How to configure server

This tutorial provides you with a step by step configuration for a simple Linux server on how to configure server. Linux Fedora core server is chosen for this tutorial, however configuration for other distributions may vary. Fedora is free Linux distribution which is developed by Fedora Project and sponsored by Red Hat.

FIAIF Firewall

FIAIF is an open source firewall; Firewall let us close or open access to or from specific ports or IP addresses to make our server secure. If we leave all the ports open on the server hackers might use the open ports to attack to the server, so we only keep the ports open which we use, for example we keep port 80 open for apache web server. Details about ports we need to open are in the explanation of FIAIF in this document.

Apache 2.2 web server

Apache is open source software which accepts HTTP (Hypertext Transfer Protocol) requests from clients and response back using web pages such as HTML documents. So if we are going to run a web site, we need to install web server. Browser sends address to the web server; web server sends back the response to the browser and then browser display the content.

MySQL database server

MySQL is a free database server which provides database access in our server for us which we can use it in our PHP and or other software’s. So if we require in our website to have a database to store information and retrieve, or having dynamic contents such as search pages, members signup and login pages, etc… we will need to install database server.

PHP

PHP (Hypertext Preprocessor) is a scripting language which is used in the web pages. Using PHP we can have dynamic content in our web pages and also connect to our MySQL database server and load dynamic data from database in our web page.

VSFTPD FTP server

VSFTPD is a free and open source FTP (File Transfer Protocol) server which allows us to upload files to our web server. By configuring FTP server, we can enter username and password and then will be able to download and upload website content in our website. An easy way is to use windows explorer to connect to our FTP server.

Sendmail Mail server

SendMail let us to send and receive emails in our server. We can use PHP or other scripts to send emails using our mail server as well. Sendmail has SMTP (Send mail transfer protocol) to send emails and POP3 (Post Office Protocol 3) to receive emails.

PHPMyAdmin script

PHPMyAdmin make it easy to connect our MySQL database server and maintain it in a web page interface. We can easily create tables, fields, run reports and queries using phpMyAdmin.

How to configure server

Setting up FIAIF firewall

Installation from source

You can download tar.gz package from http://www.fiaif.net/download.php page and extract it in your server, after that by using configure & make commands we will compile and install the FIAIF firewall in our server.

 # Download firewall tar.gz package into the server
 $ wget http://www.fiaif.net/dist/fiaif_1.21.1.tar.gz

 # Extract fiaif package
 $ tar –zxf fiaif_1.21.1.tar.gz

 # Change the directory into the fiaif_1.21.1 folder
 $ cd fiaif_1.21.1

 # Configure our compile
 $ ./configure

 # Compile the package
 $ make

 # Install FIAIF firewall
 $ make install

Configuring IFAIF

In our firewall we need to open following ports:

Port 80 for web server

Port 21 for FTP Server

Port 22 for SSH (Remote connection to the server)

Port 25 for mail server (Send email)

Port 110 for mail server (Receive email)

We can use following syntax in the IFAIF config file (/etc/fiaif/zone.ext) to open these ports:

INPUT[0]="ACCEPT tcp www,ftp,ssh,smtp,pop3 0.0.0.0/0=>0.0.0.0/0"

Starting FIAIF Firewall

FIAIF startup script is located in the /etc/init.d folder in Fedora, so by running following command you can start FIAIF firewall service:

$ /etc/init.d/fiaif start

Setting up Apache web server

Installing Apache by building from source

Using wget command we can download the file from internet to our server, and tar –zxf extracts tar.gz files.

# Downloading apache web server source using wget command
$ wget http://mirrors.enquira.co.uk/apache/httpd/httpd-2.2.11.tar.gz

# Extract httpd-2.2.11.tar.gz file using tar with –zxf switch
$ tar xvf httpd-2.2.11.tar.gz

# Change the directory to the httpd-2.2.11 folder 
$ cd httpd-2.2.11

# Configure the building apache before making it, prefix is the installation directory
$ ./configure --prefix= PREFIX

# Compile apache
$ make

# Install apache
$ make install

Apache Configuration

Finding httpd.conf

# Change the current directory to root to start the search from root
$ cd /

# Find the httpd.conf file using find command with –name switch 
$ find –name httpd.conf

# Result: ./etc/httpd/conf/httpd.conf
$ nano /etc/httpd/conf/httpd.conf
# Global Environment
# Configures the Server HTTP response header
ServerTokens OS 

# Base directory for the server installation
ServerRoot “/etc/httpd” 

# IP addresses and ports that the server listens to
Listen 80

Website configuration

 # Web master email address
 ServerAdmin [email protected]

 # Hostname of the server
 ServerName www.example.com:80  

 # The default directory from which httpd will serve files
 DocumentRoot "/var/www/html"

 # this indicates which page it should display by default  
 DirectoryIndex index.html index.htm

Virtual hosts

Here we going to setup a website and we assume our website domain name will be yourdomain.com. First we need to create a folder for our website, we will create yourdomain folder in the /home folder and also provide access to the apache user to the folder:

