root” and next to password, set “Unix authentication” (see below). Then click “Save” on the bottom of the screen.
Page 23 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
2) Click on “Configure Unix user authorization”. Inside, check the box next to “Allow users who can run all commands via sudo to login as root” and click Save. This should catch you up (mostly) to the pre-installed and binaryinstall versions of Webmin.
Post-Install Configuration of Webmin Now that we’ve gotten the initial Webmin installed, we should customize it for our server and ensure that it’s secured. To start, let’s click on Webmin in the main menu and select “Webmin Configuration”. We’ll start by ensuring that Webmin is up-to-date, by selecting “Upgrade Webmin”. In the following screen select “Latest version from www.webmin.com” check “Upgrade even if” and then click the “Upgrade Webmin” button.
Page 24 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
This will check the latest version and upgrade the version installed on your machine – it may take time to download the upgrade, so be patient. Once it finishes, it may offer to install updates for your new version of Webmin. You’re encouraged to click where prompted and install those too.
Once everything’s up-to-date, return to the Webmin Configuration page, and click on “Proxy Servers and Downloads”. If your hosting provider has set you up with HTTP and/or FTP proxies (unlikely, but possible), this is the place to put them. Click Save when you’re done. If you're running an older version of Webmin, you may go back into “Proxy Servers and Downloads” and click on the Page 25 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
“Downloading” tab. In the dropdown on top you can select the closest mirror to you. This will be used by Webmin for internal downloads (like additional modules, Usermin, Virtualmin or Webmin upgrades). Again, click Save when done.
NOTE: In newer versions of Webmin, this option does not exist. Instead, webmin tries to automatically use the closest mirror. Next, select “Operating System and Environment” and ensure that the proper OS is detected (if you’re not sure, leave this alone). Next, we’re going to secure this setup of Webmin. Go to “SSL Encryption”. If all’s in readiness, you’ll see something like “The host on which Webmin is running appears to have the SSLeay Perl module installed. Using this, Webmin supports SSL encrypted communication between your browser and the server.” However, in some cases, there might be missing modules.
Page 26 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
In this case, Webmin will usually offer to try to download and install these (which you should let it do). In some cases, even this won’t work and then you should follow the instructions at http://www.webmin.com/ssl.html to set it up.
Page 27 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
If you needed to install the SSL support, go back to Webmin Configuration SSL Encryption. Ensure that “Enable SSL if available” is set to “Yes” and optionally set “Redirect non-SSL requests to SSL” (“No” will just generate a browser error if you forget the https:// in the URL later, while “Yes” will generate a link to HTTPS mode as shown earlier in the chapter”). Click Save if you made changes.
This may popup some warnings (as it will direct you to SSL mode with it’s preinstalled certificate – just continue, even if it’s “not recommended”). Go back to SSL Encryption and select the “Create Certificate” tab. I suggest selecting “Any hostname” and leaving everything else as-is. Then click “Create Now”
Page 28 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
This may (again) make more pop-ups and you’ll (again) have to “continue anyway” your way through them. You can make these errors go away by purchasing a certificate (though I don’t think its really necessary, as only you’ll see them, and as mentioned earlier, they don’t compromise security in any way) and installing it in Webmin, but being it’s not needed, I haven’t included that in this guide. Now we’re going to switch the default URL to make it harder for others to “guess” that we’re using Webmin and try to attack our server by using that knowledge. Go back to Webmin Configuration and select “Ports and Addresses”.
Page 29 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
In here, change the number 10000 (near “specific port”) to another number between 1024-19999 – I’d suggest one, but that would defeat the purpose of changing it Just use something near 10000 and you should be fine – most hackers won’t bother looking hard (and if they do, they’ll find it anyway) – so you should be fine. Then select “Don’t listen” by UDP (unless you’re setting up a cluster of centrally configured servers, this isn’t needed anyway). Finally, click save (and remember to use the new ports in the URL from now on instead of 10000). Next, we’ll want to set up the hostname of the system. This is the name it will use to identify itself by default, though you can always fine tune this for applications that care about a name (DNS, Webservers, Mail servers, etc). From the main menu, choose Networking Network Configuration. From there, click on “Hostname and DNS Clients”. There’s a textbox where you can change the hostname. Don’t touch anything else. Finally, we’ll want to make sure that our server is running the most up-to-date set of packages, so we’ll have our package manager do this. In the main menu in Webmin, select “System” and then “Software Packages”. All the way at the bottom of the page is a section “Upgrade all packages”. If there are other options, use the defaults (except that the first time you upgrade should select “Distribution Upgrade”, not “Normal Upgrade” as illustrated below), and just click the “Upgrade” button below.
Page 30 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
On RedHat based systems, you’ll simply have a single button labeled “Upgrade all Installed Packages from YUM” which performs the same function. This will almost certainly take some time, but it will ensure that your server is completely patched and up-to-date. We’re now all set to go with our web-based control panel and can start setting up various services on our shiny new server!
Page 31 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 3 – DNS Introduction to DNS Servers Now that we have a control panel set up, we can go back to addressing DNS, which we brought up earlier, but never really discussed how to actually set up. As I mentioned earlier, you have 2 basic options: do-it-yourself and host-it-elsewhere. If you have 3 (or less) domains, I suggest using ZoneEdit’s free DNS service. If you have more than 3 domains, you might as well set up your own DNS server. We’re going to start by looking at setting this up on your own server. Login to Webmin and go to Servers Bind DNS Server. If the software isn’t installed yet, you’ll get a message like the one shown below:
NOTE: On newer versions of Webmin, the link won't be in Servers BIND DNS Server, but rather in Un-used Modules BIND DNS Server. If so, just follow the link and it will download and install the DNS server software. Once installed, you should see a page like this:
Page 32 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
There are 2 types of DNS zones that we need to be concerned with at this point: Master zones and Slave zones. A Master zone is a domain for which the DNS server is responsible for and can change information for. A Slave zone is a domain for which the DNS server is responsible for, but it’s a backup copy of a Master zone on another DNS server. When you want to make changes to a domain, you’ll change the Master zone. You might have backup copies running as Slave zones on other servers, and they’ll automatically update themselves from the Master zone whenever needed. Normally, hosting providers have one Master and at least one Slave server set up. Before we can start setting up zones for our DNS server, we need to make some one-time configuration changes. First of all, we need a name for the DNS server – a good choice is dns.yourdomain.com or ns1.yourdomain.com (we say ns1 because as we just mentioned, you should be setting up at least two servers: a Master and a Slave). If you’ve ever set up shared hosting with a domain that you already own, you’ve probably gone through the process of setting up your nameservers at the domain registrar. If you want to host your own DNS server, you need to go through a one-time setup process of registering the IP addresses of your nameservers. The domain registrar will want 2 registered nameservers for every registered domain. That means you need to either set up 2 DNS servers yourself, one with the master zones and one with slaves, set up a DNS server for the master zones and use a different provider for the slaves, or
Page 33 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
admittedly, you can set up both nameservers to point to the same server, but this defeats the purpose of two (which is for failover purposes) Since a separate special list of domain to IP address mappings is needed for registering nameservers, it should only be done once per DNS server you set up. If you have multiple domains on the same server, you should choose one domain to host the “ns1” and “ns2” addresses, and then re-use those names to refer to the DNS server for all of the domains on that server. Another thing that’s needed is an administrative email account for the domain server. Classically, this would be hostmaster@yourdomain.com. This should be a real email address (though it can be a forwarding address), although honestly they aren’t used very often.
