Difference between revisions of "The Perfect Small Business Server(+Failover)"

From ArchWiki
Jump to: navigation, search
Line 247: Line 247:
  
 
=Install & Configure Apache:=
 
=Install & Configure Apache:=
We will now install & configure Apache with PHP, we will
+
We will now install & configure Apache with PHP & MySQL, We will do this in two sections, first will we install & configure the basic apache settings, then we will install PHP & create a number of "vhost.conf" style files apache needs for a PROPER setup of: RoundCubeMail, PHPMyAdmin, PHP, ProBIND, mysql, etc...Because we will be telling apache to use things like PHP, PHPMyAdmin, RoundCubeMail, ProBIND, MySQL, PostfixAdmin, Horde, etc, it (may not) start UNTIL all of the previously mentioned packages are downloaded, unpackaged, and installed in the proper places. IF YOU DECIDE NOT TO USE A SPECIFIC WEBAPP/PACKAGE DESCRIBED IN THIS GUIDE, SIMPLY DO NOT PUT AN "Include packagename" LINE for it IN: /etc/httpd/conf/httpd.conf here we go!:
 +
 
 +
 
 +
 
 +
'''INPUT: the following command to install apache, php & MySQL:
 +
# {{Codeline|[root@node(1/2) ~] pacman -S apache php-apache php mysql}}
 +
 
 +
 
 +
'''EDIT: the file: /etc/httpd/conf/httpd.conf and uncomment the following, we will UNCOMMENT/MAKE ACTIVE the ENTIRE LoadModule LIST, we will also add a LoadModule line for PHP5 at the end of the load module list:
 +
# {{Codeline|[root@node(1/2) ~] nano /etc/httpd/conf/httpd.conf }}
 +
{{file|name=/etc/httpd/conf/httpd.conf|content=
 +
ServerRoot "/etc/httpd"
 +
Listen 80
 +
LoadModule authn_file_module modules/mod_authn_file.so
 +
LoadModule authn_dbm_module modules/mod_authn_dbm.so
 +
LoadModule authn_anon_module modules/mod_authn_anon.so
 +
LoadModule authn_dbd_module modules/mod_authn_dbd.so
 +
LoadModule authn_default_module modules/mod_authn_default.so
 +
LoadModule authz_host_module modules/mod_authz_host.so
 +
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
 +
LoadModule authz_user_module modules/mod_authz_user.so
 +
LoadModule authz_dbm_module modules/mod_authz_dbm.so
 +
LoadModule authz_owner_module modules/mod_authz_owner.so
 +
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
 +
LoadModule authz_default_module modules/mod_authz_default.so
 +
LoadModule auth_basic_module modules/mod_auth_basic.so
 +
LoadModule auth_digest_module modules/mod_auth_digest.so
 +
LoadModule file_cache_module modules/mod_file_cache.so
 +
LoadModule cache_module modules/mod_cache.so
 +
LoadModule disk_cache_module modules/mod_disk_cache.so
 +
LoadModule mem_cache_module modules/mod_mem_cache.so
 +
LoadModule dbd_module modules/mod_dbd.so
 +
LoadModule dumpio_module modules/mod_dumpio.so
 +
LoadModule reqtimeout_module modules/mod_reqtimeout.so
 +
LoadModule ext_filter_module modules/mod_ext_filter.so
 +
LoadModule include_module modules/mod_include.so
 +
LoadModule filter_module modules/mod_filter.so
 +
LoadModule substitute_module modules/mod_substitute.so
 +
LoadModule deflate_module modules/mod_deflate.so
 +
LoadModule ldap_module modules/mod_ldap.so
 +
LoadModule log_config_module modules/mod_log_config.so
 +
LoadModule log_forensic_module modules/mod_log_forensic.so
 +
LoadModule logio_module modules/mod_logio.so
 +
LoadModule env_module modules/mod_env.so
 +
LoadModule mime_magic_module modules/mod_mime_magic.so
 +
LoadModule cern_meta_module modules/mod_cern_meta.so
 +
LoadModule expires_module modules/mod_expires.so
 +
LoadModule headers_module modules/mod_headers.so
 +
LoadModule ident_module modules/mod_ident.so
 +
LoadModule usertrack_module modules/mod_usertrack.so
 +
LoadModule unique_id_module modules/mod_unique_id.so
 +
LoadModule setenvif_module modules/mod_setenvif.so
 +
LoadModule version_module modules/mod_version.so
 +
LoadModule proxy_module modules/mod_proxy.so
 +
LoadModule proxy_connect_module modules/mod_proxy_connect.so
 +
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
 +
LoadModule proxy_http_module modules/mod_proxy_http.so
 +
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
 +
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
 +
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
 +
LoadModule ssl_module modules/mod_ssl.so
 +
LoadModule mime_module modules/mod_mime.so
 +
LoadModule dav_module modules/mod_dav.so
 +
LoadModule status_module modules/mod_status.so
 +
LoadModule autoindex_module modules/mod_autoindex.so
 +
LoadModule asis_module modules/mod_asis.so
 +
LoadModule info_module modules/mod_info.so
 +
LoadModule suexec_module modules/mod_suexec.so
 +
LoadModule cgi_module modules/mod_cgi.so
 +
LoadModule cgid_module modules/mod_cgid.so
 +
LoadModule dav_fs_module modules/mod_dav_fs.so
 +
LoadModule vhost_alias_module modules/mod_vhost_alias.so
 +
LoadModule negotiation_module modules/mod_negotiation.so
 +
LoadModule dir_module modules/mod_dir.so
 +
LoadModule imagemap_module modules/mod_imagemap.so
 +
LoadModule actions_module modules/mod_actions.so
 +
LoadModule speling_module modules/mod_speling.so
 +
LoadModule userdir_module modules/mod_userdir.so
 +
LoadModule alias_module modules/mod_alias.so
 +
LoadModule rewrite_module modules/mod_rewrite.so
 +
'''''LoadModule php5_module modules/libphp5.so'''''
 +
User http
 +
Group http
 +
ServerAdmin root@example.dom
 +
ServerName 192.168.1.101
 +
DocumentRoot "/srv/http"
 +
TypesConfig conf/mime.types
 +
MIMEMagicFile conf/magic
 +
}}
 +
{{note| make sure you put the IP address for node1 in the ServerName line in httpd.conf on Node1, and the ip for Node2 in ServerName line for Node2!}}
 +
 