$ mkdir /home/yourdomain
$ mkdir /home/yourdomain/www

Setting access to the www folder for our web server:

# Setting directives for /home/yourdomain/www folder
<Directory "/home/yourdomain/www ">

# Allow use of the directives to show directory listing
# And also option to enable symbolic links
Options Indexes FollowSymLinks

# When the server finds an .htaccess file
# it needs to know which directives declared in that file can
# override earlier access information.
AllowOverride All

# First, all Allow directives are evaluated; #at least one must match, or the request is rejected. # Next, all Deny directives are evaluated. 
Order allow,deny

# Apache will serve any file mapped from an URL
Allow from all
</Directory>

Setting up yourdomain.com virtual host in the apache:

# Designates an IP address for name-virtual hosting
NameVirtualHost *:80

# Contains directives that apply only to a specific hostname
<VirtualHost *:80>

# Webmaster email address.
ServerAdmin [email protected]

# set the website home folder
DocumentRoot /home/yourdomain/www

#  Set the server name to the domain name
ServerName yourdomain.com

# Setting the error log name
ErrorLog logs/yourdomain.com-error_log

# Identifies the log file and the log file format.
CustomLog logs/yourdomain.com-access_log common
</VirtualHost>

Setting up MySQL database server

Installing MySQL from source

We can download MySQL source from mysql website, compile and install it if we don’t have Yum package installer in the server. In this example we are going to install MySQL Server 5.1 in our server. Bellow you can find all commands to install. To install you can get a tar.gz package from http://dev.mysql.com/downloads/mysql/5.1.html and upload it to your server, extract it using tar –zxf command, configure, compile and install it:

Download MySQL source code from www.mysql.com/downloads

# Extract mysql source tar.gz file
$ tar –zxf mysql-5.1.30-linux-i686-glibc23.tar.gz

# Change the directory to the mysql source 
$ cd mysql-5.1.30-linux-i686-glibc23
 # PREFIX is mysql installation directory 
$ ./configure --prefix=PREFIX

# Compile mysql server 
$ make

# Install mysql server $ make install 

# Create all necessary databases to controlling user access
$ ./scripts/mysql_install_db

MySQL Configuration

After installation, we need to configure MySQL server. MySQL configuration file is a file called my.cnf which can be found in the /etc folder. Again we can run find command to locate my.cnf if we are not sure where it is located:

$ cd /
$ find –name my.cnf
#Result: ./etc/my.cnf:

After opening the configuration file we can set mysql configurations:

[mysqld]
port=3306
socket=/path/to/mysql.sock

# This is where mysql database files are located 
datadir=/var/lib/mysql

# This is maximum number of connections can connect to the mysql server  
max_connections=500

Starting MySQL Server

After installing MySQL, we need to start mysqld which is MySQL server and does most of the works in the MySQL. To start MySQL we can run the following command:

$ /etc/init.d/mysqld start

Setting up the root password

For setting the root password, we can use mysqladmin, as we do not have any password for the root password yet, we can use the following code to set root password for the first time where NewPassword is the password we going to set for MySQL:

$ mysqladmin -u root password NewPassword

In case of we going to change the root password, we can use:

$ mysqladmin -u root –p OldPassword password NewPassword

In the above examples, OldPassword is our current MySQL root password.

Connecting to the MySQL

$ mysql -u root -p
Enter password:
mysql>

Creating a database

To create a database, after connecting to the mysql you can use create database command, to get a list of all available commands you can use help command. After we create a database, we may need to create a username and password and give access to that database using grant function; here you can find an example, “yourdomain” is the database name, “myuser” is username and “1234” is the password for the “myuser” username:

# Create yourdomain database using create database command
$ create database yourdomain

 # Create myuser username and set its password to 1234 
$ grant all privileges on yourdomain.* to myuser identified by ‘1234’;

Setting up PHP

In this example we are going to install PHP 5.2.8, so we can download and extract it using the following commands:

# Download php 5.2.8 source to the server
$ wget http://uk2.php.net/get/php-5.2.8.tar.gz/from/this/mirror

# Extract php tar.gz file
$ tar –zxf php-5.2.8.tar.gz

# Change the directory to the extracted PHP source directory 
$ cd php-5.2.8

# Install PHP on apache2 with mysql extension as well 
$ ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql

# Compile PHP source 
$ make

# Install PHP 
$ make install

Configure Apache to load PHP

To load PHP files we need to add the following line in the httpd.conf file:

# This line will load php5 module in the Apache
LoadModule php5_module modules/libphp5.so

# This tells apache to run .php files as with PHP
<FilesMatch \.php$>
  SetHandler application/x-httpd-php
</FilesMatch>

Configure PHP

We need to open /usr/local/lib/php.ini file to configure PHP:

# Load PHP MySQL extension # To connect to the MySQL Server
extension=mysql.so

# This tells PHP to send emails through our sendmail mail server 
sendmail_path = /usr/sbin/sendmail

Restart Apache

Once we configured httpd.conf file, we need to restart our web server.

