Difference between revisions of "Install a new server"
(→Setting up SSL for Apache: webmail) |
(→LAMP configuration: links to SVN vhost files) |
||
| Line 107: | Line 107: | ||
| − | + | In our typical Apache configuration we have a simple single virtual-host container (see [http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fsample.vhost sample.vhost] in our tools repo) containing any site-specific domain rules, and includes [http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fcommon.vhost common.vhost] which is rules that apply across all servers, and [http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fwiki.vhost wiki.vhost] which is the rewrite rules for [[friendly URL's]]. Outside the single container, other SSL virtual-host definitions can be included which follow the format defined in [http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fssl-sample.vhost ssl-sample.vhost] and are named by domain and put in ''/var/www/ssl'' (more about SSL configuration below). | |
| − | + | *[http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fsample.vhost sample.vhost] ''- same Apache virtual-host definition file'' | |
| − | + | *[http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fcommon.vhost common.vhost] ''- common rules used by all non-SSL sites and domains'' | |
| − | + | *[http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fssl-common.vhost ssl-common.vhost] ''- common rules used by all SSL sites and domains'' | |
| − | + | *[http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fssl-sample.vhost ssl-sample.vhost] ''- sample SSL virtual-host definition to be included from the main file'' | |
| − | + | *[http://svn.organicdesign.co.nz/filedetails.php?repname=tools&path=%2Fwiki.vhost wiki.vhost] ''- the rewrite rules for [[friendly URL's]]'' | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Domain names == | == Domain names == | ||
Revision as of 03:17, 2 April 2010
|
Install a new server Organic Design procedure |
Contents
- 1 Download and install Debian
- 2 Setting up the software environment
- 3 Post install checklist
- 4 Setting up the Wikia & Bot framework
- 5 LAMP configuration
- 6 Domain names
- 7 Extracting Databases from a Backup
- 8 Setting up FTP access
- 9 Setting up SSL for Apache
- 10 Install vim (not required)
- 11 Next steps
- 12 See also
Download and install Debian
If the server has no OS then download and install Debian first. Depending on the kind of access you have to the server and the kind of media it can accept, the following links may be of interest.
- Debian Conversion - Change an existing Linux distro into Debian using only SSH access
- Debian installation from memory stick - This is actually one of the most convenient means of installation even when DVD/CD are available
Dell Servers
Dell servers may require the bnx2 non-free firmware for Broadcom LAN cards.
Setting up the software environment
Ensure that you're using the same package repository for your Debian installation as we are, your /etc/apt/sources.list file should contain the following:
Bring the system up to date and install the organicdesign-server package:
If you would like math markup support, also install the following, and see Enabling math markup for more details.
You will have a functioning server and LAMP environment.
Post install checklist
- /etc/hostname, hostname -F /etc/hostname, /etc/hosts
- tzselect, tzconfig
- DB info for wikia, webmail, crm
- /etc/ssh/sshd_config
- /etc/crontab
- /var/www/backup.pl
- /var/www and /home structures (should be automatically maintained by adding new server as a peer)
- Exim4 (this will need to be configured even for sending mail, see Configure mail server)
- Import spamassassin bayesian rules
Setting up the Wikia & Bot framework
If you are making a replica of or rebuilding a specific system, then unpack a recent www-yyyy-mm-dd.tgz backup into /var/www and remove specific wiki content.
If starting a new server from scratch, then the main two things required are /var/www/tools and /var/www/extensions, the other procedures for installing codebases and wikis will add everything else necessary.
Extensions and Tools
You can obtain the scripts and extensions from the OD subversion repository, and then add any additional extensions you need. Note that there are also a number of extensions we use which are in the Wikimedia repository, so it may be easiest to unpack our od-extensions.tgz extensions snapshot instead.
