Featured Posts

  • Prev
  • Next

How To Install & Use A GUI With FreeNX on Ubuntu 10.04

Posted on : 14-04-2012 | By : jake | In : Cheap VPS, Ubuntu VPS

Tags: , ,

0

Summary: I personally have a need on one of my servers for a gui. There are a bunch of reasons why people would such as some game servers, runuo for example, and if just for fun it can be done on a single node with ispmanager and xfce.

Before you start, make sure you have the appropriate software to telnet/ssh into your server, such as putty.

Step One: Installing FreeNX

1. Assuming you’re installing on a clean Ubuntu 10.04 LTS 64-bit Basic Installation start by installing apt-add-repository (or if already installed skip to next step)
sudo apt-get install python-software-properties

2. Next lets add the FreeNX PPA
sudo add-apt-repository ppa:freenx-team

3. Now lets update
sudo apt-get update

4. And install FreeNX
sudo apt-get install freenx

Step Two: Installing & Using GUI

1. I’m using xfce for this but you can use ubuntu kubuntu if you really wanted to. Edit this command to your gui of choice.
sudo apt-get install xubuntu-desktop

2. Download and install the version of NX For Your OS
Windows Linux OSX Solaris

3. Click configure and in host enter your ip or domain name and port. Then Under desktop select UNIX and XDM (or if using another os choose the gui)

4. Enter your username (root) and password. Login and you’ll be greeted with an ssh terminal. Type
startxfce4

and that’s it!
Retrieved from:http://www.vps.net/forum/topic/4221-how-to-install-use-a-gui-with-freenx-on-ubuntu-1004/

Creating A Home Media & File Server With Ubuntu

Posted on : 01-04-2012 | By : jake | In : Cheap VPS, Linux VPS

Tags: , ,

0

For the past two years, I have used FreeNAS 7.x as a file-server. After the development was bought-out, the home-designed service fell by the wayside. The unfortunate consequence is that all of my data was stored on UFS GPT partitions which is does not have native support by either Windows or Linux kernels. The solution I decided upon was to purchase another 2TB hard-drive to use as a storage buffer to copy UFS data and repartition into EXT4 using Ubuntu 11.10’s terminal with a mount command.

After that hiccup, I set out to setup the best server option for my needs.

This HOWTO will give you the BEST home media and file server out there at a cheap (free) cost. It includes SSH2, Remote Desktop, UPNP/DLNA server, SAMBA Shares (Windows file-sharing), VPN server, and the Transmission bit-torrent server. The final piece of the schema is a new toy: Subsonic. This gives you web-based media streaming to watch your content anywhere via a web-browser.

Whilst Ubuntu may be installed on all sorts of hardware specifications, I recommend that you have no less than a 1GHZ dualcore machine (old AMD’s work great!), 2GB of RAM (I have 4GB), 40GB dedicated hard-drive space for Ubuntu, and an internet connection of decent speed (no old dial-up!). I have an AMD dualcore x64, 4GB of RAM, 40GB hard-drive dedicated to Ubuntu, two 2TB hard-drives for storage, and one 500GB hard-drive just for emergencies if space gets low.

Assumption: this guide assumes that you have had some minor, newbie experiences with Ubuntu or Linux at the least. If you haven’t, install Ubuntu and play around and explore the ecosystem for 10 to 20 minutes before continuing.

Assumption: you are not using this server as a router and are not using a firewall on this server because it is behind a home LAN network. If you use it as a router, take note of ports to open with your firewall script and the firewall rules used in the Remote Desktop section.

Let’s start!
Install Ubuntu 11.10. I recommend this being on its own hard-drive. I used a 40GB hard-drive partitioned with EXT4 at / with 32GB of space. The remaining 8GB was partitioned as SWAP space.

Once Ubuntu is installed, reboot into the system and run Software Update to install all of the latest packages. Reboot once more so that we are working from the latest kernel and software suites going forward.

SSH2:
Setting up SSH is very simple. This will give you console access should you be unable to reach the machine with Remote Desktop or like playing in terminal windows!

