Ubuntu Server 12.04 LTS – The perfect server setup
In this how-to, I will show you how to install and configure Ubuntu Server 12.04 LTS, Apache web server, PHP and MySQL database server, and backup to Google Drive (grive). Ubuntu is one of the most common versions of the Linux server OS on the web today, with almost 35% market share. It is light and easy to manage, even for the novice. After all, you need to know about 10-15 commands to get you started with Linux OS. The rest of the knowledge will be picked up on the way. The best way of learning is learning by doing.
Download Ubuntu Server 12.04 LTS ISO file from here. Either mount the ISO file to your virtual machine or burn the ISO image to CD and boot from it. On the language selection page, select desired language and press Enter. Now select Install Ubuntu Server. Select desired language again (I know, I am confused as well), then select your location and your locale (more on the locale later in the manual). Chose keyboard layout (you will be asked to press a couple of keys). Now, will the installer check your installation media and acquire the IP address from your DHCP server. If you do not have a DHCP server, then configure IP manually and continue with the installation routine. Type in server hostname (note that hostname is ONLY the computer name itself, not the FQDN). Type in your name, username, and password. Do not select home directory encryption. Select your time zone. Select manual disk partitioning and pick your own size and mount points. I suggest always the following partitions as minimum, /root, /home, and 2 GB swap partition. Now, the installer will install the basic system. Leave the HTTP proxy blank and click Continue. Select No Automatic Updates. Select ONLY OpenSSH server from the available software list. Install GRUB boot loader on the disk. Finally, remove CD or unmount ISO and click Continue to restart your server. Once you get the login prompt, log in with the username and password you’ve created. Now we will start with the basic configuration. As the first step, we will configure root password:
# sudo -s
and once you’re authenticated as root, issue the following command:
# passwd
and pick a password for the root user.
Now we will configure the network interfaces. In this example, I will use network 10.10.10.0/8. Edit interface configuration file by issuing the following command:
# vim /etc/network/interfaces
And configure it after your needs. To start editing press I on your keyboard, to finish editing press Esc, to save and exit file press “:x” and Enter, to save file press “:w” and Enter, to exit file without saving press “:q!” and Enter.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
# The loopback network interface auto lo iface lo inet loopback
# The primary network interface auto eth0 iface eth0 inet static address 10.10.10.1 netmask 255.0.0.0 network 10.10.10.0 broadcast 10.255.255.255 gateway 10.10.10.254 dns-nameservers 10.10.10.1 10.10.10.2
Save and exit editor using the “:x” command. Now we will restart network service
# /etc/init.d/networking restart
Edit hosts file and adjust it after the network configuration:
127.0.0.1 localhost.localdomain localhost 10.10.10.1 server0.sefnet.tech server0
# The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
Now run the following command:
# echo server0.sefnet.tech > /etc/hostname # /etc/init.d/hostname restart
Now run the following command:
# hostname # hostname -f
The hostname command should give you the server name as result, while hostname -f should give you the server FQDN. Now we will edit apt sources list. Delete everything in the file and add the following lines. Please observe that the first command makes a backup of the sources files:
# cp /etc/apt/sources.list /etc/apt/sources.list.orig # vim /etc/apt/sources.list
Add the following lines:
deb http://de.archive.ubuntu.com/ubuntu/ precise main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ precise main restricted deb http://de.archive.ubuntu.com/ubuntu/ precise-updates main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates main restricted deb http://de.archive.ubuntu.com/ubuntu/ precise universe deb-src http://de.archive.ubuntu.com/ubuntu/ precise universe deb http://de.archive.ubuntu.com/ubuntu/ precise-updates universe deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates universe deb http://de.archive.ubuntu.com/ubuntu/ precise multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ precise multiverse deb http://de.archive.ubuntu.com/ubuntu/ precise-updates multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates multiverse deb http://de.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu precise-security main restricted deb-src http://security.ubuntu.com/ubuntu precise-security main restricted deb http://security.ubuntu.com/ubuntu precise-security universe deb-src http://security.ubuntu.com/ubuntu precise-security universe deb http://security.ubuntu.com/ubuntu precise-security multiverse deb-src http://security.ubuntu.com/ubuntu precise-security multiverse # deb http://archive.canonical.com/ubuntu precise partner # deb-src http://archive.canonical.com/ubuntu precise partner # deb http://extras.ubuntu.com/ubuntu precise main # deb-src http://extras.ubuntu.com/ubuntu precise main
