Alex@Net

Installing Linux is not a complex task, you only need to follow instructions and have basic understanding of how computer software and hardware work. Of course, correct installation and maintaining of a Linux server is complex but nobody starts from administering a large datacenter - everyone starts from something smaller and here is an instruction on how to build a Debian web-server on your computer and not damage it.

If you are a software developer (like the most of my site readers), you may know that server site PHP scripts are executed by the web server and usually it is Apache. Because of these I will show how to quickly install and configure Debian Linux server with Apache and MySQL. Experimenting with a real hard disk, especially with the hard disk of your primary computer, usually is a bad idea. I recommend using some virtualization software (Virtual PC, VirtualBox, or VMWare) to install the Debian Linux on the virtual machine.

Why Debian? Because Debian is a popular Linux distribution vendor and has small install image file. I've tried to install Debian with Virtual PC, VirtualBox and VMWare and have different results on different PC. Virtual PC cannot run the Debian installer on my notebook; VirtualBox does not work on my Vista desktop. I've test VMWare Server only on my notebook and it works well, however its GUI is a little bit complex.

So let's start from downloading the Debian businesscard installation image and virtual machine manager: VirtualBox or VMWare Server or Virtual PC.

Create a new virtual machine with 256 Mb of memory and 5 Gb for dynamically expanded hard disk. Then mount downloaded ISO image in DVD drive of the newly created virtual machine and start it.

You can read more details about how to run Debian on different virtual machines in Debian Wiki: http://wiki.debian.org/SystemVirtualization.

Basic install

The first Linux screen you will see is an installation Welcome screen where you can select type of the installation and some other options. You really do not need to select something except the default option from the start, but what you really need to do is to open Debian installation guide. In the installation guide you can read a lot of useful info, but if you want to jump to installation itself you can go to Chapter 6. Using the Debian Installer. Read the introduction with attention - it contains general concepts of how the installer works.

Most of the questions the installer asks require you to select one option from several possible options. In most of these questions the default suggestion is good enough to select it. I only changed the following options:

• Computer name: playground
• Domain name: home
• Root password: type something you can remember
• Full name for the new user: user
• Username for your account: user
• Choose a password for the new user: type something you can remember
• Uncheck "Desktop environment" and "Standard system" on the "Software selection" screen.

You may also need to specify computer IP address if your network does not have DHCP configured.

After reboot system displays the boot selection screen and after 5 seconds of waiting it runs the default selection. On the login prompt you can enter the user credentials and on successful login system displays the command prompt.

Check that your system is successfully connected to the Internet and debian.org is available (you should be, because installing Debian from the business card iso requires internet connection):

playground:~# ping -c 2 debian.org
PING debian.org (194.109.137.218) 56(84) bytes of data.
64 bytes from klecker.debian.org (194.109.137.218): icmp_seq=1 ttl=47 time=56.7 ms
64 bytes from klecker.debian.org (194.109.137.218): icmp_seq=2 ttl=47 time=67.3 ms
--- debian.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1010ms
rtt min/avg/max/mdev = 56.706/62.028/67.351/5.328 ms

It is recommended that you apply latest updates on your system right after login:

# apt-get update
# apt-get upgrade --show-upgraded

And then set the hostname:

# echo "playground" > /etc/hostname
# hostname -F /etc/hostname

Secure installation

Install sudo package:

# apt-get install sudo

Add user for logging in, instead of using root account:

# adduser admin

Allow admin to use sudo by running visudo and adding 

admin ALL=(ALL) ALL

to the end of the file. This line gives admin almost all root's power.

Then change the default port for ssh connections and disable root access via ssh. To do this edit the /etc/ssh/sshd_config file as follows:

1. Open /etc/ssh/sshd_config for editing by executing "vi /etc/ssh/sshd_config".
2. Search for "Port 22" and replace 22 with another number, which is greater then 1024 and does not match any frequently used port number, such as 3306 (MySQL) or 5432 (PgSQL).
3. Set the following options:
   PermitRootLogin no
   X11Forwarding no
   UsePAM no
   UseDNS no
   AllowUsers admin

Apply changes in sshd_config:

/etc/init.d/ssh reload

And check that you can connect to your machine using new port.

Install Apache2 server

Installing apache is simple, just run the following command:

# apt-get install apache2 apache2-doc apache2-utils 

Enable some frequently used apache modules:

# a2enmod rewrite
# a2enmod expires
# /etc/init.d/apache2 restart 

Install ITK multiprocessing mode,  to run each of your vhost under a separate uid and gid:

# apt-get install apache2-mpm-itk

Setup a virtual host

To host several domains on the server, create a file with description in the /etc/apache2/sites-available/ folder for each virtual host. Please note that you should specify an IP address for each of them in the c:\windows\system32\drivers\etc\hosts file to correctly resolve domain names to their IP addresses.

For example, here is a definition file for the myprojecs domain:

<VirtualHost *:80>
  ServerAdmin alex@somedomain.com
  ServerName myprojects
  DocumentRoot /srv/www/myprojects/public_html/
  ErrorLog /srv/www/myprojects/logs/error.log
  CustomLog /srv/www/myprojects/logs/access.log combined
  <IfModule mpm_itk_module>
    AssignUserId myprojects myprojects
  </IfModule>
</VirtualHost>

It should be written to the /etc/apache2/sites-available/myprojects file.

Then create folders for this domain:

# mkdir -p /srv/www/myprojects/public_html
# mkdir -p /srv/www/myprojects/logs 

Create user and group to isolate this domain from another domains:

# adduser myprojects

Create symbolic links from /srv/www/myprojects to user's home directory:

# ln -s /srv/www/myprojects/public_html /home/myprojects/public_html
# ln -s /srv/www/myprojects/logs /home/myprojects/logs

And change the permissions:

# chown myprojects:myprojects /home/myprojects/public_html

Finally, enable the site:

# a2ensite myprojects

And ask server to reload the configuration files:

# /etc/init.d/apache2 reload

Install PHP

To install PHP support for Apache execute the following command:

# apt-get install libapache2-mod-php5 php5

You may also want install PHP PEAR, security and caching packages:

# apt-get install php-pear php5-suhosin php5-xcache php5-mcrypt

PHP has a lot of extensions that can be installed separately. For example, the following line installs GD graphics library, memcache, and mcrypt extensions:

# apt-get install php5-gd php5-memcache php5-mcrypt

Install MySQL

Install server:

# apt-get install mysql-server

The install will ask you for a password. Please note that this is a different "root" user, not the same you are logged in.

Then secure MySQL:

# mysql_secure_installation

And install MySQL support for PHP:

#apt-get install php5-mysql

Send-only Mail Server with Exim

Install Exim and mailutils:

# apt-get install exim4-daemon-light mailutils

Run configurator:

# dpkg-reconfigure exim4-config 

Select the following options:

• General type of mail configuration: internet site; mail is sent and received directly using SMTP.
• System mail name: playground.home
• IP-addresses to listen on for incoming SMTP connections: 127.0.0.1
• Other destinations for which mail is accepted: playground.home; playground; localhost
• The "Domains to relay mail for:" option is empty.
• The "Machines to relay mail for:" option is empty.
• Keep number of DNS-queries minimal (Dial-on-Demand)? <No>
• Delivery method for local mail: Maildir format in home directory
• Split configuration into small files? <No>

Test exim:

# echo "Testing Exim" | mail -s Test user@domain

Troubleshooting

Booting Debian installer in Virtual PC may end up with the message box: "An unrecoverable processor error has been encountered. The virtual machine will reset now". Diego Muñoz is recommending to add "noapic nolapic noreplace-paravirt" to the boot line in Installer boot menu. You can access boot line by pressing the TAB button in the boot menu.

Booting the installer in Virtual PC with "noapic nolapic noreplace-paravirt" may end up with "Kernel panic - not syncing: Attempted to kill the idle task!" Silvano in the comments to Diego Muñoz's solution recommended to add the "no387 nofxsr" options to the boot line in addition to "noapic nolapic noreplace-paravirt".

Booting installed in Virtual PC with "noapic nolapic noreplace-paravirt no387 nofxsr" Debian system may end up with "No coprocessor found and no math emulation present. Giving up." error. And I do not know how to solve it, full stop here. Use another virtualization software, not Virtual PC.

If you cannot connect to your virtual machine created in VirtualBox, change networking from NAT to Bridget Adapter in virtual machine network settings.

If you have wrong characters instead of box drawing characters (pseudographics) in Debian configuration screens while connecting to the virtual machine with PuTTY over SSH, set PuTTY to interpret received data as UTF8 in Window -> Translation "Character set on received data".

If Exim does not deliver your messages, check that your provider does not block outgoing connections to 25 (SMTP) port by executing "telnet somedomain 25". Install the telnet package if it is not installed by executing "apt-get install telnet".