Open up Terminal.
Type
sudo su

so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type:
sudo apt-get install ssh

If you’re not worried about security, this is a stopping point as SSH is good to go.
Let’s secure the daemon by editing the configuration. Type:
gedit /etc/ssh/sshd_config

to open up the config file.
Find PermitRootLogin and set it to no
Add a line below that variable and type AllowUsers (username) where (username) represents your Ubuntu account’s username.
Type
restart ssh

Remote Desktop
It’s a simple GUI to enable. The downside is that you must use TightVNC or some other VNC viewer for Windows if that is your OS of choice to Remote from. But if you want to have an RDP compliant server running (meaning want to use Windows native Remote Desktop client to connect to the server), complete the following steps.

Open up Terminal.
Type
sudo su

so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type:
sudo apt-get install xrdp

Forward the external WAN port 3389 to the LAN IP address for the server.
For RDP: Make sure to forward any port to the server’s internal port 3389. I use 3401 external port forwarded to the server’s LAN IP at port 3389.

For Ubuntu’s built-in VNC: Make sure to forward port 5900 to the machine. If you want to use JAVA viewer to access the Remote Desktop, you must also forward 5800.

SAMBA Server
Installing and configuring data-sharing which functions with Windows file-sharing. We will set up a share system whereby all LAN computers can navigate, access, and modify the shares. You may wish to do something further to secure SAMBA if your LAN environment isn’t “home” use.

Open up Terminal.
Type
sudo su

so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type:
sudo apt-get install samba smbfs

Edit the configuration. First,
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig

and then
gedit /etc/samba/smb.conf

[global]
workgroup = HOME #(Set this to your Windows workgroup)
netbios = HOME #(Set this to your Windows workgroup)
security = share
[Shared Drive] #(Set this to the name you want the shared folder to have)
comment = entire shared drive #(Comments about the shared folder)
path = /mnt/storage2/ #(Path to the shared folder or mount-point of harddrive)
read only = no
guest ok = yes
writable = yes
Alternatively, you may want to have this as a share system where usernames and passwords or another form of security is in place. This isn’t hard to do and many tutorials are available, but will not be a part of this “home” guide.

VPN: Set up a PPTP VPN which is supported by Microsoft and Android
Open up Terminal.
Type
sudo su

so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type:
apt-get install pptpd

gedit /etc/pptpd.conf

# TAG: ppp
# Path to the pppd program, default ‘/usr/sbin/pppd’ on Linux
#
#ppp /usr/sbin/pppd
# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in ‘/etc/ppp/options’
#
option /etc/ppp/pptpd-options
# TAG: debug
# Turns on (more) debugging to syslog
#
#debug
# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: noipparam
# Suppress the passing of the client’s IP address to PPP, which is
# done by default otherwise.
#
# noipparam
# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp
# TAG: bcrelay
# Turns on broadcast relay to clients from interface
#
bcrelay eth0
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that’s ok – all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 192.168.1.49
remoteip 192.168.0.1-255
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
gedit /etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *
/etc/init.d/pptpd restart

Create a new document in /etc/init.d/ by doing
touch /etc/init.d/ipv4pptpd

Edit the document with
gedit /etc/init.d/ipv4pptpd

and insert the following text:
#!/bin/sh
### BEGIN INIT INFO
# Provides: IPV4PPTPD
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon.
### END INIT INFO

#From debiantutorials.com/installing-and-configuring-pptp-vpn-server-on-lenny/
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Type
update-rc.d ipv4pptpd defaults

Either reboot the machine so that the new routing tables are used, or type
sh /etc/init.d/ipv4pptpd

to start those tables.

uPNP DLNA MEDIA Server: Mediatomb
Open up Terminal.
Type
sudo su

so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type:
sudo apt-get install mediatomb

http://localhost:49152/

Edit the config.xml to set up your own username, disable username requirements, add transcoders, and to enable Playstation3 requirements for playback. This can be done with:
gedit /etc/mediatomb/config.xml

Bittorrent Server: Transmission
Open up Terminal.
Type
sudo su

so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type:
sudo apt-get install transmission-daemon

We cannot modify the settings with this process running. Type
/etc/initi.d/transmission-daemon stop

