close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Version 1 and Version 2 of servers/setup-condensed


Ignore:
Timestamp:
Apr 2, 2009, 10:44:07 PM (13 years ago)
Author:
hank
Comment:

make general server how-to editable in wiki

Legend:

Unmodified
Added
Removed
Modified
  • servers/setup-condensed

    v1 v2  
    1 [[Include(source:trunk/doc/servers/setup-condensed.txt, text/x-trac-wiki)]]
     1= !SilverFile General Server Setup =
     2
     3== Create CDROM ==
     4http://ubuntu.cs.utah.edu/releases/intrepid/ubuntu-8.10-server-i386.iso
     5''I could not get the USB drive to boot!!  CDROM, the old fashioned way :)''
     6
     7== Prepare Hardware ==
     8
     9Attach CDROM to open IDE port.  Make sure the CDROM is bootable in the BIOS.
     10
     11== Install Ubuntu ==
     12
     13Select English
     14Install Ubuntu Server
     15
     16Enter Hostname: Harvey
     17
     18== Setting up a Mirror RAID (RAID 1) ==
     19Per recommendations from our friends at !MonkeyBrains, we'll set up a software
     20RAID 1 and monitor it with mdadm.  The plan is to sync up RAID health with
     21SNMP monitoring.
     22
     23This is a very good tutorial on
     24[http://ubuntuadministrator.com/?p=3 setting up a software RAID 1] please follow
     25it for the step by step RAID install.
     26
     27The idea is to create 3 partitions:
     28        * / (root) where all the OS etc files go
     29        * /FILES where all the documents go
     30        * Swap The necessary swap partition
     31       
     32On a 500 GB drive I propose doing this :
     33        * /FILES = 430 GB
     34        * Swap = 4 GB (swap is conventionally 2X RAM, a swap this size may not
     35        be necessary with 2 GB of RAM and for use as a file server
     36        * / = <leftover space>
     37
     38In order to create the software RAID, you first create regular primary
     39partitions on the first disk (SDA) as in the following:
     40
     41{{{
     42select: Partition Disk Manually
     43select: Device SDA1
     44Create new empty partition table on this device: yes
     45Select Free Space (pri/log): <per size of the disk>
     46select: Create new primary partition
     47Mount point: /
     48Bootable Flag: on
     49Use as: Select Physical Volume For RAID
     50select: Done Setting up partition
     51}}}
     52
     53And then you create an MD device from each partition. 
     54
     55Again, see the [http://ubuntuadministrator.com/?p=3ubuntu RAID tutorial]
     56as it explains exactly how to do this step by step. 
     57
     58
     59== Install SSH Deamon ==
     60{{{
     61sudo apt-get install ssh
     62}}}
     63
     64== Check RAID Status ==
     65{{{
     66mdadm --detail /dev/md0
     67}}}
     68
     69== Change SSH Port ==
     70edit /etc/ssh/sshd_config
     71Change port line to 2222 (or whatever port)
     72restart sshd to check
     73{{{
     74/etc/init.d/ssh restart
     75}}}
     76
     77== Add other users to sudo ==
     78Sudo allows all users in admin group root privilege
     79{{{
     80usermod -a -G admin ryan
     81}}}
     82
     83=== OpenSSL ===
     84==== Verification ====
     85Next, verify engine:
     86{{{
     87> openssl engine
     88(padlock) VIA PadLock (no-RNG, ACE)
     89(dynamic) Dynamic engine loading support
     90}}}
     91The response string should include '`(padlock) VIA PadLock (no-RNG, ACE)`'.
     92
     93==== Make default engine Padlock ====
     94
     95{{{
     96> vim /etc/ssl/openssl.cnf
     97...
     98oid_section             = new_oids
     99
     100# Enable Via Padlock by default
     101openssl_conf = openssl_def
     102
     103[openssl_def]
     104engines = openssl_engines
     105
     106[openssl_engines]
     107padlock = padlock_engine
     108
     109[padlock_engine]
     110default_algorithms = ALL
     111}}}
     112
     113
     114=== GnuPG / Duplicity  ===
     115
     116{{{
     117> sudo apt-get install duplicity python-boto
     118}}}
     119
     120=== Install Apache for Django  ===
     121[https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration Great Ubuntu Apache/SSL How-To]
     122{{{
     123> sudo apt-get install apache2 libapache2-mod-python
     124> sudo ln -s /usr/sbin/apache2ctl apachectl (old habits die hard)
     125}}}
     126
     127=== Configure SSL  ===
     128{{{
     129> sudo a2enmod ssl
     130}}}
     131copy cert file (''mydomain.com''.crt) to /etc/ssl/certs
     132copy key file (''mydomain.com''.key) to /etc/ssl/private
     133
     134=== Configure Apache for !SilverFile App ===
     135Django app is turned "on" by default.  Two locations (webspaces) are
     136turned off, and are served directly. These are:
     137 * site_media (css, js, images, etc...)
     138 * site_files (these are all the client files)
     139
     140See sf-apps/files/examples
     141{{{
     142<VirtualHost *:80>
     143> wget http://www.gutenberg.org/dirs/etext02/01hgp10a.txt (274 MB)
     144> wget http://www.gutenberg.org/dirs/etext02/02hgp10a.txt (246 MB)
     145> wget http://www.gutenberg.org/dirs/etext02/03hgp10a.txt (217 MB)
     146> wget http://www.gutenberg.org/dirs/etext02/08hgp10a.txt (144 MB)
     147        ServerName harvey.silverfilecorp.com
     148        SetHandler python-program
     149        PythonHandler django.core.handlers.modpython
     150        SetEnv DJANGO_SETTINGS_MODULE files.settings
     151        PythonOption django.root /files
     152        PythonDebug On
     153        PythonPath "['/usr/wwwapps/sf-app'] + sys.path"
     154
     155        # Site media files - css, js, img
     156        Alias /site_media /usr/wwwapps/sf-app/files/media
     157        <Location /site_media/>
     158                SetHandler None
     159        </Location>
     160
     161        # Client Files
     162        Alias /site_files /FILES
     163        <Location /site_files/>
     164                SetHandler None
     165        </Location>
     166
     167</VirtualHost>
     168
     169}}}
     170
     171== Permissions on /FILES/ ==
     172AS root:
     173{{{
     174addgroup fileusers
     175adduser hank fileusers
     176adduser ryan fileusers
     177adduser www-date fileusers
     178
     179chown -R root /FILES
     180chgrp -R fileusers /FILES
     181chown -R 660 /FILES
     182
     183find /FILES -type d -exec chmod 770 {} \;
     184find /FILES -type d -exec chmod 550 {} \;
     185
     186
     187}}}
     188
     189== Java ==
     190
     191{{{
     192sudo apt-get install sun-java6-bin
     193}}}