Lenny Install Howto

Server Howtos

Version 3.0

Aug 2010

Peter Scott

 

This document describes how to install Debian Lenny for use as a LAMP server.   It is not intended for high security end uses, but more for general development/NAS/file server type applications. You may however harden the base install.

 

The first task, is to download and burn the installer iso. With Debian constantly updating its packages there is little advantage in getting the full cd or 21cd set. Instead use one of the smaller downloads, likethe Netinstall iso. Get this from:

[http://www.debian.org/CD/netinst/]

 

Its a good idea to use a download method that supports resuming like an ftp cliient or a http download manager, or Bittorrent. Also it pays to check the md5 sum, burn it slowly and verify the burn. Linux can be fussy.

 

Old hardware

If you are using old hardware you may require a boot floopy to get the cd to boot. If if so copy these three files off the etch cd1 onto a working windows box

 

/tools/rwwrtwin.zip

/tools/diskio.zip

/install/smb.bin

 

Running rawrite and choosing sbm.bin img will create a boot floopy, which when booted will boot the cd.

 

While on this topic you dont need to worry about large HDDs in old computers, linux doesnt pay a lot of attention to bios limitations.

 

Assumptions

The following setup guide assumes the following:

  • you are comfortable working with the linux command line
  • you are initially configuring the server behind a NAT/firewall router   and a broadband connection
  • you have a dynamic WAN address
  • a dyndns domain name farm.homeip.com
  • a LAN with 192.168.0.0/24 on static IPS
  • server IP is 192.168.0.1
  • a gateway to the internet at 192.168.0.254
  • an isp with smtp server address of smtp.myisp.co.nz
  • where a user login is required you will have the username cow, password moo, email address   cow@farmblablabla.com

 

You can change these as you come across them in the guide.

 

OS Installation

 

After booting the installer cd, use the console standard install which is the default, and use the hints below to answer the questions.

 

Partitioning

Choose manual partitioning. You want to put the system on the first smallish partition and all your data on the bigger partition. You can use   symlinks to put key parts of /var onto partiton 3.

 

Part #1   4GB               /       ext3

Part #2 1GB               swap

Part #3 GB   /home ext3

 

Networking

hostname: farm.homeip.net

domain: homeip.net

 

Configure one interface for now (static):

IP address: 192.168.0.1

Netmask: 255.255.255.0

Gateway:   192.168.0.254

Dns: 192.168.0.254

 

Users

Choose a memorable but secure root password and dont forget it, plus one ordinary user. In the examples below we assume your root password of secret, and the ordinary user as cow, password moo.

 

Packages

At the task selection stage, select to use a ftp mirror. Do a base install only. Not even the std system. This ensures a lean starting point.

 

Final

Grub, yes install it on the mbr.

If you get a debconf screen for exim or other packages just click cancel, or defaults and you will configure these later.

 

That much should get you though the base installation, and you should have a login screen. Login as root.

 

CHECKS

 

Before going further double check your hostname is correct, and that your network interface is set up static (even if you installed on dhcp):

 

hostname

farm.homeip.net

hostname -s

farm

hostname -d

homeip.net

hostname -f

farm.homeip.net

 

Check these key networking files:

 

nano /etc/recolv.conf

 

nameserver 192.168.0.254

 

nano /etc/hosts

 

127.0.0.1          localhost

192.168.0.1      farm.homeip.net farm

 

nano /etc/hostname

 

farm.homeip.net

 

Test your net connection:

 

ping www.google.com

 

If no response check out :

 

nano /etc/network/interfaces

 

auto lo

iface lo inet loopback

allow-hotplug eth0

iface eth0 inet static

      address 192.168.0.1

      netmask 255.255.255.0

      network 192.168.0.0

      broadcast 192.168.0.255

      gateway 192.168.0.254

 

ifdown eth0

ifup eth0

 

Tweak bash to make a few things easier. Uncomment the syntax highlighting line and a few changes as below.

 

nano /root/.bashrc

 

//change/add

uncomment syntax highlighting lines, and:

alias ll=`ls -al`

alias cd..=`cd ..`

alias df=`df -h`

alias md=`mkdir`

alias rd=`rmdir`

 

A few extra tools:

 

aptitude install ntpdate ftpcopy modconf less

 

In Linux you dont really reboot much, but if you changed much above particuarly in the network department, nows a good time to reboot the machine.

 

reboot

 

Remote Control

 

At this stage we are done working at the actual server. Install ssh so you can continue the setup on your own workstation using a ssh client. For windows download and install Putty, and WinSCP.

 

You will use Putty to open a terminal on your windows workstation and connect to the server via your LAN. WinSCP is used to move files between your workstation and the server.

 

aptitude install openssh-server

 

Now login with Putty on port 22, address root@192blablabla.168.0.1,your root password secret. Now you have mouse cut and paste (using middle or right click) and the howto on your desktop.

 

If you really want ftp access to the box, then use proftp or vsftp.

 

aptitude install proftpd

nano   /etc/proftpd/proftpd.conf

 

//add

UseReverseDNS       off

IdentLookups         off

 

//change

TimeoutIdle          3600

TimeoutNoTransfer 3600

 

But generally youll find WinSCP capable.

 

Also bear in mind that (different to desktop use) almost everything you will do on the server, requires you to be logged in as root.   You will quickly learn how powerful root is, and how easy it is to do destructive things to the box. Knowing this, always try to work calmly and examine every command line twice before you hit enter. Have good backups.

