Difference between revisions of "Ubuntu Server Setup"

Upgrading Ubuntu Server to a new release

• Install update-manager-core if it is not already installed:

• sudo apt-get install update-manager-core

• Launch the upgrade tool:

• sudo do-release-upgrade

Turn on Mod Rewrite

1. a2enmod rewrite 
2. restart apache server 
3. edit vhost file AllowOverride all

Shell Scripting

• Scripts must be chmod 755 so they can execute

• #!/bin/bash (add to the top of the shell script so it can use the bash shell to interpret the script, you can also add python or other shell programs)

• Postional Parameters: $0 ... $9 $@ to access all 0-9 // like in a loop

• Exit Status return Codes: Range from 0 to 255: 0 = success: Other than 0 = error condition: use man or info to find meanign of exit status

&bull, $? contains the return code of the previously executed command

ls /not/here
    echo "$?"
Another Code example


    HOST="google.com"
      ping -c 1 $HOST # -c 1 means it will send 1 ping
      if["$?" -eg "0"]
      then
          echo "$HOST reachable"
      else
          "$HOST unreachable"
      fi
&& and ||
-the second statement only executes if the first one was successfull
mkdir /tmp/bak && cp test.txt /tmp/bak/
-the second statement will execute only if the first one fails
cp test.txt /tmp/bak/ || cp test.txt /tmp
• chain multiple commands together using a ; (semicolon) cp test.txt /tmp/ ; cp test.txt /bak

File Operators (test)

-d FILE -true if is a directory
-e FILE True if file exists
-f FILE True if file exist and is a regular file
-r FILE True if file is readable by you
-s FILE True if file exists and is not empty
-w FILE True if file is writable by you
-x FILE True if file is executable by you
-z FILE True if string is empty
-n FILE True if string is not empty
String1=String2 true if strings are equal
String1 != string2 True if the strings are not equal
arg1 -eq arg2 equal
arg1 -ne arg2 not equal
arg1 -lt arg2 less than
arg1 -le arg2 less than or equal to
arg1 -gt arg2 greater than
arg1 -ge arg2 greater than or equal to
read -p "Prompt to dispaly" VarableName accepting user input

for loop to rename all jpg files with the date

  #!/bin/bash
  PICTURES=$(ls *.jpg)
  DATE=$ (date +%F)

  for PICTURES IN $PICTURES
      do
          echo "Renaming ${PICTURE} to ${DATE} - ${PICTURE}"
          mv $[PICTUE} ${DATE}-${PICTURE}
  done

  // Output
  renaming bear.jpg to 2015-03-06-bear.jpg

Adding exit commands to scripts

    #!/bin/bash
      HOST="google.com"
      ping -c 1 $HOST
      IF [ "$?" -ne"0" ]
      then
          echo "$HOST unrechale"
          exit 1
      fi
      exit 0

Creating a Function

function function-name() {# code goes here}
Calling a Function
function hello() {
    echo "hello:
    }
    hello (you don't need the () just call the name of the function)
    
** Positional Parameters and passing info to a funciton


    #!/bin/bash
  function hello(){
      echo "hello $1"

  }

  hello robert # robert is passed to the function hello
  #output is hello Robert
** Outputting miltple calls to a function


    #!/bin/bahs
      funciton hello() {
      for NAME in $@
      do
          echo "Hello $NAME"
      done
  }

  hello robert bob dan

  Output
  hello robert bob dan
Using Wildcards 
* -matches zero or more characters
*.txt
a*
a*.txt
? - matches exactly one character
?.txt
a?
a?.txt
[] character class - matches any of the characters included between the brackets. Matches exactly one character.
[aeiou]* exampld: ls -la [abge]*
ca[nt] matches:(it will match either the n or the t)
can, cat, candy, catch
[!] Matches any characters NOT included between the brackets. Matches exactly one character.
[!aeiou]* would match below bacause it does not start with any of those letters
baseball, cricket
Select a range
[a-g]* matches files that start with a,b,c,d,e,f,g
[3-6]* matches all files start with 3,4,5,6
Using predefined Character Classes
[[:alpha:]]
[[:alnum:]]
[[:digit:]]
[[:lower:]]
[[:upper:]]
[[:space:]]

#!/bin/bash
cd /var/www/bash
  # there's a space after the "if", space afer ! then a space after "[", space before "]"
if [ ! -d  /var/www/bash/text/ ]
then
     mkdir /var/www/bash/text
fi
for FILE in *.txt
do
     echo "Copying $FILE"
     cp $FILE /var/www/bash/text
done
Case Statements