Now update apt database
# apt-get update
Now we will install some basics
# apt-get install aptitude ntp ntpdate binutils dnsutils
After installation is complete, run the following command to update all packages:
# aptitude safe-upgrade
Once update is complete, reboot the server
# reboot
It is good security practice to change the port SSH server is running on, to do so, edit the configuration file for the SSH server and if you use the same port across all your servers then you can change the default port for the SSH client as well:
# vim /etc/ssh/sshd_config
Locate the line that reads Port 22 and change it after your needs. Save and close the file, now edit the client configuration file:
# vim /etc/ssh/ssh_config
Locate the line that reads # Port 22 and uncomment the line (remove the # from the beginning of the line) and change the port after your needs. Save and close the file. Now restart SSH server:
# /etc/init.d/ssh restart
Now you can disconnect and reconnect to the new port. The command to connect from another Linux machine is:
# ssh root@server0.sefnet.tech -p XXXXX (replace XXXXX with the port number you're using)
Now we will install and configure MySQL server OpenSSL and RKHunter. To install the software use the following command:
# aptitude install -y mysql-client mysql-server openssl rkhunter
You will be prompted with the following questions:
New password for the MySQL "root" user: Use your root password Repeat password for the MySQL "root" user: Use your root password
Per default, the MySQL server binds ONLY to the loopback address 127.0.0.1. If you want it to bind to another address or to listen on all IP addresses on your server, edit the MySQL configuration file:
# vim /etc/mysql/my.cnf
Locate the line that reads bind-address = 127.0.0.1 and either comment the line (add the # at the beginning of the line for MySQL to listen on all IP addresses) or change the IP address to reflect your needs. Save and close the file.
Now restart the MySQL server
# /etc/init.d/mysql restart
MySQL server does only differentiate users after username and hostname combination. This being said, you can have more than one root user, actually, you can have as many as you want as long as each is configured to connect from a different host. Therefore you need one additional root user in order to connect from any host other than localhost. To create the new root user, first, connect to MySQL server:
# mysql -u root -p
You will be prompted to enter your root password
Now you are in MySQL server prompt. To create the new root user that can connect from ANY host, use the following command:
# mysql> CREATE USER 'root'@'%' IDENTIFIED BY 'any_password' # mysql> GRANT ALL PRIVILEGES ON *.* to 'root'@'%' # mysql> FLUSH PRIVILEGES # mysql> exit
Now we will install SpamAssassin and ClamAV:
# aptitude install -y clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
Then we move to Apache2, PHP5, FCGI, SuEXEC, Pear, and mcrypt installation
# aptitude install -y apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-curl php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python libapache2-mod-perl2
You will be prompted with the following question:
Webserver to reconfigure automatically: Select apache2
Now we will enable some Apache modules:
# a2enmod suexec rewrite ssl actions include
Now restart Apache:
# /etc/init.d/apache2 restart
Now we will install Fail2ban security option:
# aptitude install -y fail2ban
To create an entry for the application fail2ban should monitor the use of the jail.local file located under /etc/fail2ban/
Now we need to install Grive. To do so, use the following command:
# aptitude install -y python-software-properties software-properties-common
Add additional software repository and install grive:
# add-apt-repository ppa:nilarimogard/webupd8 # aptitude update\n# aptitude install -y grive
Once the grive is installed, create the GoogleDrive folder on the desired location:
# mkdir -p /home/backup/GoogleDrive
Navigate to the directory and run the following command:
# grive -a
Copy and paste the displayed Google URL to your browser. Make sure you are logged in to your Google Drive before you paste the URL. Once authenticated, you will receive the confirmation code. Copy and paste the confirmation code to prompt on your server. Now you can create a folder structure inside the GoogleDrive folder. To perform backup, simply run command grive. You will see the progress of the replication. You can automate backup of the desired files using shell script and automatically upload it to your Google Drive