Modify the settings of the settings.json to fit your needs. Make sure to use the CORRECT paths for your setup. Mine are within a heirarchy of /mnt/torrents/. My customizations of choice are:
{
“alt-speed-down”: 950,
“alt-speed-enabled”: false,
“alt-speed-time-begin”: 1,
“alt-speed-time-day”: 127,
“alt-speed-time-enabled”: true,
“alt-speed-time-end”: 585,
“alt-speed-up”: 1,
“bind-address-ipv4″: “0.0.0.0″,
“bind-address-ipv6″: “::”,
“blocklist-enabled”: true,
“blocklist-url”: “http://www.bluetack.co.uk/config/level1.gz”,
“cache-size-mb”: 2,
“dht-enabled”: true,
“download-dir”: “/mnt/torrents/Downloads/”,
“download-queue-enabled”: true,
“download-queue-size”: 5,
“encryption”: 2,
“idle-seeding-limit”: 5,
“idle-seeding-limit-enabled”: true,
“incomplete-dir”: “/mnt/torrents/Incomplete/”,
“incomplete-dir-enabled”: true,
“lazy-bitfield-enabled”: true,
“lpd-enabled”: false,
“message-level”: 2,
“open-file-limit”: 4,
“peer-congestion-algorithm”: “”,
“peer-limit-global”: 240,
“peer-limit-per-torrent”: 60,
“peer-port”: 51413,
“peer-port-random-high”: 65535,
“peer-port-random-low”: 49152,
“peer-port-random-on-start”: false,
“peer-socket-tos”: “default”,
“pex-enabled”: true,
“port-forwarding-enabled”: true,
“preallocation”: 1,
“prefetch-enabled”: 1,
“proxy”: “”,
“proxy-auth-enabled”: false,
“proxy-auth-password”: “”,
“proxy-auth-username”: “”,
“proxy-enabled”: false,
“proxy-port”: 80,
“proxy-type”: 0,
“queue-stalled-enabled”: true,
“queue-stalled-minutes”: 30,
“ratio-limit”: 0.1000,
“ratio-limit-enabled”: true,
“rename-partial-files”: true,
“rpc-authentication-required”: true,
“rpc-bind-address”: “0.0.0.0″,
“rpc-enabled”: true,
“rpc-password”: “password”,
“rpc-port”: 9091,
“rpc-url”: “/transmission/”,
“rpc-username”: “admin”,
“rpc-whitelist”: “*.*.*.*”,
“rpc-whitelist-enabled”: true,
“scrape-paused-torrents-enabled”: true,
“script-torrent-done-enabled”: false,
“script-torrent-done-filename”: “”,
“seed-queue-enabled”: false,
“seed-queue-size”: 10,
“speed-limit-down”: 500,
“speed-limit-down-enabled”: true,
“speed-limit-up”: 1,
“speed-limit-up-enabled”: true,
“start-added-torrents”: true,
“trash-original-torrent-files”: true,
“umask”: 2,
“upload-slots-per-torrent”: 14,
“utp-enabled”: true,
“watch-dir”: “/mnt/torrents/Autoload/”,
“watch-dir-enabled”: true
}
If you’re pleased with the setup as-is there is no reason to continue onward. If you would like to set up a script to automatically update the blocklists file, let’s keep going. It’s important to note that Transmission doesn’t automatically update and process the blocklist file even though the settings.json has a position for it. Let’s create a script to do it. Here’s mine. Remember to modify the path structure to fit your operation.
#!/bin/sh
# 2012-02-27 Rewrote for Ubuntu
# Orignial for FreeNAS 7.5
# By Derek Gordon (crypted or derekcentrico depending on forums)
PATH=/bin:/sbin:/usr/bin:/usr/local/bin; export PATH;
URL=http://www.bluetack.co.uk/config/level1.gz
cd /var/lib/transmission-daemon/info/
wget http://www.bluetack.co.uk/config/level1.gz
gzip -dfq level1.gz
mv /var/lib/transmission-daemon/info/level1 /var/lib/transmission-daemon/info/blocklists/
rm -rf level1.gz
echo “Blocklist update RAN on `date`” >> “/var/lib/transmission-daemon/info/update-blocklists.log”
Set the above file to chmod +x and execute it in the terminal
sh filename

to update the blocklists. You can set this as a cronjob to run daily if you wish.
Once that’s done, restart transmission.
Access the web GUI at http://localhost:9091

Web-based Media Server
Subsonic streams almost all video and audio files through a flash-player on a web interface. A small donation to the developers allows you to have access to apps for Android and iProducts. This means native streaming to them as well.

