The Perfect Small Business Server(+Failover)

From ArchWiki
Revision as of 16:34, 22 September 2011 by Thestinger (Talk | contribs) (recat)

Jump to: navigation, search

In this guide, we will be building ourselves a 'redundant/Highly Available' Home/Small Business server(Cluster). We will be using two physical nodes(computers)running the same exact services in an 'active/passive'(master/slave/Failover) HeartBeat "cluster". We will refer to these two computers as "node1" & "node2". As I am writing this guide the latest Arch Linux install image is Arch_2010_05(I am using the 32bit/i686 image) though I imagine we are soon due for a new image. Again, this article was written on: 08/14/2011, August 14th, 2011. I will personally speak for the accuracy of this article, I developed this guide step-by-step on my own personal servers and I have since re-built both machines following this guide to the letter, they are 100% functional, fairly secure, and my "Highly Available" services have not had a single moment of downtime since being initially powered on.

  • I am personally working on the following translations of this guide: Italian, French, German, Spanish. Anyone with the linguistic skills to help/provide other translations PLEASE feel free do so.


Thank You,
--GaryMaurizi 20:01, 14 August 2011 (EDT)


PREFACE:

On each node we will be installing & setting up the following services/daemons:

  • DNS: Bind in a Chroot, with ProBIND PHP Web GUI To edit DNS Zones.
  • Web: Apache, With SSL.
  • PHP: PHP5.
  • Database: MySQL(i), With PHPMyAdmin Web GUI To create/edit/delete Databases & Users.
  • IMAP/POP3/(S): Dovecot for Incoming Mail/accounts (w/ Secure IMAP/POP3(?S).
  • SMTP/(S): Postfix for Outgoing Mail (+Dovecot-SSL w/ PostfixAdmin Web GUI).
  • RoundCubeMail: Simple, Sleek WebMail/Web GUI with sieve/spam filters & identities.
  • Horde: OpenSource GroupWare & Mail Web GUI Similiar to M$ Exchange in Features/Functionality.
  • Firewall: IPTables with the UFW: Uncomplicated Firewall FrontEnd, (optionally: with UFW'S GTK GUI: GUFW).


Following are the IP Adresses, Hostnames, & Domain Name we'll use to refer to our machines, change these to suit your own needs, for this guide we will have TWO "virtual/shared Highly Available/Failover IP Addresses & Hostnames/Domains, we do this because some DNS registrars require a MINIMUM of TWO unique NameServers, if yours does NOT, you may use a single HA Address as such: 'ha.example.com==>192.168.1.200', for this guide our addresses will be:

  • node1.example.dom ==> 192.168.1.101 (Hostname / IP of our 1st Machine)
  • node2.example.dom ==> 192.168.1.102 (Hostname / IP of our 2nd Machine)
  • ha1.example.dom ====> 192.168.1.201 (Hostname / IP of our 1st "Virtual/H.A" Address)
  • ha2.example.dom ====> 192.168.1.202 (Hostname / IP of our 2nd "Virtual/H.A" Address)




Arch Linux Installation:

Here is a quick overview of instructions for a very basic arch linux installation that will work with this guide, if you already have arch linux setup, chances are you only need to change your hostname in /etc/rc.conf & edit: /etc/hosts, here we go:


Boot from CD & begin the Arch Linux Installation (AIF):

# Template:Codeline


Perform A regular Installation, with the following options (NOT IN ORDER):

  • TIMEZONE: Your Local Time (Regular/Hardware Clock, NOT NTP)
  • NET INSTALL: We will use DHCP initially, and input our static info after reboot (optionally, set up static now).
  • MIRROR: Choose the fastest IN-SYNC mirror, see: http://www.archlinux.org/mirrors/status/
  • PACKAGES: Select BOTH Base & Base-Devel Package/Groups (MANDATORY)
  • PARTITIONING: Use GUIDED/Entire Disk Partitioning, Make Swap 1/2 the of amount of RAM. Use Defaults for /boot, /home, /
  • CONFIGURATION: After Package install, DON'T configure anything, just set ROOT PASSWORD
  • BOOTLOADER: USE/SET UP GRUB boot loader(Usually you will install on SDA)


REBOOT: the machine, and REMOVE the installation disc.

# Template:Codeline


Network Configuration

We will now go over basic Networking setup so we can bring both our nodes online, get them up-to-date, and connect to them from another location via SSH, if your machine is already up & running with networking, please feel free to skip this section, just make sure you have the proper definitions in /etc/hosts & the proper hostname in /etc/rc.conf, now, here we go:


EDIT: /etc/rc.conf so that it reflects the proper hostnames, your hostnames should be: node1 for your first machine, node2 for the second:

# Template:Codeline

Template:File


EDIT: /etc/hosts so that it reflects the proper hostnames, domain names & IP addresses for our cluster:

# Template:Codeline

Template:File


REBOOT: To set the proper HostNames / DomainNames & bring up networking:

# Template:Codeline


Pacman Configuration

We will now Upgrade our pacman package manager database, check that we are using the proper repositories & insure that our system is up-to-date, we will only be using the stable repo's for our two nodes, please do not enable any of the testing repositories and complain that something is not working! you've been warned! ;P here we go:


INPUT: the following commands to upgrade our pacman-database:

