LMDE Server Edition

LifeInTheGrey
   12 years ago
  12

 

LMDE Server Edition

 

Okay so this is still totally a work in progress, but I was inspired by SalineOS PSE to see if LMDE could be converted into a reasonable Server Edition. This project is ongoing, and of course I welcome any advice regarding different programs to use, better setups of specific items, etc., because I did all of this off of a TON of random searching online. Before this I had a FreeNAS setup, and already noticed a considerable jump in NFS share speed, DAAP share connectivity, and a gigantic increase in FTP speed (from 500 KB down to 9.3 MB).

 

DISCLAIMER:

 

I'm not really a mean guy, just wanted to point out that if the only comment you have is regarding the validity of this project … save me the time, and move on. I'm just trying to help those that would be interested in setting up a nice home server pretty quickly. I know there are better solutions (using CLI instead of GUI will reduce system resource consumption), I know you can do this with other systems (pure Debian, SalineOS, etc.), I just think the ease of a GUI combined with the simplicity of LMDE makes for a very smooth setup.

 

Now that's out of the way! Yay! Let's get down to business …

 

The one I set this server up on (not a recommendation, more a point of reference):

Pentium 4, 2GB ram, 70GB HD (also have 500GB and 250GB external Hds)

 

Components of Tutorial: (NC = not included in tutorial yet)

  • NFS (for sharing with other Linux/Unix devices)

  • Samba (for sharing with Windows) – NC

  • FTP (to remotely download files from specified directories)

  • DAAP (to stream music over LAN / remotely)

  • UPnP (to access media over LAN / remotely) – NC

  • Webserver (Apache2, MySQL, PHP to host website)

  • VNC (to remotely log into server for maintenance)

  • IMAP (secure email receiving) – NC

  • SMTP (secure email sending) – NC

  • Firewall (to limit access to server)

 

STEPS

 

  1. Choose a version

 

Obviously you need to choose between 32 and 64 bit depending on your memory choice, however the choice between GNOME and XFCE is important as well. Although all of my systems at home use GNOME, I chose to use XFCE because of much lower system resource usage. Hence, I installed LMDE XFCE 32-bit 201109. I'm fast-forwarding through the install process, because you can customize it as you like (personally, I set 5GB aside for the system, and created a partition with the rest for /home).

 

  1. Set IP Address

 

For a server, you really want to have a static IP address. Assuming you are using DHCP, go into your router settings and set up the server's MAC address with a static IP assignment. I won't tell you how to do this because there are obviously millions of possible ways, but that's what our buddy Google is for. Additionally, for things like the remote DAAP share, ftp, the webserver, etc., then Dynamic DNS will need to be established. Again, not going to go into that here, but you will need to set up Dynamic DNS and port-forward appropriately on your router in order to remotely access any of these items.

 

  1. Set up kernel

 

As Ubuntu loves to tout, server usage requires a different kernel management setup than a desktop does, because of the different ways it is used. The most important factors to change are the I/O scheduler to deadline, and the preempt settings to off. You can Google the explanation if you'd like (it would take to long to explain why). I also chose to download the Debian squeeze kernel (2.6.32-5) rather than use the 2.6.39 kernel it comes with (I tested both, the .32 kernel seems to use a touch less memory at idle). To do this:

 

  • Open root terminal

  • Type “gedit /etc/apt/sources.list”, enter

  • Add the line “deb http://ftp.debian.org/debian/ squeeze main contrib non-free”

  • Save and exit gedit

  • Type “apt-get update && apt-get install linux-headers-2.6.32-5-686 linux-image-686 linux-image-2.6.32-5-686”, enter, and run through install

  • Reopen sources.list and comment out the line you just added (add # in front of it)

  • Type “apt-get update”, enter, and once completed close terminal

 

Now, to configuration of the kernel:

 

  • Open root terminal

  • Type “thunar /boot” (or “nautilus /boot”, if you are using GNOME), enter

  • Open config-[KERNEL] in gedit (for whichever kernel you wish to edit)

  • Search for the word “deadline”

  • Change CONFIG_DEFAULT_CFQ=y to CONFIG_DEFAULT_DEADLINE=y

  • Change CONFIG_DEFAULT_IOSCHED=”cfq” to CONFIG_DEFAULT_IOSCHED=”deadline”

  • Search for the word “preempt_none”

  • Change “CONFIG_PREEMPT_VOLUNTARY=y to CONFIG_PREEMPT_NONE=y

  • Save and close gedit

  • Reboot and in GRUB on boot select the kernel you just edited

 

Now you've booted into the kernel with a more server-based setup! You can move on after this, but if you REALLY want to kick it up a notch, you can do the following:

 

**WARNING - FOR ADVANCED USERS - REQUIRES A KERNEL RECOMPILE**

 

If you want to take it even further, you can lower the CONFIG_HZ rating. Desktops default to 250, and most servers operate at 100, so you could change it to that. As mentioned, this requires you to recompile the kernel yourself (rather than just change lines in /boot/config), so I skipped this step.