Simple Backup bash shell script

#!/bin/bash
tar -czf myhome_directory.tar.gz /home/linuxconfig
 
Your backup script and variables:
#!/bin/bash
 OF=myhome_directory_$(date +%Y%m%d).tar.gz
 tar -czf $OF /home/linuxconfig 
 
We can use while loop to check if file does not exists. This script will sleep until file does exists. Note bash negator "!" which negates the -e option.
#!/bin/bash
 
while [ ! -e myfile ]; do
# Sleep until file does exists/is created
sleep 1
done 

Apache Commands

• List apache packages and versions
  • dpkg -l | grep apache

• shows version of ubnuntu
  • cat /etc/issue

• shows version of ubuntu
  • cat /etc/*-release

• give detail status of the service
  • apachectl status

• Gives info on where config file is located
  • apachectl -V
• Search the entire server for the file
  • find / | grep "apache2\.conf"
• Info for each line in the .conf File
  • http://httpd.apache.org/docs/current/mod/directives.html
• Displays Config Info about all Virtual Hosts
  • apachectl -t -D DUMP_VHOSTS
• Display All Modules form Apache
  • apachectl -t -D DUMP_MODULES
• Enable and Disable Modules
• Directory for Modules
  • /etc/apache2/modes-available and /etc/apache2/mods-enabled
  • a2enmod and a2dismod will enable of disable modules
• Find where the apache error log is located
  • grep -Ri ErrorLog /etc/apache2
• Watch Error log in realtime
  • tail -f error.log
• Tools to Analize log files
  • AWStats - awstats.sourceforge.net
• GoAccess - Terminal app
  • goaccess.prosoftcorp.com

Using SMTP to send email

apt-get install php-pear

pear install Mail

pear install Net_SMTP

restart apache

## you have to include this in your code.

require_once 'Mail.php';

## there is a lot more info you have to provide. do a search or pear mail

Setting up Postfix to send mail

sudo apt-get install postfix

Options

Satellite
domain.com
smtp server=  ip address or smtp.domain.com
service restart postfix

 Postfix config file
 /etc/postfix/main.cf

Giving Root Privileges to another Account

edit  /etc/sudoers.tmp

#User previlege specification

root  ALL=(ALL:ALL)ALL

#  copy the settings of the root and adapt it to your username

alex ALL=(ALL:ALL)ALL

Installing Node.js

sudo apt-get install python-software-properties

add-apt-repository ppa:chris-lea/node.js

 

apt-get update
apt-get install nodejs npm

Search Repositories

sudo apt-cache search python

will search the cached repo of all python

Changing Mac Address Linux

ifconfig wlan0 down

ifconfig wlan0 hw ether de:ad:be:ef:co:fe

ifconfig wlan0 up

ifconfig wlan0 | grep HWaddr

Repair Perl Locale Errors on Ubuntu

sudo apt-get install language-pack-en-base
sudo dpkg-reconfigure locales
if that dosent work then try this
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
apt-get install locales
dpkg-reconfigure locales

Remove Old host keys from Known_hosts

 ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.20.133

 

Sync Time with ntp server

 Using the command line, you can use dpkg-reconfigure tzdata.

dpkg-reconfigure tzdata
 
Follow instructions
 
install ntp
 
sudo apt-get install ntp

Setting up a Cron Job

Using cron

 Use the personal crontab to setup your jobs

type

crontab -e  ** use the -e switch, do not edit the file directly 

Everthing is the same as below except the 6th space in the personal crontab is the field to execute as oposed to the user to run the job

example

* * * * * /backup/script.sh

as opposed to

* * * * * root /backup/script.sh

 

crontab -l - shows scheduled jobs

crontab -r  remove the current crontab file

 

In the /etc directory you will probably find some sub directories called 

'cron.hourly', 'cron.daily', 'cron.weekly' and 'cron.monthly'. If you place 

a script into one of those directories it will be run either hourly, daily, 

weekly or monthly, depending on the name of the directory. 


If you want more flexibility than this, you can edit a crontab (the name 

for cron's config files). The main config file is normally /etc/crontab.

On a default RedHat install, the crontab will look something like this:

 
root@pingu # cat /etc/crontab

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

HOME=/


# run-parts

01 * * * * root run-parts /etc/cron.hourly

02 4 * * * root run-parts /etc/cron.daily

22 4 * * 0 root run-parts /etc/cron.weekly

42 4 1 * * root run-parts /etc/cron.monthly

 
The first part is almost self explanatory; it sets the variables for cron.