Configuring DNS with Bind We’ll start by configuring a Master zone for our fictional domain mybrandnewdomain.com. Since this is our first domain, we’ll set up ns1.mybrandnewdomain.com and ns2.mybrandnewdomain.com to be our two DNS servers for all of the domains on this server. We have 2 servers, so we’ll set up the master zones on one and the slave zones on the second. Go to Create Master Zone (towards the bottom of the above screen), and you’ll be greeted with a screen asking for the basic settings of the domain you want to configure. We’re going to set the domain name to mybrandnewdomain.com, the master server to ns1.mybrandnewdomain.com and the email address to hostmaster@mybrandnewdomain.com as shown.
Page 34 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Clicking on Create will add the empty zone to the DNS server. Now we need to set up the IP addresses for the zone. Classically, we’ll want to set up an IP address for the website on the domain and possibly specify mailservers. Since this is the first domain that we’re setting up on the server, we’ll also need to specify IP addresses for the DNS servers. We’ll start with an IP address for the domain. From the main domain screen, click on “Address”. Since there are no addresses (yet), this will just bring up a form to add a new one. We’re going to leave the name blank (since the domain will always be appended to whatever name we put there), and set the IP address for the domain to 192.168.2.55 (IMPORTANT – Like the domain we’re setting up, the IP addresses used here are fictional. You should always use the IP address(es) you get from your hosting provider!) The other fields can be left alone.
Page 35 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
After creating the record, click on “Return to record types” to return to the previous screen. Next, we’re going to set up the “www” prefix, for eventual use with our website. Since we know that the www prefix is always going to point to the same address as the one we just set up, we’re going to create a “pointer” or “alias” record, which means “use the same address as another domain name”. Click on “Name Alias”. Under name, enter “www” (same principle as before: the domain will be appended). Under Real Name, we’ll enter mybrandnewdomain.com. – Note the trailing dot at the end of this. With DNS records, we always have a trailing dot to tell the server that it’s the end of the name (otherwise, it would append the domain name again). This trailing dot notation is also known as the FQDN or Fully Qualified Domain Name.
After clicking Create, make sure that it came out the way it should: Page 36 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Since this is the first domain, we also need to set up address records for the DNS servers themselves. Let’s go back to the “Address” screen to take care of that. This time, use “ns1” for name, and enter the address of the primary nameserver, and repeat this for the second nameserver with it’s IP (as you can see, the IP address of my secondary server is 192.168.2.41 – you’ll need a real IP address of a DNS server that you can add slave zones to for this).
Although this sets up the IP addresses for the DNS servers, we have to specify that the names ns1.mybrandnewdomain.com and ns2.mybrandnewdomain.com are the authorative DNS servers for the domain. To do this, we’ll go to the “Name Server” tab (still inside the master zone). As you can see, when we created the zone, we added the ns1 address, but we still need to add the ns2 address.
Page 37 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
To add the second, leave zone name blank (it’ll auto-append the domain name) and add ns2.mybrandnewdomain.com. as the nameserver (remember the trailing dot!). Once we’ve finished with this, our master zone is ready!
To apply this to the running server, we’ll need to click the “Apply changes” button – note that the first time we must use the apply changes button on the main page, and not from inside the zone, so click on Return to Zone List and then on Apply changes (or Start Name Server, if there’s no Apply Changes). Adding a slave zone is much simpler. Just click on “Create Slave Zone” from the main page in the DNS configuration, enter the IP address of the master server and the domain name that we’re adding a zone for, and leave everything else as is.
Page 38 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
It will bring up the same zone page that we’re used to from the master zone (except you’ll notice that inside the records pages, you can’t add anything). It may take a while to update the zone settings from the master server; you can try refreshing every few moments, or clicking the “Force Update” button at the bottom to rerequest the zone from the master server.
Eventually (usually pretty fast), you’ll see the same information that you have on the master server. There’s no additional setup required. It should be notated that the standard names used to refer to the types of records that we’ve used so far are: • A records – these are the address records to map to an IP • CNAME records – these are the “alias” records • NS records – these are the records that specify the DNS servers for the domain • SOA records – although we didn’t realize it, this was created for us when we set up the new master domain (remember the nameserver and email address screen?) If you’re curious, you Page 39 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
can see the information stored in the “Zone Parameters” link towards the bottom of the zone listing). SOA stands for Start of Authority. One other type of record which we didn’t use yet is the MX (or Mail Exchange) record type, which we’ll use later when we discuss setting up email. The last thing that needs to be done is to update the nameserver records at your domain registrar. There are many registrars out there, but I’ll show you how to do it at my favorite, GoDaddy. Login to your account and go to My Domains. Click on the domain you want to edit, and you’ll get a screen like the one below:
Click on Nameservers. From here you can add the updated nameservers for the domain. You must enter at least two.
Page 40 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Before you can use your new nameservers for the first time, you need to register their IP addresses – to do this (you’ll only need to do it this once), go to Host Summary (located all the way at the bottom of the scrollable area in the lower half of the page) and click View/Modify detail. From there, you can enter ns1 and ns2 and the appropriate IP addresses. DO NOT enter WWW (or any other names other than the DNS server names) and the IP address for it – this is only used to register DNS servers. This may take up to 72 hours to take effect.
Using a 3rd Party DNS Provider Hosting with ZoneEdit will vastly simplify this process if you don’t actually need more than 3 domains (and you can always move to your own server later if you need more).
Page 41 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
First time users will need to do a quick signup (no credit card needed) and that’ll give you your first 3 domains. You can then add a master zone and A, CNAME and NS records like we did above, or a slave zone (and use your server as a master zone). There are instructions there for what to set up for the nameservers if you host by them.
Page 42 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 4 – Users & FTP Users The first thing we’ll need to do, even before getting our webserver set up, is getting at least one user account active on the server, and getting an FTP server so you can transfer files to it (for posting onto your website, for example). Before we go into how to set this up, I want to briefly introduce our options with regards to FTP. Basically, we have 3 different options to use: SFTP (or Secure FTP), normal FTP, or no FTP (and set up an alternate way of moving files to and from the server). If you’re not planning on allowing any outside access (to users other than yourself) to your server, I’d highly recommend using SFTP. If you are planning other users to access your server, my recommendation is still to use SFTP. There are plenty of free SFTP clients out there, including FileZilla, WinSCP and Cyberduck for the Mac. Many Almost every Linux distribution comes with an SFTP client out-ofthe-box.[ There are some incredible inexpensive programs too, like Fetch for the Mac.] Major web design programs, like DreamWeaver also support SFTP, so there’s no lack of client support. We’ll touch on these options again soon in greater detail, including how to implement each, but I just want you to consider your needs at this point and have an initial idea of which way you want to go. To start, we’ll set up an initial user and give him a home directory. To do this, we’ll first login to Webmin. In the main menu, select “System” and then “Users and Groups”. You’ll be greeted by a list of all existing groups and users on the server.
Page 43 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
We’re going to want to click on “Create a new user”, which will let us do exactly what it sounds like it will.
