1. Materials needed before you begin
You'll need the four Fedora Core 2 CDs, a machine, an Internet connection and the IP addresses of the gateway and for the machine itself.
2. Install Fedora Core 3
The installation process follows the same steps as for Fedora Core 1 (and earlier versions of Red Hat) so it's not necessary to explicitly repeat each step again. If you haven't done a FC install However, since this is a Web server, the choices you make in several steps are different, and those differences are explained here.
2.1 Installation type
Select the “server” installation. Fine tuning of the packages will come later.
2.2 Configure partitions
A Web server has different partition requirements than a desktop or a file server. For a machine with 26 GB of hard disk space,spread out over two drives, here's one possible configuration.
Boot is always 100 MB, unless you're so pressed for disk space that you need to reduce it further. /var/www is where Web server files go, so you'll want a lot of room there. Swap is usually twice the amount of RAM.
hda (12 GB)
- boot 100 MB
- /var/www 11,000 MB
- swap 500 (assuming 256 MB of RAM)
Reserve a fair amount of space for /tmp and /var, which hold files like logs and working files. Putting each of these in its
own partition means that, for example, a log file that runs out of control won't crash the rest of the system. Reserve a fair
amount of space for /home. And increase that if you're going to have other people maintaining their own home directories on
your Web server. The rest goes to the root partition.
hdb (14 GB)
- / 5000
- /tmp 2000
- /home 3000
- /var 2000
2.3 Ethernet configuration
If you're not using DHCP, you're going to need to configure your network card manually. In the Network Configuration step,select the Edit button to the right of the Network Devices list box. You'll uncheck the “Configure using HDCP” check box, and then enter the IP Address and Netmask for your Web server computer.
Once back in the Network Configuration step, you'll select the “Set the hostname” option button to “manually”, and enter the hostname for your Web server computer.
Finally, you'll enter the IP address for your Web server's gateway (often this is an IP associated with the router that the server is connecting to the Internet through), and the IP addresses for the DNS servers your Web server will be using.
You can verify and modify these settings through the System Settings | Network dialog as shown in Figure 1. You'll need to enter the root password in order to gain access to the dialog.
Figure 1. The Network Configuration dialog allows you to access and modify your network settings.
Select the Edit button in the Network Configuration dialog to view or change the IP addresses for the computer, as shown
in Figure 2.
Figure 2. The General tab of the Ethernet Device dialog allows you to view and change the IP addresses
Associated with the computer.
Select the DNS tab of the Network Configuration dialog, as shown in Figure 3, to modify your hostname as well as your
DNS settings.
Figure 3. The DNS tab of the Network Configuration dialog allows you modify the hostname and DNS settings.
3.4 Firewall and Services
Use the Firewall Configuration dialog to set up the basic firewall for your server. First, select the “Enable firewall” choice at the top of the dialog. Second, select the 'WWW (HTTP)', 'SSH' and 'Mail (SMTP)' services. Finally, if you're going to use HTTPS, enter the text string 443:tcp into the "Other ports" text box in order to allow HTTPS through on port 443. See Figure 4.
Figure 4. The appropriate settings for setting up a firewall on your Web server.
Also note that you'll need the "openssh-server" package for ssh.
3.5 Package Group Selection
Having selected the 'server' installation type earlier causes the following package groups to be automatically selected. (The number of packages selected out of the total number of available packages is shown in parens behind each section.)
text based ineternet (3/7)
server config tools (9/12)
web server tools (20/25)
winfs (2/2)
admin tools (11/12)
printing support (1/10)
Now go into the Web server tools section and add the following packages:
mod_auth_mysql
mod_auth_pgsql
php-mysql
php-pgsql
Now, since this is your first Web server, you'll want some extra help. Select the following sections to be installed in
addition to the server defaults just discussed, and add or remove individual packages in each section as noted.
X Window System (33/38): No changes
Gnome (34/40): Add gqview
Kde (14/15): Add kadmin
Graphical internet (4/14): Add quanta
SQL database server (4/6): Add MySQL-server
System tools (7/22): No changes
3.6 Log file
Once you're done with the initial installation, the installation log file is found in /root/install.log.
4. Get rid of unneeded services
Open Open System Settings | Server Settings | Services, and make sure that just the following services are running (for both level 3 and 5.)
acpid
anacron
atd
autofs
cpuspeed
crond
gpm
httpd
iptables
irqbalance
kudzu
mdmonitor
mdmpd
messagebus
microcode_ctl
network
portmpa
random
rawdevices
readahead
readahead_early
rhnsd
rpcgssd
rpcidmapd
rpcsvcgssd
sgi_fam
smartd
sshd
syslog
xinetd
You may choose to turn off xinetd as well.
5. Test the Web server's default page
It's time to test your Web server to see if it's actually a Web server or just a computer with grand aspirations. If you have to do
your testing on the Web server machine itself, open up a browser and enter
http://localhost/
into the address bar.
If you've got access to a different computer - ideally on a separate line - and you've got a separate domain set up on the Internet,
and pointed to the gateway IP in step 3.3, enter
http://www.yourdomainname.com
into the address bar. In both cases, you should see the Apache page, as shown in Figure 5.
Figure 5. The default Apache page on Fedora Core.
6. Test the Web server with your own page.
Create your own index.html file and put it in /var/www/html and run the test (localhost or yourdomain.com) again - you should
see your own page instead of the Apache test page.
7. Secure the box by shutting off unneeded services
Run the commands
netstat -an | more and lsof -P –i to see what ports are open and what services are accessing them. The only ports that should be open are 22, 80, and, if
you're interested in HTTPS, 443.
8. Reconfigure ssh
Change the setting of
PermitRootLogin in the/etc/ssh/sshd_config
No comments:
Post a Comment