ServerGuide

From Knowledge76

Contents 1 Server Guide 1.1 Apache 1.2 Thttpd 1.3 FTP 1.4 Postfix 1.5 Squid 1.6 Dhcpd 1.7 Bind 1.8 Cupsys 1.9 MySQL 1.10 OpenSSH 2 CMS 2.1 Joomla 3 CRM 3.1 CRM-CTT 4 Photo Galleries 4.1 WebGallery 5 WebForums 5.1 Vanilla 5.2 PhpBB 6 Blogs 6.1 Wordpress

Server Guide

Apache

sudo apt-get install apache2

Scary huh? Yep thats pretty much it to get it installed. Once you get it installed, then of course youll need to configure it. Apache is configured by simply modifying the major conf files youll find in its subdirectory in /etc. The main conf file you need to be worried about is /etc/apache2/apache2.conf. Edit away on this conf file to get your apache2 install working properly.. For a list of Directives and configuration protocols within the file go here.

Apache is pretty much a modular server, youll want to install mysql support for it. To do that

apt-get install libapache2-mod-auth-mysql 

This will ensure that pages and scripts that request mysql related data will be able to interact properly with apache. (Specially if you use a bundled PHP script like JoomlaCMS or other such).

Thttpd

thttpd is a simple, small, portable, fast, and secure HTTP server. Simple in that it handles only the minimum necessary to implement HTTP/1.1. Well, maybe a little more than the minimum. Small in that it also has a very small run-time size, since it does not fork and is very careful about memory allocation. Fast in that in typical use it's about as fast as the best full-featured servers (Apache, NCSA, Netscape). Under extreme load it's much faster.

apt-get install thttpd

This is pretty self explanatory. Your conf file will look like this

#This section overrides defaults
dir=/home/httpd/html
chroot
user=httpd# default = nobody
logfile=/var/log/thttpd.log
pidfile=/var/run/thttpd.pid
# This section _documents_ defaults in effect
# port=80
# nosymlink# default = !chroot
# novhost 
# nocgipat
# nothrottles 
# host=0.0.0.0
# charset=iso-8859-1

Fairly self explanatory, you set what you need to set and then let it fly.

FTP

Beginners only

For those who are new to linux and don't want to use a FTP server without GUI, or just for those who don't use often their FTP server and wish to set it quickly without a high level of security, there is a GTK GUI for proftpd. Be careful, it's less secure than configuring yourself your server.

1- Install proftpd with synaptic or with this command :

sudo apt-get install proftpd 

2- Install gproftpd, you can find it here, or download the .deb i made (remove the .zip extension) if the wget command don't work. To install the .deb i made, open a terminal and use these commands in the directory where you downloaded the .deb :

wget http://frodubuntu.free.fr/ubuntu/gproftpd-8.2.2_8.2.2-1_i386.deb
sudo dpkg -i gproftpd-8.2.2_8.2.2-1_i386.deb

3- Run gproftpd as root, it's needed and it's why i don't advice gproftpd for advanced users :

sudo gproftpd 

4- Play with the GUI and set up quickly your server.

Advanced Users

1- Install proftpd with synaptic or with this command :

sudo apt-get install proftpd 

2- Add this line in /etc/shells file (sudo gedit /etc/shells to open the file) :

/etc/shell|/bin/false

Create a /home/FTP-shared directory :

cd /home 
sudo mkdir FTP-shared 

Create a user named userftp which will be used only for ftp access. This user don't need a valid shell (more secure) therefore select /bin/false shell for userftp and /home/FTP-shared as home directory (property button in user and group window).

