Context Navigation

close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Version 1 and Version 2 of servers/setup-condensed

Timestamp:: Apr 2, 2009, 10:44:07 PM (14 years ago)
Author:: hank
Comment:: make general server how-to editable in wiki

Legend:

: Unmodified
: Added
: Removed
: Modified

servers/setup-condensed

-                      v1
+                      v2
+[[Include(source:trunk/doc/servers/setup-condensed.txt, text/x-trac-wiki)]]
+= !SilverFile General Server Setup =
+== Create CDROM ==
+http://ubuntu.cs.utah.edu/releases/intrepid/ubuntu-8.10-server-i386.iso
+''I could not get the USB drive to boot!!  CDROM, the old fashioned way :)''
+== Prepare Hardware ==
+Attach CDROM to open IDE port.  Make sure the CDROM is bootable in the BIOS.
+== Install Ubuntu ==
+Select English
+Install Ubuntu Server
+Enter Hostname: Harvey
+== Setting up a Mirror RAID (RAID 1) ==
+Per recommendations from our friends at !MonkeyBrains, we'll set up a software
+RAID 1 and monitor it with mdadm.  The plan is to sync up RAID health with
+SNMP monitoring.
+This is a very good tutorial on
+[http://ubuntuadministrator.com/?p=3 setting up a software RAID 1] please follow
+it for the step by step RAID install.
+The idea is to create 3 partitions:
+        * / (root) where all the OS etc files go
+        * /FILES where all the documents go
+        * Swap The necessary swap partition
+On a 500 GB drive I propose doing this :
+        * /FILES = 430 GB
+        * Swap = 4 GB (swap is conventionally 2X RAM, a swap this size may not
+        be necessary with 2 GB of RAM and for use as a file server
+        * / = <leftover space>
+In order to create the software RAID, you first create regular primary
+partitions on the first disk (SDA) as in the following:
+{{{
+select: Partition Disk Manually
+select: Device SDA1
+Create new empty partition table on this device: yes
+Select Free Space (pri/log): <per size of the disk>
+select: Create new primary partition
+Mount point: /
+Bootable Flag: on
+Use as: Select Physical Volume For RAID
+select: Done Setting up partition
+}}}
+And then you create an MD device from each partition.
+Again, see the [http://ubuntuadministrator.com/?p=3ubuntu RAID tutorial]
+as it explains exactly how to do this step by step.
+== Install SSH Deamon ==
+{{{
+sudo apt-get install ssh
+}}}
+== Check RAID Status ==
+{{{
+mdadm --detail /dev/md0
+}}}
+== Change SSH Port ==
+edit /etc/ssh/sshd_config
+Change port line to 2222 (or whatever port)
+restart sshd to check
+{{{
+/etc/init.d/ssh restart
+}}}
+== Add other users to sudo ==
+Sudo allows all users in admin group root privilege
+{{{
+usermod -a -G admin ryan
+}}}
+=== OpenSSL ===
+==== Verification ====
+Next, verify engine:
+{{{
+> openssl engine
+(padlock) VIA PadLock (no-RNG, ACE)
+(dynamic) Dynamic engine loading support
+}}}
+The response string should include '`(padlock) VIA PadLock (no-RNG, ACE)`'.
+==== Make default engine Padlock ====
+{{{
+> vim /etc/ssl/openssl.cnf
+...
+oid_section             = new_oids
+# Enable Via Padlock by default
+openssl_conf = openssl_def
+[openssl_def]
+engines = openssl_engines
+[openssl_engines]
+padlock = padlock_engine
+[padlock_engine]
+default_algorithms = ALL
+}}}
+=== GnuPG / Duplicity  ===
+{{{
+> sudo apt-get install duplicity python-boto
+}}}
+=== Install Apache for Django  ===
+[https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration Great Ubuntu Apache/SSL How-To]
+{{{
+> sudo apt-get install apache2 libapache2-mod-python
+> sudo ln -s /usr/sbin/apache2ctl apachectl (old habits die hard)
+}}}
+=== Configure SSL  ===
+{{{
+> sudo a2enmod ssl
+}}}
+copy cert file (''mydomain.com''.crt) to /etc/ssl/certs
+copy key file (''mydomain.com''.key) to /etc/ssl/private
+=== Configure Apache for !SilverFile App ===
+Django app is turned "on" by default.  Two locations (webspaces) are
+turned off, and are served directly. These are:
+ * site_media (css, js, images, etc...)
+ * site_files (these are all the client files)
+See sf-apps/files/examples
+{{{
+<VirtualHost *:80>
+> wget http://www.gutenberg.org/dirs/etext02/01hgp10a.txt (274 MB)
+> wget http://www.gutenberg.org/dirs/etext02/02hgp10a.txt (246 MB)
+> wget http://www.gutenberg.org/dirs/etext02/03hgp10a.txt (217 MB)
+> wget http://www.gutenberg.org/dirs/etext02/08hgp10a.txt (144 MB)
+        ServerName harvey.silverfilecorp.com
+        SetHandler python-program
+        PythonHandler django.core.handlers.modpython
+        SetEnv DJANGO_SETTINGS_MODULE files.settings
+        PythonOption django.root /files
+        PythonDebug On
+        PythonPath "['/usr/wwwapps/sf-app'] + sys.path"
+        # Site media files - css, js, img
+        Alias /site_media /usr/wwwapps/sf-app/files/media
+        <Location /site_media/>
+                SetHandler None
+        </Location>
+        # Client Files
+        Alias /site_files /FILES
+        <Location /site_files/>
+                SetHandler None
+        </Location>
+</VirtualHost>
+}}}
+== Permissions on /FILES/ ==
+AS root:
+{{{
+addgroup fileusers
+adduser hank fileusers
+adduser ryan fileusers
+adduser www-date fileusers
+chown -R root /FILES
+chgrp -R fileusers /FILES
+chown -R 660 /FILES
+find /FILES -type d -exec chmod 770 {} \;
+find /FILES -type d -exec chmod 550 {} \;
+}}}
+== Java ==
+{{{
+sudo apt-get install sun-java6-bin
+}}}