SHELL is the 'shell' cron runs under. If unspecified, it will default to 

the entry in the /etc/passwd file.


PATH contains the directories which will be in the search path for cron 

e.g if you've got a program 'foo' in the directory /usr/cog/bin, it might 

be worth adding /usr/cog/bin to the path, as it will stop you having to use

the full path to 'foo' every time you want to call it.

 
MAILTO is who gets mailed the output of each command. If a command cron is 

running has output (e.g. status reports, or errors), cron will email the output 

to whoever is specified in this variable. If no one if specified, then the 

output will be mailed to the owner of the process that produced the output.


HOME is the home directory that is used for cron. If unspecified, it will 

default to the entry in the /etc/passwd file.

 

Now for the more complicated second part of a crontab file.

An entry in cron is made up of a series of fields, much like the /etc/passwd

file is, but in the crontab they are separated by a space. There are normally

seven fields in one entry. The fields are:

 
minute hour dom month dow user cmd

 
minuteThis controls what minute of the hour the command will run on,

and is between '0' and '59'

hourThis controls what hour the command will run on, and is specified in

         the 24 hour clock, values must be between 0 and 23 (0 is midnight)

domThis is the Day of Month, that you want the command run on, e.g. to

run a command on the 19th of each month, the dom would be 19.

monthThis is the month a specified command will run on, it may be specified

numerically (0-12), or as the name of the month (e.g. May)

dowThis is the Day of Week that you want a command to be run on, it can

also be numeric (0-7) or as the name of the day (e.g. sun).

userThis is the user who runs the command.

cmdThis is the command that you want run. This field may contain 

multiple words or spaces.

 

Fields

 .---------------- minute (0 - 59) 

 |  .------------- hour (0 - 23)

 |  |  .---------- day of month (1 - 31)

 |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ... 

 |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7)  OR sun,mon,tue,wed,thu,fri,sat 

 |  |  |  |  |

 *  *  *  *  *  

 

If you don't wish to specify a value for a field, just place a * in the 

field.

 

e.g.

01 * * * * root echo "This command is run at one min past every hour"

17 8 * * * root echo "This command is run daily at 8:17 am"

17 20 * * * root echo "This command is run daily at 8:17 pm"

00 4 * * 0 root echo "This command is run at 4 am every Sunday"

* 4 * * Sun root echo "So is this"

42 4 1 * * root echo "This command is run 4:42 am every 1st of the month"

01 * 19 07 * root echo "This command is run hourly on the 19th of July"

Notes:

Under dow 0 and 7 are both Sunday.

If both the dom and dow are specified, the command will be executed when

either of the events happen. 

e.g.

* 12 16 * Mon root cmd

Will run cmd at midday every Monday and every 16th, and will produce the 

same result as both of these entries put together would:

* 12 16 * * root cmd

* 12 * * Mon root cmd

Vixie Cron also accepts lists in the fields. Lists can be in the form, 1,2,3 

(meaning 1 and 2 and 3) or 1-3 (also meaning 1 and 2 and 3).

e.g.

59 11 * * 1,2,3,4,5 root backup.sh

Will run backup.sh at 11:59 Monday, Tuesday, Wednesday, Thursday and Friday,

as will:

59 11 * * 1-5 root backup.sh 

Cron also supports 'step' values.

A value of */2 in the dom field would mean the command runs every two days

and likewise, */5 in the hours field would mean the command runs every 

5 hours.

e.g. 

* 12 10-16/2 * * root backup.sh

is the same as:

* 12 10,12,14,16 * * root backup.sh

*/15 9-17 * * * root connection.test

Will run connection.test every 15 mins between the hours or 9am and 5pm

Lists can also be combined with each other, or with steps:

* 12 1-15,17,20-25 * * root cmd

Will run cmd every midday between the 1st and the 15th as well as the 20th 

and 25th (inclusive) and also on the 17th of every month.

* 12 10-16/2 * * root backup.sh

is the same as:

* 12 10,12,14,16 * * root backup.sh

When using the names of weekdays or months, it isn't case sensitive, but only

the first three letters should be used, e.g. Mon, sun or Mar, jul.

Comments are allowed in crontabs, but they must be preceded with a '#', and

must be on a line by them self. 

scp without password - keygen

Generate a public/private key pair on the local machine.

    ssh-keygen -t rsa
 
In response, you should see:
 
Generating public/private rsa key pair
Enter file in which to save the key ... 
 
