fos
10-29-2006, 09:57 PM
Home Based Internet Server---
Please note: This is a beta 0.8 version. Please report any errors in content or gramar. I will be proofing and improving it as well. fos....
Do you seek fame and fortune? I'm sure you have heard the ads, start your home based business and earn as much as $300,000 per year! The answer is a dot com internet business! Answering those ads could cost you thousands of dollars, but only for the gullible.
Would you like to have a web presence? There are free sites available, with banner ads and spam included. You could also use your ISP. If you really want a personal web page such as: yourspecialname, you will have to pay a host provider for the service. You can find space for as little as $5 per month. A quality service is more likely $10 per month.
There is an alternative. A home based internet server. It is not as hard as you think. The requirements are small: an old PC, a DSL line or cable internet, and a router / switch.
Follow along and I'll tell you how I set mine up. For me it was intended to be an educational exercise. It has turned out to be very functional, reliable, secure, and a lot of fun.
Disclaimer: Be sure to read the Terms of Service you agreed to when you purchased your internet service. This use of their service may violate its terms. Many providers block the incomming ports used by servers. While there are work arounds, you may find yourself disconnected. I only use mine for educational purposes. I don't use it for a commercial use nor do I actively promote it. Caveat emptor...
Now for the details:
Hardware---
A throw away 2000 vintage Dell OptiPlex GX1, Pentium II 450 Mhz, 256 MB ram, ATI Mach64 video card, a 30 GB Maxtor HD, a 6 GB Maxtor HD, and a cdrom reader. This was a used PC given to me for parts. The installed Win98 would no longer boot due to hard drive errors. I re-partitioned and formatted the hard drives while installing Debian and everything ran again without problems.
A Linksys WRT54G wireless 4 port router/switch purchased at Walmart for $50.
The cable modem was supplied by the cable internet provider.
I salvaged an old APC Powercell UPS, installed a new $12.95 gel cell battery at the hardware store to backup the modem and router. When the modem loses power, it obtains a new dynamic IP address upon startup. (More on the dynamic IP addresses later.) The router must also be re-initialized after the modem stabilizes making power outages problematic. That's why the UPS is for the modem and router and not the server. I'll probably get another for the server sometime in the future.
That's it for the hardware - a pretty modest investment.
Software---
For a server you want a robust, stable, mature, and for me, an open source operating system. Debian, Redhat, Suse, and Slackware came immediately to mind. I am most familiar with Debian. I actually installed a Debian server first but then looked at other systems just make sure it was optimal. Slackware (actuall Soft Landing System) was my first Linux system back in the mid-ninties. I swithced to Slack after Mark Williams hence Coherent went out of business. I have also used RH and Suse in their various versions. I tried CentOS based on the indirect endorsement of CentOS by danieldk on the linuxagora.com forum. As in all things related to computing you can rely on his advice.
I settled on CentOS 4.3 (now 4.4) due to its implementation of a software firewall, SELinux, and logging system. It has proven to be quite secure when combined with a few security mods made after installation. The internet is a jungle filled with individuals scanning every available server site looking for weaknesses. I'm sure most of them are just kids flexing the techno savvy but a hazard none the less. You will inevitably have a multitude of attacks as soon as you make your server available to the internet. Once installed, you can check /var/log/messages to see what I mean.
My software support requirements include: apache, mysql, postgresql, php, ssh, ftp, gcc, vim, emacs, & mc (a norton commander clone). Everything except mc were included during the initial install. I added mc with the yum package manager included with CentOS. Other than these items, you want the minimum installation to optimize speed and security.
For the installation media, you will need either CentOS 4.4 cdrom disks 1 through 3 or the DVD version.
CentOS 4.4 installation: (Step by Step)---
1. After inserting the installation media, press <enter> at the boot prompt.
2. Test CD media or Skip. Your preference. Select OK.
3. CentOS Welcome Screen & Release Notes Select <next>
4. Language Selection: <English> <Next>
5. Keyboard <US English> <Next>
6. Installation Type: Server of Custom
<Custom> <Next>
I chose custom. The pre-configured selection added too much software including X Window support which is unnessary in a server. Think minimal for security reasons.
7. Partitioning: Automatic of Manual (Disk Druid)
<Auto> <Next>
I chose automatic for easy installation of this experimental server. For a working serever, partitioning should be considered carefully for backup and security reasons.
8. Partitioning - Continued:
A. Remove all linux partitions
B. Remove all partitions
C. Keep all - Use free space
<Remove All> <Check review> <Next>
I chose all since this is going to be a dedicated server.