Open up Terminal.
Type
sudo su

so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the prerequisite packages, type:
sudo apt-get install openjdk-6-jre lame flac faad vorbis-tools ffmpeg

Subsonic is not part of the repositories for Ubuntu. We must download the latest version at http://www.subsonic.org/pages/download.jsp. Download the version for Ubuntu/Debian. Put this file in your /home/username/ directory. Go to that directory in terminal.
Type
dpkg -i filename

where as of this writing, my filename was titled subsonic4.6.deb so I typed
dpkg -i subsonic4.6.deb

Now, go to http://localhost:4040 and sign in and finish setup via the web interface. Do what it instructs in RED. Click the link to secure the admin account.
Afterward, go to Settings and customize the system to your preferences. Make sure to add the media directories to the player.
If you prefer a barebones media server, I suggest checking out VLC. It takes a lot more work to get up and running and its web-interface isn’t as nifty.
Retrieved from : http://www.howtoforge.com/creating-a-home-media-and-file-server-with-ubuntu

How To Install phpMyAdmin On A VPS

Posted on : 16-11-2011 | By : admin | In : Uncategorized

Tags:

0

As mentioned before, phpMyAdmin is an easy panel for you to control MySQL, so that you can easily add and optimize databases for your websites or blogs.

The following will show you how to install the latest version of phpMyAdmin from source on a Ubuntu VPS with the Terminal application of Mac, and there will be only 5 steps:

Step 1. Forward Domain
Instead to use a new domain for phpMyAdmin, you can also use a sub-domain of any domain you have, and what you need to do is to log in your domain server account, and forward the sub-domain to your VPS, such as the following:

A: freenuts.org to 216.24.194.31

CName: www.freenuts.org to freenuts.org

CName: phpmyadmin.freenuts.org to freenuts.org

Remember to change “freenuts.org” to your domain name, and to change “216.24.194.31″ to the IP address of your VPS.

Tip: It is better to change “phpmyadmin” to any other word you like, so that your phpMyAdmin will be safer, since people are harder to find it.

Step 2. Install PHPMyAdmin
The installation of phpMyAdmin is very easy, only needs a few commands:

cd /opt

wget http://hivelocity.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.5/phpMyAdmin-3.4.5-all-languages.tar.gz

(P.S.: 3.4.5 is the latest stable version of phpMyAdmin, and you can get more versions on the official download page.)

tar -xzvf phpMyAdmin-3.4.5-all-languages.tar.gz

mv phpMyAdmin-3.4.5-all-languages phpmyadmin

(P.S.: This command is not MUST, but is cool.)

Tips: After installation, the download package is not useful, and you can delete it with the following command:

rm -rf phpMyAdmin-3.4.5-all-languages.tar.gz

Step 3. Configure Nginx
phpMyAdmin is based on PHP, which can be actived with Nginx in two different ways as mentioned before, now we are using the popular “sites-enabled” way to configure phpMyAdmin.

Firstly, enter the following command:

nano /usr/local/nginx/conf/sites-enabled/phpmyadmin

Secondly, copy and paste the following contents:

server {

listen 80;
server_name phpmyadmin.freenuts.org;

access_log /usr/local/nginx/logs/phpmyadmin.access.log;

root /opt/phpmyadmin;

location / {
index index.html index.htm index.php;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass localhost:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /usr/local/nginx/conf/fastcgi.conf;
}
}

Remember to replace “phpmyadmin.freenuts.org” with your domain name for phpMyAdmin. Then save the file.

Tips:

As you can see, the contents of the phpmyadmin file is very similar with any other files in the sites-enabled folder, to which you can refer for how to add multiple websites.

Step 4. Configure PHPMyAdmin
To connect MySQL with phpMyAdmin, you only need to create and edit a file called config.inc.php, which can be copied from the config.sample.inc.php file with the following commands:

cd /opt/phpmyadmin

cp config.sample.inc.php config.inc.php

Then enter the following command:

vi config.inc.php

Delete all the contents with “dG”, and press the “i” key to insert the following contents:

Remember to change “your.mysql.root.password” to the root password you set up when installing MySQL as mentioned before.