To make this section clearer, i give you the equivalent command line to create the user, but it would be better to use the GUI (System > Administration > User & Group) to create the user since users here often got problems with the user creation and the password (530 error) with the command line, so i really advice to use the GUI to create the user :

sudo useradd userftp -p your_password -d /home/FTP-shared -s /bin/false

In FTP-shared directory create a download and an upload directory :

cd /home/FTP-shared/ 
sudo mkdir download 
sudo mkdir upload

Now we have to set the good permissions for these directories :

cd /home
sudo chmod 755 FTP-shared
cd FTP-shared
sudo chmod 755 download
sudo chmod 777 upload

3- OK, now go to the proftpd configuration file :

sudo gedit /etc/proftpd.conf

and edit your proftpd.conf file like that if it fit to your need :

/etc/proftpd.conf|

 # To really apply changes reload proftpd after modifications.
 AllowOverwrite on
 AuthAliasOnly on
 
 # Choose here the user alias you want !!!!
 UserAlias sauron userftp

 ServerName			"ChezFrodon"
 ServerType 			standalone
 DeferWelcome			on

 MultilineRFC2228 on
 DefaultServer			on
 ShowSymlinks			off

 TimeoutNoTransfer 600
 TimeoutStalled 100
 TimeoutIdle 2200

 DisplayFirstChdir               .message
 ListOptions                	"-l"
 
 RequireValidShell 		off
 
 TimeoutLogin 20
  
 RootLogin 			off
 
 # It's better for debug to create log files ;-)
 ExtendedLog 			/var/log/ftp.log
 TransferLog 			/var/log/xferlog
 SystemLog			/var/log/syslog.log

 #DenyFilter			\*.*/

 # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
 UseFtpUsers off

 # Allow to restart a download
 AllowStoreRestart		on

 # Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
 Port				1980

 # To prevent DoS attacks, set the maximum number of child processes
 # to 30.  If you need to allow more than 30 concurrent connections
 # at once, simply increase this value.  Note that this ONLY works
 # in standalone mode, in inetd mode you should use an inetd server
 # that allows you to limit maximum number of processes per service
 # (such as xinetd)
 MaxInstances 8

 # Set the user and group that the server normally runs at.
 User                  nobody
 Group                 nogroup

 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022	022

 PersistentPasswd		off

 MaxClients 8
 MaxClientsPerHost 8
 MaxClientsPerUser 8
 MaxHostsPerUser 8

 # Display a message after a successful login
 AccessGrantMsg "welcome !!!"
 # This message is displayed for each access good or not
 ServerIdent                  on       "you're at home"

 # Set /home/FTP-shared directory as home directory
 DefaultRoot /home/FTP-shared 

 # Lock all the users in home directory, ***** really important *****
 DefaultRoot ~

 MaxLoginAttempts    5

 #VALID LOGINS
 <Limit LOGIN>
 AllowUser userftp
 DenyALL
 </Limit>

 <Directory /home/FTP-shared>
 Umask 022 022
 AllowOverwrite off
	<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
	DenyAll
	</Limit>
 </Directory>

 <Directory /home/FTP-shared/download/*>
 mask 022 022
 AllowOverwrite off
        <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
        DenyAll
	</Limit>
 </Directory>
 
 <Directory> /home/FTP-shared/upload/>
 Umask 022 022
 AllowOverwrite on
	<Limit READ RMD DELE>
      	DenyAll
    	</Limit>

    	<Limit STOR CWD MKD>
      	AllowAll
    	</Limit>
 </Directory>

Ok you have done proftpd configuration. Your server is on port 1980 (in this exemple) and the access parameters are

*user : sauron
*password : the one you've set for userftp

4- To start/stop/restart your server :

sudo /etc/init.d/proftpd start 
sudo /etc/init.d/proftpd stop 
sudo /etc/init.d/proftpd restart

To perform a syntax check of your proftpd.conf file :

sudo proftpd -td5

To know who is connected on your server in realtime use "ftptop" command (use "t" caracter to swich to rate display), you can also use the "ftpwho" command.

other informations here

ProftpTools 1.0.1

ProftpTools is a script I wrote thanks to swoop's feedback. This script allow you to start/stop proftpd, mount/unmount auto/manually directories, show your IP, ... and all of that with a GUI in order to use proftpd in a really easy way !

