This tutorial provides you with a step by step configuration for a simple Linux server on how to configure server. Linux Fedora core server is chosen for this tutorial, however configuration for other distributions may vary. Fedora is free Linux distribution which is developed by Fedora Project and sponsored by Red Hat.
FIAIF Firewall
FIAIF is an open source firewall; Firewall let us close or open access to or from specific ports or IP addresses to make our server secure. If we leave all the ports open on the server hackers might use the open ports to attack to the server, so we only keep the ports open which we use, for example we keep port 80 open for apache web server. Details about ports we need to open are in the explanation of FIAIF in this document.
Apache 2.2 web server
Apache is open source software which accepts HTTP (Hypertext Transfer Protocol) requests from clients and response back using web pages such as HTML documents. So if we are going to run a web site, we need to install web server. Browser sends address to the web server; web server sends back the response to the browser and then browser display the content.
MySQL database server
MySQL is a free database server which provides database access in our server for us which we can use it in our PHP and or other software’s. So if we require in our website to have a database to store information and retrieve, or having dynamic contents such as search pages, members signup and login pages, etc… we will need to install database server.
PHP
PHP (Hypertext Preprocessor) is a scripting language which is used in the web pages. Using PHP we can have dynamic content in our web pages and also connect to our MySQL database server and load dynamic data from database in our web page.
VSFTPD FTP server
VSFTPD is a free and open source FTP (File Transfer Protocol) server which allows us to upload files to our web server. By configuring FTP server, we can enter username and password and then will be able to download and upload website content in our website. An easy way is to use windows explorer to connect to our FTP server.
Sendmail Mail server
SendMail let us to send and receive emails in our server. We can use PHP or other scripts to send emails using our mail server as well. Sendmail has SMTP (Send mail transfer protocol) to send emails and POP3 (Post Office Protocol 3) to receive emails.
PHPMyAdmin script
PHPMyAdmin make it easy to connect our MySQL database server and maintain it in a web page interface. We can easily create tables, fields, run reports and queries using phpMyAdmin.
Setting up FIAIF firewall
Installation from source
You can download tar.gz package from http://www.fiaif.net/download.php page and extract it in your server, after that by using configure & make commands we will compile and install the FIAIF firewall in our server.
# Download firewall tar.gz package into the server $ wget http://www.fiaif.net/dist/fiaif_1.21.1.tar.gz # Extract fiaif package $ tar –zxf fiaif_1.21.1.tar.gz # Change the directory into the fiaif_1.21.1 folder $ cd fiaif_1.21.1 # Configure our compile $ ./configure # Compile the package $ make # Install FIAIF firewall $ make install
Configuring IFAIF
In our firewall we need to open following ports:
Port 80 for web server
Port 21 for FTP Server
Port 22 for SSH (Remote connection to the server)
Port 25 for mail server (Send email)
Port 110 for mail server (Receive email)
We can use following syntax in the IFAIF config file (/etc/fiaif/zone.ext) to open these ports:
INPUT[0]="ACCEPT tcp www,ftp,ssh,smtp,pop3 0.0.0.0/0=>0.0.0.0/0"
Starting FIAIF Firewall
FIAIF startup script is located in the /etc/init.d folder in Fedora, so by running following command you can start FIAIF firewall service:
$ /etc/init.d/fiaif start
Setting up Apache web server
Installing Apache by building from source
Using wget command we can download the file from internet to our server, and tar –zxf extracts tar.gz files.
