Server

From ArchWiki
Jump to: navigation, search

This guide will give you an overview for the most common server options in existence and will outline some administration and security guidelines.

Preface

What is a server?

In essence, a server is a computer that runs services that involve clients working on remote locations. All computers run services of some kind, for example: when using Arch as a desktop you will have a network service running to connect to a network. A server will, however, run services that involve external clients, for example: a web server will run a web site to be viewed via the Internet or elsewhere on a local network.

Arch Linux as a server OS

Arch Linux comes as a minimal (but solid) base system, that can be easily turned into a server. You just need to install the desired server software and configure it. All the popular server software is available in the official repositories, and even more in the AUR. The wiki also contains much detailed documentation regarding how to set up server software.

Requirements

In most GNU/Linux server operating systems, you have two options:

  • A 'text' version of the OS (where everything is done from the command line)
  • A GUI version of the OS (where you get a desktop interface, such as GNOME/KDE, etc).

For the installation of Arch Linux, please refer to the Installation guide and General recommendations articles, but do not go any further than General recommendations#Graphical user interface unless you require a GUI.

For remote access to this server, you need a static IP address/ domain name, or something like No-Ip or FreeDNS.

Services

Local network services

Zeroconf

Avahi is a free Zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery. It allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example you can plug into a network and instantly find printers to print to, files to look at and people to talk to.

Security

Administration and maintenance

Remote administration

SSH is the Secure SHell, it allows you to remotely connect to your server and administer commands as if you were physically at the computer. Combined with Screen, SSH can become an invaluable tool for remote maintenance and administration while on-the-move. Please note that a standard SSH install is not very secure and some configuration is needed before the server can be considered locked-down. This configuration includes disabling root log-in, disabling password-based log-in and setting up firewall rules. In addition, you may supplement the security of your SSH daemon by utilizing daemons, such as sshguard or fail2ban, which constantly monitor the log files for any suspicious activity and ban IP addresses with too many failed log-in attempts.

X Forwarding is forwarding your X session via SSH so you can log in to the desktop GUI remotely. Use of this feature will require SSH and an X server to be installed on the server. You will also need to have a working X server installed on the client system you will be using to connect to the server with. More information can be found in the X Forwarding section of the SSH guide.

Local Package Repositories

Repose can be used to create a package repository for a local server cluster where packages must be tested for quality and reliability before undergoing deployment into a production environment.