To install ProftpTools, download ProftpTools-v1.0.1.tar.gz if the wget command don't work and untar it where you want and then move the ProftpTools file in /usr/bin :

wget http://frodubuntu.free.fr/ubuntu/ProftpTools-v1.0.1.tar.gz
tar -xzvf ProftpTools-v1.0.1.tar.gz 
cd ProftpTools-v1.0.1/ 
sudo mv ProftpTools /usr/bin/

Then add these lines in your .bashrc (it's in your home directory : gedit /home/username/.bashrc) file in order to specify what is the ProftpTools directory path, YOU MUST REMOVE THE "/" CHARACTER at the end of the path. I give you an exemple if your ProftpTools directory is in your home directory :

ProftpTools_dir=/home/username/ProftpTools-v1.0.1 
 export ProftpTools_dir

Now all you have to do is to type ProftpTools in a terminal and .... enjoy. You need zenity installed to use this script.

Don't hesitate to post at the forum thread or send me PM to report bugs, ask new features, correct my english, suggest improvement and thank you to give me feedback about this tool.

useful trick

This trick is integrated in ProftpTools.

If you don't want (like me ) to use space in your /home directory, and use space on another hard drive, or if you just want to share a directory from another partition ... you can mount the directory you want in your download or upload directory without changing anything in proftpd.conf file, use these commands :

sudo mount -o bind the_directory_you_want_to_share /home/FTP-shared/download

or

sudo mount -o bind the_directory_you_want_to_use_for_upload /home/FTP-shared/upload

This command will not overwrite the directory, the idea is just to mount a directory in another one without overwritng anything, so when someone will log in your server he will see and use the mounted directory if you have mounted one. To unmout a directory (download directory for exemple):

sudo umount /home/FTP-shared/download

Permanent mount

If you don't want to re-mount your directories after a reboot you can add a line in fstab file like that (sudo gedit /etc/fstab to open the file) :

the_directory_to_mount /home/FTP-shared/download vfat bind 0 0

thanks reet

If you want to create other directories in FTP-shared, think to add it in proftpd.conf file.

Don't hesitate to test yourself your server using gFTP for exemple, it's really helpful to debug your server.

Other stuff

If you have a router you should read this, it describe the 2 commands to add in proftpd.conf and why.

If you have a dynamic DNS have a look here, you can also use ddclient(maybe easier for newbies).

Most of informations you're looking for are here

To get more debug informations : http://www.proftpd.org/localsite/Userguide/linked/x1058.html

You can specify a specific passive port range using PassivePorts command, it's very useful when you use a firewall in order to know which ports to allow.

For those who have a firewall/router i advice to read this excelent post from mssm

Postfix

Postfix is an open source mail transfer agent (MTA), a computer program for the routing and delivery of email. It is intended as a fast and relatively easy to administer to.

Installation

To install postfix --

sudo apt-get install postfix

Simple Conf

To configure postfix --

sudo dpkg-reconfigure postfix

Answer the questions your asked appropriately. Try not to frob through this.

SMTP Authentication

Now you've got to set up SMTP AUTH. Its really much easier to use postconf to set up all the independent variables you need for things to work properly. You can always edit conf files later if you miss something.

SMTP AUTH using SASL

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

Certificate for TLS

Again, dont try to frob through this. Pay attention --

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
mv smtpd.key /etc/ssl/private/
mv smtpd.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/

All you need now is to grab a Certificate. Verisign and GoDaddy would be examples of this. Or you can create your own. Entirely up to you.

TLS for Incoming/Outgoing

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = mail.example.com'

After which a good restart of postfix isnt a bad idea --

sudo /etc/init.d/postfix start

Need to setup SASL to get SMTP running right.

SASL Conf

Install please.

apt-get install libsasl2 sasl2-bin

Make a few changes for functionality's sake --

mkdir -p /var/spool/postfix/var/run/saslauthd rm -rf /var/run/saslauthd

/etc/default/saslauthd should pretty much look like this --

# This needs to be uncommented before saslauthd will be run
# automatically
START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

Update the dpkg on /var/spool/portfix/var/run/saslauthd.

dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

Final Check

sudo /etc/init.d/saslauthd start

Run to check status --

telnet mail.example.com 25

Then type --

ehlo mail.example.com

If this follows , all is well in the land of Yor.

250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

Squid

Install Squid

At a terminal prompt, enter the following command to install the Squid server:

sudo apt-get install squid squid-common

Make Squid Squirm

Edit /etc/squid/squid.conf conf file to tweak your install properly.