# Downloading apache web server source using wget command $ wget http://mirrors.enquira.co.uk/apache/httpd/httpd-2.2.11.tar.gz # Extract httpd-2.2.11.tar.gz file using tar with –zxf switch $ tar xvf httpd-2.2.11.tar.gz # Change the directory to the httpd-2.2.11 folder $ cd httpd-2.2.11 # Configure the building apache before making it, prefix is the installation directory $ ./configure --prefix= PREFIX # Compile apache $ make # Install apache $ make install
Apache Configuration
Finding httpd.conf
# Change the current directory to root to start the search from root $ cd / # Find the httpd.conf file using find command with –name switch $ find –name httpd.conf # Result: ./etc/httpd/conf/httpd.conf $ nano /etc/httpd/conf/httpd.conf
# Global Environment # Configures the Server HTTP response header ServerTokens OS # Base directory for the server installation ServerRoot “/etc/httpd” # IP addresses and ports that the server listens to Listen 80
Website configuration
# Web master email address ServerAdmin [email protected] # Hostname of the server ServerName www.example.com:80 # The default directory from which httpd will serve files DocumentRoot "/var/www/html" # this indicates which page it should display by default DirectoryIndex index.html index.htm
Virtual hosts
Here we going to setup a website and we assume our website domain name will be yourdomain.com. First we need to create a folder for our website, we will create yourdomain folder in the /home folder and also provide access to the apache user to the folder:
$ mkdir /home/yourdomain $ mkdir /home/yourdomain/www
Setting access to the www folder for our web server:
# Setting directives for /home/yourdomain/www folder <Directory "/home/yourdomain/www "> # Allow use of the directives to show directory listing # And also option to enable symbolic links Options Indexes FollowSymLinks # When the server finds an .htaccess file # it needs to know which directives declared in that file can # override earlier access information. AllowOverride All # First, all Allow directives are evaluated; #at least one must match, or the request is rejected. # Next, all Deny directives are evaluated. Order allow,deny # Apache will serve any file mapped from an URL Allow from all </Directory>
Setting up yourdomain.com virtual host in the apache:
# Designates an IP address for name-virtual hosting NameVirtualHost *:80 # Contains directives that apply only to a specific hostname <VirtualHost *:80> # Webmaster email address. ServerAdmin [email protected] # set the website home folder DocumentRoot /home/yourdomain/www # Set the server name to the domain name ServerName yourdomain.com # Setting the error log name ErrorLog logs/yourdomain.com-error_log # Identifies the log file and the log file format. CustomLog logs/yourdomain.com-access_log common </VirtualHost>
Setting up MySQL database server
Installing MySQL from source
We can download MySQL source from mysql website, compile and install it if we don’t have Yum package installer in the server. In this example we are going to install MySQL Server 5.1 in our server. Bellow you can find all commands to install. To install you can get a tar.gz package from http://dev.mysql.com/downloads/mysql/5.1.html and upload it to your server, extract it using tar –zxf command, configure, compile and install it:
Download MySQL source code from www.mysql.com/downloads
# Extract mysql source tar.gz file $ tar –zxf mysql-5.1.30-linux-i686-glibc23.tar.gz # Change the directory to the mysql source $ cd mysql-5.1.30-linux-i686-glibc23 # PREFIX is mysql installation directory $ ./configure --prefix=PREFIX # Compile mysql server $ make # Install mysql server $ make install # Create all necessary databases to controlling user access $ ./scripts/mysql_install_db
MySQL Configuration
After installation, we need to configure MySQL server. MySQL configuration file is a file called my.cnf which can be found in the /etc folder. Again we can run find command to locate my.cnf if we are not sure where it is located:
$ cd / $ find –name my.cnf #Result: ./etc/my.cnf:
After opening the configuration file we can set mysql configurations:
[mysqld] port=3306 socket=/path/to/mysql.sock # This is where mysql database files are located datadir=/var/lib/mysql # This is maximum number of connections can connect to the mysql server max_connections=500
Starting MySQL Server
After installing MySQL, we need to start mysqld which is MySQL server and does most of the works in the MySQL. To start MySQL we can run the following command:
$ /etc/init.d/mysqld start
Setting up the root password
For setting the root password, we can use mysqladmin, as we do not have any password for the root password yet, we can use the following code to set root password for the first time where NewPassword is the password we going to set for MySQL:
$ mysqladmin -u root password NewPassword
In case of we going to change the root password, we can use:
$ mysqladmin -u root –p OldPassword password NewPassword
In the above examples, OldPassword is our current MySQL root password.
Connecting to the MySQL
$ mysql -u root -p Enter password: mysql>
Creating a database
To create a database, after connecting to the mysql you can use create database command, to get a list of all available commands you can use help command. After we create a database, we may need to create a username and password and give access to that database using grant function; here you can find an example, “yourdomain” is the database name, “myuser” is username and “1234” is the password for the “myuser” username:
# Create yourdomain database using create database command $ create database yourdomain # Create myuser username and set its password to 1234 $ grant all privileges on yourdomain.* to myuser identified by ‘1234’;
Setting up PHP
In this example we are going to install PHP 5.2.8, so we can download and extract it using the following commands:
# Download php 5.2.8 source to the server $ wget http://uk2.php.net/get/php-5.2.8.tar.gz/from/this/mirror # Extract php tar.gz file $ tar –zxf php-5.2.8.tar.gz # Change the directory to the extracted PHP source directory $ cd php-5.2.8 # Install PHP on apache2 with mysql extension as well $ ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql # Compile PHP source $ make # Install PHP $ make install
Configure Apache to load PHP
To load PHP files we need to add the following line in the httpd.conf file:
# This line will load php5 module in the Apache LoadModule php5_module modules/libphp5.so # This tells apache to run .php files as with PHP <FilesMatch \.php$> SetHandler application/x-httpd-php </FilesMatch>
Configure PHP
We need to open /usr/local/lib/php.ini file to configure PHP:
# Load PHP MySQL extension # To connect to the MySQL Server extension=mysql.so # This tells PHP to send emails through our sendmail mail server sendmail_path = /usr/sbin/sendmail
Restart Apache
Once we configured httpd.conf file, we need to restart our web server.
