Categories

 Edit Translation
by Transposh - translation plugin for wordpress
IPv6 logo

Home Web Server – Software installation.

OS

Installation of the operating system.

Debian is a well-known Linux distribution easy to use and a very good option for a server.. We will use the network installation image because it is very flexible when it comes to installing programs and is up-to-date since it directly downloads the program packages from the server of the “distro”. There are server-oriented distributions, but a home server will not have the load of a dedicated one and we will use some options that would not be recommended in a complete server, in fact we are going to mount more a “workstation” with server capabilities, that a server. If we need to expand the system, just copy the configuration files, files and databases to a real server, That is already an issue that this manual does not intend to cover due to the complexity of the project..

On the page of Debian we will download to our battle computer the image appropriate to the target system, in our case the AMD64. We will record it on a cd, the with Rufus we can create the installer on a USB device.

We have a detailed installation manual in several languages ​​although it really doesn't take much more than following the instructions given by the installer screens.

It is assumed that the router has a firewall enabled and the computers on the internal network also have theirs enabled and have antivirus running. From the moment we definitely open the server to the network, the traffic to our router will increase and with it the automatic attacks.

Language settings

Language settings

The installation program will show us different options for us to indicate the language to use and the keyboard. It is more comfortable to select the same language and keyboards, but they can be configured independently. In this example we use Spanish from Spain.

After configuring them, it will test Internet access to download the latest available versions of the programs and download the necessary information to continue the installation.. At the end it will ask us for the name we want to give the machine, we can choose the web server name, or better one for the internal network, so we can filter some components that we do not want to go out of our LAN.

Users and time zone

Users and time zone

After the automatic actions it will ask us to enter a password for the user “root”, being the administration user we should put a long key, made up of numbers, uppercase and lowercase letters and random characters. We can use a program like “Keepass” to prepare a suitable clav and store it in a safe place beforehand. After that, it will ask us to enter the data of a normal user, this is the user with whom we will connect to the system from outside to administer the server, do it with the administrator “root” not recommended and there are tasks, how to compile or install some programs that we should not do from “root” For security.

It will then ask us for a time zone to correctly set the system time, it is important to have the date and time set correctly or else some security and encryption programs can give problems. In addition, the installer will configure the time for this area., and it will also try to find the closest and fastest package and update servers with this information.

Partitions

Partitions

If the disk that we are going to use is new or has nothing that we are interested in saving, guided partitioning is the option we should choose. It will only do the configuration and we will go to the next stage of installation. Otherwise we may want to reconfigure the disk, or use only one partition that you have. The screenshots below show the options we can choose and how the Debian installer partitioner works..

Double-clicking on the chosen options, we will activate them.

For format a partition we will double click on “Manual”.

Then we will select the partition that we want to modify and with double click we will open its options.

We will double click on “Use as” to select the partition file system, Ext4 is the default option.

Then we will double click on “Format yes / no” if we want it to format or not. If we have previous data on the partition and we don't want to lose it, we can mount the partition without formatting.

We must select a Mounting point to make the partition visible on boot. If it is the primary, the most comfortable is to mount it in “/” the root directory. Partitions look like directories on Linux, and we can mount them even in directories that already exist.

We will double click on “Yes, I've finished” to take the partition configuration for granted.

If we have a lot of RAM or we are installing in a virtual machine with virtual disks, use a swap partition “Swap”, it won't really give us many advantages. The installer always creates one by default, so deleting it is a good idea.

Select the partition we want to delete from the main list, in this case that of Exchange (Swap), we will double click on it and on the partition configuration screen double click on it “Erase partition” and accept. After deleting it, it will return us to the main partitioning screen.

Deleting a partition leaves unallocated space on the disk, we can create a new part and follow the first steps, or resize an existing one to assign the free space.

We will double click on the partition to manipulate, and on the partition configuration screen, we will double click on “Resize partition“. it will ask us if we want to save the changes, we will say yes and then it will show us a text field where to enter the new size. It admits that we enter it in megabytes “M”, gigabytes “Gb” or percentage, how we want to occupy all the free space, we introduce “100%” and accept.

To finish the partitioning we will double click on “Finish partitioning and write all changes to disk“, will ask us if we want to go back, we will say no, and it will start formatting.