Note to Self: Always backup a Conf file before editing it. If it breaks, youll feel better being able to rollback the changes.

cp /etc/squid/squid.conf /etc/squid/squid.conf.backup

The Default port is 3128. Wanna change that? Use the below Directive.

http_port 8080

Give Squid an identifiable hostname. Visibility can be a good thing

visible_hostname themajestic

ACL and Control. You can control which and who on certain networks have useability of the Proxy.

Add ACL section of above mentioned squid.conf --

acl one_network src 192.168.1.0/24

Add the below to http_access section of above mentioned squid.conf --

http_access allow one_network

After you make changes be sure you restart Squid , and all well be well in the Land of Yor.

TinyProxy

Be certain you have the Universe repositories enabled.

Installation

sudo apt-get update
sudo apt-get install tinyproxy

Configuration

sudo gedit /etc/tiny*/*.conf &

Uncomment these lines:

Filter "/etc/tinyproxy/filter"
FilterURLs On

Don't close your editor just yet. Think about your home subnet. Is it "192.168.0.x"? (In many cases this is the case if you are using Windows or are behind a Cable\DSL router. See what IP addresses your home PCs use and that should help you define your subnet. If you don't have a subnet, then that's beyond the discussion here about how to set up your own home subnet. Look elsewhere in Ubuntu Forums for that.)

In your tinyproxy.conf file that you're still editing, add a line like this for your current subnet, assuming it's "192.168.0.x":

Allow 192.168.0.0/24

The /24 stands for the "netmask". The short of it is that it allows 0-255 on the last part of the IP address, meaning, usually, your entire home subnet. I've got you going with a shortcut. If you want more help on netmasks, that's beyond the discussion here. I had to Google for it with keywords "squid and netmask" because tinyproxy and Squid use the same kind of "Allow" statement.

Now save your tinyproxy.conf file.

sudo cp /usr/share/tinyproxy/default.html /usr/share/tinyproxy/default.html.ORIGINAL

sudo gedit /usr/share/tinyproxy/default.html &

Now you see an HTML page. The reason I took you here is because this is the template page one sees when they have violated the proxy and gone somewhere they should not have. By default, this page is fairly ugly, and, frankly, confusing for young eyes to see. If you know a little HTML, edit this file to make it less confusing for children. Just note that this HTML is special in that it cannot load images -- it's just text you can put in here. Also watch out for the {} statements -- these are fillers that get filled in by the proxy. Now save the file when done.

sudo gedit /etc/tiny*/filter &

Now you're editing the filter file. In this part, it's actually pretty hillarious. I don't recommend you let anyone see you type this. You have to think up all the vile keywords on the planet that are not part of another word. For instance, if you look closely at the word "grapes", there's a vile word in there. The same with "advertisement" if you look close enough. So you can't filter on those kinds of vile words (that are inside "advertisement" and "grapes".) However, you can filter on other vile words. So, you can only use keywords that are not part of some other word. That discussion is beyond the discussion of this forum. And hey, if you don't have to type this vile list, but can find it on the Internet and download it, then that's your choice and will probably save you the hassle. You can also put in stuff like "http://www.dontgohere.com" for sites like "dontgohere.com" when you don't want users going there. When done, save the file.

Now we bounce the tinyproxy by doing:

sudo /etc/init.d/tinyproxy restart

sudo gedit /etc/crontab &

(Note it's a space after "tinyproxy" and before "restart".)

In crontab, add this line to bounce the tinyproxy at night so that you can kill any chance of a memory leak and make it run faster:

0 22 * * * root /etc/init.d/tinyproxy restart

Note that I did a <TAB KEY> after 22 and after the last * and after "root". Also, make certain there's a line wrap at the end of the line after "restart" or it probably won't "take". Note also I have a space between "tinyproxy" and "restart". Now save this file.

Implementation

Now go to your kid's home PCs and change the settings in them so that they use this proxy. In my firefox, that's under a button in the Preferences dialog called "Connection Settings". Just point it to your IP address of the Linux proxy and set the port to 8888. I wouldn't bother with anything except HTTP proxy. Don't bother with SSL, FTP, all SOCKS, etc. Test this with yourself, first, of course, and see how it works. Note that your spouse might not like this proxy with amazon.com, ebay.com, or her banking sites, so you might want to put exceptions in the browser settings to not use the proxy when visiting these sites.