# This command will restart apache web server $ service httpd restart
Setting up VSFTPD
VSFTPD is a secure and free FTP server for Linux and Unix.
Installing VSFTPD from source
You can download VSFTPD from ftp://vsftpd.beasts.org/users/cevans/ website, in this example, we going to install VSFTPD 2.0.7. Here you can find the commands we need to run to install it, if you going to install it through Yum package manager, it doesn’t need to download it as Yum will download and install it at a glance.
# Download vsftpd 2.0.7 to the current working directory $ wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.0.7.tar.gz # Extract vsftpd from tar.gz file $ tar –zxf vsftpd-2.0.7.tar.gz # Change the directory in the extracted vsftpd folder $ cd vsftpd-2.0.7 # Configure vsftpd source before compile $ ./configure # Compile vsftpd source $ make # Install vsftpd $ make install
VSFTPD configuration
Before we can configure our FTP server, we need to locate the configuration file, vsftpd.conf is the configuration file for VSFTPD server. We can use find command to locate the vsftpd.conf file, default location for this file is in /etc folder:
Locating the vsftpd.conf file
# change the current working directory to the root before performing find command $ cd / # Find vsftpd.conf $ find –name vsftpd.conf # Find command result ./etc/vsftpd.conf # Open vsftpd.conf in the nano editor $ nano /etc/vsftpd.conf
After Opening the configuration file we can set configurations and save, here is a proper setting for an internet website FTP configuration:
# We don’t want anonymous users can login in our website ftp for security reasons, # so we set this option to no anonymous_enable=NO # This option controls whether local logins are permitted or not, # so we set this option to Yes to allow both remote and local users local_enable=YES # We set this option to Yes to allow file uploads and modifications via FTP write_enable=YES # We don’t want anonymous users be able to upload, so we set this option to no anon_upload_enable=NO # We don’t want anonymous users be able to create folders anon_mkdir_write_enable=NO # Setting this option to NO, avoids anonymous users to do write operations on the FTP anon_other_write_enable=NO # Security Options # We don’t want anonymous users be able to access our files anon_world_readable_only=NO # This controls whether PORT style data connections use port 20 connect_from_port_20=YES
Starting VSFTPD
After configuring the ftp web server, we need to start it, we can start it as a service by typing /etc/init.d/vsftpd start command:
$ /etc/init.d/vsftpd start
Now users can login in the ftp using their username and password in the Linux, they will get access to /home/user folder after they login. For adding users we can use the following command:
$ useradd -g ftp-users -d /home/ftp-docs user1
Setting up sendmail (Mail Server)
Installing sendmail from source
To install sendmail from source, first you need to download it. To download it to your website, you can use wget command.
# Download sendmail tar.gz file to the server $ wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.2.tar.gz # Extract tar.gz file $ tar –zxf sendmail.8.14.2.tar.gz # Change the directory into the extracted folder $ cd sendmail.8.14.2 # Compile the package using Build command $ ./Build # Install sendmail $ ./Build install
/etc/mail/aliases
In aliases configuration file, we can setup virtual mailboxes; here is a possible setting for this purpose:
majid: localuser
/etc/mail/local-host-names
In this file we can set hostnames which sendmail accept as local host name. so we can write domains which sendmail will receive emails in them. So if our domain name is yourdomain.com this configuration will be:
yourdomain.com mail.yourdomain.com
/etc/mail/virtusertable
This file maps email addreses to the virtual domains and mail boxes. For example we map [email protected] email address to the majid mailbox where we defined earlier in the aliases file.
[email protected] majid
Starting mail server
Now as we setup mail server as well as hostnames we can start our mail server. To do so we can run:
$ /etc/init.d/sendmail start
Setting up phpMyAdmin script
phpMyAdmin is a free software written in PHP which make it possible to manage and handle MySQL related tasks from a website.
Download phpMyAdmin
To download phpMyAdmin, you can visit: http://www.phpmyadmin.net/ website and click on the download phpMyAdmin link and get th zip package, extract the package and upload it to your server. In this sample we will upload using ftp in our website phpmyadmin folder, so we will have:
/home/yourdomain/www/ (Our website root folder)
PHPMyAdmin(This is our phpmyadmin folder in our website root folder)
Installing phpMyAdmin
After we upload the files, when we try to view our website (yourdomain.com in this example) we will see phpMyAdmin login which we can login with mysql username and password, as we set it already in the MySQL setting, so we will login using root as username and NewPassword as password: