This document has information on how to configure a basic install of Fedora Core 6. Most of the instructions here are applicable to newer versions of Fedora Core as well. This document will show you how to install and configure: a firewall, Webmin, SMTP (Postfix) server, POP3/IMAP (Dovecot) server, Spamassasin, Apache, PHP, Perl, Java6, Tomcat6, database server, WordPress, etc. My only advice is install and use Webmin, it will make your life administering the server much easier! If you want to sign up for Slicehost service click here, they have reasonably priced service for you to setup your LAMP environment.
For comments on this tutorial, and topics you’d like to see covered that are missing here, click here to add your comments to the blog post for this tutorial. To make this process painless, use Webmin, and to learn how to use Webmin buy this book.
Table of contents
This document has a section on each server and the configuration tasks required to get it running. If you use Slicehost you can configure your DNS records using Slicehost’s DNS server. Or you can install your own DNS server and point your registrar at it, or you can choose other hosted DNS solutions (DNS made easy, or Ultra DNS). You can read the document from start to finish and have your server configured by the time you finish the document if you follow along with the steps.
Run the following to get some software that will be required for the system.
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++
yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1
We will use Postfix as the ESMTP server and Dovecot for POP3S/IMAPS server. You have to configure Postfix to receive mail on all the domains that have MX records on the slice’s DNS server (or your own DNS server, or your hosted DNS provider).
You can tail –f /var/log/maillog to see all the status messages generated by postfix and dovecot. This is a useful thing to do when you’re debugging your installation and configuration.
Install the software using the following:
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
Here’s a great resource for Postfix – http://www.zytrax.com/tech/survival/postfix.html#config
Here are some configuration tweaks to get Postfix working right:
postconf -e ‘smtpd_sasl_local_domain =’
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘smtpd_sasl_security_options = noanonymous’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘inet_interfaces = all’
postconf -e ‘mynetworks = 127.0.0.0/8’
Create /usr/lib/sasl2/smtpd.conf with following content:
mech_list: plain login
The following creates the cert (Dovecot has to be configured to use this as well):
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Configuring Postfix security:
postconf –e ‘smtpd_tls_auth_only = no’
postconf –e ‘smtp_use_tls = yes’
postconf –e ‘smtpd_use_tls = yes’
postconf –e ‘smtp_tls_note_starttls_offer = yes’
postconf –e ‘smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
postconf –e ‘smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
postconf –e ‘smtpd_tls_Cafile = /etc/postfix/ssl/cacert.pem’
postconf –e ‘smtpd_tls_loglevel = 1’
postconf –e ‘smtpd_tls_received_header = yes’
postconf –e ‘smtpd_tls_session_cache_timeout = 3600s’
postconf –e ‘tls_random_source = development:/development/urandom’
Make it work with Dovecot:
postconf -e ‘home_mailbox = Maildir/’
postconf -e ‘mailbox_command =’
Configure it to server your domains and users:
postconf -e ‘virtual_maps = hash:/etc/postfix/virtusertable’
postconf -e ‘mydestination = /etc/postfix/local-host-names’
virtuserstable contains all the users that you want to enable in the system (that do not have a linux userid/passwd). These are aliases that are forwarded to local users, or to other emails (relaying). When you change this file, run ‘postmap virtusertable’ to let postfix know about these changes.
local-host-names contains a list of domain names that you want this Postfix server to server, make sure that the MX records for these domains are properly configured as well.
Look at the pre-built dovecot configuration file (/etc/dovecot.conf). Find out more about Postfix configuration here. Here’s another resource to help you configure Dovecot to work with Postfix. Here’s a list of tweaks you have to do to the default configuration in order to get it to work properly with Postfix:
- Configure it to use the certs generated for Postfix (you will find these in the /etc/postfix/ssl folder). The conf file entries point to the actual files on the linux hard drive.
- Configure it to use imaps and pop3s
- Configure it to use UIDL that’s compatible with Outlook.
Make sure you run the following:
chkconfig –levels 235 sendmail off
chkconfig –levels 235 postfix on
chkconfig –levels 235 saslauthd on
chkconfig –levels 235 dovecot on
Install mysql with:
yum install mysql mysql-devel mysql-server
chkconfig –levels 235 mysqld on
mysqladmin -u root password <your password>
Here are some good links for sql stuff:
To backup the mysql instance, use:
mysqldump –p<yourpassword> –single-transaction –all-databases > <your_backup_file.sql>
To restore the mysql instance, use:
mysql –p <yourpassword> < <your_backup_file.sql>
This installs the PHP stuff along with the kitchen sink:
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
This is a minimal install of PHP and Apache:
yum -y install httpd php mysql mysql-server php-mysql
You can configure multiple virtual hosts for each domain that you are going to have a web site for. However 1 IP address can be bound to 1 SSL Certificate for HTTPS. Without having more than 1 IP address on the Slice, it’s not going to be possible to do HTTPS with virtual hosts. This is not a bad thing, it just means that instead of using virtual hosts you have to use URIs to get to your remote resource, which maps nicely to servlets/tomcat.
To install wordpress, you must first have PHP, Apache, and MySQL installed already. Here’s a link to get wordpress going – http://codex.wordpress.org/Installing_WordPress#Step_3:_Set_up_wp-config.php. It’s very straightforward. There are really 4 steps.
wget http://wordpress.org/latest.tar.gz – this will download the latest tar file
tar -xzvf latest.tar.gz – this will extract the contents to a “wordpress” folder
mysql -u <db admin user> –p
CREATE DATABASE <databasename>;
GRANT ALL PRIVILEGES ON <databasename>.*
TO “<username>”@”localhost” IDENTIFIED BY “<password>”;
You can put the wordpress folder contents anywhere underneath the htdocs or /var/www/html folder or whatever folder you serve up HTML content from.
Rename the wp-config-sample.php file to wp-config.php. Open wp-config.php in your favorite text editor and fill in your database details. Then just point your browser to the URL that maps to the folder inside of which you placed wordpress.
Information on how to install Java6 can be found on Sun’s site when you download the JDK for Linux. You can download Tomcat 6 here. Here’s info on how to configure tomcat to startup as a linux service – http://www.2nrds.com/installing-and-running-apache-tomcat-in-linux
Iptables can be used as a firewall, and follow these instructions to get it installed and configured. Once you have webmin installed, you can graphically modify the firewall settings without having to delve into the configuration files.
Install the SSH server and disable root access (very easy to do with webmin). You can follow these directions on installing the SSH client and disabling root access before installing webmin.
Once Postfix has been configured, go ahead and download Webmin. Click here to buy a good book on Webmin. Webmin makes it easy to configure and install anything on the server, especially Spamassassin. One thing to note, when you install spamassassin, you have to change Postfix to use promail, and you have to configure this as well. Here are the steps.
yum install perl-Net-SSLeay
rpm -U webmin-1.370-1.noarch.rpm
Download the software here – http://www.webmin.com/rpm.html
For more info – http://www.webmin.com/ssl.html
Punch a hole in the firewall so that port 10,000 is accessible from the web.
yum install spamassassin
This will install the spamassassin software that can be configured in Webmin. Use webmin to setup all the rules, etc. and make sure to click on Procmail Spam Delivery and make sure it’s been configured.
This will ensure that rules are created in procmail that make it call spamassassin to run the spam rules on each message that’s delivered. The rules are created in the /etc/procmailrc file. More info on that here – http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-email-procmail.html
At this stage, these rules are not getting executed, since postfix is not using yet. The final step is configuring postfix to use procmail for mail delivery, instead of its internal stuff…
Edit the /etc/postfix/main.cf file. Find the mailbox_command and insert the following:
mailbox_command = /usr/bin/procmail
Then save this file.
Edit the /etc/procmailrc file, and add the following lines to the top of it:
# telling procmail to deliver messages to user’s home Maildir/
Due to security restrictions put in place by how Postfix runs external commands (procmail), it’s necessary to manually create the /home/<user>/Maildir folder when users are created. If this is not done, then mail will not be delivered for that user.
For comments on this tutorial, and topics you’d like to see covered that are missing here, click here to add your comments to the blog post for this tutorial. If you want to sign up for Slicehost service click here, they have reasonably priced service for you to setup your LAMP environment.