Note when you have to change your filter file, you have to restart the tinyproxy by doing:

sudo /etc/init.d/tinyproxy restart

When you want to debug what's going on, or simply to check up on your kids browsing habits, look in:

sudo /var/log/tinyproxy.log

Note that you can edit the log level to make it less verbose -- just read the info on that in your tinyproxy.conf file.

And now all will be good in the Land of Yor.

Dhcpd

Install Dhcpd

sudo apt-get install dhcpd

If it isn't told to you at installation, youll need to run --

/etc/init.d/dhcp stop

Then youll need to edit dhcp.conf in /etc to satisfy your needs. Additionally it will be nessecary to tell dhcpd which interface you want him to listen to, this is found in /etc/default/dhcp

Getting Dhcpd to Dish addresses to everyone

Most commonly, what you want to do is assign an IP address randomly. This can be done with settings as follows:

Assinging IP addresses at random is the most usual thing. So your conf file should pretty much look like this --

# Sample /etc/dhcpd.conf
# (add your comments here) 
default-lease-time 2100;
max-lease-time 8400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "somedomain.org";

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
range 192.168.1.150 192.168.1.200;
} 

This will result in the DHCP server giving a client an IP address from the range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 2100 seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease will be 8400 seconds. The server will also "advise" the client that it should use 255.255.255.0 as its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers.

For WINS servers add --

option netbios-name-servers 192.168.1.1;

Bind

Installation

To install your DNS server , type --

sudo apt-get install bind

Configuration

Conf files are stored in /etc/bind directory. The one you need to be concerned about is /etc/bind/named.conf , listed below --

// This is the primary configuration file for the BIND DNS server named.
// Read custom documenation http://www.bind9.net/
//
 
include "/etc/bind/named.conf.options";

// Make sure logging doesnt become excessively verbose
logging {

category lame-servers { null; }; category cname { null; };

};

// prime the server with knowledge of the root servers
zone "." {
       type hint;
       file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
       type master;
       file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
       type master;
       file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
       type master;
       file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
       type master;
       file "/etc/bind/db.255";
};

// add local zone definitions here
include "/etc/bind/named.conf.local";}}

The include line specifies the filename which contains the DNS options. The directory line in the options file tells DNS where to look for files. All files BIND uses will be relative to this directory.

The conf file /etc/bind/db.root gives you a list of outside name servers. Youll need to regularly maintainence and observe this file from time to time.

As always be sure you restart your DNS server via --

sudo /etc/init.d/bind start

And then Naming conventions in the Land of Yor will be good. And there will be much rejoicing.

Cupsys

Installation

Open a Terminal and type --

sudo apt-get install cupsys cupsys-client

Configuration

Your conf file is /etc/cups/cupsd.conf. If you have experience with editing any conf file, this file will be no different to you. Its fairly straight forward. As always, you can refer to Cups website for directive information Cupsys website. Just remember when editing any conf file, MAKE A BACKUP OF THE ORIGINAL IN CASE YOU FROB SOMETHING UNHAPPILY.

make a backup by doing --

sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original
sudo chmod a-w /etc/cups/cupsd.conf.original

Manual page of cups conf --

man cupsd.conf

Anytime you make a change to cups.conf, always restart cups, make sure the changes take and so forth --

sudo /etc/init.d/cupsys restart

Forcing the server to listen and so forth can be done via /etc/cups/cups.d/ports.conf

As a server, Cups listens on Loopback (127.0.0.1) by default. You can of course change this by editing the ports.conf fie. By adding the below lines you can amend what cups listens on whether it be Socket, Localhost, or actually IP address. Directives for each are listed below

Listen 127.0.0.1:631          
Listen /var/run/cups/cups.sock 
Listen 10.0.1.25:631

Then Printing in the Land of Yor will be good and the Peasants will rejoice.

