Difference between revisions of "Debian Wheezy"

From Hexwiki
Jump to navigation Jump to search
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
This guide covers a robust LEMP (Linux, Nginx, MySQL, PHP) stack running on Debian Wheezy, which includes a similarly robust Dovecot + Postfix mail solution.
+
__TOC__
 +
This guide covers a robust LEMP (Linux, Nginx, MySQL, PHP) stack running on Debian Wheezy, which includes a similarly robust Dovecot + Postfix mail solution. You might not need everything here, but if you use Linux to serve the Internet in any fashion, you will probably find something of use in here.
  
After finally getting around to putting this up, I noticed I skipped over some documentation, and as a result I am probably still missing a few things. More than that, I am sure not all of this is very clear. Some of it may be wrong, or at least, 'improper'. I can say it works - you are reading this, after all - and that it works rather smoothly. In order to make things more self-contained and clearer (I hope) some things are discussed multiple times in this section.
+
After finally getting around to putting this up, I noticed I skipped over some documentation, and as a result I am probably still missing a few things. More than that, I am sure not all of this is very clear. Some of it may be wrong, or at least, 'improper'. It does work - you are reading this, after all - and it works quite smoothly.  
  
I could add a few more items to the stack section - this server also runs Murmur (mumble-server), a git repository, several Minecraft servers (community for them is on [http://worldunbent.com Legends of a World Unbent]), and a number of forums, blogs, and wikis. Most CMS platforms like the latter will get more independent guides
+
I could add a few more items to the stack section - this server also runs Murmur (mumble-server), a git repository, several Minecraft servers, and a number of forums, blogs, and wikis. Most CMS platforms like the latter will get independent guides.
  
So, given that:
+
So, given that...
  
 
# If there is something you want to setup that you would like me to add.
 
# If there is something you want to setup that you would like me to add.
Line 12: Line 13:
 
# Or any other suggestion
 
# Or any other suggestion
  
Please feel free to [http://hexwiki.com/forums/index.php sign up to the forums] and let me know.
+
Please feel free to [mailto:vekseid@elliquiy.com e-mail me] or [http://hexwiki.com/forums/index.php sign up to the forums] and let me know.
  
 
== History of this guide ==
 
== History of this guide ==
Line 20: Line 21:
 
There were some problems with this.
 
There were some problems with this.
  
'''1)''' Elliquiy has the 'distinction' of likely being the only site where [http://xkcd.com/1353/ this XKCD strip applied to the joke]. That is, it's not safe for work. At least my e-mail was unaffected.
+
'''1)''' Elliquiy has the 'distinction' of likely being the only site where [http://xkcd.com/1353/ this XKCD strip applied to the joke]. That is, it's not safe for work, and https is forced. At least my e-mail was unaffected. And yes, by the time that strip was up I was already patched.
  
'''2)''' Even ignoring that it is five years old, it was still my first non-virtual Debian stack open to the Internet. The traffic that nearly brought it down is normal operations some days.
+
'''2)''' Even ignoring that it is five years old, it was still my first non-virtual Debian stack open to the Internet. The traffic that nearly brought it down would not even reach average these days.
  
 
A few servers and who knows how many VPSes later, I updated the documentation when I moved to Squeeze, but for various reasons, never got around to publishing it.  
 
A few servers and who knows how many VPSes later, I updated the documentation when I moved to Squeeze, but for various reasons, never got around to publishing it.  
  
A few more servers and dropping my last VPS later, I updated the documentation to Wheezy. The following, with some server/purpose specific modifications, is currently running on three servers.
+
A few more servers and dropping my last VPS later, I updated the documentation to Wheezy. The following, with some server/purpose specific modifications, is currently running on three servers, two [http://hostvenom.com/ servers are at HostVenom in Chicago], the third [https://www.hivelocity.net/ server is at Hivelocity in Tampa]. These two installations exchange their backups with each other every morning. 
  
My two main [http://hostvenom.com/ servers are at HostVenom in Chicago], running a Master/slave setup, and the third [https://www.hivelocity.net/ server is at Hivelocity in Tampa], which functions as a remove backup and hosts my smaller sites. Having been through a dozen reputable hosting companies, these two have been doing well enough for me for the past year.
+
== Hardware and Hosting ==
 
 
In any case, these servers are used to host highly committed communities, with a wide array of technical abilities and situations. If something goes wrong, I generally hear about it fairly quickly, and can work to resolve it accordingly.
 
 
 
Next up after this is probably a performance troubleshooting guide.
 
  
== Hardware and Hosting ==
+
If you need it, I put up some quick advice on [[Choosing a Registrar]] and [[Choosing a Host]].
  