Once the system is installed we can partition it again if we don't like how it turned out, Throughout this guide we will install “gparted” a much simpler and more intuitive partitioning program than the system with which all these operations can be done more easily.

Download

After formatting it will ask us if we have an additional installation CD, we will say no. It will ask for the geographical area to find a nearby server, we will give continue on both questions, if we use proxy, we will write the data of our proxy in such case, We will continue and if you want us to send the package data we use to Debian to organize package management more efficiently, we answer what we want. and we wait for you to download and install some programs before the last stage of installation.

Final touches

Final touches

At the end of preparing the program servers it will ask us for the programs and services that we want by default. By default a Debian desktop environment, but without window manager, choose XFCE4 for consuming few resources. In a pure server we should not use graphic environments to avoid consuming resources, but in principle our machine is not going to be a very heavy one and we are going to use it several times, it is a domestic environment after all so we will make things easy, and a graphical environment makes many tasks easier.

We will also select “Web server”, which will install Apache2 and “SSH server“, that we will use to be able to access the server from another computer and configure it. The computer with the server will always be on, but we should not use it as a desktop computer, so it can be put in any ventilated and clean place so that it does not get too much. Print server not required, Although it works very well. We will leave the base system utilities, later we will add others.

After clicking continue, the installation will begin, it will take a while and after that it will ask us if we want to add a boot loader. We will say yes, in case you have another operating system installed on a partition or hard disk, it will add it to the boot menu without problems. It will ask us on which disk we want to install it, generally sda sdb, but we must be careful not to choose the installation skewer or it will start from it.

After selecting the boot medium, it will indicate that it has been installed and will ask us to agree to restart the computer, we should disconnect and save the device with which we have installed the system and let it restart. If we have chosen a graphic environment we will see a welcome screen where the user and password will ask us. In text mode a line will appear asking for the user.

 

After the installation of the operating system we will enter with the user “root” and the key that we have chosen since we still have some things to configure and by default the normal user that we created at the beginning does not have any administration permission. It will ask us if we want to use the default configuration, we will say yes. After that we will open a terminal, in the applications menu we will find a, or also in the bar below, the first icon that looks like a monitor.

Applications menu - terminal

In the console we will introduce the command:

Where “user_created” is the username that we have made in the installation. With this command we make the user enter the group of “sudoers”, a group that can temporarily raise their permissions for system administration tasks. Since by default the user “root” cannot access the system by ssh, and we are not going to give you permission for being dangerous, we can remotely administer the system with a user who can do “south” without having to log in as “root” and leave an annoying front door.1We are not trying to make the system safer on the planet, but it is one that is secure enough that the effort dedicated to breaking it with respect to the possible reward makes it unattractive for a non-automated attack.

Now we close the session from the applications menu and we can now turn off the server monitor. If we need it for other devices we can also remove the keyboard and mouse from the computer where we have installed the server. From now on we would only need to physically access it to change hardware, or troubleshoot machine hardware, restart it once a week after a full backup and occasionally check for dust and clean it.

Utilities

Utilities installation

Some of these tools we will use daily, some occasionally and some we may even forget their existence until the moment of being necessary. In any case it is a good idea to have them all at hand.

Client utilities.

On the client side we will install those necessary to connect to the server, and check the connection. I put links to installers, they are not really complicated to install, just run the setup programs.

Web navigator. Firefox, Waterfox, Palemoon, Seamonkey, Opera, Edge, any of them is worth. Waterfox and Palemoon support extensions to use FTP, Semonkey has a very convenient email manager and web page editor.

SSH client. Instalaremos Putty, is a client with a graphical configuration interface, we can configure different sessions for different servers. The utilities that it brings will not be useful for other programs. Has Mac versions, Linux y Windows. In this page we have the instructions to install it on Mac. ON Linux we can download the sources and compile the latest version, or if we don't want to complicate ourselves install it as a package, with for example the command “apt install putty”. Putty's official website offers us installers for windows and download the source code.

X windows server. It is very comfortable to be able to access the server windows environment to edit configurations or use applications that make things much easier for us, como gparted o gufw. For that we have to have previously installed an X11 server on the work computer and connect it by ssh with X11 forwarding activated.
In windows we can install well Cygwin/X, that it will also install us many other programs and utilities, good VcXsrv O well Xming. Installing VxXsrv is easy, just run the installer.

