My little slice of the 'net
Home Server (v1)
Getting Started
Assuming that you’re starting completely from scratch, install a fresh copy of CentOS 5 (www.centos.com). Be warned – the installation is DVD media, and takes awhile to download (I think it’s a 2.5 GB .iso image).
Also, I use the 64-bit version of CentOS. Some of the file locations change between 32-bit and 64-bit. I recommend that if this is to be a true server, and your hardware supports it, go with the 64-bit.
Linux is not for the faint of heart. If you have any experience with the old MS-DOS operating system, you have a starting reference for working with Linux. It is possible to use Linux as a graphical interface (i.e. Windows/Mac), but in operating as a server, there’s really no need. After the initial installation, you can actually disconnect the monitor and have a box running the entire time.
If you BIOS supports it, I also recommend setting up the power-failure recovery so that it reboots automatically once power is restored. That way, you have a box running at all times.
You’ll need to setup your router/modem/etc with the appropriate information. I’ve used my actual setup as an example. I use a Linksys WRT54G, which allows me to use the DynDNS service (www.dyndns.org) to get a hostname (URL). Make sure that you do proper port-forwarding with your router to the static IP you’ll assign your server. (For simplicity sake, you can DMZ the server, and use the built-in firewall function of Linux to restrict port access if you want.)
Throughout this tutorial, there are some “example” areas, such as hostnames/URLs and passwords. Make ABSOLUTELY sure that you adjust these to your own settings.
Some notes on the installation of CentOS:
- Manually set your IP configuration
- IP – 192.168.1.X (x being something 20-30 slots higher than your other PC’s)
- Gateway 192.168.1.0
- Subnet - 255.255.255.0
- Primary & Secondary DNS servers – get these from either your router’s status page, or use “ipconfig /all” from a command prompt on a windows computer on your network.
- Do not enable IPv6 protocols
- Set your timezone
- Set your root password – make it something difficult, yet easy to remember. You really need this in Linux.
- When you get to the software package screen, uncheck everything but Server.
- Proceed with the install, and reboot.
After the reboot, you should get a blue screen (old MS-Dos style). Select Firewall Configuration, and disable “Security Level” and set SELinux to “Disabled”. You should get into the command prompt, and at this point, login with root and your password. Type in reboot (or restart).
Main Installation/Setup
Once back into the system (after the root login), type in the following:
yum -y update
yum -y groupinstall "Administration Tools" "DNS Name Server" "Development Libraries" "Editors" "Graphical Internet" "Graphics" "Java" "Legacy Network Server" "Mail Server" "Mono" "MySQL Database" "Network serverS" "PostgreSQL Database" "Printing Support" "Ruby" "Server Configuration Tools" "System Tools" "Text-Based Internet" "Web server" "Windows File Server" "X Window System" "Yum Utilities" "Base" "Development Tools" "GNOME Desktop Environment"
(At this point, it’s usually easier to use an SSH session on another PC and copy and paste the above information. Usually Putty is the default SSH client of choice.) The install of those pieces will take awhile. Grab a cup of coffee and a book.
yum -y install nano screen
nano /etc/hosts
I prefer to use nano as opposed to the more popular vim editor. Be aware that if working with an SSH client to expand the window to full screen. There are some inherent issues with line breaks when using Putty in windowed mode.
Edit the hosts file – you’re going to edit the line of your server’s ip – change it to your hostname you received from DynDNS (in my case, it looks like rjwebb.homeip.net rjwebb). Hit CTRL+X to save the file, type Y, hit enter.
Now, more installs:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
yum -y update
yum -y install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++ mysql mysql-devel mysql-server cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel httpd-devel ruby ruby-devel mod_python ntp perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1
chkconfig --levels 235 mysqld on
Now we’re going to enable the MySQL server user/password. Make sure you edit the appropriate information with your own.
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
Now to setup the mail server(s).
postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' postconf -e 'mynetworks = 127.0.0.0/8'
nano /usr/lib/sasl2/smtpd.conf
Make sure that the following lines show up (change if necessary):
pwcheck_method: saslauthd mech_list: plain login
Exit the editor.