# Template:Codeline


EDIT: the /etc/pacman.conf file to make sure that we are using the proper repositories:

# Template:Codeline

Template:File


Note: if you are on a 64bit/x86_64 system/architecture, you may wish to ADD: the multilib repository for 64bit packages LIKE THIS:

Template:File


INPUT: the following command to download our enabled repositories & insure that our system is fully up-to-date:

# Template:Codeline


REBOOT: Once more, just for good measure(probably not neccesary):

# Template:Codeline


You should now have a very basic Arch Linux installation up & running on both of your machines/nodes, if you have any trouble installing Arch Linux, or need further assistance, see the OFFICIAL Arch Linux INSTALLATION Guide here: https://wiki.archlinux.org/index.php/Beginners%27_Guide




Install & Configure SSH:

We will now install SSH/OpenSSH so that we may connect to our nodes from a 3rd machine & manage the rest of our installation/configuration from one(single) keyboard/mouse/monitor, you may continue to work in your current environment if you like however, but you should still install & configure ssh:


INPUT: the following command to install SSH/OpenSSH:

# Template:Codeline


EDIT: the file: /etc/ssh/sshd_config and make sure it reflects that the following lines are UNCOMMENTED/MADE ACTIVE: Template:File


INPUT: the following command to test & make sure ssh/sshd is working:

# Template:Codeline
Note: if you have any problems configuring SSH/SSHD/sshd_config file see: https://wiki.archlinux.org/index.php/SSH


EDIT: the file: /etc/rc.conf and add sshd to the END of your daemons array so that our SSH Server starts at boot-time: Template:File

You should now have your SSH server/daemon up and running, continue on to the next step!




Install Apache, PHP & MySQL:

We will now install & configure Apache with PHP & MySQL, We will do this in two sections, first will we install & configure the basic apache settings, then we will install PHP & create a number of "vhost.conf" style files apache needs for a PROPER setup of: RoundCubeMail, PHPMyAdmin, PHP, ProBIND, mysql, etc...Because we will be telling apache to use things like PHP, PHPMyAdmin, RoundCubeMail, ProBIND, MySQL, PostfixAdmin, Horde, etc, it (may not) start UNTIL all of the previously mentioned packages are downloaded, unpackaged, and installed in the proper places. IF YOU DECIDE NOT TO USE A SPECIFIC WEBAPP/PACKAGE DESCRIBED IN THIS GUIDE, SIMPLY DO NOT PUT AN "Include packagename" LINE for it IN: /etc/httpd/conf/httpd.conf here we go!:


INPUT: the following command to install apache, php & MySQL:

# Template:Codeline


Configure Apache:

CHECK: that the user & group http exists / http:http with:

# Template:Codeline

INPUT: the following to create user & group http (if it doesn't already exist):

# Template:Codeline


EDIT: the file: /etc/httpd/conf/httpd.conf and uncomment the following, we will UNCOMMENT/MAKE ACTIVE the ENTIRE LoadModule LIST, we will also add a LoadModule line for PHP5 at the end of the load module list:

# Template:Codeline

Template:File

Note: make sure you put the IP address for node1 in the ServerName line in httpd.conf on Node1, and the ip for Node2 in ServerName line for Node2!


EDIT: the file: /etc/httpd/conf/httpd.conf: We will now ADD Include LINES to include 'supplementary configurations' in /etc/httpd/conf/extra/httpd-*packagename*.conf files, for all of the Web Apps we will install(E.G RoundCubeMail), and uncomment some already existing Include Lines, in the Include list, The lines in bold have been ADDED, so it should look like this:

# Template:Codeline

Template:File

Note: these files do not exist yet, we will create them.


EDIT: the file: /etc/httpd/conf/mime.types: We must now ADD a "Mime Type" FOR: PHP / PHP5 in the mime.types file, this file is in ALPHABETICAL ORDER, Add the php mime.type line as I have, in the proper alphabetical location shown:

# Template:Codeline

Template:File


EDIT: the file: /etc/httpd/conf/extra/httpd-default.conf & fix it so that given lines read as follows:

# {{Codeline:[root@node(1/2) ~] nano /etc/httpd/conf/extra/httpd-default.conf}}

Template:File


We must now CREATE all of the 'vhost style files' we have defined in httpd.conf with Include conf/extra/* lines, inside the directory: /etc/httpd/conf/extra/, here we go:

# Template:Codeline

Template:File

# Template:Codeline

Template:File

# Template:Codeline

Template:File

# Template:Codeline

Template:File

# Template:Codeline

Template:File

EDIT: /etc/httpd/conf/extra/httpd-vhosts.conf to reflect the following 'Virtual Hosts':

# Template:Codeline

Template:File


CREATE: Self Signed SSL Certificates for apache:

# Template:Codeline
# Template:Codeline
# Template:Codeline
# Template:Codeline
# Template:Codeline
# Template:Codeline


Note: Apache should now be set-up correctly, we will serve files for 'www.example.dom' out of /srv/http/*.html, AND for: "www.example.dom/~username" out of /home/*username/public_html/*.html; We have also told apache to look in /usr/share/webapps/ for the following directories(packages/webapps): ..webapps/RoundCubeMail/, ../webapps/PostfixAdmin/, ../webapps/PHPMyAdmin/, etc, etc, using the 'Include conf/extra/httpd-*package.conf files.



Configure MySQL: