The Perfect Setup - Debian Sarge (3.1)

Discussion in 'HOWTO-Related Questions' started by cchamb2, Feb 27, 2006.

  1. cchamb2

    cchamb2 New Member

    I'm looking at the step by step instructions included at
    http://www.howtoforge.com/perfect_setup_debian_sarge, and I have a few
    questions that relate to local implementation and some different
    assumptions, as follows:

    Stage 1 - Basic installation

    1) If I'm doing a CD-based install, I asusme it's safe to include graphical
    desktop packages and add the CD's at the end of the basic installation
    process via Synaptic. This lessens a reliance on network connectivity and
    lets me add the stable packages from the 16-CD (total) download (updates and security updates are still installed via the network).

    2) Since exim is removed anyway, I assume that any answer on the basic
    installation for mail server configuration is fine.

    Stage 2 - Installing and configuring the rest of the system

    3) I anticipate the final network hardware configuration to be as follows:

    Network connection -> Router/Gateway Server -> Smart Switch ->Servers

    I have a router in place that restricts port access and can support up to 5
    static IP's from my network provider. In other words, it can accept traffic
    for up to 5 static IP's on specified ports and route traffic based on those
    five IP's and the specified port for the traffic to any specific internal
    computer.

    This leaves everything except the router/gateway configurable, and makes
    static IP support concentrate on the router/gateway server.

    Additionally, and for the moment only, I am using a dynamic DNS service that
    handles DNS service dynamically to the domain of "charles.is-a-geek.net".
    This dynamic DNS service can also handle MX service as well. Periodically,
    as needed, I update the DNS service with my current DSL IP address. This IP
    address is my test ISP address.

    How does this affect the network settings in /etc/network/interfaces?

    4) In setting this up, I anticipate putting the end users in
    /home/~username, since there will be relatively few local end users (end
    users physically located near this server). Towards this end, I have
    mounted a six-drive RAID array (45.5 gigs at the moment, but that can be
    changed) running the reiserFS file system at /home, not at /var, and I've
    left the /var directory as a logfile repository. How does this affect the
    /etc/fstab entries? I've already tried a reboot and the RAID array doesn't
    like the errors=remount-ro option under the reiserFS, and it disabled
    /dev/md0 when I rebooted.

    Page 4 - Configuring mail services

    5) In configuring POP3, the command line of "openssl genrsa -des3 -rand
    /etc/hosts -out smtpd.key 1024" generates an error and stops the script file
    when run as part of a script, but it runs just fine by itself and the rest
    of the script following it runs just fine. Is this normal?

    6) First "telnet localhost 25" and then "ehlo localhost" gets a mostly
    correct response; however, it still identifies the system as
    "localhost.localdomain". There is also no "STARTTTLS" entry. Did I miss
    something?

    STAGE 5 (Perl update)

    7) When I got to the point of installing modules needed by SpamAssassin, I
    found that a new CPAN version was available. I installed it when prompted.
    The following three installations (HTML Parser, DB_File, and Net DNS all
    appaeared to fail, but upon rerunning them I got "up-to-date" messages. Did
    I miss something, or was this normal?

    And, two more generic questions:

    8) What changes in this setup do I need to make in order to (if possible)
    put a user's mail either under his /home directory, or under a separate
    directory which can then be included in his/her disk quota? I'm looking to
    end up specifying a set disk quota (say 40 megs) for a disk quota per user,
    to consist of mail, web, and ftp space.

    9) (Off topic) Do I need to worry about this if I install ISPConfig, or
    will ISPConfig watch both mail and ftp quotas?
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Keep in mind that this is a server setup. What's a server worth without a working internet connection? Also, servers usually don't have a desktop.

    Yes.

    The server can also be connected directly to the internet (e.g. if it's in a data center).

    /etc/network/interfaces isn't affected at all by this. You should have static IP addresses in there.

    How do you mean that question?

    What script? This command should be run directly on the command line.

    What's in /etc/postfix/main.cf?
    If STARTTLS is missing, then I guess you didn't follow the tutorial close enough.

    I don't know if this is normal. But you can install SpamAssassin, and if
    Code:
    spamassassin -V
    doesn't give back errors, then it's fine.
    And, two more generic questions:

    If you're using reiserfs instead of ext3, it is possible that quota will not work.

    ISPConfig will watch these quotas (if quota is working, see above), and it will also take care of user creation (though not in /home/~username), etc.
     
  3. cchamb2

    cchamb2 New Member

    >>1) If I'm doing a CD-based install, I asusme it's safe to include graphical
    >> desktop packages and add the CD's at the end of the basic installation
    >>process via Synaptic. This lessens a reliance on network connectivity and
    >>lets me add the stable packages from the 16-CD (total) download
    >>(updates and security updates are still installed via the network).

    >Keep in mind that this is a server setup. What's a server worth without a
    >working internet connection? Also, servers usually don't have a desktop.

    As I learn about this distribution, it saves a lot of time to [re]install what
    I need from CD rather than from the Internet. The reason for the
    desktop is that it looks familiar and I haven't done pure command
    lline interface in a long time.
    ================================

    >>2) Since exim is removed anyway, I assume that any answer on the basic
    >>installation for mail server configuration is fine.

    >Yes.

    Then I can leave my notes intact on that subject.
    ====================================

    >>3) I anticipate the final network hardware configuration to be as follows:

    >>Network connection -> Router/Gateway Server -> Smart Switch ->Servers

    >The server can also be connected directly to the internet (e.g. if it's in a data center).

    Correct. But the most recent advice I have regarding an ISP setup is to impose a gateway or router for security purposes between the server(s) and the rest of the Internet.

