Alex @ Net

Tested with: Debian Lenny, Debian Squieeze. This site, actually, was set up with it.

Installing Linux is not a complex task, you only need to follow instructions and have basic understanding of how computer software and hardware work. Of course, correct installation and maintaining of a Linux server is complex but nobody starts from administering a large datacenter - everyone starts from something smaller and here is an instruction on how to build a Debian web-server on your computer and not damage it.

If you are a software developer (like the most of my site readers), you may know that server site PHP scripts are executed by the web server and usually it is Apache. Because of these I will show how to quickly install and configure Debian Linux server with Apache and MySQL. Experimenting with a real hard disk, especially with the hard disk of your primary computer, usually is a bad idea. I recommend using some virtualization software (Virtual PC, VirtualBox, or VMWare) to install the Debian Linux on the virtual machine.

Why Debian? Because Debian is a popular Linux distribution vendor and has small install image file. I've tried to install Debian with Virtual PC, VirtualBox and VMWare and have different results on different PC. Virtual PC cannot run the Debian installer on my notebook; VirtualBox does not work on my Vista desktop. I've test VMWare Server only on my notebook and it works well, however its GUI is a little bit complex.

So let's start from downloading the Debian businesscard installation image and virtual machine manager: VirtualBox or VMWare Server or Virtual PC.

Create a new virtual machine with 256 Mb of memory and 5 Gb for dynamically expanded hard disk. Then mount downloaded ISO image in DVD drive of the newly created virtual machine and start it.

You can read more details about how to run Debian on different virtual machines in Debian Wiki: http://wiki.debian.org/SystemVirtualization.

Basic install

The first Linux screen you will see is an installation Welcome screen where you can select type of the installation and some other options. You really do not need to select something except the default option from the start, but what you really need to do is to open Debian installation guide. In the installation guide you can read a lot of useful info, but if you want to jump to installation itself you can go to Chapter 6. Using the Debian Installer. Read the introduction with attention - it contains general concepts of how the installer works.

Most of the questions the installer asks require you to select one option from several possible options. In most of these questions the default suggestion is good enough to select it. I only changed the following options:

• Computer name: playground
• Domain name: home
• Root password: type something you can remember
• Full name for the new user: user
• Username for your account: user
• Choose a password for the new user: type something you can remember
• Uncheck "Desktop environment" and "Standard system" on the "Software selection" screen.

You may also need to specify computer IP address if your network does not have DHCP configured.

After reboot system displays the boot selection screen and after 5 seconds of waiting it runs the default selection. On the login prompt you can enter the user credentials and on successful login system displays the command prompt.

Check that your system is successfully connected to the Internet and debian.org is available (you should be, because installing Debian from the business card iso requires internet connection):

playground:~# ping -c 2 debian.org
PING debian.org (194.109.137.218) 56(84) bytes of data.
64 bytes from klecker.debian.org (194.109.137.218): icmp_seq=1 ttl=47 time=56.7 ms
64 bytes from klecker.debian.org (194.109.137.218): icmp_seq=2 ttl=47 time=67.3 ms
--- debian.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1010ms
rtt min/avg/max/mdev = 56.706/62.028/67.351/5.328 ms

It is recommended that you apply latest updates on your system right after login:

# apt-get update
# apt-get upgrade --show-upgraded

And then set the hostname:

# echo "playground" > /etc/hostname
# hostname -F /etc/hostname

Add entry for your site into /etc/hosts:

127.0.0.1 localhost.localdomain localhost 
109.74.205.143 playground.alexatnet.com playground
...

Where 109.74.205.143 should be replaced with IP address of the server, playground.alexatnet.com should be replaced with fully qualified domain name of the server - it may be playground.localdomain or something like this, - playground should be replaced with the hostname of your server.

Install the ssh package (this package may already be installed) to access the machine with PuTTY:

# apt-get -y install ssh

Secure installation

Install sudo package:

# apt-get -y install sudo

Add user for logging in, instead of using root account:

# adduser admin

Allow admin to use sudo by running visudo and adding

admin ALL=(ALL) ALL

to the end of the file. To run any command that requires root privileges when you are logged in as admin, use sudo command. Like this:

$ sudo vi /etc/passwd

Then change the default port for ssh connections and disable root access via ssh. To do this edit the /etc/ssh/sshd_config file as follows:

1. Open /etc/ssh/sshd_config for editing by executing "vi /etc/ssh/sshd_config".
2. Search for "Port 22" and replace 22 with another number, which is greater then 1024 and does not match any frequently used port number, such as 3306 (MySQL) or 5432 (PgSQL).
3. Set the following options:
   PermitRootLogin no
   X11Forwarding no
   UsePAM no
   UseDNS no
   AllowUsers admin

Apply changes in sshd_config:

/etc/init.d/ssh reload

And check that you can connect to your machine using new port.

Install Apache2 server

Installing apache is simple, just run the following command:

# apt-get -y install apache2 apache2-doc apache2-utils 

Enable some frequently used apache modules:

# a2enmod rewrite expires
# /etc/init.d/apache2 restart 

Hide the Apache server signature:

# vi /etc/apache2/conf.d/security
... comment "ServerSignature On", uncomment "ServerSignature Off" ...
... comment "ServerTokens OS", create "ServerTokens Prod" ...

Install ITK multiprocessing mode, to run each of your vhost under a separate uid and gid:

# apt-get -y install apache2-mpm-itk

Setup a virtual host

To host several domains on the server, create a file with description in the /etc/apache2/sites-available/ folder for each virtual host. Please note that you should specify an IP address for each of them in the c:\windows\system32\drivers\etc\hosts file to correctly resolve domain names to their IP addresses.

For example, here is a definition file for the myprojecs domain:

<VirtualHost *:80>
  ServerAdmin alex@somedomain.com
  ServerName myprojects
  DocumentRoot /srv/www/myprojects/public_html/
  ErrorLog /srv/www/myprojects/logs/error.log
  CustomLog /srv/www/myprojects/logs/access.log combined
  php_admin_value error_log /srv/www/myprojects/logs/php.log
  php_basedir /srv/www/myprojects/public_html/:/usr/share/php:/tmp/
  <IfModule mpm_itk_module>
    AssignUserId myprojects myprojects
  </IfModule>
</VirtualHost>

It should be written to the /etc/apache2/sites-available/myprojects file.

Then create folders for this domain:

# mkdir -p /srv/www/myprojects/public_html
# mkdir -p /srv/www/myprojects/logs 

Create user and group to isolate this domain from another domains:

# adduser myprojects

Create symbolic links from /srv/www/myprojects to user's home directory:

# ln -s /srv/www/myprojects/public_html /home/myprojects/public_html
# ln -s /srv/www/myprojects/logs /home/myprojects/logs

Change the permissions:

# chown myprojects:myprojects /home/myprojects/public_html

Create php.log file:

# touch /srv/www/myprojects/logs/php.log
# chown myprojects:myprojects /srv/www/myprojects/logs/php.log

Finally, enable the site:

# a2ensite myprojects

And ask server to reload the configuration files:

# /etc/init.d/apache2 reload

Install PHP

To install PHP support for Apache execute the following command:

# apt-get -y install libapache2-mod-php5 php5

You may also want install PHP PEAR and security packages:

# apt-get -y install php-pear php5-suhosin

To install APC opcode cache use the following commands:

# apt-get -y install php-apc

And then you may want to add the file with APC stats:

# cat /usr/share/doc/php-apc/apc.php.gz | gunzip > /path/to/apc.php

where /path/to/ is the path to the some web folder, protected with the HTTP authorization.

ZendFramework can be installed with the following command:

# apt-get -y install zendframework

PHP has a lot of extensions that can be installed separately. For example, the following line installs GD graphics library, memcache, mcrypt and GNU arithmetic library extensions:

# apt-get -y install php5-gd php5-memcache php5-mcrypt php5-gmp

Hide PHP version from headers:

# vi /etc/php5/apache2/php.ini
... set expose_php to Off ...

Install MySQL

Install server:

# apt-get -y install mysql-server

The install will ask you for a password. Please note that this is a different "root" user, not the same you are logged in.

Then secure MySQL:

# mysql_secure_installation

And install MySQL support for PHP:

# apt-get -y install php5-mysql

Send-only Mail Server with Exim

Install Exim and mailutils:

# apt-get -y install exim4-daemon-light mailutils

Run configurator:

# dpkg-reconfigure exim4-config 

Select the following options:

• General type of mail configuration: internet site; mail is sent and received directly using SMTP.
• System mail name: playground.home
• IP-addresses to listen on for incoming SMTP connections: 127.0.0.1
• Other destinations for which mail is accepted: playground.home; playground; localhost
• The "Domains to relay mail for:" option is empty.
• The "Machines to relay mail for:" option is empty.
• Keep number of DNS-queries minimal (Dial-on-Demand)? <No>
• Delivery method for local mail: Maildir format in home directory
• Split configuration into small files? <No>

Test exim:

# echo "Testing Exim" | mail -s Test <type one of your emails here>

Some extra things

If you plan to build something from sources:

# apt-get -y install build-essential

To install Munin (server monitor) run the following command:

# apt-get -y install munin munin-node

And setup HTTP authorization for the directory with reports:

# htpasswd -c /etc/munin/munin-htpasswd muninreports
New password: [type password]
Re-type new password: [confirm password]
Adding password for user muninreports

where muninreports is just any name you choose to use later to access the reports. Then change settings in the configuration file:

# vi /etc/munin/apache.conf

And in this file: comment Allow from localhost 127.0.0.0/8 ::1 line, add Allow from all line and uncomment the HTTP authorization lines:

AuthUserFile /etc/munin/munin-htpasswd
AuthName "Munin"
AuthType Basic
require valid-user

Then restart the apache server:

# apache2ctl restart

Working with the server

Check the syntax of the apache configuration files before reloading a new configuration:

# apache2ctl -t

Examine virtual host configuration:

# apache2ctl -S

Get list of installed packages:

# dpkg --get-selections

Get file locations of the installed package:

# dpkg -L apache2.2-common 

Display the files of a package installed:

# dpkg --listfiles foo

Uninstal installed package (keep configuration files):

# apt-get remove foo

Completly uninstall installed package (remove configuration files too):

# apt-get --purge remove foo

Search for word in descriptions:

# apt-cache search word

See also:

• The Debian GNU/Linux FAQ - Chapter 8 - The Debian package management tools

 

Troubleshooting

Booting Debian installer in Virtual PC may end up with the message box: "An unrecoverable processor error has been encountered. The virtual machine will reset now". Diego Munoz is recommending to add "noapic nolapic noreplace-paravirt" to the boot line in Installer boot menu. You can access boot line by pressing the TAB button in the boot menu.

Booting the installer in Virtual PC with "noapic nolapic noreplace-paravirt" may end up with "Kernel panic - not syncing: Attempted to kill the idle task!" Silvano in the comments to Diego Munoz's solution recommended to add the "no387 nofxsr" options to the boot line in addition to "noapic nolapic noreplace-paravirt".

Booting installed in Virtual PC with "noapic nolapic noreplace-paravirt no387 nofxsr" Debian system may end up with "No coprocessor found and no math emulation present. Giving up." error. And I do not know how to solve it, full stop here. Use another virtualization software, not Virtual PC.

If you cannot connect to your virtual machine created in VirtualBox, change networking from NAT to Bridget Adapter in virtual machine network settings.

If you have wrong characters instead of box drawing characters (pseudographics) in Debian configuration screens while connecting to the virtual machine with PuTTY over SSH, set PuTTY to interpret received data as UTF8 in Window -> Translation "Character set on received data".

If Exim does not deliver your messages, check that your provider does not block outgoing connections to 25 (SMTP) port by executing "telnet somedomain 25". Install the telnet package if it is not installed by executing "apt-get -y install telnet".

On some computers Exim displays Cannot open main log file "/var/log/exim4/mainlog": Permission denied error message when testing email sending. It can be solved by creating /var/log/exim4 folder as follows:

# mkdir -p /var/log/exim4
# chmod 740 /var/log/exim4
# chown Debian-exim:adm /var/log/exim4
# touch /var/log/exim4/
#chown Debian-exim:adm /var/log/exim4/mainlog

VMWare Player may produce an annoying beep while booting the virtual machine. This can be fixed by adding mks.noBeep = "TRUE" instruction into "c:\ProgramData\VMware\VMware Player\config.ini" (for Windows 7) VMWare configuration file.