Step 5. Reboot VPS
Enter “reboot” to reboot your VPS, which may takes a little time, then open your browser and enter the following URL in the address bar:

http://phpmyadmin.freenuts.org/

Remember to change “phpmyadmin.freenuts.org” to your domain used for phpMyAdmin, if you can log in with the user “root” and its password, then you can add databases for your WordPress blogs.

Retrieved from:http://freenuts.com/how-to-install-phpmyadmin-on-a-vps/

Setup DNS on Ubuntu VPS

Posted on : 30-09-2011 | By : admin | In : Uncategorized

Tags:

0

Setting DNS of Ubuntu VPS with Bind9 – Do you want to build custom unmanaged VPS based on Ubuntu Linux? Well this trick may be so useful for you to setup and configure unmanaged VPS from very beginning. As part of my trial-n-error period on building a VPS unmanaged.

We’ll talk about how to configure Bind 9 DNS so we can connect Domain to resolve to our VPS. Yup, we’ll configure NS1 and NS2 to point to VPS runs Ubuntu.

Please correct me if I’m wrong or if you have any ideas to add, do not hesitate to write comment.

Configuring NS1 and NS2 on Ubuntu VPS

Assuming you have had your own VPS with SSH username login and password.
In this guide I use VPS runs Ubuntu 11.04 Server Edition (ubuntu-11.04-server-amd64)
In this guide we’ll use cachecluster.com as an example. Replace this with your own domain name
Windows users: Download Putty tool
Pasting any text on putty: use mouse right-click
Step 0. Don’t forget to setup your domain on your domain registrar (like GoDaddy) and add following host name:

ns1.domain.com -> your main IP address
ns2.domain.com -> your 2nd IP address (or if you have only 1 IP then add it again here)

Step 1. Launch up Putty >> enter hostname / ip address and SSH port (default is 22) >> click [Open] >> login with your username and password

Step 2. Now we’ll firstly install Bind9 -in case you don’t have it installed yet- by typing following command (as I’m not in root, I’ll add sudo):

sudo apt-get install bind9

Step 3. Now edit named.conf.local file. Use following command (delete sudo if you loggin as root):

sudo nano /etc/bind/named.conf.local

Step 4. Add/type following line: (replace cachecluster.com with your own domain name)

zone “cachecluster.com” {
type master;
file “/etc/bind/zones/cachecluster.com.db”;
};

zone “3.2.1.in-addr.arpa” {
type master;
file “/etc/bind/zones/rev.3.2.1.in-addr.arpa”;
};

Once done, press [Ctrl]+[O] keys to save followed by hitting enter. Then exit by pressing [Ctrl]+[X] keys.

Step 5. Make zones directory by typing following command:

cd /etc/bind
mkdir zones
cd /etc/bind/zones

Step 6. Now lets make cachecluster.com.db file. Type this:

sudo nano cachecluster.com.db

then add following lines (replace xxx.xxx.xxx.xxx with IP Address of your vps):

; BIND data file for cachecluster.com
;
$TTL 14400
@ IN SOA ns1.cachecluster.com. indo.cachecluster.com. (
201006601 ; Serial
7200 ; Refresh
120 ; Retry
2419200 ; Expire
604800) ; Default TTL
;
cachecluster.com. IN NS ns1.cachecluster.com.
cachecluster.com. IN NS ns2.cachecluster.com.

cachecluster.com. IN MX 10 mail.cachecluster.com.
cachecluster.com. IN A xxx.xxx.xxx.xxx

ns1 IN A xxx.xxx.xxx.xxx
ns2 IN A xxx.xxx.xxx.xxx
www IN CNAME cachecluster.com.
mail IN A xxx.xxx.xxx.xxx
ftp IN CNAME cachecluster.com.
cachecluster.com. IN TXT “v=spf1 ip4:xxx.xxx.xxx.xxx a mx ~all”
mail IN TXT “v=spf1 a -all”

Once done, press [Ctrl]+[O] keys to save followed by hitting enter. Then exit by pressing [Ctrl]+[X] keys.

Step 7. Now we’ll also define reverse DNS lookup:

sudo nano /etc/bind/zones/rev.3.2.1.in-addr.arpa

then add following lines:

@ IN SOA cachecluster.com. indo.cachecluster.com. (
2010081401;
28800;
604800;
604800;
86400 );

IN NS ns1.cachecluster.com.
4 IN PTR cachecluster.com.