 +
 
 +
'''EDIT: the file: /etc/httpd/conf/httpd.conf: We will now ADD Include LINES to include 'supplementary configurations' in /etc/httpd/conf/extra/httpd-*packagename*.conf files, for all of the Web Apps we will install(E.G RoundCubeMail), and uncomment some already existing Include Lines, in the Include list, so it should look like this:
 +
# {{Codeline|[root@node(1/2) ~] nano /etc/httpd/conf/httpd.conf }}((if you already saved & exited...))
 +
{{file|name=/etc/httpd/conf/httpd.conf|content=
 +
# Supplemental configuration
 +
#
 +
# The configuration files in the conf/extra/ directory can be
 +
# included to add extra features or to modify the default configuration of
 +
# the server, or you may simply copy their contents here and change as
 +
# necessary.
 +
 
 +
# Server-pool management (MPM specific)
 +
#Include conf/extra/httpd-mpm.conf
 +
 
 +
# Multi-language error messages
 +
Include conf/extra/httpd-multilang-errordoc.conf
 +
 
 +
# Fancy directory listings
 +
Include conf/extra/httpd-autoindex.conf
 +
 
 +
# Language settings
 +
Include conf/extra/httpd-languages.conf
 +
 
 +
# User home directories
 +
Include conf/extra/httpd-userdir.conf
 +
 
 +
# Real-time info on requests and configuration
 +
#Include conf/extra/httpd-info.conf
 +
 
 +
# Virtual hosts
 +
Include conf/extra/httpd-vhosts.conf
 +
 
 +
# Local access to the Apache HTTP Server Manual
 +
#Include conf/extra/httpd-manual.conf
 +
 
 +
# Distributed authoring and versioning (WebDAV)
 +
#Include conf/extra/httpd-dav.conf
 +
 
 +
# Various default settings
 +
Include conf/extra/httpd-default.conf
 +
 
 +
# Secure (SSL/TLS) connections
 +
Include conf/extra/httpd-ssl.conf
 +
 
 +
# Php 5
 +
Include conf/extra/php5_module.conf
 +
 
 +
#phpMyAdmin configuration
 +
Include conf/extra/httpd-phpmyadmin.conf
 +
 
 +
#postfixAdmin configuration
 +
Include conf/extra/httpd-postfixadmin.conf
 +
 
 +
#roundcubemail configuration
 +
Include conf/extra/httpd-roundcubemail.conf
 +
 
 +
#
 +
# Note: The following must must be present to support
 +
#      starting without SSL on platforms with no /dev/random equivalent
 +
#      but a statically compiled-in mod_ssl.
 +
#
 +
}}
 +
{{note| these files do not exist yet, we will create them.}}

