Coldest Web Server Config

This is a search engine friendly export of a TiddlyWiki. Please click here for the actual site.

Coldest Web Server Config

These are the things that need to be done on a fresh install of the Coldest web server.

# Add regular user
# Allow su from regular user (apparently it isn't setuid by default in the image)
** {{{chmod +s /bin/su}}}
# Only after fixing su and making sure it works, disable root login through ssh
** {{{/etc/sshd_config}}} change PermitRootLogin to no
# Add regular user to necessary groups (mostly for backups)
** {{{usermod -aG root cybertron}}}
# Kill nash-hotplug
** Add the line {{{/usr/bin/killall nash-hotplug}}} to the file {{{/etc/rc.local}}}
** Note that killall is part of the psmisc package which is installed later
# Fix /tmp permissions
** chmod 777 /tmp
# Configure ssh tunneling to get around stupid port blocks (this step will be expanded on in the future)
** {{{ssh -f -N -g -4 cybertron@home.nemebean.com -L 25:home.nemebean.com:2555}}}
# {{{aptitude update}}} and {{{aptitude safe-upgrade}}}
# Install needed packages: {{{aptitude install apache2 php-apc mysql-server mysql-client php5-mysql fail2ban psmisc php5-gd screen libsdl-net1.2 rsync}}}
# Configure ssh keys
** From home system: {{{scp ~/.ssh/id_dsa.pub coldestgame.com:~/.ssh/id_dsa.vanguard}}}
** Build systems: {{{scp ~/.ssh/id_dsa.pub coldestgame.com:~/.ssh/id_dsa.build[32|64]}}}
** On coldestgame.com: {{{cat ~/.ssh/id_dsa.vanguard >> ~/.ssh/authorized_keys2}}}
# Copy backup files to system
** etc mysqlbackup sbin site smf robots.txt(?)
# Restore MySQL files to /var/lib/mysql
** Fix permissions: {{{chown -R mysql:mysql drupal_coldest mysql smf}}}
# Restore configurations
** /etc/mysql/debian.cnf
** /etc/apache/sites-available/default
** /etc/network/interfaces
** {{{a2enmod rewrite}}}
** Fail2ban: /etc/fail2ban
** /root/.my.cnf
*** {{{[mysqlhotcopy]}}}
*** {{{password=**************}}}
# Fix exim4 permissions
** {{{chown Debian-exim:adm /var/log/exim4/mainlog}}}
** {{{chmod 777 /var/mail}}}
# Configure exim4
** {{{dpkg-reconfigure exim4-config}}} and make sure to allow sending to external domains. IMPORTANT: Do not listen on external interfaces! This is a security risk and we don't need to do it. Trust me on this. ;-)
** {{{update-rc.d -f exim4 remove}}} (Exim won't actually work anyway since we forward port 25 through the ssh tunnel)
# Fix Drupal permissions
** chown -R www-data:www-data /var/www/site/sites/default/files
# Configure crontab for root
** Crontab file is stored in the root of /backup, it is only readable by root so it's awkward to backup automatically.
** For future updates, the crontab file can be found at /var/spool/cront/crontabs/root
# Install subversion
** {{{aptitude install subversion}}}
# Install master server
** Build in Kubuntu VM, using gcc-4.1
** Install sdl_net {{{aptitude install libsdl-net1.2}}}
# Optional: Install phpmyadmin
** Apparently it is necessary to uncomment the host and auth_type lines in /etc/phpmyadmin/config.inc.php to get this to work. I don't remember having to do that before, so it's possible this was a one off problem.