    The configuration as described above only requies a static IP on the router or gateway server, with packets being routed according to port to the various servers that make up the ISP.

    ===========================

    >>Additionally, and for the moment only, I am using a dynamic DNS service >>that handles DNS service dynamically to the domain of "charles.is-a->>geek.net". This dynamic DNS service can also handle MX service as well. >>Periodically, as needed, I update the DNS service with my current DSL IP >>address. This IP address is my test ISP address.

    >>How does this affect the network settings in /etc/network/interfaces?

    >/etc/network/interfaces isn't affected at all by this. You should have static
    >IP addresses in there.

    But originating or based on what? The setup as described above only needs
    one static IP at this point, and that is set in the router/gateway. Later on, it
    will need additional IP's (one for incoming modem pool connections and a
    couple possible for DNS service), but that's a separate issue. As it stands
    now, dynamic DNS for directing packets from the Internet to this server,
    and configuring the router to pass traffic based on port, works just fine.

    dynDNS.org is what provides this DNS service.

    ==================================

    >>4) In setting this up, I anticipate putting the end users in
    >>/home/~username, since there will be relatively few local end users (end
    >>users physically located near this server). Towards this end, I have
    >>mounted a six-drive RAID array (45.5 gigs at the moment, but that can be
    >>changed) running the reiserFS file system at /home, not at /var, and I've
    >>left the /var directory as a logfile repository. How does this affect the
    >>/etc/fstab entries? I've already tried a reboot and the RAID array doesn't
    >>like the errors=remount-ro option under the reiserFS, and it disabled
    >>/dev/md0 when I rebooted.

    >How do you mean that question?

    I'd like to put all user (local and remote) directories under /home.
    It makes backups and restores much easier, as /home is one
    backup and the rest of the system is a second backup.
    It's easier to administer. And /var becomes solely used for
    log files.

    The RAID array is currently formatted reiserFS, but changing
    the filesystem for the RAID array is simple at this point - it's
    not so simple later on.

    Is this possible? Can I put the remote users under /home, and
    can I use the reiserFS file system for this?

    How does doing this change the setup in /etc/fstab? I'm running down
    a related issue where /etc/fstab does not like the "errors=remount-ro"
    on a reiserFS file system.

    ==================
    >>5) In configuring POP3, the command line of "openssl genrsa -des3 -rand
    >>/etc/hosts -out smtpd.key 1024" generates an error and stops the script >>file when run as part of a script, but it runs just fine by itself and the rest
    >>of the script following it runs just fine. Is this normal?

    >What script? This command should be run directly on the command line.

    My bust <g>. I took all groups of italicized lines to be potentially one
    script to cut, paste, and execute in a terminal window. Back to a
    reinstall to watch each one.

    ================
    >>6) First "telnet localhost 25" and then "ehlo localhost" gets a mostly
    >>correct response; however, it still identifies the system as
    >>"localhost.localdomain". There is also no "STARTTTLS" entry. Did I miss
    >>something?

    >What's in /etc/postfix/main.cf? If STARTTLS is missing, then I guess
    >you didn't follow the tutorial close enough.

    I live, I learn (see above).

    ======================
    >>7) When I got to the point of installing modules needed by SpamAssassin, I
    >>found that a new CPAN version was available. I installed it when prompted.
    >>The following three installations (HTML Parser, DB_File, and Net DNS all
    >>appaeared to fail, but upon rerunning them I got "up-to-date" messages. >>Did I miss something, or was this normal?

    >I don't know if this is normal. But you can install SpamAssassin, and if
    >Code: spamassassin -Vdoesn't give back errors, then it's fine.

    Then it's fine.

    ======================
    >>8) What changes in this setup do I need to make in order to (if possible)
    >>put a user's mail either under his /home directory, or under a separate
    >>directory which can then be included in his/her disk quota? I'm looking to
    >>end up specifying a set disk quota (say 40 megs) for a disk quota per user,
    >>to consist of mail, web, and ftp space.

    >If you're using reiserfs instead of ext3, it is possible that quota will not work.

    Then I guess I need ext3 on the RAID array. Answers part of the questions
    on putting the [remote] users under /home on a RAID array.

    ==================
    >>9) (Off topic) Do I need to worry about this if I install ISPConfig, or
    >>will ISPConfig watch both mail and ftp quotas?

    >ISPConfig will watch these quotas (if quota is working, see above), and
    >it will also take care of user creation (though not in /home/~username), etc

    Then the users *have* to be under /var, as quota enforcement is FAR more
    important that ease of backup.
     
  4. falko

    falko Super Moderator Howtoforge Staff

    If your server is in a local network behind a router, then you can assign a static local IP address to your server (e.g. 192.168.0.100).


    If you use ReiserFS, you'll most probably have problems with quota.
    I suggest that if you install ISPConfig, you specify a web root like /var/www and then use Maildir for your email (you must then have a POP3/IMAP daemon installed that works with Maildir, like Courier or Dovecot). Because then all your web spaces and users' home directories and mailboxes are in /var/www, and you only need to back up this directory. :)
     
  5. cchamb2

    cchamb2 New Member

    I'll have to play with this and learn from it. I made the changes as described in The Perfect Setup, and promptly lost all Internet connectivity. I then uncommented the old lines, and commented out the new lines, and Internet connectivity was returned.

    Not a big deal. Performance is a lower concern than being able to implement a *simple* backup plan, and backing up /var and then backing up the rest of the system is simple enough.

    As mentioned in The Perfect Setup. It shall be done.
     

Share This Page