# [[Choosing a Host]]
 
 
# [[Designing a Server]]
 
# [[Designing a Server]]
 
# [[IPMI Installation (Wheezy)]]
 
# [[IPMI Installation (Wheezy)]]
Line 74: Line 70:
 
# [[Mail Reputation Management]]
 
# [[Mail Reputation Management]]
  
== Logs and Security ==
+
== Logging, Finalizing ==
  
 
# [[Logging (Wheezy)]]
 
# [[Logging (Wheezy)]]
 
# [[Logcheck (Wheezy)]]
 
# [[Logcheck (Wheezy)]]
# [[Backup Exchange (Wheezy)]]
+
# [[Backups (Wheezy)]]
 
# [[AppArmor (Wheezy)]]
 
# [[AppArmor (Wheezy)]]
  
 
{{Bottom Wheezy}}
 
{{Bottom Wheezy}}

Latest revision as of 01:29, 14 May 2014

This guide covers a robust LEMP (Linux, Nginx, MySQL, PHP) stack running on Debian Wheezy, which includes a similarly robust Dovecot + Postfix mail solution. You might not need everything here, but if you use Linux to serve the Internet in any fashion, you will probably find something of use in here.

After finally getting around to putting this up, I noticed I skipped over some documentation, and as a result I am probably still missing a few things. More than that, I am sure not all of this is very clear. Some of it may be wrong, or at least, 'improper'. It does work - you are reading this, after all - and it works quite smoothly.

I could add a few more items to the stack section - this server also runs Murmur (mumble-server), a git repository, several Minecraft servers, and a number of forums, blogs, and wikis. Most CMS platforms like the latter will get independent guides.

So, given that...

  1. If there is something you want to setup that you would like me to add.
  2. If there is something confusing about the instructions, or I have missed a step.
  3. If I am doing something incorrectly.
  4. Or any other suggestion

Please feel free to e-mail me or sign up to the forums and let me know.

History of this guide

Back in 2009, my main forum (Elliquiy) had gone from outgrowing its shared hosting, to outgrowing its vps, which was then running Debian Etch. I got a Core2 Duo server with 4GB of RAM, installed Debian Lenny on it, and went about documenting everything that I had done. I published the result to my forums as 'The Elliquiy LAMP Stack'.

There were some problems with this.

1) Elliquiy has the 'distinction' of likely being the only site where this XKCD strip applied to the joke. That is, it's not safe for work, and https is forced. At least my e-mail was unaffected. And yes, by the time that strip was up I was already patched.

2) Even ignoring that it is five years old, it was still my first non-virtual Debian stack open to the Internet. The traffic that nearly brought it down would not even reach average these days.

A few servers and who knows how many VPSes later, I updated the documentation when I moved to Squeeze, but for various reasons, never got around to publishing it.

A few more servers and dropping my last VPS later, I updated the documentation to Wheezy. The following, with some server/purpose specific modifications, is currently running on three servers, two servers are at HostVenom in Chicago, the third server is at Hivelocity in Tampa. These two installations exchange their backups with each other every morning.

Hardware and Hosting

If you need it, I put up some quick advice on Choosing a Registrar and Choosing a Host.

  1. Designing a Server
  2. IPMI Installation (Wheezy)

Linux Core

The following assumes you have Wheezy installed and partitioned to your specifications - either by your host or by yourself via a remote KVM as above.

  1. Network (Wheezy)
  2. OpenSSH (6.0)
  3. Packages (Wheezy)
  4. Sysctl.conf (Wheezy)
  5. Iptables (1.4)
  6. Security (Wheezy)
  7. User Management (Wheezy)

Software Stack

  1. Unbound (1.4) - While I use a DNS service for my authoritative DNS servers, having a local DNS server is extremely handy. In addition to being almost a requirement for any mailserver that accepts mail, it can speed up some website functions immensely.
  2. MySQL (5.5) - Getting the database going early is often a priority.
  3. Nginx (1.2) - Webserver of champions. I do have some older documentation for Apache, but at this point I cannot afford to consider switching back. If using DotDeb, this documentation works fine for 1.4/1.6, it just doesn't take advantage of all features. I am holding off a bit on SPDY, personally.
  4. PHP (5.4) - FPM and the ancient fastcgi method are covered.

Mail Setup and Stack

  1. MySQL must be setup first for the following configuration, and a working DNS resolver such as Unbound is highly recommended.
  2. Packages used: opendkim opendkim-tools spamc libmail-dkim-perl libmail-spf-perl libio-socket-inet6-perl clamav-docs clamav-freshclam clamav-daemon clamav-milter clamav dovecot-imapd dovecot-mysql postfix postfix-mysql postfix-pcre
    1. We're setting up Postfix as a site.
  3. Mail Setup (Wheezy)
  4. Mail Tables (MySQL)
  5. OpenDKIM (2.6)
  6. Mail and DNS - Once we know what our domains are and have our DKIM key (from OpenDKIM), we can configure our DNS properly.
  7. Spamassassin (3.3) - I've tried others, supposedly for the performance benefits, but honestly, with a handful of custom rules, and a solid postfix configuration, very little spam makes it through.
  8. ClamAV (0.98) - Antivirus IMO should be approached from the viewpoint that it gives a chance for you to avoid the repercussions of your mistakes. Often a small one, but if not intrusive, still better than zero.
  9. Postfix (2.9) - My preferred MTA of choice.
  10. Dovecot (2.1)
  11. Mail Reputation Management

Logging, Finalizing

  1. Logging (Wheezy)
  2. Logcheck (Wheezy)
  3. Backups (Wheezy)
  4. AppArmor (Wheezy)