Page 44 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
(Note that different distributions will have various changes – usually in the numerical user ID on top and the Primary group at the bottom.) We’re going to set the user’s details here. The username is the username that our user will use to connect to the server, the user ID should be left at “automatic” unless you know what you’re doing. Real name is a good place to put the user’s real name (so you know who is who) – I like to append the user’s email address to that field. The home directory should be left as is. You should set a password Page 45 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
by selecting “Normal password” and entering one in the textbox near it. Possibly the most important selection on this page is “Shell”. This determines the level of access that the new user will have to our system. For now, we’ll leave the default value, but when we get to setting up the FTP account, we’ll come revisit it. In this example, I’ve set up a user for myself using the proper default settings.
Everything else can be left pretty much as-is. Click “Create” to setup the new user, and it will show up at the end of the list.
Page 46 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Now that we know how to create system users, we’ll explore how to set them up with access to the server.
SFTP SFTP is the recommended solution, so we’ll explore that option first. SFTP support is installed by-default (it’s bundled with SSH since they work together), so there’s nothing you really need to *do* to get it set up. There is one important point, worth mentioning. Remember how we said above that SFTP is tightly knit with SSH? Well, that means that by default, any SFTP user will be able to login to the server with SSH. While that may not be a bad thing, you probably don’t want it. To remove this, we’re going to change the default shell for normal users to the SFTP-server program. This means that they can still “log in” via SSH… but only to the SFTP program, so there’s really nothing that they can do. To do this, we must find the location of the SFTP server on the server. Classically, this is /usr/lib/sftp-server for Debian-based distributions or /usr/libexec/openssh/sftp-server for RedHat-based distributions. To find the exact location, SSH to the server (as described above, in INSTALLING WEBMIN, and type find /usr -name sftp-server
Page 47 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
The above example shows the location of sftp-server on CentOS, a RedHat-based distribution. Now that we know where the sftp-server is located, we’ll need to make the user use this as their default shell, instead of the existing one. First, we’ll add it to the list of system shells as follows (use the same path as found above): sudo sh –c “echo /usr/libexec/openssh/sftp-server >> /etc/shells” Verify that it worked by examining /etc/shells by executing: tail /etc/shells
Now, go back to”Users and Groups”, and click on the user that you want to set this up for. [Don’t be alarmed that the password looks Page 48 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
weird – this is the one-way encrypted version of the password.] Under the shell dropdown, your new shell should appear. Select it and then click save.
Normal FTP If you absolutely must use FTP, we’ll need to install a FTP server. I’m going to explain how to set up the vsftp (or Very Secure FTP) server. You can find out more about this server at it’s homepage at http://vsftpd.beasts.org/ First, we’ll need to install it on the server. We’ll have our package manager do this for us. In the main Webmin menu, go to System Software Packages. Under “Install a New Package” select the last radio, which is to install from APT/YUM/EMERGE (this last word varies from system to system and is the name of your system’s package repository). In the textbox, type “vsftpd”, as shown
Page 49 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Now that we’ve installed the package, we’ll also want to install a Webmin module for managing it (since it’s not included by default). To do so, we’re going to go to the main Webmin menu and select Webmin Webmin Configuration and click on Webmin Modules. Under “Install Module” enter the URL http://provider4u.de/images/stories/DOWNLOADS/vsftpd.tar.gz (mind the caps!) and click Install Module.
After installing it, it tells you where to look for the newly added Webmin module:
If everything goes well, you’ll now have a “vsftpd” option under Servers in the main menu.
Page 50 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
To configure it, click on the “Generally” link inside (yes, we also noticed that the module author isn’t a native English speaker. So what?) Inside you can change the “Welcome Message” that people will see when connecting to the FTP server. The other options can be left as-is. Click “Save” when you finish. Next, go to “Anonymous FTP” and disable all of the selections, and “Save”. Under “Local User” select ONLY “Enable local Users” and “Local Users can Write”, and “Save” (the chroot option will give you *far* more security and is definitely, but setting up the server for it is enough of a hassle that I could write an entire book on that alone).
Finally, click “Restart vsftpd server” on the main page, and we’re done with the initial setup. As with SFTP users (above), we’ll likely want to limit the users’ access to the server, so we can either assign the SFTP shell (as shown above) to allow both FTP and SFTP, as shown below.
Page 51 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
You should now be able to use your favorite FTP client to access the server.
No FTP As mentioned above, another option is not to use FTP at all. Although I won’t go into details here, take a look at Webmin in Others File Manager.
Page 52 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 5 – The Webserver The Apache Webserver Now that we’re ready to go with a control panel, and we can upload files via SFTP, it’s time to set up our webserver – the most basic element that our site users will interact with. Most distributions come with the Apache Webserver (http://httpd.apache.org/), a free webserver built and owned by the Apache Software Foundation, and possibly the most popular webserver on the market altogether. To start setting that up, login to Webmin and in the main menu select “Servers” and then “Apache Webserver”. If it’s not installed yet, Webmin will tell us something like “The Apache server executable /usr/sbin/apache2 does not exist. If you have Apache installed, adjust the module configuration to use the correct path.” If so, it will also offer to download and install it, which you should allow it to do.
NOTE: On newer versions of Webmin, the link won't be in Servers Apache Webserver, but rather in Un-used Modules Apache Webserver. You should now have the basic configuration page, which looks something like this:
Page 53 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
You can test that apache works by clicking “Start Apache” and browsing to your IP address in a browser. If you don’t have a “Start Apache” link, it might already be running, so just try browsing to your IP address in a browser. If anything comes up, it probably worked.
Preparing The Web Root Now that we can serve something it’s time to set it up to serve what we actually want. The first thing we need to do is to actually upload some files, just like you’d do in a shared-hosting environment. Use one of the FTP methods you set up in the previous chapter to do this. Continuing on the fictional setup we’ve been using so far in this guide, we’re going to have user “margol” upload some files into a “www” directory that he makes in his home directory. This will then be used as the content for the website www.mybrandnewdomain.com. To start we’ll use FileZilla to make a www folder in our home directory and upload an index.html file there. Ensure that permissions on the directory and file are set properly. The permissions on the www directory must be 755, and on the files 644
Page 54 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Introduction to VirtualHosts and IP management Before we move on to the next step of actually setting up a VirtualHost inside Apache, it’s important to understand some of the theory behind how VirtualHosts work. Once upon a time, when the Internet was younger, IPs (remember IPs? They’re the numeric hard-to-remember addresses that DNS servers make domains point to…) were plentiful. The full IP range in existence allows for 232 IP addresses to exist. That comes out to a total of 4,294,967,296 addresses. In practice, the number is actually considerably lower. At that point the internet was nowhere near as popular as it is today – there were less users surfing and less websites to surf. Back then, the thought of every website having its own IP address wasn’t so scary; after all, there were a few billion of them out there. However, by the mid 90’s, it became apparent that within the next decade, they’d be depleted if something wasn’t done. In actuality, 2 things (well many more things, actually, but we’re going to focus on 2) were done. The first, which I’m going to gloss over, is something called IPv6 which is the next-generation IP addressing space which will support 248 (close to 300-trillion) IP addresses in its address space. For a variety of reasons, IPv6 hasn’t become as Page 55 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
popular as fast as people thought it would, but rest assured that we’ll get there. The second was a concept adopted by many protocols, including the HTTP protocol used by webservers and web browsers, called Name Based VirtualHosts. The concept was to remove the necessity for each domain (which we’ll refer to as a website, although other descriptions would be used for other protocols) to be bound to a dedicated IP address. As such, rather than just using the domain as a practicality to avoid needing to remember the correct IP address, the domain would also become an essential part of the protocol request. In doing so, we can allow many domains to share a single IP address, as the web server could distinguish which website was being requested by making use of a special protocol header which defined which domain the client wanted to receive a page from.