MySQL

MySQL is a multithreaded, multi-user, SQL Database. Its primarily used for web based backends, but also has a variety of enterprise level applications

First you need to install it.

sudo apt-get install mysql-server mysql-client mysql-admin

This gives you the server, and the nessecary client files to operate and maintain the mysql database server. You will probably want to run a --

sudo /etc/init.d/mysql restart

to ensure that mysqld is actually running , before you start to fiddle around with it.

Standard, no administrator password is set. Youll need to set one right off (HUGE security hole if you dont) . So youll need to run the below commands --

sudo mysqladmin -u root password somethingnew

sudo mysqladmin -u root -h localhost password somethingnew

Your conf file is /etc/mysql/my.cnf file. You can use it to tweak the install a little better to your tastes, if your not one for a vanilla install.

OpenSSH

To install openSSH client first open a terminal and type:

sudo apt-get install openssh-client 

The continue to install the openSSH server by opening up a terminal and typing:

sudo apt-get install openssh-server 

For information pertaining to the configuration of your openSSH server, type the following for the manual:

man ssh_config 

Template:Warning

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup 

After editing your openSSH configuration open up a terminal and type the following to restart your openSSH server:

sudo /etc/init.d/ssh restart

Web driven Packages

---

CMS

---

Joomla

First you must have the base environment for Joomla.

3 pieces of software listed below should do it.

Apache -> http://www.apache.org MySQL -> http://www.mysql.com PHP -> http://www.php.net

If youve installed Ubuntu under the Server LAMP Install, you should be golden on the software requirements.

Grab Current Joomla

You can obtain the latest Joomla! release from:

http://www.joomla.org

Copy the tar.gz file into a working directory e.g.

$ cp JoomlaVx.x.x-Stable.tar.gz /tmp/Joomla

Change to the working directory e.g.

$ cd /tmp/Joomla

Extract the files e.g.

$ tar -zxvf JoomlaVx.x.x-Stable.tar.gz

This will extract all Joomla! files and directories. Move the contents of that directory into a directory within your web server's document root or your public HTML directory e.g.

$ mv /tmp/Joomla/* /var/www/html

Alternatively if you downloaded the file to your computer and unpacked it locally use a FTP program to upload all files to your server. Make sure all PHP, HTML, CSS and JS files are sent in ASCII mode and image files (GIF, JPG, PNG) in BINARY mode.

Database Creation and Privys

Joomla! will currently only work with MySQL. In the following examples, "db_user" is an example MySQL user which has the CREATE and GRANT privileges. You will need to use the appropriate user name for your system.

First, you must create a new database for your Joomla! site e.g.

$ mysqladmin -u db_user -p create Joomla

MySQL will prompt for the 'db_user' database password and then create the initial database files. Next you must login and set the access database rights e.g.

$ mysql -u db_user -p

Again, you will be asked for the 'db_user' database password. At the MySQL prompt, enter following command:

GRANT ALL PRIVILEGES ON Joomla.*
TO nobody@localhost IDENTIFIED BY 'password';

where:

'Joomla' is the name of your database
'nobody@localhost' is the userid of your webserver MySQL account
'password' is the password required to log in as the MySQL user

If successful, MySQL will reply with

Query OK, 0 rows affected

to activate the new permissions you must enter the command

flush privileges;

and then enter '\q' to exit MySQL.

Alternatively you can use your web control panel or phpMyAdmin to create a database for Joomla.

Web Installer

Finally point your web browser to http://www.mysite.com where the Joomla! web based installer will guide you through the rest of the installation.

Configuration Post install

You can now launch your browser and point it to your Joomla! site e.g.

http://www.mysite.com -> Main Site
http://www.mysite.com/administrator -> Admin

You can log into Admin using the username 'admin' along with the password that was generated or you chose during the web based install.

Then developing a website for the Land of Yor will be good, and there will be much rejoicing.

---

CRM

CRM-CTT

This Guide assumes you have Apache, MySQL, and PHP install properly.

Installation

First, download and read the Admin guide found here -- Admin Guide.

Second, grab a copy of the current distribution of CRM-CTT -- CRM-CTT SF page

Then, unzip the files into a temporary directory of your choosing.

