Maxim Zaitsev2014-06-13 10:15:54
Mail server
Maxim Zaitsev, 2014-06-13 10:15:54

A complete web server on ubuntu: need manuals, tips and answers to questions?

Hello everyone, I know that there are a lot of questions about raising a web server and setting up a home server. I read most of them and I myself do quite well with the trivial tasks of installing and configuring servers, but there was a need to set up a web server that will run several sites accessible via the Internet. Now it works for me under Debian but unfortunately my first experience was not so successful, so I plan to move the system to ubuntu server 14.04 and do everything right this time. Here I will describe the tasks that need to be implemented and the problems that I have already encountered and I hope that you will help me compile a step-by-step manual for setting up and raising a web server on ubuntu. I ask you right away, do not post links to articles if you are not sure about the relevance of the information, because 95% of the articles are not entirely relevant now,
What is available from the equipment and network hierarchy:
There is a white IP address to which 4 domain names are attached.
The Internet comes to the router (white IP) which sends all incoming white IP requests to a server on the local network with a static IP, which is given to it by the router by the name of the machine. As a server, a computer with a 4-core AMD processor, a 1TB hard drive and a read and write speed of 6MB / s and 8GB of RAM is used.
Main tasks:
1) Install ubuntu server 14.04 (this does not need to be described)
2) Install an SSH server running through ssh access key (installing a server is not a problem, but I don’t know how to set up a server to work with keys)
3) Install and configure LAMP, FTP, MAIL servers
4) Install a server management system via the web face from a remote computer
It would seem that the tasks are quite trivial, but there are a couple of things: You
need to make sure that the user connecting via FTP gets into the folder with one of the virtual hosts associated with this user. It is desirable to be able to make separate PHP settings for each virtual host. For each virtual host, it is necessary to ensure the operation of its own mail server with the domain name of this host. Each host must create a database with a host name. The owner user of this database must have full rights (except for deleting the database) to work with this database, but it must not have rights to other databases.
Accordingly, the question becomes how to organize such work. At one time, I did it simply, created users on the LINUX system and placed virtual hosts in their home directories. I set up an FTP server, set up a connection through linux users and locked users in my home directory, but this method, in my opinion, is far from perfect, and even now it has lost its relevance, since when placing a virtual host in the home directory, the server simply returns an error that there is no access, adding a user to the www-data group or adding a www-data user to the user group has no effect. Now I don’t remember exactly what I did, but setting the rights to 777 on the user’s home directory, adding the user to the www-data group, and some kind of shamanism with virtual host configs helped. After these manipulations, the server seems to have become available, but the rights 777 for all files are very confusing, and if you set other rights, the file becomes inaccessible. In addition, there was a problem with the ftp server (according to my vsftpd), if we lock the user in his home directory, then it becomes impossible to connect to the server, but as soon as we allow the user to be locked in the home directory, the problem immediately disappears, only by connecting via ftp thus he gets full access to the entire server at least for downloading files.
In general, I will listen to your opinions, advice and read the manuals you suggested. Once again, before posting an article, please make sure that it is up-to-date, since I have read a lot of articles, but very little of this really works as described in the article due to the fact that changes in Linux software products and security have changed a lot since then. these years.
In addition, I will listen in detail how to make the server work normally through domain names, otherwise I already made a mistake and did not indicate the address of the provider with a list of domains tied to the IP address, in connection with which my IP was blacklisted by mail servers. Now I’m just going to change the white IP from the provider to a new one. In general, tell us what else needs to be done so that all services work normally.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Boris Syomov, 2014-06-14

You don't even have to read step by step manuals. It is necessary to read the documentation for specific programs and understand what you are doing and learn ...
2. "Out of the box" works with keys. No settings are required for this, only keys are generated (man ssh-keygen)
3. Documentation and examples are available on the relevant sites, for example for postfix www.postfix.org/docs.html, or apache www.apache.org/. If you can't set up the appropriate applications using this information, you simply don't need to do it at all.
4. If you have several of your sites there, you don’t need a panel - it will only interfere. And if you are talking about all sorts of webmines and other gadgets for managing the server, this is not necessary in principle.
5. You missed a lot. For example, server operation should be monitored. Logs should at least be viewed, but it is better to analyze. With the simplest attacks to fight automatically, and much more. Think 10 times, should you set up a server at all if you have questions even on elementary things?

Dmitry Rublev, 2014-06-13

I think you are making things difficult for yourself.
Consider using ISPConfig , it may be sufficient for basic tasks.
You'll get a web interface, separate FTP access, email for domains, and more.
As for getting into the blacklist, I didn’t really understand what happened. By e-mail, I recommend to register SPF records in DNS.

Polyanappua, 2019-07-23

Install vestacp.com, and there will be no grief)
The forum and support are active and responsive, many issues are resolved without problems in Google search, even in Russian

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question