Step 8. Now add your domain at /etc/resolv.conf:

sudo nano /etc/resolv.conf

then add following lines:

search cachecluster.com

Once done, press [Ctrl]+[O] keys to save followed by hitting enter. Then exit by pressing [Ctrl]+[X] keys.

Step 9. Now we should restart bind service using this command:

sudo /etc/init.d/bind9 restart

Step 10. Well basically we’re done here but lets run some test to make sure your DNS setting is fine using following command:

First we’ll install DNS Utility:

sudo apt-get install dnsutils

Now run the test:

dig cachecluster.com

If everything is correct you’ll see something like this:

That is it. You’ll skip all those steps if you are using CPanel WHM installed on CentOS. But sometimes we’ll getting so spoiled by using such control panel and setting up VPS server from scratch will be very challenging.

Retrieved from:-http://www.pressbyte.com/4581/setup-dns-ubuntu-vps-quick/

How to setup your new VPS Ubuntu server

Posted on : 30-09-2011 | By : admin | In : Uncategorized

Tags:

0

On the VXTIndia blog there’s a recent post that gives you a very complete guide to setting up a VPS server running Ubunut with all of the software you’d need to get a (more than) complete server up and running.

Every time you purchase a new Linux VPS, you need to go ahead and set it up for use. Even though we manage to do one server a month, we always seem to forget one thing or the other. So we decided to write down the things that we do. I thought it would be a good thing to share it with everybody as well, so that we could get a few comments about what we’re doing wrong, and people who do it the first time can probably pick up a few things from here.
Steps and software involved in their process include:

Updating to the latest Ubuntu packages
Creating other users for the system
Installing the web environment (including PHP, MySQL, phpmyadmin and Apache2)
Minin for monitoring
Configuring IPTables
Installing Fail2Ban
All of this comes complete with the additions you’ll need to make to configuration files and the commands to get everything installed (via aptitude).

Retrieved from:-http://www.phpdeveloper.org/news/16790

How to setup your new VPS Ubuntu server

Posted on : 30-09-2011 | By : admin | In : Uncategorized

Tags:

0

Every time you purchase a new Linux VPS, you need to go ahead and set it up for use. Even though we manage to do one server a month, we always seem to forget one thing or the other. So we decided to write down the things that we do. I thought it would be a good thing to share it with everybody as well, so that we could get a few comments about what we’re doing wrong, and people who do it the first time can probably pick up a few things from here.

If you haven’t purchased a server yet, I would suggest you go read The Guide to VPS Servers first.

I have a fascination with Ubuntu and I think it’s the easiest to work with, so I’m going to go ahead and assume that you’re working on the same too.

Okay, now that you have a server, let’s start setting it up.

# Update Ubuntu to get the latest packages
$ aptitude update
$ aptitude safe-upgrade
$ aptitude install htop
$ locale-gen en_US.UTF-8
$ update-locale LANG=en_US.UTF-8

# Set the hostname
$ vi /etc/hostname
Here you need add your hostname, for example vxtindia.com

# Add the admin group and user
$ adduser admin
$ visudo
You need to add the following here
%admin ALL=(ALL) ALL

# Add the other users
$ adduser admin2
$ usermod -a G admin admin2
$ adduser deploy
$ adduser deploy2
$ usermod -a -G deploy deploy2
It’s also a good idea to add this for each user
$ vi .bashrc
and the add the following at the end of the file
- PS1=’\[33[0;35m\]\u@\h\[33[0;33m\] \w\[33[00m\]: ‘

# Install Git (if you don’t use it, please start now)
aptitude install git-core

# Edit SSH Config to make it more secure
$ vi /etc/ssh/sshd_config
Once inside, make sure that the following values match
Port 8888
Protocol 2
UseDNS no
Once you’re done run the command below
$ /etc/init.d/ssh reload

# Install Apache2
$ aptitude install apache2
$ vi /etc/apache2/apache2.conf
Once inside, make sure the following values are set
KeepAliveTimeout 5
Timeout 30
MaxKeepAliveRequests 400
$ vi /etc/apache2/conf.d/servername.conf
Set the following here
ServerName vxtindia.com
$ vi /etc/apache2/conf.d/security
Set the following here
ServerTokens Minimal
ServerSignature Off
$ apache2ctl restart
$ aptitude install lynx