Press Enter to accept this.
 
In response, you should see:
 
 
Enter passphrase (empty for no passphrase):
 
You don't need a passphrase, so press Enter twice.
 
In response, you should see:
 
Your identification has been saved in ... 
Your public key has been saved in ... 
 
Note the name and location of the public key just generated. It always ends in .pub.
 
Copy the public key id_rsa.pub just generated to all of your remote Linux boxes. You can use scp or FTP or whatever to make the copy. Assuming you're using root--again, see my warning in step 1--the key must be contained in the file /root/.ssh/authorized_keys. Or, if you are logging in as a user, for example, clyde, it would be in /home/clyde/authorized_keys. Notice that the authorized_keys file can contain keys from other PCs. So, if the file already exists and contains text, you need to append the contents of your public key file to what already is there
 
cat id_rsa.pub >> authorized_keys
 
The files are stored in root/.ssh
if the authorized_keys file does not exist create it and copy the id_rsa.pub from the other machine and paste in the authorized_keys file
do it for each machine so each machine has the other .pub info inthe authorized_key file
if the file already exist, just edit it and paste the other machine's .pub info.

Virtual Host Setup to display domain without the www

 Setup Virtual host so www.domain.com works and domain.com works.

ServerName www.domain.com

ServerAlias domain.com

This will allow the domain to come up with the www

Finding out Package Dependencies with apt-redepends

1 Installing apt-rdepends

apt-rdepends can be installed as follows:
 
apt-get install apt-rdepends
 
If you are on Ubuntu and are not logged in as root, use
 
sudo apt-get install apt-rdepends
 
apt-rdepends can be used as follows:
 
apt-rdepends <packagename>
 
For example, to find out all dependencies of the package wget, run:
 
apt-rdepends wget
 
For most packages, the output is even longer and might not fit on your screen. In these cases you can pipe the output into more (or less), e.g. as follows:
 
apt-rdepends apache2 | more
 
apt-rdepends apache2 | less

Set Time zone in Ubuntu Server

dpkg-reconfigure tzdata

Installing Java in Ubuntu

sudo add-apt-repository ppa:sun-java-community-team/sun-java6

sudo apt-get update
 
sudo apt-get install sun-java6-bin sun-java6-plugin
 

Install Lamp with 1 command

Open terminal and Type the command :install it   first  with

 
sudo apt-get install tasksel
Now to install LAMP, type "tasksel" in terminal :
 
And select LAMP Server:
 
During the installation  you  will be  asked  to insert the  mysql root  password
 
Now check if php is working :
 
$sudo   vi  /var/www/info.php
and add
 
1.
2.
phpinfo();
3.
?>
 
save and exit
 
restart apache2 ,
 
#sudo /etc/init.d/apache2  restart
Now open browser and type :
 
http://ip/info.php or http://localhost/info.php 
 
Php is installed.
 
To full manage  your  lamp Server database, install  phpmyadmin
 
sudo  apt-get  install  phpmyadmin
To login  to phpmyadmin, open browser and type :
 
http://ip/phpmyadmin   or http://localhost/phpmyadmin

Remove mysql

dpkg -l | grep mysql

sudo dpkg -P –force-all <package name>

Manually install apache2, php5 mysql

sudo apt-get install apache2

sudo apt-get install php5 libapache2-mod-php5

sudo apt-get install mysql-server

 
6 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php5-mysql package. It's a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:

 
aptitude search php5

 
Pick the ones you need and install them like this:

 
aptitude install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-json


Now restart Apache2:

How to check Ubuntu's version

cat /etc/issue

uname -a : print all information

uname -r : print the kernel release

uname -v : print the kernel version

uname -o : print the operating system

How do I find out what version of Linux distribution I'm using

cat /etc/*-release

Installing Curl in ubuntu

sudo apt-get install  php5-curl

Now you have PHP cURL installed, the next thing you need to do is to restart apache2, run the following command in your terminal:

sudo /etc/init.d/apache2 restart

Chmod Octal Codes

Permissions may be granted using human readable assignments "rwx" or octal codes.

