Installing A Server
The purpose of this article is to give an overview of not only the steps required to get a Linux server up an running, but some of the caveats you should consider before embarking on such an endeavor. This article tries to remain as distribution-agnostic as possible, though at this time it's really only written from the perspectives of Ubuntu and Arch Linux.
Before proceeding, it's recommended you read Considerations. This can save you some time and help you make informed choices before you make the plunge into operating a Linux server.
Common Tasks
Install A Minimum Server
Linux distros have different ways of accomplishing this, but what's needed for a Linux server is a bare-bones installation.
Arch Linux
By default, Arch Linux already installs a minimal system.
Ubuntu
When at the Ubuntu installer screen,
- highlight Install Ubuntu in text mode
- press [F6] for Other Options
- press [ESC] to back out.
- Change ubuntu.seed to ubuntu-server-minimal.seed in the Boot Options line.
Partition The Hard Drive
See Drive Partitioning for more information.
Post-Installation Configuration
Update Mirrors
Arch
By installing the reflector package, you can always get the best mirrors at the current point in time.
reflector -l 5 -c [country] --sort rate --save /etc/pacman.d/mirrorlist
Note that [country] is the full proper-case name, not a two- or three-letter abbreviation. To specify a country with spaces, use the back slash like this: United\ States.
Ubuntu
The only automatic selection of mirrors comes from the GUI synaptic program. Otherwise you will have to select a mirror by hand from Launchpad and modify /etc/apt/sources.list by hand.
Networking
Starting Multiple Network Interfaces At Boot
Debian uses a file called /etc/network/interfaces. By default, only the interface used during install is configured. It is trivial to add more interfaces to this file.
# DHCP Example auto eth0 iface eth0 inet dhcp pre-up [command] post-up [command] # Static Example auto eth0 iface eth0 inet static address 192.168.1.n network 192.168.1.0 netmask 255.255.255.0 gateway 192.168.1.n broadcast 192.168.1.255 mtu [nnnn] pre-up [command] post-up [command]
For Arch, use netctl to configure mutliple devices and bring them up during boot.
MTU
If you are using Gigabit Ethernet, you can change the MTU setting for better performance. Gigabit Ethernet accepts MTUs up to 9000, but a lot of Gigabit Ethernet chipsets do not go this high. This number cannot be any higher than any server you plan to communicate with.
Use the following command to determine which Ethernet device you are using. The one with an IP address is the one you are interested in.
ip addr
You'll get output like this:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether hh:hh:hh:hh:hh:hh brd ff:ff:ff:ff:ff:ff
inet nnn.nnn.nnn.nnn/24 brd 192.168.1.255 scope global eth0
inet6 hhhh::hhhh:hhhh:hhhh:hhhh/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether hh:hh:hh:hh:hh:hh brd ff:ff:ff:ff:ff:ff
Use the following command to determine the the max MTU setting.
sudo ip link set [device] mtu [1500-9000]
You'll basically be playing a game of guess-the-number. No feedback means the command was successful. You'll know you've gone too far when you see [DRIVER] answers: Invalid argument.
Once you've determined the largest valid number you can use, you need to to make sure that your network hub or router isn't a limiting factor and that the drivers aren't allowing you to set the MTU higher than the actual hardware can handle.
ping -s [size-minus-8] [ip-address]
If you do not receive a response with the MTU setting you got earlier (less 8 bytes for the ICMP header) then something is goofed and you will have to play the number guessing game again until you can make a successful ping.
Once you find your optimal MTU setting, it's time to get the setting to stick on every boot.
Set Up Users
sudo useradd -m -g users --uid [nnnn] [username] sudo passwd [user]
Install Common Programs
acpid / acpi-support
To be able to turn the server off using the power button, install acpid.
Be sure the buttons module is loaded using lsmod | grep ^button.
For Arch Linux, be sure to add acpid to the DAEMONS array in /etc/rc.conf if you are not using hal.
cpufreqd
Not all Intel Atom Processors support SpeedStep. See Intel's List.
The latest Linux distros have the scaling CPU modules (speedstep_centrino, powernow_k6, powernow_k7, acpi_cpufreq) and the scaling governor modules (conservative, ondemand, userspace, perfomance, powersave) built into the kernel. You no longer have to fiddle around with modprobe and modules.
Configuration is handled through /etc/cpufreqd.conf. You may have to enable some of the [Profile] sections because cpufreqd.conf plays it too safe. You may also have to get rid of some [Rule] sections, like the one for playing movies which cpufreqd kept choosing it even though I had none of the listed programs installed let alone running.
cpufrequtils
This will provide cpufreq-info, which will give you information on how cpufreqd is governing your CPU.
lm-ensors
After installing this package, run sudo sensors-detect and answer yes to all questions. When finished, the program will offer to insert the appropriate modules into /etc/modules.
On Arch, you will have to manually add sensors the the DAEMONS array in /etc/rc.conf
ntp
NTP uses UDP port 123 to synchronize. If your ISP does not block ports (≤1024) you can use external NTP servers as-is. If your ISP does block ports, you can have the NTP server grab it's time from a time server with SNTP and then synchronize with itself.
Get your original synchronization before starting NTP:
(run this command a few times until the offset settles down)
ntpd -qg &
Edit /etc/ntp.conf, remove the existing server line(s) and add the following lines to have the NTP server reference itself:
server 127.127.1.1 fudge 127.127.1.1 stratum 14 refid NIST
You'll also need to knock out the default restrict lines
restrict -4 default kod ... restrict -6 default kod ...