9. Are you sure? (Review before committing.)
<Yes> <Next>
10. Display partitioning: Back or Next
<Next>
11. Grub boot loader default?
<Next>
12. Network Device (Select appropriate)
For my system: eth0 DHCP
Host name:
Automatically via DHCP - (probably best selection)
Manually - I chose manual since I wanted a specific server name.
13. Firewall:
No firewall
Enable firewall (I chose enable to maximize security.)
Remote login ssh
Web server
File server
Mail server
I selected all options for my server. The mail is necessary. Logging informations is mailed locally to the root user for security reasong.
Enable SELinux:
Disabled
Warn
Active
I chose Active for the highest security profile. <Next>
14. Default Language:
English USA <Next>
15. Timezone:
USA Central (choose appropriate)
16. Root password:
Pick something random with letters, numbers, & punction characters. A must for security.
<Next>
17. Package Selection:
This is not critical as long as you include the packages necessary for the services you wish to provide. Keep it minimal. If you aren't going to use it, don't install it. If it turns out you need it, you can always install it later.
Note: you can select individual items in a category by selecting details. I am only going to mention the selections I have made. You can choose the packages that would be useful for your installation. Remember, unnecessare packages can lead to security vulnerabilities. You can always add something you need after the initial installation.
While there are gui based server administration packages, the command line tools and editing the ascii based configuration files are a better option. The X window environment and the Gnome and Kde packages consume a lot of space and service resources. I did not select them.
Editors: I use VIM and Emacs. Choose your favorites.
Server configuration tools: system-config-httpd, system-config-NFS
Web Server: Everything would be appropriate.
Mail Server: Sendmail
Windows File Server: Samba if you need to support WinX machines on your network.
I chose not to install the DNS server: www.zoneedit.com (http://www.zoneedit.com) is excellent for my purposes and free for up to five zones. (More later)
FTP Server - Everything
PostgreSQL Database: I chose everything except PL procedural language and tcl tool command language.
Mysql - everything
Development Tools: Not needed but choose desired packages. I installed gcc and g++ afer installation.
18. About to install: <Next>
19. Need Disks 1, 2, & 3 <Continue>
Installing: Approximately 30 minutes - ymmv
20. Remove installation media
<Reboot>
Your new server should now be running.
After installation details (Fine tuning)---
Your first task should be to set up a non-root user with useradd.
It would also be good to do an update with yum to insure that all installed packages are the most recent with the latest security patches. You can do this with the following command: yum update
You should verify the services that you require are running with a ps -A command.
Individual services can be started and stopped from within the /etc/init.d directory while logged in a su from your normal user account.
For example: ./mysqld start <Enter>
It is important to modify the sshd configuration file /etc/ssh/sshd_config while logged in as su from your user account:
Modify the lines after: # Authentication
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
The most important is PermitRootLogin no
Your server will be subjected to numerous brute force breakin attacks on a daily basis. You want to minimize the possiblity that they can achieve root status. The above configuration is only a start.
After the above sshd_config file has been modified, restart the sshd server from the /etc/init.d directory with the command ./sshd restart
The next thing that needs to be configured is the /etc/rc.d/rc3.d directory. The rc3.d directory is the one that determines which services are started at boot time for a terminal (command line) based system. The rc5.d directory will determine the services that start at boot time if you selected an X Window based system. Notice that there are a number of files that start with either a K or an S. The ones that are prefixed with an S startup at boot time. The ones that start with a K must be started manually if you need them. For example, I didn't want the cups printer server running since I don't have a printer connected to the server so I changed S55cups to K55cups to disable the cups server at startup. The two numbers after the S or K determines the services startup priority in the startup sequence.
I had to enable httpd, mysqld, and postgresql on my system by changing the prefix from a K to an S.
At this point you should have an operational server. The apache web server (httpd) should be running with php, mysql, and postgresql support. You can use the command lynx localhost to check your server operation. It should show a default Apache information page. "lynx" is a text based web browser that I like to use. If you don't have it installed you can install it with the command: yum install lynx
The default web page directory is: /var/www/html You will see the default Apache startup page until you place an index.html or index.php file in the home web page directory. To test your systems php operation, place a file named index.php that contains the following line: <?php phpinfo(); ?> When you view this "page" with a browser, you should see a lot of information verifying you php installation.
Linksys Router Configuration---
At this point, I assume that you have some type of broadband connection to the internet already configured. In my area we have two services available, one cable based and the other a DSL line from the phone company. Neither of them support Linux knowingly. I have found that Linux runs fine whatever service you have you just won't get any support from the ISP. I have found it easiest to set it up with a Windows box. After that it is usually picked up automatically at startup on the linux system.