  Owner/Group/Other 

Description	Abreviation	Octal code
Read access	r	4
Write (change) permission	w	2
Execute script of binary executable	x	1
Read and Execute	rx	5
Read and Write	rw	6
Read, Write and Execute	rwx	7

Use of octal assignment does not add or remove permission, but assigns the permission explicitly.  Examples:

• Assign yourself full access to read and modify the file, allow members of the group to read it and do not allow any others access: *

chmod 640 filename

• Assign execute status to a script with the same access as the previous example. (Without it, a script is like any other text file)*

chmod 740 filename

Modifying Ip Address in Ubuntu Terminal

sudo nano /etc/network/interfaces

Once your prefered editor opens the file you want to enter the following information (changing your addresses where necessary):

auto lo eth0
iface lo inet loopback
iface eth0 inet static
address xxx.xxx.xxx.xxx(enter your ip here)
netmask xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx(enter gateway ip here)

Be sure to save your changes.

Step 2.2 – Manually configure your dns configuration file: You can edit the appropriate file by entering the following command into the terminal:

sudo nano /etc/resolv.conf

Once your preferred editor opens the file you want to enter the following information (changing your addresses where necessary):

# Generated by NetworkManager
nameserver xxx.xxx.xxx.xxx(enter your dns server ip)
nameserver xxx.xxx.xxx.xxx(enter your alt dns server ip)

Be sure to save your changes.

Step 2.3 – Manually restart your network interface with the new settings: Enter the following command in the terminal:

sudo /etc/init.d/networking restart

This should return a result that looks like the following:

*Reconfiguring network interfaces… [OK]

At this point in your terminal you should be able to run the ifconfig command and the results should reflect your new settings. If the addressing is correct you should have full network access, even after a system restart.

Uninstalling an app in shell

sudo apt-get autoremove "appname"

then remove any directories that are left over

Ubuntu Php.ini Settings

These are lines i modify in the php.ini file to get joomla working

/etc/php5/apache2/php.ini

; Maximum size of POST data that PHP will accept.
post_max_size = 100M

; Maximum allowed size for uploaded files.
upload_max_filesize = 200M

memory_limit = 32M      ; Maximum amount of memory a script may consume (16MB)

Setting up a network from the command Line

Network Configuration

Ubuntu ships with a number of graphical utilities to configure your network devices. This document is geared toward server administrators and will focus on managing your network on the command line.

Ethernet

Most Ethernet configuration is centralized in a single file, /etc/network/interfaces. If you have no Ethernet devices, only the loopback interface will appear in this file, and it will look something like this:

1. This file describes the network interfaces available on your system
2. and how to activate them. For more information, see interfaces(5).

1. The loopback network interface

auto lo iface lo inet loopback address 127.0.0.1 netmask 255.0.0.0 If you have only one Ethernet device, eth0, and it gets its configuration from a DHCP server, and it should come up automatically at boot, only two additional lines are required:

auto eth0 iface eth0 inet dhcp The first line specifies that the eth0 device should come up automatically when you boot. The second line means that interface (“iface”) eth0 should have an IPv4 address space (replace “inet” with “inet6” for an IPv6 device) and that it should get its configuration automatically from DHCP. Assuming your network and DHCP server are properly configured, this machine's network should need no further configuration to operate properly. The DHCP server will provide the default gateway (implemented via the route command), the device's IP address (implemented via the ifconfig command), and DNS servers used on the network (implemented in the /etc/resolv.conf file.)

To configure your Ethernet device with a static IP address and custom configuration, some more information will be required. Suppose you want to assign the IP address 192.168.0.2 to the device eth1, with the typical netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. You would enter something like this into /etc/network/interfaces:

iface eth1 inet static address 192.168.0.2 netmask 255.255.255.0 gateway 192.168.0.1 In this case, you will need to specify your DNS servers manually in /etc/resolv.conf, which should look something like this:

search mydomain.example nameserver 192.168.0.1 nameserver 4.2.2.2 The search directive will append mydomain.example to hostname queries in an attempt to resolve names to your network. For example, if your network's domain is mydomain.example and you try to ping the host “mybox”, the DNS query will be modified to “mybox.mydomain.example” for resolution. The nameserver directives specify DNS servers to be used to resolve hostnames to IP addresses. If you use your own nameserver, enter it here. Otherwise, ask your Internet Service Provider for the primary and secondary DNS servers to use, and enter them into /etc/resolv.conf as shown above.

Many more configurations are possible, including dialup PPP interfaces, IPv6 networking, VPN devices, etc. Refer to man 5 interfaces for more information and supported options. Remember that /etc/network/interfaces is used by the ifup/ifdown scripts as a higher level configuration scheme than may be used in some other Linux distributions, and that the traditional, lower level utilities such as ifconfig, route, and dhclient are still available to you for ad hoc configurations.

Managing DNS Entries

This section explains how to configure which nameserver to use when resolving IP addresses to hostnames and vice versa. It does not explain how to configure the system as a name server.

To manage DNS entries, you can add, edit, or remove DNS names from the /etc/resolv.conf file. A sample file is given below:

search com nameserver 204.11.126.131 nameserver 64.125.134.133 nameserver 64.125.134.132 nameserver 208.185.179.218 The search key specifies the string which will be appended to an incomplete hostname. Here, we have configured it to com. So, when we run: ping ubuntu it would be interpreted as ping ubuntu.com.

The nameserver key specifies the nameserver IP address. It will be used to resolve a given IP address or hostname. This file can have multiple nameserver entries. The nameservers will be used by the network query in the same order.

[Warning] If the DNS server names are retrieved dynamically from DHCP or PPPoE (retrieved from your ISP), do not add nameserver entries in this file. It will be overwritten.

Managing Hosts

To manage hosts, you can add, edit, or remove hosts from /etc/hosts file. The file contains IP addresses and their corresponding hostnames. When your system tries to resolve a hostname to an IP address or determine the hostname for an IP address, it refers to the /etc/hosts file before using the name servers. If the IP address is listed in the /etc/hosts file, the name servers are not used. This behavior can be modified by editing /etc/nsswitch.conf at your peril.

If your network contains computers whose IP addresses are not listed in DNS, it is recommended that you add them to the /etc/hosts file.

Iptables open ftp port 21

Use iptables administration tool for IPv4 packet filtering and NAT under Linux to open tcp port 21 (FTP). Following rule-set assumes that your eth0 network interface directly connected to internet. It has public ip (202.54.1.20). FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data). So following iptables rules take care of both ports (add rules to your iptables script):

Procedure

Add support for FTP connection tracking.

Task load required iptables modules

First login as the root user.

Next type the following command to load two iptables modules:
# modprobe ip_conntrack
 # modprobe ip_conntrack_ftp 

Now add following iptables rules for incoming request on port 21 (open port 21) to your script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 20 -m state --state ESTABLISHED -j ACCEPT

Setting up a Apache 2 Webserver on Ubuntu

Installation

The Apache2 web server is available in Ubuntu Linux. To install Apache2:

At a terminal prompt enter the following command:

sudo apt-get install apache2

Configuration

Apache2 is configured by placing directives in plain text configuration files. The configuration files are separated between the following files and directories:

apache2.conf: the main Apache2 configuration file. Contains settings that are global to Apache2.

conf.d: contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content may add files, or symlinks, to this directory.

envvars: file where Apache2 environment variables are set.

httpd.conf: historically the main Apache2 configuration file, named after the httpd daemon. The file can be used foruser specific configuration options that globally effect Apache2.

mods-available: this directory contains configuration files to both load modules and configure them. Not all modules will have specific configuration files, however.

mods-enabled: holds symlinks to the files in /etc/apache2/mods-available. When a module configuration file is symlinked it will be enabled the next time apache2 is restarted.

ports.conf: houses the directives that determine which TCP ports Apache2 is listening on.

sites-available: this directory has configuration files for Apache Virtual Hosts. Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations.

sites-enabled: like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a configuration file in sites-available is symlinked it will be active once Apache is restarted.

In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by Apache2 when it is started or restarted.

The server also reads a file containing mime document types; the filename is set by the TypesConfig directive, and is/etc/mime.types by default.

Basic Settings

This section explains Apache2 server essential configuration parameters. Refer to the Apache2 Documentation for more details.

Apache2 ships with a virtual-host-friendly default configuration. That is, it is configured with a single default virtual host (using the VirtualHost directive) which can modified or used as-is if you have a single site, or used as a template for additional virtual hosts if you have multiple sites. If left alone, the default virtual host will serve as your default site, or the site users will see if the URL they enter does not match the ServerName directive of any of your custom sites. To modify the default virtual host, edit the file /etc/apache2/sites-available/default.

[Note] The directives set for a virtual host only apply to that particular virtual host. If a directive is set server-wide and not defined within the virtual host settings, the default setting is used. For example, you can define a Webmaster email address and not define individual email addresses for each virtual host.

If you wish to configure a new virtual host or site, copy that file into the same directory with a name you choose. For example:

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mynewsite Edit the new file to configure the new site using some of the directives described below.

The ServerAdmin directive specifies the email address to be advertised for the server's administrator. The default value is webmaster@localhost. This should be changed to an email address that is delivered to you (if you are the server's administrator). If your website has a problem, Apache2 will display an error message containing this email address to report the problem to. Find this directive in your site's configuration file in /etc/apache2/sites-available.