Revision as of 01:08, 15 August 2011

In this guide, we will be building ourselves a 'redundant/Highly Available' Home/Small Business server(Cluster). We will be using two physical nodes(computers)running the same exact services in an 'active/passive'(master/slave/Failover) HeartBeat "cluster". We will refer to these two computers as "node1" & "node2". As I am writing this guide the latest Arch Linux install image is Arch_2010_05(I am using the 32bit/i686 image) though I imagine we are soon due for a new image. Again, this article was written on: 08/14/2011, August 14th, 2011. I will personally speak for the accuracy of this article, I developed this guide step-by-step on my own personal servers and I have since re-built both machines following this guide to the letter, they are 100% functional, fairly secure, and my "Highly Available" services have not had a single moment of downtime since being initially powered on.

  • I am personally working on the following translations of this guide: Italian, French, German, Spanish. Anyone with the linguistic skills to help/provide other translations PLEASE feel free do so.


Thank You,
--GaryMaurizi 20:01, 14 August 2011 (EDT)


PREFACE:

On each node we will be installing & setting up the following services/daemons:

  • DNS: Bind in a Chroot, with ProBIND PHP Web GUI To edit DNS Zones.
  • Web: Apache, With SSL.
  • PHP: PHP5.
  • Database: MySQL(i), With PHPMyAdmin Web GUI To create/edit/delete Databases & Users.
  • IMAP/POP3/(S): Dovecot for Incoming Mail/accounts (w/ Secure IMAP/POP3(?S).
  • SMTP/(S): Postfix for Outgoing Mail (+Dovecot-SSL w/ PostfixAdmin Web GUI).
  • RoundCubeMail: Simple, Sleek WebMail/Web GUI with sieve/spam filters & identities.
  • Horde: OpenSource GroupWare & Mail Web GUI Similiar to M$ Exchange in Features/Functionality.
  • Firewall: IPTables with the UFW: Uncomplicated Firewall FrontEnd, (optionally: with UFW'S GTK GUI: GUFW).


Following are the IP Adresses, Hostnames, & Domain Name we'll use to refer to our machines, change these to suit your own needs, for this guide we will have TWO "virtual/shared Highly Available/Failover IP Addresses & Hostnames/Domains, we do this because some DNS registrars require a MINIMUM of TWO unique NameServers, if yours does NOT, you may use a single HA Address as such: 'ha.example.com==>192.168.1.200', for this guide our addresses will be:

  • node1.example.dom ==> 192.168.1.101 (Hostname / IP of our 1st Machine)
  • node2.example.dom ==> 192.168.1.102 (Hostname / IP of our 2nd Machine)
  • ha1.example.dom ====> 192.168.1.201 (Hostname / IP of our 1st "Virtual/H.A" Address)
  • ha2.example.dom ====> 192.168.1.202 (Hostname / IP of our 2nd "Virtual/H.A" Address)




Arch Linux Installation:

Here is a quick overview of instructions for a very basic arch linux installation that will work with this guide, if you already have arch linux setup, chances are you only need to change your hostname in /etc/rc.conf & edit: /etc/hosts, here we go:


Boot from CD & begin the Arch Linux Installation (AIF):

# Template:Codeline


Perform A regular Installation, with the following options (NOT IN ORDER):

  • TIMEZONE: Your Local Time (Regular/Hardware Clock, NOT NTP)
  • NET INSTALL: We will use DHCP initially, and input our static info after reboot (optionally, set up static now).
  • MIRROR: Choose the fastest IN-SYNC mirror, see: http://www.archlinux.org/mirrors/status/
  • PACKAGES: Select BOTH Base & Base-Devel Package/Groups (MANDATORY)
  • PARTITIONING: Use GUIDED/Entire Disk Partitioning, Make Swap 1/2 the of amount of RAM. Use Defaults for /boot, /home, /
  • CONFIGURATION: After Package install, DON'T configure anything, just set ROOT PASSWORD
  • BOOTLOADER: USE/SET UP GRUB boot loader(Usually you will install on SDA)


REBOOT: the machine, and REMOVE the installation disc.