I have a Linksys Model WRT54G wireless router/switch that I purchased at Walmart for about $50. Most routers will be configured in a similar manner. I have set up a similar system with a Westell VersaLink Model 327W with equal results. In any case, you will have to follow the instructions included with your particular router.
Access to the Linksys router is provided by a web browser interface at: router control address (see manual).
You will be presented with a login and password form. Enter your login information of the default as detailed in you user manual.
Select the "Status" window: (On the far right of the menu bar for my system.)
There you will find your IP address, dynamic for most of us or a static IP address if you have purchased one with your service. This is the IP address you will need to point your domain name service to. That will enable the rest of the internet world to find you. An example of the IP address would be: 555.44.33.222
Next you will need to determine which address is assigned to your new server box in your routher. While still in the status window of your router control interface, select "Local Network" in the secondary menu bar. Then select the "DHCP Clients Table" button toward the middle of the page. You will see the various computers connected to your router. In my case the local address assigned to my "sever" is: 192.168.1.103
Now select the "Applications & Gaming" window from the primary menu bar. Then select the "DMZ" sub-menu item. Here you will select "Enable" DMZ Host IP Address 192.168.1.103 or whatever local IP address you determined in the previous step. Select save and then close your router access page.
Zoneedit.com Configuration---
I looked at a number of dynamic domain services including Zoneedit.com, Dynamic Domain Services, Inc., and TZO.com. The only one that is truly "free" using your own custom domain name is Zoneedit. The others charge a fee for something other than a name based on their service.
Note: Each of the Dynamic Domain Name services provide a wealth of information of this process. Please refer to their documentation as you are setting up the domain name service.
Once you have purchased a domain name such as XXX from a domain name vendor, register with Zoneedit.com. Each domain name is one zone. You can use as many variations
of that name as necessary and it is still one zone. For example: www (rupert.com) and rupert.com. Zoneedit will send all traffic for those domain names to your IP address.
Zoneedit offers service for up to 5 zones free. You can purchase service for additional zones at a very reasonable price. After you add your zone to zoneedit, you will be assigned two domain name servers. These are the servers that you will have to have your domain name DNS servers to at your domain service admin page. (I have used Godaddy for a number of years. I have found their fees reasonalbe and their service and reliability excellent.) Once you have set the dns servers to the ones provided by zoneedit at your domain name provider, you should go back to zoonedit and edit your zone. All you need to do is tell zoneedit which IP address to send your domain name traffic to. That will be the IP address you determined int the "status" window of your router. ie. 555.44.33.222
That's it! After all of the domain name and IP addresses have propagated through the internet system you should be able to type XXX in a browser window and go directly to your home based internet server.
The only time my service provider changes my designated IP address is when I shut down my modem and restart. I installed a UPS on the modem and router to minimize that occurrence. Whenever the address does change, you can again go to the router control web interface and get the new address from the status window. Software is available to do this automatically but I have found it to be an unnecessary additional route for Murphy to play his games. The Linksys router actually has an internal hardware based method to do this but it uses the fee based dynamic domain service vendors. Even those vendors don't suggest using that method as it is less reliable the the softare packages. The Dynamic Domain Nave vendors, such as zoneedit each reccomend software packages that will perform this service if you are interested.
QED!
I will discuss ssh shell access and sftp file transfer in another HOWTO
My next venture is a purpose built server with RAID 1 support. Stand by for the sequel.
fos....
PS. I have already had to XXX out the example domain names as it offered to send you to the actual domains that really exist. :)
Please note: This is a beta 0.8 version. Please report any errors in content or gramar. I will be proofing and improving it as well. fos....
Do you seek fame and fortune? I'm sure you have heard the ads, start your home based business and earn as much as $300,000 per year! The answer is a dot com internet business! Answering those ads could cost you thousands of dollars, but only for the gullible.
Would you like to have a web presence? There are free sites available, with banner ads and spam included. You could also use your ISP. If you really want a personal web page such as: yourspecialname, you will have to pay a host provider for the service. You can find space for as little as $5 per month. A quality service is more likely $10 per month.
There is an alternative. A home based internet server. It is not as hard as you think. The requirements are small: an old PC, a DSL line or cable internet, and a router / switch.
Follow along and I'll tell you how I set mine up. For me it was intended to be an educational exercise. It has turned out to be very functional, reliable, secure, and a lot of fun.
