Installing a new webserver

From Edgar BV Wiki
Revision as of 09:11, 13 May 2013 by Red (talk | contribs)
Jump to navigation Jump to search
apt-get install mysql-server openssh-server proftpd apache2 libapache2-mod-perl2 libapache2-mod-php5 php5 php5-cli php5-ffmpeg php5-gd php5-imagick php5-mcrypt php5-mhash php5-mysql php5-xmlrpc php5-xsl php5-curl snmp snmpd iotop mtop apachetop iptstate atsar postfix popa3d shorewall vim awstats bmon nscd sshfs mc zip unzip bzip2 arj spamassassin pyzor razor ncftp rsync phpmyadmin quota ntpdate ntp vacation pdnsd

pdnsd - use resolvconf configuration

Set up networking in /etc/network/interfaces
<pre>
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
#auto eth0
iface eth0 inet static
        address 192.168.0.112
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
#       gateway 192.168.0.1
        dns-nameservers 213.75.63.36 213.75.63.70 192.168.0.1
#       dns-nameservers 192.168.0.1 192.168.0.2
#       dns-search tripnet.int internal.tripnet.int ops.tripnet.int

auto eth1
iface eth1 inet static
        address 188.204.140.195
        netmask 255.255.255.224
        network 188.204.140.192
        broadcast 188.204.140.223
        gateway 188.204.140.193
        dns-nameservers 213.75.63.36 213.75.63.70 192.168.0.1

SNMP

run snmpconf

/etc/default/snmpd get rid of 127.0.0.1

/etc/snmp/snmpd.conf should have at least the following:

 rocommunity public  default    -V systemonly
rocommunity  euhostro

to define the community and

agentAddress
agentaddress

in order to allow the daemon to listen to all IP adresses instead of only localhost

test with

snmpwalk -v1 -c euhostro localhost

then from another server:

snmpwalk -v1 -c euhostro IPADRESS

Proftpd

/etc/proftpd/proftpd.conf add

DefaultRoot                     ~/../../

For AWStats

LogFormat awstats "%t   %h      %u      %m      %f      %s      %b"
ExtendedLog /var/log/xferlog read,write awstats
TransferLog none
RequireValidShell off

Hosting scripts and directories

mkdir /home/adm_usr/webserveradmin/ -p
mkdir /opt/triphost/ -p
mkdir /opt/weblog/etc -p
mkdir /opt/weblog/src -p

copy the stuff from another webserver into these dirs and find and replace the servername in these directories.

mkdir /home/sites/servername.tripany.com/site/sitestats/ -p
mkdir /home/sites/servername.tripany.com/site/sitestats/servername.tripany.com/
mkdir /home/sites/USGP.tripany.com/logs/
mkdir /home/sites/USGP.tripany.com/sites/ftpstats
chown razor /home/sites/servername.tripany.com/site -R

Apache2

log rotation

/etc/logrotate.d/apache2

/var/log/statistics {
        daily
        missingok
        rotate 8
        compress
}

/var/log/apache2/*.log {
        prerotate
               # Run the central statistics before rotating the logs
                /opt/triphost/statisticsSERVERNAMEweb.sh
                # Then we split the logs for the virtual hosts
                /opt/triphost/apachelogsplit.sh
                # Run the individual site stats
                /opt/triphost/sitestatistics.sh
                echo "All done for the day" >> /var/log/statistics
                date >> /var/log/statistics
        endscript
        daily
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
                        /etc/init.d/apache2 reload > /dev/null
                fi
        endscript
}
touch /var/log/statistics
mkdir /var/log/apache2/virts
mkdir /var/log/apache2/awstats

apache2 conf

/etc/apache2/apache2.conf change LogFormat and add %v to the beginning of the the combined format

LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

And also check the values of

<IfModule mpm_prefork_module>
    StartServers          100
    MinSpareServers       80
    MaxSpareServers      150
    MaxClients          250
    MaxRequestsPerChild   0
</IfModule>

/etc/apache2/sites-available/default

change

ServerName IPADDRESS
DocumentRoot /home/sites/servername.tripany.com/site

and add

 Redirect /stats http://servername.tripany.com/sitestats/tripwraith.tripany.com/index.php
        Redirect /livestats http://servername.tripany.com/cgi-bin/awstats.pl?config=tripwraith
#       AliasMatch ^/mailstats(.*) /home/sites/servername.tripany.com/mailstats/awstats.servername.mail.html
        AliasMatch ^/ftpstats(.*)  /home/sites/servername.tripany.com/ftpstats/awstats.servername.ftp.html
        <Directory /home/sites/servername.tripany.com/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride Options Authconfig
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
        </Directory>

to the bottom

cp /var/www/index.html /home/sites
cp /var/www/index.html /home/sites/servername.tripany.com/site/

listvirts

/etc/apache2/listvirts (NB has to start at group 100!)

# nb make sure first site after the original starts at 100!
tripwraith.tripany.com - site0
some.site.com - site100

OLD

create /etc/apache2/sites-available/82.95.91.75 with DocumentRoot /home/sites by hand!

/OLD

create /etc/apache2/sites-available/servername.tripany.com

link it in in sites-enabled

check both sites to see if they go to different indexes.

a2enmod rewrite (or a2enmod for options list)

vi /etc/apache2/conf.d/awstats

Alias /awstatsicon/ /usr/share/awstats/icon/

Post configuration

AWStats

touch /var/log/statistics

/etc/awstats/model.conf

tar xzvf /usr/share/doc/awstats/examples/awstats.model.conf.gz
cp /usr/share/doc/awstats/examples/awstats.model.conf /etc/awstats/model.conf

Changes in the model.conf for our scripts:

LogFile="thislogfile"
SiteDomain="thissitedomain"
HostAliases="localhost 127.0.0.1 REGEX[thisdomname\.(thisdomext)$]"
DNSLookup=1
DirData="/var/log/apache2/awstats"
DirIcons="/awstatsicon"
AllowFullYearView=3
SaveDatabaseFilesWithPermissionsForEveryone=1
KeepBackupOfHistoricFiles=1
DebugMessages=1
cp /etc/awstats/model.conf /etc/awstats/awstats.servername.tripany.com.conf

Edit the following directives:

LogFile="/var/log/apache2/access.log"
SiteDomain="servername.tripany.com"
HostAliases="localhost 127.0.0.1 REGEX[servername.tripany\.(com|nl)$]"

Create the index.php file in /home/sites/servername.tripany.com/site/sitestats/servername.tripany.com/

<?
Header('Location: http://servername.tripany.com/sitestats/servername.tripany.com/awstats.zpress.tripany.com.html')
?>

Also do this for the serverIP

copy /etc/awstats/awstats.servername* (ftp / mail / web)

run the statisticsrun in /etc/logrotate.d/apache2 by hand to see how it all goes! ie.

cat /opt/triphost/statisticsSERVERNAME.sh

and run this line by line.

cp /opt/weblog/src/weblog_files/graphs/ /home/sites/USGP.tripany.com/site/webloggraphs/ -R

Firewall

Shorewall

Mail

See Installing a new mailserver

For instructions on

Postfix and Procmail, as well as Dovecot (for mail pickup), Amavis-new + ClamAV for antivirus and Roundcube webmail

NB don't forget to

postmap virtual
postmap transport

spamassassin (knowledgebase page)

webmail (knowledgebase)

change the mysql password

set up disk quotas

backup scripts