# Install MYSQL
$ aptitude install mysql-server mysql-client

# Install phpmyadmin
$ aptitude install phpmyadmin

# Install PHP
$ aptitude install php5 php5-json php5-cli php5-mysql php5-dev php5-curl php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl
$ apache2ctl restart

# Install postfix
$ aptitude install postfix telnet mailutils
Set/Choose the following options here
Internet Site
System Mail Name = vxtindia.com
Note: postfix log files are at /var/log/mail.info, /var/log/mail.warn, /var/log/mail.err, /var/log/mail.log
Note: postfix config files are at /etc/postfix
$ vi /etc/postfix/main.cf
Set the hostname here
myhostname = vxtindia.com
$ vi /etc/mailname
Set it again here
vxtindia.com
$ postfix reload
$ vi /etc/aliases
Note: save it to external email where server can report abuse
postmaster: abuse@vxtindia-external.com
Note: Change reverse DNS by going to https://www.linode.com/members/linode/rdns.cfm
vxtindia.com

# Install Munin (Master)
$ aptitude install munin munin-node
$ vi /etc/munin/munin.conf
It should like the following
dbdir /var/lib/munin
htmldir /var/cache/munin/www
logdir /var/log/munin
rundir /var/run/munin
contact.vxtindia.command mail -s “Munin notification” server@vxtindia.com
[vxtindia.com]
address 127.0.0.1
use_node_name yes
$ chown -R munin /var/cache/munin/www/
$ vi /etc/munin/munin-node.conf
Set the following
host 127.0.0.1
$ service munin-node restart
Note: You can also use /etc/init.d/munin-node restart
$ vi /etc/apache2/sites-enabled/000-default
Here you set the following
Alias /munin /var/cache/munin/www

Options FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all

$ apache2ctl restart
$ vi /var/cache/munin/www/.htaccess
Make sure the following are there
AuthUserFile /var/cache/munin/.htpasswd
AuthGroupFile /dev/null
AuthName “Munin”
AuthType Basic

require valid-user

$ cd /var/cache/munin
$ htpasswd -c .htpasswd admin

# Install Munin (Slave)
$ aptitude install munin-node
$ vi /etc/munin/munin-node.conf
Add the following
allow ^72\.14\.190\.63$
host 69.164.194.243
$ vi /etc/iptables.up.rules
Add the following
# Munin
-I INPUT -p tcp –dport 4949 -m state –state NEW,ESTABLISHED -j ACCEPT
-I OUTPUT -p tcp –dport 4949 -m state –state ESTABLISHED -j ACCEPT
$ iptables-restore < /etc/iptables.up.rules
$ /etc/init.d/munin-node restart

Note: Add details to the master
$vi /etc/munin/munin.conf
[a1.88things.com]
address 69.164.194.243
user_node_name yes
$ vi /etc/iptables.up.rules
-I OUTPUT -p tcp –dport 4949 -m state –state NEW,ESTABLISHED -j ACCEPT
-I INPUT -p tcp –dport 4949 -m state –state ESTABLISHED -j ACCEPT
$ iptables-restore < /etc/iptables.up.rules
$ /etc/init.d/munin-node restart

# Install Munin Plugins
$ aptitude install libwww-perl
$ munin-node-configure –suggest
$ ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses
$ ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/apache_processes
$ ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/apache_volume
$ ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_

# Setting up IPtables
$ iptables -F
Add this
$ vi /etc/iptables.up.rules
*filter

# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

# Accepts all established inbound connections
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp –dport 80 -j ACCEPT
-A INPUT -p tcp –dport 443 -j ACCEPT

# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state –state NEW –dport 8888 -j ACCEPT

# Allow ping
-A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT

# log iptables denied calls
-A INPUT -m limit –limit 5/min -j LOG –log-prefix "iptables denied: " –log-level 7

# Reject all other inbound – default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT
$ iptables-restore < /etc/iptables.up.rules
$ vi /etc/network/if-pre-up.d/iptables
Add this to the file
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules
$ chmod +x /etc/network/if-pre-up.d/iptables
$ /etc/init.d/ssh restart

# Install Fail2ban
$ aptitude install fail2ban
$ cd /etc/fail2ban/
$ cp jail.conf jail.local
$ vi jail.local
Add this
destemail = someaddress@vxtindia.com
mta = mail
$ service fail2ban restart

This constitutes your basic server setup. There are a ton of more things that you can do, but for setting up a development server, this should be more than enough.