 

  1. Set up boot

 

There are a couple packages that will help with file access, a couple mods to make in boot … all of this is just to make your boot process quick, minimal, and easy. To do this:

 

  • Open root terminal

  • Type “apt-get install preload readahead startupmanager”, enter

  • Once complete, close root terminal

  • Go to the menu, open Startup Manager

  • Set your default boot to the kernel you want (the one you edited)

 

Now your machine will correctly boot without choosing from GRUB as you did.

 

  1. Get rid of excess

 

So obviously, since this is a server and not a machine for desktop use, you can get rid of a LOT of the software preinstalled. Here we go:

  • Open root terminal

  • Type “apt-get purge libreoffice* banshee brasero pidgin giver gnome-ppp gimp gthumb”, enter

  • Hit y to remove them, let it run until finished

  • Type “apt-get autoremove”, enter

  • Hit y to remove orphan packages, let it run until finished

  • Type “apt-get clean && apt-get autoclean”, enter

 

Now that you got the unnecessary stuff out of the way, lets get the necessary stuff in there.

 

  1. Install server software

 

So there is quite a bit of stuff to install:

 

  • Open root terminal

  • Type “apt-get update && apt-get install nfs-kernel-common nfs-common vsftpd mt-daapd mysql-server mysql-client apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-papel1 php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xml phpmyadmin”, enter

    • This is for NFS, FTP, DAAP, MySQL, Apache2, and PHP

    • More to come in future versions (as I set them up myself)

  • Let it run through all that stuff, and then close terminal

 

Now that you have all the stuff, its time to configure it.

 

  1. Configure NFS

 

NFS, compared to Samba, is a much more efficient and speedy method to share network folders (although, if you have a Windows machine, it won't play nice unless it runs Windows 7). Even better, setup is pretty easy.

 

  • ON SERVER

    • Open root terminal

    • Type “gedit /etc/exports”, enter

    • Add the shares to a new line at the bottom of the file like this:

      • /share/folder network/netmask(options)

      • EXAMPLE

        • /home/user/Documents 192.168.1.0/255.255.255.0(rw,no_subtree_check)

        • This grants all users (.0 - .255) on your LAN access the shares

      • EXAMPLE 2

        • /home/user/Pictures 192.168.1.105(rw,no_subtree_check)

        • This grants this specific client IP access to the shares (useful for static IPs)

      • EXAMPLE 3

        • /home/user/Videos user-laptop(rw,subtree_check)

        • This grants this specific client hostname to the shares (useful for DHCP)

    • Save and close gedit

    • Type “exportfs -a”

      • Necessary after EACH edit to /etc/exports, otherwise changes will not show

    • Type “update-rc.d -f nfs-kernel-server”, enter

    • Type “update-rc.d -f nfs-common”, enter

  • ON CLIENT

    • Open root terminal

    • Type “gedit /etc/fstab”, enter

    • Add the shares to a new line at the bottom of the file like this:

      • Server:/share/folder /mount/location nfs options 0 0

      • EXAMPLE 1

        • 192.168.1.250:/home/user/Documents /mnt/NFSDocs nfs auto,noatime,defaults 0 0

        • If server uses static IP

      • EXAMPLE 2

        • home-server:/home/user/Pictures /mnt/NFSPics nfs auto,noatime,defaults 0 0

        • If server uses DHCP

    • Save and close gedit

    • Type “mount -a”, enter

    • Check mount folder (ie, /mnt/NFSDocs) to make sure share is loaded

 

Done! Now you have an NFS server that loads on boot of the server (which should happen as little as possible, but automate it nonetheless), and an NFS client that loads the shares on boot.

 

  1. Configure FTP

 

FTP is actually a bit more straightforward to set up than NFS, its the setting up secure connections that is the issue if you want to have “guest” connections.

 

  • Open root terminal

  • Type “sysv-rc-conf vsftpd on” to start vsftpd on boot

    • To check if its working, type “netstat -a | grep ftp”, and if you see anything you're good

 

At this point you're good, but if other people are going to use this site, you want to limit a few things.

 

  • Type “gedit /etc/vsftpd.conf” to edit the configuration file

  • Search for “chroot_local_user”; not sure why there are two options, but on the FIRST one, uncomment it so that specified FTP users are limited to their own home folders, save and exit gedit

 

Now, if you want to add specific users to specific home directories:

 

  • Still in root terminal, type “useradd -g ftp -d /directory/chosen username”, enter

    • Obviously, change /directory/chosen to whatever you want to set it to, username to whatever username you want (like “guest”)

  • After this, type “passwd username”, enter

    • Again, username is whatever username you chose

  • Enter the password you want for this user (it will prompt twice), enter

 

Finally, check users and groups:

 

  • Menu => System => Users and Groups

  • Click “Manage Groups” and check the properties of “ftp”

  • Make sure all the users you want to have access to ftp are checked

  • Open root terminal

  • Type "thunar /directory/chosen" (replacing /directory/chosen with where your FTP is)

  • Go to the Permissions tab, and right-click on the FTP folder and select "Properties"

  • Make sure that your owner is Root or the main server user and has Read/Write capabilities, the Group is ftp with Read-Only capabilities, and the Others has Read/Write capabilities

 

And now, you're good to go! Go to a browser and type “ftp://IP.Address.Of.Server” if you don't believe me! (Obviously, substitute whatever IP address your router is)

 

  1. Configure DAAP

 

A DAAP share is also pretty easy to set up, and is REALLY beneficial if you are a music nerd like me. You can set up Banshee to access your share remotely, or set up your Android (and I think iPhone?) phone to connect and stream remotely as well. Basically, this means your entire music collection is available anywhere you have internet connection! Friggin money!