Configuring a VirtualHost inside Apache Now, we’ll go back to Webmin and click on “Create virtual host”. The Apache webserver can serve many websites from one server, and “Create virtual host” essentially creates a new website on the same physical machine. On the screen that shows up, we’ll select “any address” for the connection address (this is what we’ll use for normal websites. eCommerce websites, which require SSL, or any other “dedicated IP” websites will be handled differently, which we’ll explain later). Leave “Add name virtual server address (if needed)” and “Listen on address (if needed)” checked – although in this particular case they aren’t needed (and so won’t do anything), they’re very important when setting up a website on a dedicated IP address (like eCommerce or other SSL-secured websites). Port should be left as default (SSL websites will have port set to 443). For document root, we’ll enter the path of the www directory we just created. In this case, /home/margol/www. We’ll leave Allow access to this directory checked (otherwise the webserver won’t let users into the website). For servername, we’ll enter the domain name that we want this website to handle – in this case www.mybrandnewdomain.com For “Add virtual server to file” you should accept the default setting, which will be preset to wherever your package manger expects websites to be configured. For debian-based systems, this will usually be “New file under virtual servers directory /etc/apache2/sites-available”. For most other systems the above option won’t even exist, and the default will be “Standard httpd.conf” file. Either is fine.
Page 56 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
The last option, “Copy directives from” is useful if you want to clone the configuration of a virtual host that you’ve previously set up. Since this is our first website, this option isn’t really helpful now, so we’ll leave it as “Nowhere”.
Click on Create Now to add the new website to the global Apache webserver configuration. You’ll now see the new website reflected on the main page.
Page 57 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
To activate the changes, we must also click on “Apply Changes” in the upright corner. If you don’t have an “Apply changes” button, click “Start Apache”. Then browse to the new domain we set up and the contents of the index.html page should show up. If you get a “Forbidden” error, go back and make sure that permissions are set up properly for the directory and files, using your FTP client.
Thus far we have an idea of the basics of setting up a new virtual host. However, let’s see what happens when we browse to the IP address…
Wait a second – didn’t we just get rid of that? This was what we had before we put up our webpage – what’s it still doing there? If you really think over what we did just now, you’ll realize that it should certainly still belong there, and shouldn’t have been such a surprise. Why? Because we added a virtualhost for our domain, but we didn’t replace anything that was already there. What we’re seeing now is the default website. Every time Apache gets a request for a page, it analyzes the URL and compares the domain name with all of the domain names for that virtualhost. If it finds a match, it uses the virtualhost for that domain. If it doesn’t, it falls back to the default server. To change what happens for the default server, click on “Default Server” on the main Apache page. This section also configures the default settings for all websites. To change the files served for the default server, click on the virtual host which “Handles the name-based server on address *” Page 58 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Installing Perl/CGI Now that we’ve got the webserver running and understand how to set up new websites, we can discuss how to set up Perl scripts for your cgi-bin directory. If you’ve made it this far in the guide, you can rest assured that Perl is already installed on your server, as Webmin uses it extensively. What remains is learning how to set up cgi-bin directories for Apache, and installing 3rd party Perl modules. We’ll start with setting up Apache to serve files from cgi-bin. To get started, we’ll create a cgi-bin directory alongside the www directory. Remember to set 711 permissions on the directory, and 755 on all scripts. For our first example, I’ve uploaded a simple script to /home/margol/cgi-bin/hello.pl (three guesses as to what the script’s going to do ) Now we need to tell Apache to serve files from the cgi-bin directory, and also serve them as scripts (e.g., run them rather than returning the contents to the browser). To do this, we’ll go to our virtual server configuration, and click on CGI Programs. Next to CGI directory aliases, we’ll map /cgi-bin/ on the website to /home/margol/cgi-bin/ on the filesystem.
After clicking “Save”, remember to click Apply Changes. If everything was done correctly, we should now be able to browse to Page 59 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
http://www.mybrandnewdomain.com/cgi-bin/hello.pl and get the expected result:
Installing modules can be done through Webmin in 2 places. The first is through System Software Packages. Use the search feature near package install to search for the name of the module you want (replace :: with -) The second option is through Others Perl Modules, which interfaces more directly with CPAN, but may be harder to use if you need to compile modules. As a rule of thumb, it’s usually better to install packages through the system package manager than with CPAN, unless you really know what you’re doing.
Installing PHP PHP may not come preinstalled on your system, so we’ll need to use the package manager to install it. Unfortunately, the package name for what you really want is probably not as intuitive as you’d like. For Debian based systems, you’ll want to install libapache2-modphp5. For Red-Hat based systems, you’ll have an easier time; just install package php. That’s all there is to it! If everything is set up, you should immediately be able to upload PHP files to your website, and they should just work.
Note that for advanced functionality, some additional packages may be helpful. For Debian-based systems, we recommend searching apt for “php5-“ and selecting the modules you want.
Page 60 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
For RedHat based systems, search YUM for “php-“
Page 61 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
In both cases, simply install the relevant packages to your needs.
Secure (HTTPS) VirtualHosts In addition to everything we’ve already discussed about setting up VirtualHosts, there are two additional issues which must be addressed in order to set up a secure, HTTPS, website. The first is a security certificate. This is a certificate that you generate on your own which contains a private decryption key, as well as a public certificate which contains 2 elements: the first is a public one-way encryption key (which can only be decrypted with the private decryption key which you generated with it – this is known as a public/private key pair in technical jargon) and the second is an “owner tag” attached to the public key which states who the owner of the certificate is (at least the domain name it secures, and possibly information about the owner of the website). Page 62 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
The first is used for the encrypted communications, while the second is used for validating that the webserver which is using encrypted communication with us is the website we think it is (otherwise you’d know that your information was hidden from people trying to “eavesdrop” on your conversion, but would have no idea of who you were deliberately sending your sensitive information to). While the encryption is self contained within the key pair, in order to verify the identity of the “owner tag”, we rely on trusted third parties (which are the electronic equivalent of notaries), called CAs or Certificate Authorities. These trusted third parties charge between $50 a year for a very basic certificate, to over $1000 a year for more advanced certificates (like the ones that make the green bar at the top of newer browsers, called EV certificates). However, by visiting http://ssl.cheapdedicatedservers.biz/ you can get hold of a basic certificate WITH a site-seal (a special graphic provided by your CA that contains the current date-and-time and your domain which further supports the validity of your secure website) for just $13 per year! The second special consideration is a dedicated IP address. Remember how we mentioned earlier that HTTP supported Name Based VirtualHosts? There’s a slight problem using that with secure websites. The issue is that the domain which the browser is requesting (called the Host header) is encrypted in HTTPS mode, and the server can’t read it without decrypting the data. However, since the encryption key is also tied to the domain name (the server needs to know which domain is being requested in order to select the proper decryption key), we’re stuck in a catch 22 position. [There’s actually a solution out there already, called SNI, or Server Name Indication, which is an extension to the encryption protocol which allows the domain name to be sent as clear-text to get around this issue, but until it’s more widely supported by browsers and servers alike, it’s not going to be an acceptable solution for most websites.] The first step in getting set up is to get a dedicated IP from your hosting provider. Each hosting provider has their own rates for extra IPs (usually a few dollars per month). At http://www.cheapdedicatedservers.biz/ we offer extra IPs for a onetime fee of $10 per IP. The second step is to generate your public/private keypair. In order to do this, we’ll download and install a Certificate Manager module for Webmin. To do this, go to Webmin Webmin Modules, select Third party module, and enter the URL http://www.webmin.com/download/modules/certmgr.wbm.gz. Page 63 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Before we use the newly installed module, we’re need to add a directory, ssl, to our user’s home directory to store the various certificate and key files. Following our example above, we’ll call this directory /home/margol/ssl
Once you’ve done that you can go to System PKI Certificate and Key Management.