The Listen directive specifies the port, and optionally the IP address, Apache2 should listen on. If the IP address is not specified, Apache2 will listen on all IP addresses assigned to the machine it runs on. The default value for the Listen directive is 80. Change this to 127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so that it will not be available to the Internet, to (for example) 81 to change the port that it listens on, or leave it as is for normal operation. This directive can be found and changed in its own file, /etc/apache2/ports.conf

The ServerName directive is optional and specifies what FQDN your site should answer to. The default virtual host has no ServerName directive specified, so it will respond to all requests that do not match a ServerName directive in another virtual host. If you have just acquired the domain name ubunturocks.com and wish to host it on your Ubuntu server, the value of the ServerName directive in your virtual host configuration file should be ubunturocks.com. Add this directive to the new virtual host file you created earlier (/etc/apache2/sites-available/mynewsite).

You may also want your site to respond to www.ubunturocks.com, since many users will assume the www prefix is appropriate. Use the ServerAlias directive for this. You may also use wildcards in the ServerAlias directive.

For example, the following configuration will cause your site to respond to any domain request ending in.ubunturocks.com.

ServerAlias *.ubunturocks.com The DocumentRoot directive specifies where Apache should look for the files that make up the site. The default value is /var/www. No site is configured there, but if you uncomment the RedirectMatch directive in/etc/apache2/apache2.conf requests will be redirected to /var/www/apache2-default where the default Apache2 site awaits. Change this value in your site's virtual host file, and remember to create that directory if necessary!

The /etc/apache2/sites-available directory is not parsed by Apache2. Symbolic links in /etc/apache2/sites-enabled point to "available" sites.

Enable the new VirtualHost using the a2ensite utility and restart Apache:

sudo a2ensite mynewsitesudo /etc/init.d/apache2 restart

[Note] Be sure to replace mynewsite with a more descriptive name for the VirtualHost. One method is to name the file after the ServerName directive of the VirtualHost.

Similarly, use the a2dissite utility to disable sites. This is can be useful when troubleshooting configuration problems with multiple VirtualHosts:

sudo a2dissite mynewsitesudo /etc/init.d/apache2 restart Default Settings This section explains configuration of the Apache2 server default settings. For example, if you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used.

The DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.

For example, when a user requests the page http://www.example.com/this_directory/, he or she will get either the DirectoryIndex page if it exists, a server-generated directory list if it does not and the Indexes option is specified, or a Permission Denied page if neither is true. The server will try to find one of the files listed in the DirectoryIndex directive and will return the first one it finds. If it does not find any of these files and if Options Indexes is set for that directory, the server will generate and return a list, in HTML format, of the subdirectories and files in the directory. The default value, found in /etc/apache2/apache2.conf is " index.html index.cgi index.pl index.php index.xhtml". Thus, if Apache2 finds a file in a requested directory matching any of these names, the first will be displayed.

The ErrorDocument directive allows you to specify a file for Apache to use for specific error events. For example, if a user requests a resource that does not exist, a 404 error will occur, and per Apache2's default configuration, the file/usr/share/apache2/error/HTTP_NOT_FOUND.html.var will be displayed. That file is not in the server's DocumentRoot, but there is an Alias directive in /etc/apache2/apache2.conf that redirects requests to the /error directory to/usr/share/apache2/error/.

To see a list of the default ErrorDocument directives, use this command:

grep ErrorDocument /etc/apache2/apache2.conf By default, the server writes the transfer log to the file /var/log/apache2/access.log. You can change this on a per-site basis in your virtual host configuration files with the CustomLog directive, or omit it to accept the default, specified in/etc/apache2/apache2.conf. You may also specify the file to which errors are logged, via the ErrorLog directive, whose default is /var/log/apache2/error.log. These are kept separate from the transfer logs to aid in troubleshooting problems with your Apache2 server. You may also specify the LogLevel (the default value is "warn") and theLogFormat (see /etc/apache2/apache2.conf for the default value).

Some options are specified on a per-directory basis rather than per-server. Options is one of these directives. A Directory stanza is enclosed in XML-like tags, like so:

... 

The Options directive within a Directory stanza accepts one or more of the following values (among others), separated by spaces:

ExecCGI - Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.

[Tip] Most files should not be executed as CGI scripts. This would be very dangerous. CGI scripts should kept in a directory separate from and outside your DocumentRoot, and only this directory should have the ExecCGI option set. This is the default, and the default location for CGI scripts is /usr/lib/cgi-bin.