 

Post installation

 

Aptitude refresher

Use aptitude and not apt-get becasue it has better dependecny handling.

  • aptitude search bla bla2      //search available packages from mirror (AND terms)
  • aptitude show blabla               //show pack desc
  • dpkg -l | grep bla                  //search installed packages
  • aptitude install blabl          //install pack name
  • aptitude remove blabla            //remove
  • aptitude clean                        //empty deb cache to free up disk space
  • dpkg-reconfigure blabla      //manual package configurqation

 

Remove the cd mirror by commenting it out: (below assumes NZ, choose your nearest mirror)

 

nano /etc/apt/sources.list

 

deb http://ftp.nz.debian.org/debian etch main contrib non-free

deb http://security.debian.org etch/updates main contrib non-free

  1. deb cdrom:[Debian GNU/Linux 4.0 r0 _Etch]/ etch contrib main

 

Update the base system:

 

aptitude update

aptitude upgrade

 

 

Configuring Postifx

 

aptitude install postfix

 

Yes, remove exim, and replace with Postfix. Initially at the debconf screen (but can also do this at any stage with dpkg-reconfigure postfix)

 

Select `Internet site with smarthost`

and enter the smtp address of your isp.

Enter your mail domain as farm.homeip.net

 

But afterwards fix the config files so that you have at least:

 

nano /etc/postfix/main.conf

 

myhostname = farm.homeip.net

mydomain =   farm.homeip.net

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = farm.homeip.net, localhost

relayhost = smtp.myisp.co.nz

mynetworks = 127.0.0.0/8, 192.168.0.0/24

canonical_maps =hash:/etc/postfix/canonical

 

nano /etc/mailname

 

farm.homeip.net

 

Now you have to tell postfix what to do with incoming mail and outgoing mail:

 

nano /etc/aliases

 

mailer-daemon: root

postmaster: root

nobody: root

hostmaster: root

news: root

webmaster: root

www: root

ftp: root

abuse: root

noc: root

security: root

 

root:    cow@farmblablabla.com # this should be a real isp address of yours

 

nano /etc/postfix/canonical

 

root@farmblablabla.homeip.net          cow@farmblablabla.com

apache@farmblablabla.homeip.net       cow@farmblablabla.com

www-data@farmblablabla.homeip.net       cow@farmblablabla.com

nobody@farmblablabla.homeip.net       cow@farmblablabla.com

 

In the former this makes roots mail get redrirected to your own email address, good for getting the various errors and warnings the server will generate. In the latter case, email generated by web scripts and the like will be remapped so as to appear to have come from your email address rather that something unreplyable (with possible delivery hassles) like apache@farmblablabla.homeip.net. Now finish up with:

 

postmap /etc/postfix/canonical

newaliases

/etc/init.d/postfix restart

 

Install LAMP

 

aptitude install apache2 php5 mysql-server php5-mysql

 

MYSQL Setup

Firstly, Mysql has a root password of its own. Use can use the same password as your system root if you want.

 

Login to mysql client, one database called farm, and allow access to it by user cow, password moo:

 

mysql -u root mysql -p

create database farm;

grant ALL privileges on farm.*

      to cow@localhost

      identified by `moo`;

exit;

 

 

Apache setup

First we want to create a place on your /home partition to store the webroot files.

 

rm -rf /var/www/

md -vp /home/www-data/html

ln -s /home/www-data /var/www

echo `<php print phpinfo(); ?>` > /var/www/html/index.php

chown cow:cow -R /home/www-data

 

Then configure apache virtualhost to look like so:

 

nano /etc/apache2/sites-available/default

 

NameVirtualHost *

<VirtualHost *>

      ServerAdmin cow@farmblablabla.com

      DocumentRoot /var/www/html/

      <Directory />

            Options FollowSymLinks

            AllowOverride None

      </Directory>

      <Directory /var/www/html/>

            Options Indexes FollowSymLinks MultiViews

            AllowOverride AuthConfig

            Order allow,deny

            allow from all

      </Directory>

      ErrorLog /var/log/apache2/error.log

      LogLevel warn

      CustomLog /var/log/apache2/access.log combined

      ServerSignature On

</VirtualHost>

 

 

Php setup

 

nano /etc/php/apache/php.ini

 

RegisterGlobals off

 

Lamp test

You should now have a working LAMP setup, test you have a phpinfo page as your homepage when you browse to http://192.168.0.1/ Then, check you can login to mysql from a webpage.

 

Misc

 

Cron setup

Make a start on your root cron, which you will use more in the next pages:

 

nano /root/mycron

 

50 4 * * sun    /usr/sbin/ntpdate nz.pool.ntp.org

51 4 1 * *       /sbin/hwclock -w

 

 

Nb: trap for new players, there must be a newline at the end of the last line.

 

Load cron, and view root crontab:

 

crontab /root/mycron

crontab -l

 

Perl Librarys

As a PHP budding developer youll inevitably end up needing some kind of console scripting language aswell, for cron scripts and stuff. Perl will be the easiest to pick up.

 

I usually find i need these extra libs:

 

aptitude install libwww-perl libdate-calc-perl

aptitude install libemail-mime-encodings-perl

 

Thats just a basic lamp server, with no firewall, not much security in general and isnt suitable for production use yet. But you can use it happily on your LAN for web development, NAS, media server, or keep going and install Webspaces CMS to make a multifunctional intranet server.

 

<--Etch Gateway Howto

PPPoE on Debian>--
Admin login