Disclaimer: Be sure to read the Terms of Service you agreed to when you purchased your internet service. This use of their service may violate its terms. Many providers block the incomming ports used by servers. While there are work arounds, you may find yourself disconnected. I only use mine for educational purposes. I don't use it for a commercial use nor do I actively promote it. Caveat emptor...
Now for the details:
Hardware---
A throw away 2000 vintage Dell OptiPlex GX1, Pentium II 450 Mhz, 256 MB ram, ATI Mach64 video card, a 30 GB Maxtor HD, a 6 GB Maxtor HD, and a cdrom reader. This was a used PC given to me for parts. The installed Win98 would no longer boot due to hard drive errors. I re-partitioned and formatted the hard drives while installing Debian and everything ran again without problems.
A Linksys WRT54G wireless 4 port router/switch purchased at Walmart for $50.
The cable modem was supplied by the cable internet provider.
I salvaged an old APC Powercell UPS, installed a new $12.95 gel cell battery at the hardware store to backup the modem and router. When the modem loses power, it obtains a new dynamic IP address upon startup. (More on the dynamic IP addresses later.) The router must also be re-initialized after the modem stabilizes making power outages problematic. That's why the UPS is for the modem and router and not the server. I'll probably get another for the server sometime in the future.
That's it for the hardware - a pretty modest investment.
Software---
For a server you want a robust, stable, mature, and for me, an open source operating system. Debian, Redhat, Suse, and Slackware came immediately to mind. I am most familiar with Debian. I actually installed a Debian server first but then looked at other systems just make sure it was optimal. Slackware (actuall Soft Landing System) was my first Linux system back in the mid-ninties. I swithced to Slack after Mark Williams hence Coherent went out of business. I have also used RH and Suse in their various versions. I tried CentOS based on the indirect endorsement of CentOS by danieldk on the linuxagora.com forum. As in all things related to computing you can rely on his advice.
I settled on CentOS 4.3 (now 4.4) due to its implementation of a software firewall, SELinux, and logging system. It has proven to be quite secure when combined with a few security mods made after installation. The internet is a jungle filled with individuals scanning every available server site looking for weaknesses. I'm sure most of them are just kids flexing the techno savvy but a hazard none the less. You will inevitably have a multitude of attacks as soon as you make your server available to the internet. Once installed, you can check /var/log/messages to see what I mean.
My software support requirements include: apache, mysql, postgresql, php, ssh, ftp, gcc, vim, emacs, & mc (a norton commander clone). Everything except mc were included during the initial install. I added mc with the yum package manager included with CentOS. Other than these items, you want the minimum installation to optimize speed and security.
For the installation media, you will need either CentOS 4.4 cdrom disks 1 through 3 or the DVD version.
CentOS 4.4 installation: (Step by Step)---
1. After inserting the installation media, press <enter> at the boot prompt.
2. Test CD media or Skip. Your preference. Select OK.
3. CentOS Welcome Screen & Release Notes Select <next>
4. Language Selection: <English> <Next>
5. Keyboard <US English> <Next>
6. Installation Type: Server of Custom
<Custom> <Next>
I chose custom. The pre-configured selection added too much software including X Window support which is unnessary in a server. Think minimal for security reasons.
7. Partitioning: Automatic of Manual (Disk Druid)
<Auto> <Next>
I chose automatic for easy installation of this experimental server. For a working serever, partitioning should be considered carefully for backup and security reasons.
8. Partitioning - Continued:
A. Remove all linux partitions
B. Remove all partitions
C. Keep all - Use free space
<Remove All> <Check review> <Next>
I chose all since this is going to be a dedicated server.
9. Are you sure? (Review before committing.)
<Yes> <Next>
10. Display partitioning: Back or Next
<Next>
11. Grub boot loader default?
<Next>
12. Network Device (Select appropriate)
For my system: eth0 DHCP
Host name:
Automatically via DHCP - (probably best selection)
Manually - I chose manual since I wanted a specific server name.
13. Firewall:
No firewall
Enable firewall (I chose enable to maximize security.)
Remote login ssh
Web server
File server
Mail server
I selected all options for my server. The mail is necessary. Logging informations is mailed locally to the root user for security reasong.
Enable SELinux:
Disabled
Warn
Active
I chose Active for the highest security profile. <Next>
14. Default Language:
English USA <Next>
15. Timezone:
USA Central (choose appropriate)
16. Root password:
Pick something random with letters, numbers, & punction characters. A must for security.
<Next>
17. Package Selection:
This is not critical as long as you include the packages necessary for the services you wish to provide. Keep it minimal. If you aren't going to use it, don't install it. If it turns out you need it, you can always install it later.