Page 64 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Click on Generate Key and Certificate Signing Request. The CSR will contain a copy of the public certificate and the “owner tag” to be sent and “notarized”, or signed, by the CA. The Key file will contain the private decryption key which will stay on our server. We’ll call the CSR filename /home/margol/ssl/www.mybrandnewdomain.com.csr and the key filename /home/margol/ssl/www.mybrandnewdomain.com.key The password can be left blank, as it’s pretty useless in this case since we’d need to provide it, in plaintext, in our Apache configuration file (or else Apache wouldn’t be able to use it). The keysize can be left at 1024 bits. The common name must contain the exact domain name which you will be securing. In our case we’ll use www.mybrandnewdomain.com (if we want to secure, say, mybrandnewdomain.com too, we’d need another certificate and another IP address, even if they were serving the same files). The rest of the fields can be left blank or with the default values, unless you plan on purchasing a more expensive certificate which certifies your physical identity (and not just the fact that you own the domain, which is all that the “basic” level certificates will certify). It’s always safe to put your real information in there in any case, as if you’re not entitled (by your CA) to have your identity validated, they’ll just remove them for you, whereas if you opt for a more expensive certificate which does validate your physical identity and Page 65 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
there’s incorrect information there (your CA will do homework to make sure that what you put there is accurate), you won’t get your certificate approved or issued.
Once you generate the CSR, you’ll need to use FileZilla to download it and send it to the CA as part of the enrollment process (each CA has a different enrollment process, but they’ll all want the CSR). Depending on the type of certificate you request, your request may take anywhere from several minutes to several days to be processed by the CA. However, once they issue you a certificate, you’ll need to save it and upload it to the server. In this case, we’ll call it /home/margol/ssl/www.mybrandnewdomain.com.crt. Now that we have both prerequisites, the public/private keypair with the certificate signed by a CA, and our extra IP address, we’re ready to set up our HTTPS VirtualHost. Go to Servers Apache Webserver, and set up a VirtualHost like we explain above, using the IP address for the secure domain (remember that the non-secure version of the website will need to be on the same IP!) and port 443. Once it’s set up, in the VirtualHost configuration page, click on SSL Options (if it doesn’t show up, return to the main module page, click on Global Configuration, select Configure Apache Modules, and click on mod_ssl and Enable Selected Modules. Then go back to the VirtualHost configuration page).
Page 66 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Inside, set Enable SSL to Yes. Under Certificate/Private key, we’ll give the path of the certificate file we got from the CA, /home/margol/ssl/www.mybrandnewdomain.com.crt. Under Private key file we’ll provide the private key we created earlier, /home/margol/ssl/www.mybrandnewdomain.com.key. Everything else can be left at their default values.
That’s it! Rather Just click Apply Changes and you can browse to your HTTPS site. Just remember that you’ll have to make configuration changes to the HTTPS-enabled and normal HTTP versions of the website separately, as they’re considered two separate VirtualHosts.
Page 67 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 6 – Database MySQL For our database, we’re going to install MySQL, and phpMyAdmin as a front-end. First, we need to install the packages by going to System Software Packages and installing mysql-server. NOTE: On newer versions of Webmin, you'll need to click on Refresh Modules (located at the bottom of the left frame) in order to see Servers MySQL Database Server in the Webmin menus after installing the package via Software Packages Once this is set up, we need to work with a front-end. Webmin comes bundled with a front-end, but phpMyAdmin is far more popular (and more advanced in terms of functionality), so we’ll cover them both.
Configuring MySQL using Webmin To access the Webmin built-in MySQL control panel, go to Servers MySQL Database Server. In this view you’ll be able to see the various databases and configuration parameters.
Page 68 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
To view tables on a specific database, we need just click on it. This will show tables and indexes separately, as can be seen below.
To create a new database with this interface, click on Create Database. On the screen that follows, we’ll set the name of the new database. For this example, we’ll set it to webmintest. Notice that we have the option to define a new table on the same screen. We’ll create a table called test1 with two fields: id and name, with id being the primary key with an auto-incrementing value, and name being a string up to 25 characters in length. To make this forwardcompatible with multi-lingual applications, we’ll use utf-8 as our default character set.
Page 69 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
If all goes well, we should see our new database with the new table inside.
Now, we’ll make a user with access to modify the content of, but not the structure of, this new database. First, we’ll create a new user. Go to the main module page and click on User Permissions. Click Create new user. On the following screen, we’ll set the username to webmintest, though the username doesn’t have to necessarily match the database name. Then we’ll set a password. Hosts can be left as Any if you want to allow remote connections to your database server, or otherwise set to localhost. Don’t select permissions at this point.
Page 70 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Now go back to the main screen and click on Database Permissions. Then click on Create new database permissions. For Databases, we’ll select the new database, webmintest. Use the same username that you set in the previous step. From Permissions, we’ll select “Select table data”, “Insert table data”, “Update table data” and “Create table data”.
Then, scroll further down and also select “Create temp tables”, “Lock tables” and “Execute”.
Page 71 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
After clicking Save, you’ll see the following:
You should now be able to write scripts that modify data in this database.
Installing phpMyAdmin Now we’ll look at phpMyAdmin. You’ll need PHP installed as a prerequisite for this (though your package manager should take care of installing that for you if you haven’t gotten around to that yet). Debian-based systems support phpMyAdmin out-of-the-box, and you can simply go to System Software Packages and install phpmyadmin. Once that’s done, just browse to http://your.primary.ip/phpmyadmin/ and you’ll be set to go.
Page 72 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
For RedHat-based systems, we’ll need to manually install this. We’ll use PuTTY as described in the instructions to manually install Webmin, above. Login to your server and download the latest version of phpMyAdmin from http://www.phpmyadmin.net/home_page/downloads.php. As of the time of this writing, the latest version is 3.3.9, which is what we’ll use for this example. Get the URL of all-languages.tar.gz and use wget to fetch it. In our case that was: wget http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin3.3.9-all-languages.tar.gz?download
Page 73 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Now, we’ll extract the package as follows: tar -zxvf phpMyAdmin-3.3.9-all-languages.tar.gz
Next, we’ll move the extracted files into our webroot. Page 74 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
mv phpMyAdmin-3.3.9-all-languages /var/www/html/phpmyadmin
NOTE: On Ubuntu systems, you'll need to move the files to /var/www instead of /var/www/html NOTE: Older versions of phpMyAdmin may need to be configured like shown below. Newer versions should work out-of-the-box.
Page 75 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
If your version of phpMyAdmin does not need to be configured, you can skip this section and continue to log in to phpMyAdmin below in section Configuring MySQL using phpMyAdmin. Otherwise, click on setup script, and then on Servers Add. You can ignore warnings about “Can not load or save configuration” and “Not secure connection”. Under server hostname, enter localhost, and set Authentication type to cookie. Leave everything else with the default values and click Add.
Now click Configuration Download and download the resulting file to your hard disk. Next, copy the file back to the server to the /var/www/html/phpmyadmin directory using whatever FTP method you set up above. You’ll need to FTP as root, not as your user. If all goes well, you can go back to the main phpmyadmin page and you’ll be able to login.
Configuring MySQL using phpMyAdmin You can login to phpMyAdmin with any MySQL user authorized to connect from localhost (or Any host). Typically, for server administration you’ll want to login as root. Page 76 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Once we’re logged in, we’ll create a new user. Click on Privileges to bring up the MySQL server privileges overview, which shows all of the users allowed to use the MySQL server.
Next, click on Add a new User. We’ll set the username to phptest, and allow the user to connect from localhost only (no remote connections). Finally, we’ll let phpMyAdmin generate and use a random password, and also automatically create a database for this user and set permissions accordingly.
Page 77 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Finally, click on Go (at the bottom right of the webpage) and our user will be created. phpMyAdmin will also show us the SQL statements it used to execute what we wanted. In this case the statements were: CREATE USER 'phptest'@ 'localhost' IDENTIFIED BY '****************'; GRANT USAGE ON * . * TO 'phptest'@ 'localhost' IDENTIFIED BY '****************' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; CREATE DATABASE `phptest` ; GRANT ALL PRIVILEGES ON `phptest` . * TO 'phptest'@ 'localhost'; Our database now appears in the Database dropdown on the left frame. Select it to switch to the main view of that database. We have no tables in it, so we’ll create one now. We’ll call it test1 and have 2 fields in it (if you don’t know exactly how many fields you’ll need, don’t worry – you’ll have the chance to add more on the next screen, and if you don’t use them all, that’s ok too).
Page 78 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
We’ll use the same schema as earlier – an auto incrementing integer as our primary id, and a varchar text description.
Click on Save (NOT Go; clicking that will add fields to the new table), and as before phpMyAdmin will output the SQL statements used and execute them.
Page 79 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
You can now write scripts that use this database with the user we just created.
Page 80 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 7 – Email How Email Works Another commonly used feature in a dedicated server is a mailserver. Actually, a mailserver needs to serve two purposes which require distinct configurations: Allow users to send mail out from the server Allow users to receive mail on the server Each of these requires different aspects of the mail configuration. Additionally, incoming mail actually also has two distinct parts to it: The ability for the server to receive, and optionally process, mail for the users The ability for users to login and access their email The mail server itself takes care of only the first. The second is achieved by either installing a POP3 or IMAP server, possibly in conjunction with a webmail interface. Handling both outgoing and incoming mail can be tricky, and as a general rule of thumb, this is probably something that you’ll want to outsource at first – both so you’re not flooded with incoming spam mail, and so that hackers can’t trivially hijack your mailserver for the purpose of sending spam mail. We recommend using GoDaddy (http://domains.cheapdedicatedservers.biz/) for your incoming email needs – plans start at just $9.99/yr (or 1 address/catch-all free with a domain purchase), and it’s by far easier than managing your own incoming mail server. They also include SMTP service so you can actually also send emails from their server. While this is highly recommended for use with your email client, it may not be a good idea for your websites to send emails from, since they actually limit you (to 250 a month, last I checked). As such, it’s a good idea to set up an outgoing-only mail server on your dedicated server to allow websites and scripts hosted on your server to send emails out, unmetered. Just a word of caution, before we begin: be very careful to keep an eye on your scripts if you do this – if someone can compromise your email-sending scripts and hijack them to send spam, it’s YOU that your ISP or hosting provider will hold responsible, not the hackers! (They usually won’t fine you or anything, but they will shut you down until you can prove to them that you’ve dealt with the matter responsibly.)
Page 81 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Often, a distribution will default to use a specific mail server – RedHat based systems tend to lean towards sendmail by default, while Debian based systems lean towards exim by default. Also, your hosting provider may install a mail server in advance. There are several popular mail server packages out there. They include: • • • • •
sendmail exim postfix qmail courier
We can’t cover every one of them, so we’ll look at sendmail & postfix and explain, in theory, what needs to be done for other mail servers too. What we want to accomplish is set up a mail server that will send all locally generated mail to anywhere, but won’t accept any mail from the outside.
Configuring Sendmail We’ll start by logging into Webmin and clicking on Servers Sendmail Mail Server. If the package is installed already, we’ll see something like this:
Page 82 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
If the software is not preinstalled, we’ll see a page like this:
In the latter case, simply click on the link to let the local package manager download and install it. Once it’s installed our first task is to click on Sendmail Options (O) to set up the basic configuration.
Page 83 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
The first option, “Send outgoing mail via host” allows us to specify an external SMTP server to use for mail delivery. If you’re not sending a lot of mail, and your hosting provider allows you to use their central SMTP server, or if you want to use GoDaddy’s SMTP service, you can set this up here. Normally, however, you’ll want to leave this set to “Deliver locally” which means that your mail server will attempt to deliver mail directly to the recipients. The second and third options, “Forward unqualified usernames to host” and “Forward mail for local users to host” can also usually be left blank. This is only really useful when you’re accepting incoming mail, and while you have many outgoing mail servers, you want to consolidate all incoming mail (for local users) on a single machine, which you’d specify here (usually the same server for both fields). Delivery mode and sort mail queue can also be left to the default values (which your distribution will have customized for optimum integration with the particular distribution). The next field, SMTP port options, is of specific interest to us because it dictates how the SMTP server will listen for connections. Rather than setting up complex rules to check where the mail is generated from and to decide whether or not to deliver the mail based on that, we’ll simply tell the SMTP server to listen only on 127.0.0.1 (only accessible from the local machine) and relay all mail. In this case, I’ve set it up as: Page 84 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1 Family=inet, Name=MSP-v4, Port=submission, Addr=127.0.0.1 However, different distributions may have slightly different setups. What’s important is to make sure that any line with Family=inet also has Addr=127.0.0.1 to ensure that we only bind to the localhost address.
The next 2 fields, “Max load average for sending/receiving” can be used to throttle the SMTP servers use in high load situations. Normally, this shouldn’t be an issue (and if it is, you should consider getting separate physical servers for the various services you run before fiddling with this). “Max child processes” defines the maximum running processes (for processing mail) that can be run simultaneously. 20 should be fine for a low load mail server. Max connections/second specifies the maximum speed which the mail server can connect to outside and which local scripts can connect to the mail server. 15 is a good value for this. The only other field of real interest is “Send error messages to”. Normally, every mail server will have a local “postmaster” email account for. The mail server will usually send all problem reports to this address. Page 85 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
If you aren’t hosting your own incoming mail and want to be notified when problems occur (such as bouncing or refused email messages), you can set this to a forwarding address which will receive these messages (in this case, I specified postmaster@mybrandnewdomain.com) to receive these alerts. Once everything is set up on this screen, simply click on “Save and Apply” at the bottom to apply the changes to the running mail server. That’s it – the rest of the sub-screens (Mail Aliases, Local Domains, etc) deal primarily with incoming mail and relaying rules, neither of which interest us. We can test this setup by creating a simple CGI or PHP script which sends mail to us. Another way of testing this is by using the mail command line utility from the shell. We can do this by connecting via PuTTY and typing mail <address>. You’ll be prompted for the message subject, followed by the message (which you can end by entering . alone on a line) and it will send the mail.
NOTE: Debian-based systems may not have the mail program (mentioned above in the section on testing your email setup) installed by default. To install it, go to System Software Packages and install the package heirloom-mailx from APT. If successful, you’ll get the email delivered to your inbox within a few minutes.
Page 86 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Postfix Modern systems are starting to use sendmail less and less, and postfix is picking up a large portion of that slack. Postfix is much easier to use and configure than sendmail. I recommend that you give it a try. To get started, go to Servers Postfix Mail Server. NOTE: On newer versions of Webmin, the link won't be in Servers Postfix Mail Server, but rather in Un-used Modules Postfix Mail Server.
As before, use the link to automatically install and pre-configure the software for you.
Page 87 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
The first thing to configure is General Options. On this page there are several points of interest.
The first, Send Outgoing Mail via host, controls how the mail server will try to deliver our mails. As mentioned before, you can select to send mails through your ISPs central mail server, or opt to have your mailserver deliver mails directly to the recipients. The second, Network interfaces for receiving mail, is also important. Despite the word “receiving” this also applies for sending. This tells the server which IP addresses to bind to to accept connections for either incoming or outgoing mails. In this case, I’ve set it to localhost, to lock down my mail server and prevent any other host on the Internet from contacting it to try to send emails through it. That’s really all you need to set up. You should now test the mail server as explained above in the section on Sendmail.
AntiVirus Scanning Another important consideration to think about when hosting your own mail server is virus scanning your mails. This is not always an issue (especially if you have full control of the emails going out of your server), but that’s not always the case so we’ll go over it briefly. We’ll use the open-source ClamAV project to scan for viruses. For Debian-based systems, getting running is a relatively simple task, since recent versions of Debian-based distributions include clamav by default in their package managers. To install on a Debian based server, go to System Software packages and Page 88 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
install the package clamav-milter from APT. This will install the ClamAV engine as well as auto-configure virus scanning for outgoing (and incoming) mails from Sendmail or Postfix (milter is sendmail’s pluggable filter API for manipulating emails, but it’s been adopted by many other leading mail servers). It will also install FreshClam, which is ClamAV’s virus-definition update engine which runs daily by default.
If you use Sendmail, you should be set to go at this point, as it will automatically “register” itself with Sendmail. However, if you use Postfix, you’ll need to tell Postfix to use it. The first thing we need to do is to reconfigure the clamav-milter program to listen to connections from Postfix somewhere other than the default location installed. Without getting too deep into the technical reasons, this is because Debian’s version of Postfix runs in something called a “chrooted environment” by default, which is incompatible with the default setup of clamav-milter. To do this, we’ll run the following command: sudo sed -i "s|/var/run/clamav/clamavmilter.ctl|inet:7357@localhost|" /etc/clamav/clamavmilter.conf Page 89 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
We can then verify that the change was successful by running: head /etc/clamav/clamav-milter.conf
Note the line MilterSocket inet:7357@localhost This means we’ve set up clamav-milter properly. Next, we need to tell Postfix where to find clamav-milter. Since Webmin doesn’t have a specific screen to do this on (yet) we’ll do it by navigating in Webmin to Servers Postfix Mail Server and selecting the Edit Config Files option. Select /etc/postfix/main.cf from the combo box on the top, click edit, go to the very end of the file and add the following lines: smtpd_milters = inet:localhost:7357 non_smtpd_milters = inet:localhost:7357
Page 90 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
After saving the file, we’ll need to go back to the shell and restart a bunch of services (or if you’re lazy, you can just reboot the server to take care of this for you ). sudo /etc/init.d/clamav-daemon restart sudo /etc/init.d/clamav-milter restart sudo /etc/init.d/postfix restart
Page 91 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
That’s all there is to it! RedHat users will also have a slightly harder time, since there’s no clamav package in the default YUM repositories. However, both Karanbir Singh and Dag Wieers maintain YUM repositories (with EXTRAs packages) which include ClamAV. To add Karanbir’s repositories to your system open a shell via PuTTY, and type nano –w /etc/yum.repos.d/kbsingh-CentOS-Extras.repo For the contents, enter the following: [kbs-CentOS-Extras] name=CentOS.Karan.Org-EL$releasever - Stable baseurl=http://centos.karan.org/el$releasever/extras/stab le/$basearch/RPMS/ gpgcheck=1 gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt enabled=1 Then save the file (Ctrl+X and then Y and then enter) [If you have trouble copy-pasting this, you can find this information archived online at http://lists.centos.org/pipermail/centos/2005July/049855.html] You should now be able to install the YUM package clamav-milter from the System Software Packages page. You should also manually install clamav-update (which is the FreshClam definitions updater) from the Software Packages page.
Configuring MX Records for Incoming Mail While setting up your incoming email accounts at a 3rd party provider, such as http://pop3.cheapdedicatedservers.biz/, is beyond the scope of this book, a quick note on how to set up the DNS MX records on our server isn’t. It’s really quite a simple procedure. Start by going to Servers Bind DNS Server (on the server hosting the master zone), and clicking on the zone we want to set up the incoming mail records for. Inside the zone, click on Mail Servers. The server name should be the FQDN (with a trailing dot at the end) of the suffix of the email addresses you want to handle mail for (e.g., the portion after the @). So mail going to user@mybrandnewdomain.com would need the name mybrandnewdomain.com. while mail for user@subdomain.mybrandnewdomain.com would need subdomain.mybrandnewdomain.com. However, a subdomain will Page 92 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
always fall back to the MX record above it, so if the above 2 FQDNs had MX records set for them and mail was sent to user@anothersubdomain.mybrandnewdomain.com, the mail server would see no MX record for anothersubdomain.mybrandnewdomain.com. but would search for, and find (and use ) the MX record for .mybrandnewdomain.com. The Mail Server and priority should be set according to the instructions you receive from your incoming mail provider; you’ll likely need to add several MX records for the domain, which will provide backup mail services should one of the incoming mail servers be unavailable at any given time. MX records will be tried starting from the lowest (0 or above) priority first, and the highest priority last. Multiple MX records with the same priority will be tried in random order.
Anti-Spam Techniques: SPF Another extremely important point which you should not overlook is configuring basic Anti-Spam techniques to identify yourself properly as a legitimate mail server for the material you’re sending out. Although there are many different frameworks in place for trying to avoid spam online, we’re going to talk about one of them SPF, or Sender Policy Framework. The SPF project was founded in 2003 and since then has become extremely popular and widely adopted. Major free web hosts, such as Yahoo and Hotmail to name a couple, implement SPF as part of there incoming anti-spam measures. The basic idea behind SPF is that since mostly all abusive e-mail messages these days carry fake or “borrowed” (though “stolen” would be a better word ) email addresses for their From address, a good way to combat this on a per-domain basis would be for the domain owner to somehow specify which email servers are allowed to send email from that domain. In order to validate that this list of mail servers comes from the authorized domain holder, rather than using a paid trusted-third-party scheme, like we do for HTTPS validation, we use a free trusted-third-party scheme: namely DNS. Since only the domain owner can control the DNS records for the domain, we can rest assured that whatever we see in the DNS records are authorized by the domain owner. [For those who are curious to know why we should bother paying trusted third parties to do this for HTTPS, the reason is basically because the information validated by the CAs can typically include more than just a certification that the certificate owner owns the domain that the certificate is registered to; whereas with SPF, that information is enough.]
