Ubuntu Server 12.04 LTS – The perfect server setup

In this how-to, I will show you how to install and configure Ubuntu Server 12.04 LTS, Apache web server, PHP and MySQL database server, and backup to Google Drive (grive). Ubuntu is one of the most common versions of the Linux server OS on the web today, with almost 35% market share. It is light and easy to manage, even for the novice. After all, you need to know about 10-15 commands to get you started with Linux OS. The rest of the knowledge will be picked up on the way. The best way of learning is learning by doing.

Download Ubuntu Server 12.04 LTS ISO file from here. Either mount the ISO file to your virtual machine or burn the ISO image to CD and boot from it. On the language selection page, select desired language and press Enter. Now select Install Ubuntu Server. Select desired language again (I know, I am confused as well), then select your location and your locale (more on the locale later in the manual). Chose keyboard layout (you will be asked to press a couple of keys). Now, will the installer check your installation media and acquire the IP address from your DHCP server. If you do not have a DHCP server, then configure IP manually and continue with the installation routine. Type in server hostname (note that hostname is ONLY the computer name itself, not the FQDN). Type in your name, username, and password. Do not select home directory encryption. Select your time zone. Select manual disk partitioning and pick your own size and mount points. I suggest always the following partitions as minimum, /root, /home, and 2 GB swap partition. Now, the installer will install the basic system. Leave the HTTP proxy blank and click Continue. Select No Automatic Updates. Select ONLY OpenSSH server from the available software list. Install GRUB boot loader on the disk. Finally, remove CD or unmount ISO and click Continue to restart your server. Once you get the login prompt, log in with the username and password you’ve created. Now we will start with the basic configuration. As the first step, we will configure root password:

# sudo -s

and once you’re authenticated as root, issue the following command:

# passwd

and pick a password for the root user.

Now we will configure the network interfaces. In this example, I will use network 10.10.10.0/8. Edit interface configuration file by issuing the following command:

# vim /etc/network/interfaces

And configure it after your needs. To start editing press I on your keyboard, to finish editing press Esc, to save and exit file press “:x” and Enter, to save file press “:w” and Enter, to exit file without saving press “:q!” and Enter.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.10.10.1
netmask 255.0.0.0
network 10.10.10.0
broadcast 10.255.255.255
gateway 10.10.10.254
dns-nameservers 10.10.10.1 10.10.10.2

Save and exit editor using the “:x” command. Now we will restart network service

# /etc/init.d/networking restart

Edit hosts file and adjust it after the network configuration:

127.0.0.1 localhost.localdomain localhost
10.10.10.1 server0.sefnet.tech server0
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now run the following command:

# echo server0.sefnet.tech > /etc/hostname
# /etc/init.d/hostname restart

Now run the following command:

# hostname
# hostname -f

The hostname command should give you the server name as result, while hostname -f should give you the server FQDN. Now we will edit apt sources list. Delete everything in the file and add the following lines. Please observe that the first command makes a backup of the sources files:

# cp /etc/apt/sources.list /etc/apt/sources.list.orig
# vim /etc/apt/sources.list

Add the following lines:

deb http://de.archive.ubuntu.com/ubuntu/ precise main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ precise main restricted
deb http://de.archive.ubuntu.com/ubuntu/ precise-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates main restricted
deb http://de.archive.ubuntu.com/ubuntu/ precise universe
deb-src http://de.archive.ubuntu.com/ubuntu/ precise universe
deb http://de.archive.ubuntu.com/ubuntu/ precise-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates universe
deb http://de.archive.ubuntu.com/ubuntu/ precise multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ precise multiverse
deb http://de.archive.ubuntu.com/ubuntu/ precise-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates multiverse
deb http://de.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu precise-security main restricted
deb-src http://security.ubuntu.com/ubuntu precise-security main restricted
deb http://security.ubuntu.com/ubuntu precise-security universe
deb-src http://security.ubuntu.com/ubuntu precise-security universe
deb http://security.ubuntu.com/ubuntu precise-security multiverse
deb-src http://security.ubuntu.com/ubuntu precise-security multiverse
# deb http://archive.canonical.com/ubuntu precise partner
# deb-src http://archive.canonical.com/ubuntu precise partner
# deb http://extras.ubuntu.com/ubuntu precise main
# deb-src http://extras.ubuntu.com/ubuntu precise main

Now update apt database

# apt-get update

Now we will install some basics

# apt-get install aptitude ntp ntpdate binutils dnsutils

After installation is complete, run the following command to update all packages:

# aptitude safe-upgrade

Once update is complete, reboot the server

# reboot

It is good security practice to change the port SSH server is running on, to do so, edit the configuration file for the SSH server and if you use the same port across all your servers then you can change the default port for the SSH client as well:

# vim /etc/ssh/sshd_config

Locate the line that reads Port 22 and change it after your needs. Save and close the file, now edit the client configuration file:

# vim /etc/ssh/ssh_config

Locate the line that reads # Port 22 and uncomment the line (remove the # from the beginning of the line) and change the port after your needs. Save and close the file. Now restart SSH server:

# /etc/init.d/ssh restart

Now you can disconnect and reconnect to the new port. The command to connect from another Linux machine is:

# ssh root@server0.sefnet.tech -p XXXXX (replace XXXXX with the port number you're using)

Now we will install and configure MySQL server OpenSSL and RKHunter. To install the software use the following command:

# aptitude install -y mysql-client mysql-server openssl rkhunter

You will be prompted with the following questions:

New password for the MySQL "root" user: Use your root password
Repeat password for the MySQL "root" user: Use your root password

Per default, the MySQL server binds ONLY to the loopback address 127.0.0.1. If you want it to bind to another address or to listen on all IP addresses on your server, edit the MySQL configuration file:

# vim /etc/mysql/my.cnf

Locate the line that reads bind-address = 127.0.0.1 and either comment the line (add the # at the beginning of the line for MySQL to listen on all IP addresses) or change the IP address to reflect your needs. Save and close the file.

Now restart the MySQL server

# /etc/init.d/mysql restart

MySQL server does only differentiate users after username and hostname combination. This being said, you can have more than one root user, actually, you can have as many as you want as long as each is configured to connect from a different host. Therefore you need one additional root user in order to connect from any host other than localhost. To create the new root user, first, connect to MySQL server:

# mysql -u root -p

You will be prompted to enter your root password

Now you are in MySQL server prompt. To create the new root user that can connect from ANY host, use the following command:

# mysql> CREATE USER 'root'@'%' IDENTIFIED BY 'any_password'
# mysql> GRANT ALL PRIVILEGES ON *.* to 'root'@'%'
# mysql> FLUSH PRIVILEGES
# mysql> exit

Now we will install SpamAssassin and ClamAV:

# aptitude install -y clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

Then we move to Apache2, PHP5, FCGI, SuEXEC, Pear, and mcrypt installation

# aptitude install -y apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-curl php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python libapache2-mod-perl2

You will be prompted with the following question:

Webserver to reconfigure automatically: Select apache2

Now we will enable some Apache modules:

# a2enmod suexec rewrite ssl actions include

Now restart Apache:

# /etc/init.d/apache2 restart

Now we will install Fail2ban security option:

# aptitude install -y fail2ban

To create an entry for the application fail2ban should monitor the use of the jail.local file located under /etc/fail2ban/

Now we need to install Grive. To do so, use the following command:

# aptitude install -y python-software-properties software-properties-common

Add additional software repository and install grive:

# add-apt-repository ppa:nilarimogard/webupd8
# aptitude update\n# aptitude install -y grive

Once the grive is installed, create the GoogleDrive folder on the desired location:

# mkdir -p /home/backup/GoogleDrive

Navigate to the directory and run the following command:

# grive -a

Copy and paste the displayed Google URL to your browser. Make sure you are logged in to your Google Drive before you paste the URL. Once authenticated, you will receive the confirmation code. Copy and paste the confirmation code to prompt on your server. Now you can create a folder structure inside the GoogleDrive folder. To perform backup, simply run command grive. You will see the progress of the replication. You can automate backup of the desired files using shell script and automatically upload it to your Google Drive

Leave a Reply 0

Your email address will not be published. Required fields are marked *