# Template:Codeline


Network Configuration

We will now go over basic Networking setup so we can bring both our nodes online, get them up-to-date, and connect to them from another location via SSH, if your machine is already up & running with networking, please feel free to skip this section, just make sure you have the proper definitions in /etc/hosts & the proper hostname in /etc/rc.conf, now, here we go:


EDIT: /etc/rc.conf so that it reflects the proper hostnames, your hostnames should be: node1 for your first machine, node2 for the second:

# Template:Codeline

Template:File


EDIT: /etc/hosts so that it reflects the proper hostnames, domain names & IP addresses for our cluster:

# Template:Codeline

Template:File


REBOOT: To set the proper HostNames / DomainNames & bring up networking:

# Template:Codeline


Pacman Configuration

We will now Upgrade our pacman package manager database, check that we are using the proper repositories & insure that our system is up-to-date, we will only be using the stable repo's for our two nodes, please do not enable any of the testing repositories and complain that something is not working! you've been warned! ;P here we go:


INPUT: the following commands to upgrade our pacman-database:

# Template:Codeline


EDIT: the /etc/pacman.conf file to make sure that we are using the proper repositories:

# Template:Codeline

Template:File


Note: if you are on a 64bit/x86_64 system/architecture, you may wish to ADD: the multilib repository for 64bit packages LIKE THIS:

Template:File


INPUT: the following command to download our enabled repositories & insure that our system is fully up-to-date:

# Template:Codeline


REBOOT: Once more, just for good measure(probably not neccesary):

# Template:Codeline


You should now have a very basic Arch Linux installation up & running on both of your machines/nodes, if you have any trouble installing Arch Linux, or need further assistance, see the OFFICIAL Arch Linux INSTALLATION Guide here: https://wiki.archlinux.org/index.php/Beginners%27_Guide




Install & Configure SSH:

We will now install SSH/OpenSSH so that we may connect to our nodes from a 3rd machine & manage the rest of our installation/configuration from one(single) keyboard/mouse/monitor, you may continue to work in your current environment if you like however, but you should still install & configure ssh:


INPUT: the following command to install SSH/OpenSSH:

# Template:Codeline


EDIT: the file: /etc/ssh/sshd_config and make sure it reflects the following: Template:File


INPUT: the following command to test & make sure ssh/sshd is working:

# Template:Codeline
Note: if you have any problems configuring SSH/SSHD/sshd_config file see: https://wiki.archlinux.org/index.php/SSH


EDIT: the file: /etc/rc.conf and add sshd to the END of your daemons array so that our SSH Server starts at boot-time: Template:File

You should now have your SSH server/daemon up and running, continue on to the next step!




Install & Configure Apache:

We will now install & configure Apache with PHP & MySQL, We will do this in two sections, first will we install & configure the basic apache settings, then we will install PHP & create a number of "vhost.conf" style files apache needs for a PROPER setup of: RoundCubeMail, PHPMyAdmin, PHP, ProBIND, mysql, etc...Because we will be telling apache to use things like PHP, PHPMyAdmin, RoundCubeMail, ProBIND, MySQL, PostfixAdmin, Horde, etc, it (may not) start UNTIL all of the previously mentioned packages are downloaded, unpackaged, and installed in the proper places. IF YOU DECIDE NOT TO USE A SPECIFIC WEBAPP/PACKAGE DESCRIBED IN THIS GUIDE, SIMPLY DO NOT PUT AN "Include packagename" LINE for it IN: /etc/httpd/conf/httpd.conf here we go!:


INPUT: the following command to install apache, php & MySQL:

# Template:Codeline


EDIT: the file: /etc/httpd/conf/httpd.conf and uncomment the following, we will UNCOMMENT/MAKE ACTIVE the ENTIRE LoadModule LIST, we will also add a LoadModule line for PHP5 at the end of the load module list:

# Template:Codeline

Template:File

Note: make sure you put the IP address for node1 in the ServerName line in httpd.conf on Node1, and the ip for Node2 in ServerName line for Node2!


EDIT: the file: /etc/httpd/conf/httpd.conf: We will now ADD Include LINES to include 'supplementary configurations' in /etc/httpd/conf/extra/httpd-*packagename*.conf files, for all of the Web Apps we will install(E.G RoundCubeMail), and uncomment some already existing Include Lines, in the Include list, so it should look like this:

# Template:Codeline((if you already saved & exited...))

Template:File

Note: these files do not exist yet, we will create them.