Page 93 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Recent version of Webmin actually have the ability to construct SPF records in DNS automatically, so we’ll use that to set our domain up. Go to Servers Bind DNS Server (on the server hosting your master zones) and click on the domain which you want to set SPF for. Inside the zone screen, click on Sender Permitted From Records. Under Name, enter the FQDN of the domain, as explained above for MX records. Then, fill out the “questionnaire” that follows. In the first question, we’ll state whether we should send mail from the domain’s IP address (that is the IP in the A record for the FQDN we just entered). When we say “send mail from”, the intent is that the IP address in question runs the SMTP server which is trying to deliver the mail to the recipient’s mailserver. The second question allows you to automatically allow all of your incoming mail servers, as defined by your MX records, to also serve as outgoing mail servers. The third question allows any IP address that resolves to your domain to send mail; note that this relies on special PTR addresses, or reverse hostname addresses, which your hosting provider would need to set up for you. Next, you can specify additional hosts, domains, IP addresses or MX records for other domains which can be used to send mail from your domain. Finally, we need an action for other senders, which advises an incoming mail server which respects SPF what to do if it receives mail from an address @ your domain from a server that wasn’t listed above. This is an advisory field in which you tell that server what you suggest it does with that email; the server doesn’t have to listen to you, although it normally will. In this example, I’ve set mail for mybrandnewdomain.com to be sent only from the IP’s domain and the MX hosts for it. I advise mail servers to discourage mail that doesn’t come from these addresses.
Page 94 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
To activate the configuration, click Create, return to record types and click Apply Changes to update the records in the running DNS server. That’s all it takes. One last note worth mentioning is that the subject of anti-spam measures is so vast that I could dedicate an entire book just to that subject. This is a great start, but you shouldn’t walk away thinking you’ve done all that you’ll ever need to do, but on the other hand, unless you’re planning on sending massive (tens of thousands) amounts of emails per month (in which case, consider using a 3rd party provider to help out with this), there’s no need to go overboard on anti-spam techniques. Do your best, and deal with issues as they come up.
Page 95 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Chapter 8 – Log-File Analysis Webalizer Another important aspect of running your own server is the ability to generate reports of your website’s traffic. While there are lots of online tools, like Google Analytics, available today, these tools are usually fundamentally flawed as they make assumption that users will all have JavaScript, images and/or cookies enabled by default, which isn’t always the case. The reason for this requirement is that they work remotely, and are based on the ability of your user to “ping” their remote monitoring service from your various webpages. While their analytical value is enormous, and I highly suggest using them, it’s frequently helpful to also run a local analysis tool which works by scanning the logs generated by the webserver. There are several good tools out there, but it’s my opinion that if you’re already planning on using a 3rd party service, such as Google Analytics, to do your heavier lifting, a simple analyzer will do to take care of what falls between the cracks. We’re going to take a look at setting up the Webalizer log file analyzer. To start, we’ll go to Webmin and click on Servers Webalizer Logfile Analysis. If Webalizer comes pre-installed, you’ll see a screen like this:
Page 96 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
If not, you’ll see something like this:
Just follow the link to have your system package manager download and install the software.
Creating a Server-Wide Report By default, Webalizer will find and process all “global” webserver logs (which record all hits for all domains on your webserver). While this is often an important metric (and one that’s usually unavailable by a 3rd party provider like Google), it’s also important to see individual logs for the various individual websites installed on your website too. First we’ll look at how to generate logs of the global access logs. The global access log will usually be called /var/log/httpd/access.log on Debian based systems or /etc/httpd/logs/access_log on RedHat based systems. Click on the appropriate entry in the list for your system to configure the report settings.
Page 97 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
As you can see above, webalizer will try to auto-detect if you’re rotating log files and include all logfiles in it’s reports. Confirm that the files it includes are correct, and then enter the directory that you want webalizer to write the HTML output to. In this case, I’ve selected /var/www/webalizer for the server-wide report. There are several things to consider when selecting the folder to house the report. First of all, the directory must exist and be writable by the user webalizer runs as (you can configure the latter in the next field on the page on a per-report basis). In this example, we’re running as root, so there are no problems with permissions, and we’ll create the directory using PuTTY.
Page 98 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
The other important consideration is the access of these reports. Webalizer will create an index.html in the directory specified, but it’s up to you to decide if you want to configure your webserver to serve them. In this case, I don’t plan on allowing Apache to serve the file, so that’s not an issue (Webmin allows you to view the files in any case). When we go over setting this up on a per-website basis, we’ll return to how to configure Apache to serve the files if needed. Next, I selected Yes for “Always re-process log files” since these log files are being rotated and the contents frequently change. Webmin will usually know when a given entry has already been processed and not reprocess it, so no need to worry that visits will be processed and re-processed (and recorded as 2 separate hits). Lastly, you can have Webalizer run as a scheduled task to keep the reports up-to-date with no user intervention. Once everything is set up click Save to save the information. If you then click on the log file again, you’ll have a new button “Generate Report” which you can click to generate the initial report.
Page 99 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
At the bottom of this page will be a link to view the newly generated (or updated) report.
Page 100 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Creating a Per-Website Report Next, we’ll set up a separate webalizer report for a specific website only. The first thing that we’ll need to do is generate directories to house the log files and the webalizer report. We’ll use FileZilla to create these directories for the user, margol, we used earlier when we set up our webserver.
Next, we’ll go to Servers Apache Webserver to configure the webserver to write log files to the private directory for our website. Under the main Apache configuration page, select the Virtual Server entry for our website. Inside, click on Log Files.
Page 101 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Under “Access log files” select the default format, and select write to file. Under File or Program type the full pathname of the access log to create. Typically, this file is called access_log but you can name it anything you want. If you have a log file rotator, like rotatelog, installed you can select program and enter the full path to rotatelog, including the options you want to set for this log file. When you’re done, click save and then Apply on the upper right side. Then go back to Webalizer to configure the report. Notice that webalizer will automatically detect this new log file and include it in the list (if not, add it manually via the “Add new log file” link). This time, we’re going to configure webalizer to write the report to the directory we just created and run as the same user as the website (so that we can manipulate the files as that user via FTP if we want to). We’re also going to set up custom options (you’ll see why soon) and enable this to run once a week.
Page 102 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Save the settings as before, and re-click on the log file. But this time, rather than clicking on Generate Report, first we’ll click on Edit Options. In this page, we’ll tweak the name of the generated file to match our domain.
Page 103 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
After saving those options, we’ll go ahead and click Generate Report.
Page 104 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Finally, we’ll configure Apache to serve this on the website. Go back to the virtual server settings inside the Apache Webserver configuration. Under Create Per-Directory, Files, or Locations, select Directory, Exact Match and enter the directory where we stored the files.
Then select the new directory that comes up under Per-Directory options.
Then click on Access Control, and at the bottom, for Restrict Access, select Allow then Deny. Then select Allow from Action and All requests from condition. Click Save to save these settings.
Page 105 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
At the bottom of the screen, click “Return to server index” to return to the virtual server configuration. Now click on Aliases and Redirects, and on Document directory aliases, enter /webalizer/ for from and /home/margol/webalizer for to.
Page 106 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Finally, click on save and then Apply Changes. You should now be able to browse the webalizer output from your web browser.
Page 107 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format
A Beginner’s Guide to Setting Up a Dedicated Server – Second Edition
LINUX/Webmin
Page 108 Copyright © 2007, 2011 – Mirimar Enterprises, LLC – All rights reserved You may not copy, reproduce, post or forward this document in any format