Snapshots are also available as gzipped tar files, od-extensions.tgz and od-tools.tgz. After you have a wiki daemon running, the extensions and tools will be automatically synchronised to Organic Design's current tgz snapshots. The wiki daemon executes update-extensions.sh and update-tools.sh in /var/www/tools, and these can be called manually from root at any time. Any content that exists in the local extensions or tools but not in the OD version will be left alone during updates.
Next create the wikia global configuration in /var/www/tools/wikid.conf used by both the wikia and robot framework. Start with the wikid.conf.sample file.
Starting a bot
Now the the config is in place, try running the bot with the --install directive so that it starts up automatically when the system boots. If not running on a GNU/Linux machine, you may be best installing ActivePERL which comes with all the necessary libraries and is available for most platforms.
Testing the bot
Check if the bot is running with pgrep wikid, and check the log in /var/www/tools/wikid.log. If you're running an IRC channel, check that your bot is in there and notifying the channel when articles change properly etc.
LAMP configuration
The easiest way to configure this is to copy the vhosts file which originated from the backup file over the default Apache configuration file, and then make the vhosts file a symlink pointing at the default configuration as usual. Then adjust the file to the wikia's specific needs.
To activate the slow query log for mysqld, and ensure that it's optimised for low memory (innodb is not necessary for our scale of work and disabling it frees over 100MB of RAM), add the following to the [mysqld] section of the /etc/mysql/my.cnf file:
The differences to the default php.ini file in our servers are as follows:
In our typical Apache configuration we have a simple single virtual-host container (see sample.vhost in our tools repo) containing any site-specific domain rules, and includes common.vhost which is rules that apply across all servers, and wiki.vhost which is the rewrite rules for friendly URL's. Outside the single container, other SSL virtual-host definitions can be included which follow the format defined in ssl-sample.vhost and are named by domain and put in /var/www/ssl (more about SSL configuration below).
- sample.vhost - same Apache virtual-host definition file
- common.vhost - common rules used by all non-SSL sites and domains
- ssl-common.vhost - common rules used by all SSL sites and domains
- ssl-sample.vhost - sample SSL virtual-host definition to be included from the main file
- wiki.vhost - the rewrite rules for friendly URL's
Domain names
Adjust the names of the symlinks in the /var/www/domains directory to local domain names and ensure that those names are added to the /etc/hosts file.
- Note: If you're installing your wikia structure on a local machine, then you must ensure that your domains such as foo.localhost are set in /etc/hosts as aliases for 127.0.0.1
- DNS: if you need to set up a DNS server or Dymamic DNS system, see Configure DNS
Extracting Databases from a Backup
Extract the most recent database backup (this may overwrite existing databases of the same names)
Setting up FTP access
Some clients may require standard FTP access which although not very secure, can have some restrictions put on it to make it a little safer such as restricting users to their home directories and using a non standard port. We use the GPL proFTPD server in standalone mode.
Edit the /etc/proftpd/proftpd.conf file and change the port to something other than 21 and add the following directive to restrict users to their home directories (or set it to a shared FTP directory).
Following Symlinks
Note that following symlinks is not supported if the DefaultRoot directive is used because the directive creates a "jail" preventing access to any directories outside of it. Some administrators have said that mount --bind can be used to achieve this but it hasn't worked for us as that seems to just create a normal symlink as well.
Setting up SSL for Apache
- Generate a self signed certificate
- Generate a certificate request for a commercial Certificate Authority
Create a file in the same dir called organicdesign.co.nz with this content.
Run this line
Check the apache config before reloading
Check the cert with this command:
The following output indicates the cert is working correctly
If everything is ok reload the server
Check the error log for problems.
If you see a message like this everything is ok.
If you see something like this you have problems:
Install vim (not required)
Next steps
- Configure LAN - DHCP server and firewall
- Configure DNS - LAN/Server based DNS and dynamic DNS solutions
- Configure SMB - Samba file shares
- Configure VPN - Remote access to file shares and other LAN resources
- Configure IRC - Run a chat channel, your bot can publish notifications to the channel
- Configure mail server
- Install a MediaWiki code-base