Includes - Allow server-side includes. Server-side includes allow an HTML file to include other files. This is not a common option. See the Apache2 SSI HOWTO for more information.

IncludesNOEXEC - Allow server-side includes, but disable the #exec and #include commands in CGI scripts.

Indexes - Display a formatted list of the directory's contents, if no DirectoryIndex (such as index.html) exists in the requested directory.

[Caution] For security reasons, this should usually not be set, and certainly should not be set on your DocumentRoot directory. Enable this option carefully on a per-directory basis only if you are certain you want users to see the entire contents of the directory.

Multiview - Support content-negotiated multiviews; this option is disabled by default for security reasons. See the Apache2 documentation on this option.

SymLinksIfOwnerMatch - Only follow symbolic links if the target file or directory has the same owner as the link.

httpd Settings

This section explains some basic httpd daemon configuration settings.

LockFile - The LockFile directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs directory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root.

PidFile - The PidFile directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value.

User - The User directive sets the userid used by the server to answer requests. This setting determines the server's access. Any files inaccessible to this user will also be inaccessible to your website's visitors. The default value for User is www-data.

[Warning] Unless you know exactly what you are doing, do not set the User directive to root. Using root as the User will create large security holes for your Web server.

The Group directive is similar to the User directive. Group sets the group under which the server will answer requests. The default group is also www-data.

Apache Modules Apache is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache must be recompiled to add or remove modules.

Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an block.

You can install additional Apache2 modules and use them with your Web server. For example, run the following command from a terminal prompt to install the MySQL Authentication module:

sudo apt-get install libapache2-mod-auth-mysql See the /etc/apache2/mods-available directory, for additional modules.

Use the a2enmod utility to enable a module:

sudo a2enmod auth_mysqlsudo /etc/init.d/apache2 restart Similarly, a2dismod will disable a module:

sudo a2dismod auth_mysqlsudo /etc/init.d/apache2 restart HTTPS Configuration The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.

The mod_ssl module is available in apache2-common package. Execute the following command from a terminal prompt to enable the mod_ssl module:

sudo a2enmod ssl There is a default HTTPS configuration file in /etc/apache2/sites-available/default-ssl. In order for Apache to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the ssl-cert package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server. For information on generating a key and obtaining a certificate see the section called “Certificates”

To configure Apache for HTTPS, enter the following:

sudo a2ensite default-ssl

[Note] The directories /etc/ssl/certs and /etc/ssl/private are the default locations. If you install the certificate and key in another directory make sure to change SSLCertificateFile andSSLCertificateKeyFile appropriately.

With Apache now configured for HTTPS, restart the service to enable the new settings:

sudo /etc/init.d/apache2 restart

[Note] Depending on how you obtained your certificate you may need to enter a passphrase when Apachestarts.

You can access the secure server pages by typing https://your_hostname/url/ in your browser address bar

Ubuntu Server 64 bit Setup - My setup

Server 64 bit no gui. Select only 2 choices

Lamp Server SSH Server After Initial Installation. install // This is to get joomgallery working

PHP5-GD PHP5-IMAGICK

Enabling Root: sudo passwd root

sudo passwd

Sudo will prompt you for your password, and then ask you to supply a new password for root as shown below:

[sudo] password for username: (enter your own password) Enter new UNIX password: (enter a new password for root) Retype new UNIX password: (repeat new password for root) passwd: password updated successfully

To disable the root account, use the following passwd syntax:

sudo passwd -l root

Installing applications apt-get install ???

Setting up virtual servers

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mynewsite

this copies the default profile to the new site you want to hosts

edit the "mynewsite"

you have to add ServerAlias *mysite.com

to the default file And change the directories to the new ones created under /var/www/mynewsite

make Sure you also create the corresponding directory for the site under /var/www/***

Enable the new VirtualHost restart Apache:

sudo a2ensite mynewsite

Restart apache: /etc/init.d/apache2 restart

To remove a host

sudo a2dissite mynewsite sudo

Restart apache: /etc/init.d/apache2 restart

Installing Phpmyadmin

sudo apt-get install phpmyadmin

The configuration files for phpMyAdmin are located in /etc/phpmyadmin.

The main configuration file is /etc/phpmyadmin/config.inc.php

http://www.opilocal.com/phpmyadmin/index.php

vsftpd - FTP Server Installation

sudo apt-get install vsftpd

To configure vsftpd to authenticate

system users and allow them to upload files edit /etc/vsftpd.conf:

sudo /etc/init.d/vsftpd restart