Youll need to create a directory for the CRM system in your webroot.

cp /path/to/tmp/directory/* /path/to/webroot/then/to/crm/ -fr 

For a smoother installation during the web install, in the installation directory --

chmod 777 config.inc.php

For an even smoother transition , go on ahead and create a database for the CRM system.

mysqladmin create <nameofdb> -p 

Point your browser to the installation directory and follow the installation instructions.

After the installation is over, be certain that your config.inc.php file is not world writeable by doing --

chmod 755 config.inc.php

Add a cron job to some machine (could be local, but also remote) to start the email-notifier for entities:

For email notification to work properly within the project, youll need to create a series of tasks in cron. This doesnt have to be the actual machine , though in most cases its feasible to do so. Edit the /etc/crontab and adding the follwoing lines --

# CRM Alarm date manager
0 8 * * *       wget http://yoursite.com/crm/duedate-notify-cron.php?password=yourCRONpwd\&reposnr=XXX 1> /dev/null 2> /dev/null
0 15 * * *      wget http://yoursite.com/crm/duedate-notify-cron.php?password=yourCRONpwd\&reposnr=XXX 1> /dev/null 2> /dev/null

This will send an e-mail notification at 8 AM and 3 PM. Entities wich will be mentioned are entities which have an alarm date set to `today`.

Use the 'Change system values' option to set a global admin password (admpassword), then immediately pick up and read the administration manual, there are some odd settings that need to be added , changed, and amended.

After that, you should be golden, and then collecting relational contacts in the Land of Yor will be good. And there will be much rejoicing.

Photo Galleries

---

WebGallery

How to install Gallery for Image Gallery Server service

• Read DapperGuide#General Notes
• Read DapperGuide#How to add extra repositories
• Read DapperGuide#How to install Apache HTTP Server for HTTP (Web) Server service
• Read DapperGuide#How to install PHP for Apache HTTP Server

sudo apt-get install gallery (when prompted to restart Apache, choose No or Cancel)
sudo apt-get install imagemagick
sudo apt-get install jhead
sudo apt-get install libjpeg-progs
sudo /etc/init.d/apache2 restart
sudo sh /usr/share/gallery/configure.sh

• http://localhost/gallery/setup/index.php
• Gallery Configuration

Gallery Configuration Wizard: Step 1
Next Step ->

Gallery Configuration Wizard: Step 2
General settings Tab ->
Admin password: Specify the password

Locations and URLs Tab ->
Album directory: /var/www/albums/
Temporary directory: /tmp/
Gallery URL: http://localhost/gallery
Albums URL: http://localhost/albums
Next Step -->

Gallery Configuration Wizard: Step 3
Next Step -->

Gallery Configuration Wizard: Step 4
Save Config ->

• http://localhost/gallery/albums.php

How to configure Gallery to be accessible via Internet (Hostname or fix IP) or LAN (fix IP)

• Read DapperGuide#General Notes
• Read #How to install Gallery for Image Gallery Server service

e.g. Assumed that network and internet connections have been configured properly

Internet (Hostname or fix IP) or LAN (fix IP): http://www.url.com

sudo cp /etc/gallery/config.php /etc/gallery/config.php_backup
sudo gedit /etc/gallery/config.php

• Find this section

...
$gallery->app->photoAlbumURL = "http://localhost/gallery";
$gallery->app->albumDirURL = "http://localhost/albums";
...

• Replace with the following lines

$gallery->app->photoAlbumURL = "http://www.url.com/gallery";
$gallery->app->albumDirURL = "http://www.url.com/albums";

• Save the edited file
• http://www.url.com/gallery/albums.php

How to configure Gallery to be accessible via LAN (dynamic IP)

• Read DapperGuide#General Notes
• Read #How to install Gallery for Image Gallery Server service

e.g. Assumed that network connections have been configured properly

LAN (dynamic IP): 192.168.0.1

sudo cp /etc/gallery/config.php /etc/gallery/config.php_backup
sudo gedit /etc/gallery/config.php

• Find this section

...
$gallery->app->photoAlbumURL = "http://localhost/gallery";
$gallery->app->albumDirURL = "http://localhost/albums";
...