Insert this line in those two previous lines' place
restrict default notrust nomodify
Make a crontab so we can keep our NTP server in line with time:
sudo nano /etc/cron.d/synctime
Put the following line in the file and save:
(This calls a script that shuts ntp down, calls ntpdate, and then starts ntp again. It’s meant to be used when bringing network interfaces up, but there’s nothing wrong with calling on it here.)
* 4,8,12,16,20 * * * ntpd -qg
Restart the NTP server:
sudo /etc/init.d/ntp start
Watch the NTP server:
watch 'sh -c "ntpq -p && echo && ntpq -c as && echo && ntptrace"'
When you see the following parts, your NTP server is ready:
- at least one remote has an asterisk in front of its name
- poll is greater than 16
- condition changes to sys.peer
- stratum changes to less than 16
remote refid st t when poll reach delay offset jitter ============================================================================== *LOCAL(1) .NIST. 14 l 30 64 17 0.000 0.000 0.001 ind assID status conf reach auth condition last_event cnt =========================================================== 1 47409 9614 yes yes none sys.peer reachable 1
localhost: stratum 15, offset 0.000000, synch distance 0.948602
openssh-server
This will allow you to remotely administer your server without having to be there physically.
For Arch, be sure to add sshd to the DAEMONS array in /etc/rc.conf.
rsync
You can use the rsync program to ease both the chore and space requirements of making backups. The following two commands will get you up and going with rolling updates using hard links. The net effect is that you will get a snapshot of whatever you are backing up of at whatever interval you decide to use and that only changed files take up additional space.
Make your initial backup with this command:
cp -av [source] `date +%F`
You can then make subsequent backups using the following command:
/usr/bin/rsync -a --delete --link-dest=`ls -1r [destination]|head -1` [source] `date +\%F`
BitTorrent Server
transmission-cli
After installation, tranmission-daemon might be up and running. To stop it:
/etc/init.d/transmission-daemon stop - or - /etc/rc.d/transmission-daemon stop
Here are some key settings you might wish to change:
"bind-address-ipv4": "[daemon-ip]", "download-dir": "[download-dir]", "incomplete-dir": "[incomplete-dir]", "incomplete-dir-enabled": true, "peer-port": [port], "peer-port-random-on-start": false, "rpc-authentication-required": true, "rpc-bind-address": "[webgui-ip]", "rpc-enabled": true, "rpc-password": "[webgui-password]", "rpc-port": [webgui-port], "rpc-username": "[webgui-username]", "rpc-whitelist": "[csv-ip-addresses-ranges]", "rpc-whitelist-enabled": true, "watch-dir": "[watch-dir]", "watch-dir-enabled": true
Note that the current rpc-password is a hash. You can overwrite this with a plain-text password. When the daemon is started back up, it will replace the plain-text password with a hased version.
Settings not listed here can be changed in the web GUI.
File Server Setup
nfs-kernel-server / nfs-utils
Edit /etc/exports and add the appropriate line:
/home 192.168.1.0/255.255.255.0(rw,sync,no_subtree_check)
Then run this command to export the shares:
sudo exportfs -ra
samba
Be sure to add the first 3 lines in the [global] section in /etc/samba/smb.conf so that samba will follow symlinks around properly for Windows clients. The following assumes a setup that only shares files and does not provide WINS or domain services nor share printers or other devices. Only lines you should be interested in changing are listed here. There are more (that aren't related to said skipped services and shares) that you should in all likelyhood leave alone.
[global]
follow symlinks = yes
wide links = yes
unix extensions = no
use sendfile = yes
## Browsing/Identification ###
workgroup = [workgroup]
server string = [server-string]
wins support = no
dns proxy = no
#### Networking ####
interfaces = [interface]
bind interfaces only = yes
####### Authentication #######
security = user
encrypt passwords = true
map to guest = bad user
########## Domains ###########
domain logons = no
########## Printing ##########
load printers = no
############ Misc ############
socket options = TCP_NODELAY SO_RCVBUF=262144 SO_SNDBUF=262144
usershare max shares = 0
usershare allow guests = no
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = yes
read only = no
create mask = 0750
directory mask = 0750
valid users = %S
LAMP Server Setup
apache2
Ubuntu sets modules up in /etc/apache2/mods-available and sets up links in /etc/apache2/mods-enabled.
ln -s /etc/apache2/mods-available/vhost_alias.load /etc/apache2/mods-enabled/vhost_alias.load
Likewise, Ubuntu has a similar setup for sites with /etc/apache2/sites-available and /etc/apache2/sites-enabled
libapache2-mod-php5
If you plan on using PHP with Apache, install this package.
mysql-server
Before making any changes, be sure to stop the MySQL daemon.
sudo stop mysql
If you wish to change the default data directory from /var/lib/mysql to /srv or /srv/mysql you will have to edit /etc/mysql/my.cnf
datadir=/srv/mysql
You may also wish to change the bind address if you want to access the server remotely
bind-address = 192.168.1.3
As noted in the my.cnf file, you have to adjust /etc/apparmor.d/usr.sbin.mysql to allow apparmor to allow mysql into the alternate directory.
/srv/mysql r, /srv/mysql/** rwk,
php5-mysql
If you plan on accessing a MySQL database with PHP, install this package.
Login Server
nis
After installation, NIS will not start up properly.
Edit /etc/default/nis
NISSERVER=master NISCLIENT=false
Edit /etc/yp.conf so that the NIS server can find itself faster. Left blank, YP will auto-search for servers.
ypserver 127.0.0.1
Edit /etc/ypserv.securenets
255.255.255.0 192.168.1.0<
Now run the following commands
sudo /usr/lib/yp/ypinit -m sudo /etc/init.d/nis restart