 

  • Open root terminal

  • Type “gedit /etc/mt-daapd.conf”

  • Scroll down to port = 3689, and change it

    • This is optional, but 3689 is the conventional DAAP share port … personally, I set it to something unused, like 8000, for security reasons but also for other shares

  • Search for “mp3_dir” and set it to wherever your music is (i.e., /home/user/Music)

  • search for “password =” and set it to whatever you want; you can leave it blank, but for remote connections that means anyone that guesses your IP / URL can access it! I set it up, and both Banshee and the Android AP works with it no problem

  • Save and exit gedit

  • Type “update-rc.d mt-daap defaults”, enter to start DAAP share on boot

  • Type “update-rc.d avahi-daemon defaults”, enter to start ZeroConf on boot

  • Type “service mt-daapd start”, enter to start DAAP share immediately

  • After a few minutes, go to “Server.Static.IP.Adress:Port” (i.e., 192.168.0.2:8000) to make sure its up and running correctly

    • The initial scan takes a while … up to an hour, depending on the size of the collection. I had nearly 13,000 and it took 20 minutes, so don't freak like I did if you can't access the site right away

  • Connect Banshee / your phone for DAAPy goodness!

 

  1. Configure Webserver

 

Now that you've installed Apache2, you can go to “Server.Static.IP.Address” (i.e., 192.168.0.2) and you should see the placeholder page that says your webserver works. Next is to set up PHP

 

  • Open root terminal

  • Type “/etc/init.d/apache2 restart”, enter to restart webserver

  • Your webserver root is /var/www, so type “gedit /var/www/info.php”, enter to create a basic PHP file

  • In the blank document, type:

    <!--?php
    phpinfo();
    ?>

  • Save and exit gedit

  • Go to your website/info.php (i.e., 192.168.0.2/info.php)

    • You should see a page talking about the PHP version and specific info about it, including all the modules you've installed

  • Go to your website/phpmyadmin/ (i.e., 192.168.0.2/phpmyadmin/)

    • You can access your PHP MyAdmin here

 

Since this is Apace/SQL, there are approximately 450 quadrillion tutorials about what you can do from here. But now, you're ready.

 

  1. Configure VNC

 

This took me the longest time to set up, and frankly I can't get it to automatically set up on login, so upon reboot you need to manually restart the process. That said, you should never ever reboot your server unless absolutely necessary, so it really should rarely be a problem. Once you get this set up, you can run this server headless (meaning no monitor, keyboard, or mouse necessary).

 

  • Open REGULAR terminal

  • Type “vino-preferences”, enter

  • Check the box for “Allow other users to view desktop”, and the box beneath it to control desktop should be automatically checked as well

  • Uncheck “You must confirm ...” and check the box for “Require the user to enter this password” and put in the password you wish

    • For some reason, it limits it to 8 characters, so choose well

  • Close the box and terminal

  • Log into a different machine and open your VNC client software (with another LMDE machine, you need to install vinagre), and you should see the share

  • Double-click the name, input the password, and control your server remotely!

 

Again, if you reboot the server, you will need to connect a monitor and just reopen vino-preferences, otherwise the share will not be displayed on the network. If anyone has any better ideas on this topic, I really am all ears.

 

  1. Set up Firewall

 

Finally, but most importantly, we need to set up the firewall. In an ideal world, your router should be a great firewall (DD-WRT, if you haven't already), but another line of defense always helps. As any LMDE user knows, gufw is included, which makes setup super easy.

 

  • Menu => System => Firewall Configuration

  • Unlock, then check the box to activate it

  • Set open incoming ports by clicking “Add”, under “Simple” tab

    • Type “21” and click add for FTP

    • Type “80” and click add for HTTP (webserver)

    • Type “8000” (or whatever you choose for DAAP share) and click add for DAAP

    • Type “192.168.1.0/24” (or whatever your network IP address/24 is) to allow all computers on your network to access the server

      • Can limit this further by specifying ports for VNC, NFS, etc., but I didn't

 

Finally … you're set to go. I shall add the other components (Samba, Mail, etc.) as time goes (and as I set it up myself), but hopefully this will get someone started.

Comments
cbertram 8 years ago

No one ever came back to finish this? Good Tutorial with what is here.

trollboy 12 years ago

I do prefer a gui free environment for servers but this is just itching to be tried in a VM.

Nice one.