• Replace with the following lines

$gallery->app->photoAlbumURL = "/gallery";
$gallery->app->albumDirURL = "/albums";

• Save the edited file
• http://192.168.0.1/gallery/albums.php

How to backup/restore Gallery data

• Read DapperGuide#General Notes
• To backup Gallery data

sudo tar zcvf gallery.tgz /var/www/albums/ /etc/gallery/

• To restore Gallery data

sudo tar zxvf gallery.tgz -C /

WebForums

Vanilla

---

Manual Installation

Database

You will need to create a database for this project. This can be done with phpmyadmin (if you have it installed) or by

mysqladmin create <databasenameofyourchoice> -p

Contained in the root directory of this application is a vanilla.sql file. You can use an existing database (if you have one), or you can create a new database named whatever you like. You can install this database using the following command:

mysql -u your_database_username -p your_database_name < vanilla.sql 

The database is an empty shell, containing a single administrative user in the system with the username "Admin" and the password "Admin". Files

Place the application files where you want the forum to appear on your system. Then follow the following instructions:

Open the appg/settings.php file
On line 15, specify the host name of your mysql database (dbHOST).
On line 16, specify the name of your database (dbNAME).
On line 17, specify the username of the user with access to your database (dbUSER).
On line 18, specify the password of the user with access to your database (dbPASSWORD).
On line 21, specify the ABSOLUTE path to the vanilla directory you created (agAPPLICATION_PATH).
On line 30, specify the web-path to the application. Eg www.yourdomain.com/vanilla (agDOMAIN).
On line 35, specify the domain to which you would like to have Vanilla cookies assigned (agCOOKIE_DOMAIN).

Vanilla is going to need read AND write access to the following files:

* appg/settings.php
* appg/extensions.php
* appg/language.php

Vanilla is also going to need read access to the following folder:

* languages/

And finally, the filebrowser and thumbnailer will need read AND write access to the following folder:

* images/

If you are running a *nix server and you have command line access, you can achieve these permissions by navigating to the Vanilla folder. Once you are sitting in the same folder as this readme.html file, run the following commands:

chmod 666 appg/settings.php
chmod 666 appg/language.php
chmod 666 appg/extensions.php
chmod 755 languages/
chmod 757 images/

What Next?

There is a whole world of configuration you can do with Vanilla, and we highly recommend that you head on over to the Lussumo Documentation site to read the Vanilla documentation. You can do everything from changing the the banner text on your forum to completely altering the look and functionality of your forum with extensions.

And then all is well in the land of Yor.

---

PhpBB

This guide assumes you have apache2, mysql and mysqladmin installed

First you will need to aquire the gzip (tar.gz) package from http://www.phpbb.com/downloads.php

mysqladmin create <databasenameofyourchoice> -p

Move the gzip package to /var/www

sudo mv ~/phpBB-X.X.XX.tar.gz /var/www

Extract the package

sudo tar xfz /var/www/phpBB-X.X.XX.tar.gz

Then open your webbrowser of choice and enter the following in your address bar

localhost/phpBB2

Proceed to enter your details into the gui and click install

Blogs

Wordpress

Note before proceeding to install wordpress make sure you meet the requirements (this guide assumes you have apache2, mysql and php5 mysqladmin installed)

First download http://wordpress.org/download

Copy the file to your servers folder

sudo cp ~/wordpress-X.X.X.zip /var/www

Then unzip wordpress

cd /var/www
sudo unzip wordpress-X.X.X.zip /var/www

Rename the wp-config-sample.php file to wp-config.php.

sudo mv wp-config-sample.php wp-config.php

Create the mysql database for wordpress (call it wordpress for simplicity)

sudo mysqladmin create wordpress -p

Open wp-config.php with a text editor and edito your blogs details

sudo gedit wp-config.php

define('DB_NAME', 'wordpress');     // The name of the database
define('DB_USER', 'root');     // Your MySQL username default for phpmyadmin is root
define('DB_PASSWORD', ); // ...and password for phpmyadmin by default is 
define('DB_HOST', 'localhost');     // 99% chance you won't need to change this value

Finally open up firefox (or your alternative webbrowser) and enter the following in the address bar to run the installation script

localhost/wp-admin/install.php