In Linux it is enough to have a graphical environment running, for Mac it is used XQartz.

Network audit. A utility that will serve to check the network and its very popular security is Nmap. In windows it comes with its graphic version Zenmap, which will help us to save the commands and scripts that we have previously executed. It is very complex and complete, but we will only use the most basic functions to check that everything works as it should and go over some points in the encryption. This is your Homepage, from which we can download the installer or the binaries.

There are many other utilities, like sniffers and crackers, but unless we suspect an attack they wouldn't be necessary. They are quite complex programs and their use goes beyond what this manual intends..

SQL client. We will use a client capable of connecting to different types of databases, server programs will not only use a database, so if we want to access them we would have to use a client for each database, or a client that allows access to all of them.

In windows we can use HeidiSQL, which can be used in Linux under Wine 4. A cross-platform option is DBeaver with a very interesting list of databases, another option, and Java, it is Squirrel SQL.

Server utilities

In this part the list is expanded, antivirus, firewall, server administrators, text editor, installer, status monitors, registry monitor file system utilities, etc. We will also install necessary programs and libraries for dynamic pages and web applications.

The first thing will be to configure Putty to connect to the server.

The program offers us a dialog window divided into a tree menu on the left, where we can select the connection options, which are edited on the right side of the screen. With most default options it will work perfectly. When starting it always presents the connection menu, a field where we will write the IP or the name of the server to which we want to connect, next to it the connection port, by default the 22, and below a field to enter the name of the session we want to create, and below it a list of saved sessions. When we fill in the session name and we save it “Save” will save the settings for that session. Selecting a saved session and loading it, we can edit its parameters, if we double click on a session name, we will initiate a connection.

In the tree on the left we will select “Connection->SSH->X11”, the menu on the right will show us a box “Enable X11 forwarding” to enable X11 forwarding. We will leave the option of “Mit-magic-cookie” selected. With this we can open programs from the graphical environment of the server on our computer,

We return to the session menu, and with the session name that we want to use loaded, we give the save button to save to save the options we have selected. With this we can already open a session by clicking on the open button ,”Open” found at the bottom of the dialog.

If we connect for the first time it will tell us that an unknown server wants to install a certificate, we will accept “Accept”, and a console window will open asking for the username, we will introduce the username and password to connect, and we will have the secure terminal session open. We can enter commands and use the programs that are authorized for the user level.

If we don't like the look of the console, we can change the colors by going to “Window->colors” to select text and background colors, already “Window->Appearance” to combat the source. It is not a bad idea to change the colors to distinguish the different sessions if we are going to enter different servers or with different users, we can have several open and know by color what connection they belong to.

 

Putty, screenshots

To use the X11 windows we must activate the server on our computer, and if we want to start them as “root” we must assign a temporary authorization to the user to be able to use the windows in an SSH session.

To start the server in windows we must use the program xlaunch.exe, will present us with a series of options that we will leave by default, we can save the options we have chosen in a .xlaunch file that we can invoke by making a shortcut to avoid responding again. When loaded an icon will appear in the toolbar, with the right mouse we open a control menu to load programs, put the Xs in full screen or close them.

xlaunch, screenshots
Returning to Putty's console, now we can launch the X. How are we going to have to use administration permissions for a long time, the best thing will be to have active the “root”.

One way to do this would be to use the su command to log into the account. We type “its” we enter the password of the user with whom we are logged in, and when we're done, we introduce “exit”.

Another would be to start an X11 session like “root”, to be able to do it first we have to give authorization to the X so that “root” can connect in ssh session. For that we enter the following command, Changing “user” by the user with whom we have started the session. This command copies the authorization file to the directory of “root” temporarily, if the SSH session is closed we will have to copy it again.

After entering the password we will enter the command to start the Xfce4 panel, from it we will be able to access the graphic applications installed in the system, and of course to the command terminal, which will be necessary at this stage of the configuration. We start it with south to have root permissions, otherwise we will have normal user permissions, to compile some programs, or run most, it is recommended to always enter with a normal user session, some applications will not be installed if we have not entered as a user without permissions. This case is an exception since we have to constantly use the root user.