# This command will restart apache web server
$ service httpd restart

Setting up VSFTPD

VSFTPD is a secure and free FTP server for Linux and Unix.

Installing VSFTPD from source

You can download VSFTPD from ftp://vsftpd.beasts.org/users/cevans/ website, in this example, we going to install VSFTPD 2.0.7. Here you can find the commands we need to run to install it, if you going to install it through Yum package manager, it doesn’t need to download it as Yum will download and install it at a glance.

# Download vsftpd 2.0.7 to the current working directory
$ wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.0.7.tar.gz

# Extract vsftpd from tar.gz file
$ tar –zxf vsftpd-2.0.7.tar.gz

# Change the directory in the extracted vsftpd folder
$ cd vsftpd-2.0.7

# Configure vsftpd source before compile
$ ./configure

# Compile vsftpd source
$ make

# Install vsftpd
$ make install

VSFTPD configuration

Before we can configure our FTP server, we need to locate the configuration file, vsftpd.conf is the configuration file for VSFTPD server. We can use find command to locate the vsftpd.conf file, default location for this file is in /etc folder:

Locating the vsftpd.conf file

# change the current working directory to the root before performing find command 
$ cd /

# Find vsftpd.conf
$ find –name vsftpd.conf

# Find command result
./etc/vsftpd.conf

# Open vsftpd.conf in the nano editor
$ nano /etc/vsftpd.conf

After Opening the configuration file we can set configurations and save, here is a proper setting for an internet website FTP configuration:

# We don’t want anonymous users can login in our website ftp for security reasons, # so we set this option to no
anonymous_enable=NO

# This option controls whether local logins are permitted or not, # so  we set this option to Yes to allow both remote and local users 
local_enable=YES

# We set this option to Yes to allow file uploads and modifications via FTP 
write_enable=YES

# We don’t want anonymous users be able to upload, so we set this option to no 
anon_upload_enable=NO

# We don’t want anonymous users be able to create folders 
anon_mkdir_write_enable=NO

# Setting this option to NO, avoids anonymous users to do write operations on the FTP 
anon_other_write_enable=NO

# Security Options 
# We don’t want anonymous users be able to access our files
anon_world_readable_only=NO

# This controls whether PORT style data connections use port 20 
connect_from_port_20=YES

Starting VSFTPD

After configuring the ftp web server, we need to start it, we can start it as a service by typing /etc/init.d/vsftpd start command:

$ /etc/init.d/vsftpd start

Now users can login in the ftp using their username and password in the Linux, they will get access to /home/user folder after they login. For adding users we can use the following command:

 $ useradd -g ftp-users -d /home/ftp-docs user1

Setting up sendmail (Mail Server)

Installing sendmail from source

To install sendmail from source, first you need to download it. To download it to your website, you can use wget command.

# Download sendmail tar.gz file to the server
$ wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.2.tar.gz

# Extract tar.gz file
$ tar –zxf sendmail.8.14.2.tar.gz

# Change the directory into the extracted folder
$ cd sendmail.8.14.2

# Compile the package using Build command
$ ./Build

# Install sendmail
$ ./Build install

/etc/mail/aliases

In aliases configuration file, we can setup virtual mailboxes; here is a possible setting for this purpose:

 majid: localuser

/etc/mail/local-host-names

In this file we can set hostnames which sendmail accept as local host name. so we can write domains which sendmail will receive emails in them. So if our domain name is yourdomain.com this configuration will be:

yourdomain.com
mail.yourdomain.com

/etc/mail/virtusertable

This file maps email addreses to the virtual domains and mail boxes. For example we map [email protected] email address to the majid mailbox where we defined earlier in the aliases file.

[email protected]                majid

Starting mail server

Now as we setup mail server as well as hostnames we can start our mail server. To do so we can run:

$ /etc/init.d/sendmail start

Setting up phpMyAdmin script

phpMyAdmin is a free software written in PHP which make it possible to manage and handle MySQL related tasks from a website.

Download phpMyAdmin

To download phpMyAdmin, you can visit: http://www.phpmyadmin.net/ website and click on the download phpMyAdmin link and get th zip package, extract the package and upload it to your server. In this sample we will upload using ftp in our website phpmyadmin folder, so we will have:

/home/yourdomain/www/ (Our website root folder)
PHPMyAdmin(This is our phpmyadmin folder in our website root folder)

Installing phpMyAdmin

After we upload the files, when we try to view our website (yourdomain.com in this example) we will see phpMyAdmin login which we can login with mysql username and password, as we set it already in the MySQL setting, so we will login using root as username and NewPassword as password:

PHPMyAdmin

About majid

Software engineer, Web developer and IT graduate. Profile: View My Profile
This entry was posted in Computer Security, Tutorials. Bookmark the permalink.