User:PMay/ vServer Setup

From ArchWiki
Jump to: navigation, search

This guide is about how to install Arch on a vServer hosted by The guide is still in development and not complete.


 # dd if=/dev/zero of=~/part bs=1024 count=2000000
 # mkfs.btrfs -L mybtrfs ~/part
 # mkdir /mnt/mybtrfs
 # mount /root/part /mnt/mybtrfs


 # export FTP_PASSWORD=<my_password>
 # export PASSPHRASE=<my_passphrase>
 # duplicity --verbosity 9 --ssl-no-check-certificate . webdavs://<my_e-mail>
 - Errormessage:
 Import of duplicity.backends.dpbxbackend Failed: No module named dropbox

more packages to install

 # pacman -S net-tools


 # systemctl enable network@ens3.service
  • edit /etc/resolv.conf to setup name server (see same file from old debian installation for proper values)


 # systemctl enable sshd.service

activate swap partition

 # mkswap /dev/sda1
 # swapon /dev/sda1
File: /etc/fstab
/dev/sda1           	none      	swap      	defaults  	0 0


 #  pacman -S apache php php-apache mariadb


Apache Security

  • disable all auth modules but not
  • disable all proxy modules
  • disable
  • disable
  • removed Include conf/extra/httpd-autoindex.conf


  • login to DB
 # mysql -u root -p
 CREATE USER 'wp'@'localhost' IDENTIFIED BY 'somepassword';
 GRANT ALL PRIVILEGES ON wp_db.* TO 'wp'@'localhost';

Idears / ToDo

  • use btrfs to make snapshots for recovery - but use ro now rw snapshots (tip from irc - whatever that means)
  • port 5060 (sip) scheint offen zu sein
  • remove these messages vom apache: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.1e DAV/2 PHP/5.5.6
  • check if these settings are all right: php_admin_value open_basedir
  • Zeitzone setzen
  • Zeitserver client aufsetzen
  • Forward-Secrecy:
  • FollowSymLinks bei apache aus
  • edit /etc/httpd/conf/extra/httpd-default.conf
  • edit open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/ in php.ini
  • ich wuerde von dem verlinkten wiki abraten, die leute in #postfix waren ziemlich entsetzt als sie das gesehen haben, vor allem das 'relay_domains = *'



  • see what daemons are listening on what ports
 # netstat -tuple
 # ss -l
  • show the state of a running deamon and its last log output
 # systemctl status <deamon_name>