Xfce4 panels will be loaded on the desktop, it's a good idea to configure them so they don't get in the way of the rest of the desktop. If we also open more than one session, can be confused.
Setting up the panel is easy, just press the right mouse button on the panel of applications that we want to edit, and select the option “Panel->Panel preferences” the pop. I select to always hide the panel, deselect “anchor” to be able to place it anywhere on the screen and change the color in the appearance tab.

Panel Xfce4, screenshots
Now we will open a command terminal to start entering the commands to install everything we have to install. Before that you can configure the terminal emulator window to put custom colors and disable the key “F10”, which is used in some terminal utilities and would otherwise be captured.
Terminal Xfce4, screenshots

Good, all ready to start installing. First you have to adjust the package manager to find applications that are not from the main distribution “main”, well edit the configuration file , “/etc/apt/sources.list” and we add “contrib non-free” at the end of each configuration line, ok we execute this command.

What it does is replace “s” every occurrence of “main” by “main contrib non-free” in the file. The manual thirst and regular expressions explain the command. We will use more regular expressions throughout this manual.

With the command

We will update the indexes and the cache of the package gestures since we have changed the configuration and it is a good idea to refresh it.

We install development utilities and kernel libraries that we will need later. $(uname -r) is to put the version of Linux that we run.

System Utilities, “htop” is a process manager, mc is a very powerful file manager, gufw a simple and efficient graphical firewall manager, mlocate helps you find files quickly, glogg is a graphical log viewer that can be used to view several at the same time, geany a very comfortable text and programming editor, rsync and unison are utilities for live copying and backup, gparted is a powerful partition editor and babobab is a graphical disk usage analyzer.

Video utilities, we will use them to make “streams”.

Perl pre-programming language, Python and basic libraries.

Apache modules and PHP language along with common PHP libraries.

Lets Encrypy y Certbot, to be able to generate free and secure TLS certificates.

Webalizer and AWStats log and statistics analyzer.

We comment the whole cron file of AWstats putting it # at the beginning of each line that you don't already have with this command:

And finally an entropy generator, good for generating keys.

Mail and FTP
Mail server installation

When you ask us for general settings, we will select website, the name of the system will be that of the server that we have put at the beginning plus the domain.

 

Antivirus and antispam for email.

 

Install the FTP server

 

We will configure these two services later, as we need them.

Database
Installation of databases

MariaDB is an evolution of MySQL with a totally free license that has been making its way. For low and medium load web servers it is a very popular option.

We installed MariaDB and several support libraries in Perl and PHP. We also installed fpm and fcgi support for Apache, many applications will need it.

apt install mariadb-server mariadb-client mariadb-common php-fpm fcgiwrap libdbd-mariadb-perl libdbd-mysql-perl

Now we activate the Apache modules

And we restart the server so that the changes take effect.

Now we are going to configure the database to be able to access it from another computer safely. We introduce the command:

And we restart the database server for the change to take effect.

We need MariaDB to listen to all interfaces, we edited in MariaDB configuration file.

Now we look for the following text, we discuss the line that begins with “bind-address”;

and we add this.

We allow root to access from outside consoles.

PostgreSQL installation

Webmin

Webmin is a browser application that will allow us to access many server maintenance and configuration functions in a simple way.. It is designed for small servers and with few domains, if we need to expand it an interesting and compatible option, which also allows us to import the already made configurations would be Virtualmin. There are other options, como ISPConfig3, Plesk o CPanel.

To install webmin we must first edit the repositories file, that way the updates will be easier. First we add the Webmin repository to the end of the file, fine editing it, ok with this command.

Root download the key file from the repository

And we add the key to APT key registry;

If it is not already installed, we added a package so that APT can handle URLs with https;

We update the package manager;

And we installed Webmin;

To access webmin, we will do it by writing the https://servername:10000, where servername will be the name that we have chosen in the installation. Domain is optional.

With this we will already have everything necessary to be able to operate and adjust the server. Whenever you have to make a touch-up or monitor the operation, we will have at our disposal a series of tools that will make the task lighter.. We can check that the web server works by accessing http from the server browser://localhost, or from the work computer to http://[server ip] or with the server name that we have put in the Debian installer.


In the next shipment we will configure the web server.

Leave a Reply