During the next steps, you will be generating certificates, which will require some input from you (name, state, etc.).
mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 postconf -e 'mydomain = example.com' postconf -e 'myhostname = server1.$mydomain' postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_domains' postconf -e 'inet_interfaces = all' postconf -e 'alias_maps = hash:/etc/aliases' postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom'
We now need to setup the mail server to actually relay to a true mail server. This is necessary due to the fact that most home users are setup using Dynamic IPs, and 99% of ISP’s block mail from Dynamic IPs.
postconf -e 'relayhost = smtp.example.com' postconf -e 'smtp_sasl_auth_enable = yes' postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' postconf -e 'smtp_sasl_security_options ='
Now, to setup a file that will hold the login information for your “real” mail server.
echo "smtp.example.com someuser:howtoforge" > /etc/postfix/sasl_passwd
(the “>” is actually a right bracket “>” which for some reason doesn’t get coded correctly here)
The file has to be owned by the root user.
chown root:root /etc/postfix/sasl_passwd chmod 600 /etc/postfix/sasl_passwd
Now, to make sure that postfix can use the information
postmap /etc/postfix/sasl_passwd
service postfix restart
Now, to setup the web server.
nano /etc/httpd/conf/httpd.conf
Find the line that begins with “DirectoryIndex” and make sure it reads the following:
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl
[bashchkconfig --levels 235 httpd on[/bash]
service httpd restart
The next section installs a needed addition to the web server to allow for the Ruby on Rails framework to work with the web server. You can skip this step if you like (although to install the Tracks application, you will need it).
cd /tmp wget http://www.modruby.net/archive/mod_ruby-1.3.0.tar.gz tar zxvf mod_ruby-1.3.0.tar.gz cd mod_ruby-1.3.0/ ./configure.rb --with-apr-includes=/usr/include/apr-1 make make install
nano /etc/httpd/conf.d/ruby.conf
The following line is the only one within the ruby.conf.
LoadModule ruby_module modules/mod_ruby.so
Save and exit the editor.
Realistically, as long as it’s just you (or selected people), you don’t need a true FTP server. I prefer to use SSH/SFTP (just requires changing a few options in your FTP client – like “port” and “connection type”).
yum remove vsftpd
Advanced Setup
That concludes the basic functioning server. However, to really get a powerful platform for home use, we need to do some extra tuning. RPM’s are the packaging choice of CentOS (and RedHat, the “upstream” provider). We’re going to setup the system to use some “non-official” RPM’s.
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
cd /tmp wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
yum -y install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpmyadmin rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel
PHPMyAdmin is a powerful web-based utility to work with the MySQL platform. We’ll need to set this up to work with our server from other PC’s. (You access it from http://mydomain.com/phpmyadmin)
nano /etc/httpd/conf.d/phpmyadmin.conf
Comment out the line (insert a # in front of the line) “<Directory “/usr/share/phpmyadmin”>”. Save and exit.
nano /usr/share/phpmyadmin/config.inc.php
Find the “Authentication Type” section, and change from cookie to http. Save and exit the editor.
I prefer to have Webmin running on my server. It’s an easier way to administer many of the options of the server without going through the terminal. (It still requires a decent base knowledge of how Linux works.) To access it, you’ll just need to go to https://myaddress.com:10000. You log in with your system password (root, specific user, etc.) You may get a certificate error when accessing from any web browser. Just ignore it.
cd /tmp wget http://prdownloads.sourceforge.net/webadmin/webmin-1.480-1.noarch.rpm rpm -U webmin-1.480-1.noarch.rpm
At this point, you need to make sure that you have users defined (in case you didn’t do that during setup). Running around as the root user in linux is never a good idea. The easy way, of course, is to use Webmin and add users (make sure you define a password). The command-line method is as follows:
useradd -m -s /bin/bash username passwd username
The system asks you to enter a password for the username. The other reason to create individual user accounts is so that when you configure the mail server, your email will go to that specific user. For example, username@mydomain.com. If you choose to use the Zarafa mail server (which I use, and detail on another page), you must have a separate user for each account.
Now, with all of that setup, you should be ready to proceed to installing some of my favorite applications.
I’ve tried my best to remember all of the steps that I’ve taken to setup the server. Along the way, I’ve had to add individual components/modules, or make miniscule changes based on my own needs. Most of the setup steps I’ve taken from the setup guides on www.howtoforge.com. If you think that I’ve missed something critical, please don’t hesitate to let me know. I’ve also aggregated some of the installations (the “yum install”) to make life easier on me typing this out, as well as to make life easier for you – get it all done in one step.
Don’t forget to occasionally run a “yum -y update” or “yum -y upgrade”.