If you are still curious, here are a few more things you should have a look at
1. LogRotate (Part 1, Part 2)
2. VirtualHosts (Part 1, Part 2)
3. WordPress Backup (1, 2, 3, 4, 5, 6)
4. Hosting Git (1, 2, 3, 4)

Retrieved from:-http://vxtindia.com/blog/how-to-setup-your-new-vps-ubuntu-server/

How to Install OpenVPN On an Ubuntu OpenVZ VPS

Posted on : 30-09-2011 | By : admin | In : Uncategorized

Tags:

0

If you are a webmaster outside the US, and you have purchased a US VPS. This tutorial is for you! The big question is why you should install openvpn on vps? Well the biggest reason is that you can change your IP to watch stuff like Hulu which is is only available for US visitors. Another benefit of VPN is the security it offers by encrypting traffic on public networks like public WIFI spots which are not very safe. You could of course use a commercial service like StrongVPN in which case you typically pay ($5-10) per month, but for webmasters who have rent a VPS, they will prefer to run VPN on their VPS hosting.

OpenVZ VPS supports VPN inside a container via kernel TUN/TAP module and device. First thing you need to do is to enable TUN/TAP.

You can enable TUN/TAP in your hosting control panel. TUN/TAP is disable in some VPS hosting, you need to submit a ticket to you hosting provider to enable TUN/TAP.

Steps of Installing OpenVPN Inside an OpenVZ VPS on Ubuntu 10.04:

First, install the openvpn package:

sudo apt-get install openvpn
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
cd /etc/openvpn/
sudo gunzip server.conf.gz

This will copy and unpack the example server config. The sample config uses the ip range 10.8.0.0 and subnet 255.255.255.255
Edit the server.conf file with your favorite editor:

nano /etc/openvpn/server.conf

Now you need to uncomment the following (remove the “;” in front of the line):
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 208.67.222.222″
push “dhcp-option DNS 208.67.220.220″

Copy the necessary files to to create our certificates:

sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
cd /etc/openvpn/easy-rsa

We need to adjust the vars file, which contains the settings for the certificates.
Please keep in mind that the ‘country’ field may only contain 2 letters.

Open the vars file and go to the end.
The default file contains:

# These are the default values for fields
# which will be placed in the certificate.
# Don’t leave any of these fields blank.
export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”Fort-Funston”
export KEY_EMAIL=”me@myhost.mydomain”

You can modify these values if you like.
After that create the necessary key and CA’s:

Creating server certificates

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./pkitool –initca
./pkitool –server server

This will build your proper certificates based up the example files slightly editted. I recommend this for non-advanced users and first-timers.

Creating client certificates

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname

Remember to replace hostname with the name of the client you want to connect. This can be used as an identifier for example “client1”

You’ll need to do 1 thing more to fix the routing. That is to route the traffic from tun0 to the interface that provides internet (venet0:0 by default).

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT -to-source your_vps_ip
iptables-save

Since we can’t use the MASQUERADE command, we need to use SNAT. Also only full interfaces are supported (So venet0:0 isn’t compatible with the -o option). That’s why I cover this on a static IP based configuration. This will route all network traffic on 10.8.0.0 to the internet-supplying interface.

sudo /etc/init.d/openvpn restart

Configure your VPN client on your computer, the client will need the following files:

/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/intovps.crt
/etc/openvpn/easy-rsa/keys/intovps.key

Create a config file, for example myvps.ovpn and change the certificate settings to include the files above:

In the line “remote hostname 1194″ change “hostname” with your VPS hostname that will match the certificate.
Also change the ssl settings in case you used a different name for the client certificates then myvps.

You can buy a cheap VPS from burst.net or visit lowendbox.com and search for an OpenVZ VPS.

Retrieved from:-http://www.vpnsurfing.com/2011/07/how-to-install-openvpn-on-an-ubuntu-openvz-vps/