Note: you can select individual items in a category by selecting details. I am only going to mention the selections I have made. You can choose the packages that would be useful for your installation. Remember, unnecessare packages can lead to security vulnerabilities. You can always add something you need after the initial installation.
While there are gui based server administration packages, the command line tools and editing the ascii based configuration files are a better option. The X window environment and the Gnome and Kde packages consume a lot of space and service resources. I did not select them.
Editors: I use VIM and Emacs. Choose your favorites.
Server configuration tools: system-config-httpd, system-config-NFS
Web Server: Everything would be appropriate.
Mail Server: Sendmail
Windows File Server: Samba if you need to support WinX machines on your network.
I chose not to install the DNS server: www.zoneedit.com (http://www.zoneedit.com) is excellent for my purposes and free for up to five zones. (More later)
FTP Server - Everything
PostgreSQL Database: I chose everything except PL procedural language and tcl tool command language.
Mysql - everything
Development Tools: Not needed but choose desired packages. I installed gcc and g++ afer installation.
18. About to install: <Next>
19. Need Disks 1, 2, & 3 <Continue>
Installing: Approximately 30 minutes - ymmv
20. Remove installation media
<Reboot>
Your new server should now be running.
After installation details (Fine tuning)---
Your first task should be to set up a non-root user with useradd.
It would also be good to do an update with yum to insure that all installed packages are the most recent with the latest security patches. You can do this with the following command: yum update
You should verify the services that you require are running with a ps -A command.
Individual services can be started and stopped from within the /etc/init.d directory while logged in a su from your normal user account.
For example: ./mysqld start <Enter>
It is important to modify the sshd configuration file /etc/ssh/sshd_config while logged in as su from your user account:
Modify the lines after: # Authentication
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
The most important is PermitRootLogin no
Your server will be subjected to numerous brute force breakin attacks on a daily basis. You want to minimize the possiblity that they can achieve root status. The above configuration is only a start.
After the above sshd_config file has been modified, restart the sshd server from the /etc/init.d directory with the command ./sshd restart
The next thing that needs to be configured is the /etc/rc.d/rc3.d directory. The rc3.d directory is the one that determines which services are started at boot time for a terminal (command line) based system. The rc5.d directory will determine the services that start at boot time if you selected an X Window based system. Notice that there are a number of files that start with either a K or an S. The ones that are prefixed with an S startup at boot time. The ones that start with a K must be started manually if you need them. For example, I didn't want the cups printer server running since I don't have a printer connected to the server so I changed S55cups to K55cups to disable the cups server at startup. The two numbers after the S or K determines the services startup priority in the startup sequence.
I had to enable httpd, mysqld, and postgresql on my system by changing the prefix from a K to an S.
At this point you should have an operational server. The apache web server (httpd) should be running with php, mysql, and postgresql support. You can use the command lynx localhost to check your server operation. It should show a default Apache information page. "lynx" is a text based web browser that I like to use. If you don't have it installed you can install it with the command: yum install lynx
The default web page directory is: /var/www/html You will see the default Apache startup page until you place an index.html or index.php file in the home web page directory. To test your systems php operation, place a file named index.php that contains the following line: <?php phpinfo(); ?> When you view this "page" with a browser, you should see a lot of information verifying you php installation.
Linksys Router Configuration---
At this point, I assume that you have some type of broadband connection to the internet already configured. In my area we have two services available, one cable based and the other a DSL line from the phone company. Neither of them support Linux knowingly. I have found that Linux runs fine whatever service you have you just won't get any support from the ISP. I have found it easiest to set it up with a Windows box. After that it is usually picked up automatically at startup on the linux system.
I have a Linksys Model WRT54G wireless router/switch that I purchased at Walmart for about $50. Most routers will be configured in a similar manner. I have set up a similar system with a Westell VersaLink Model 327W with equal results. In any case, you will have to follow the instructions included with your particular router.
Access to the Linksys router is provided by a web browser interface at: router control address (see manual).
You will be presented with a login and password form. Enter your login information of the default as detailed in you user manual.
Select the "Status" window: (On the far right of the menu bar for my system.)
There you will find your IP address, dynamic for most of us or a static IP address if you have purchased one with your service. This is the IP address you will need to point your domain name service to. That will enable the rest of the internet world to find you. An example of the IP address would be: 555.44.33.222
Next you will need to determine which address is assigned to your new server box in your routher. While still in the status window of your router control interface, select "Local Network" in the secondary menu bar. Then select the "DHCP Clients Table" button toward the middle of the page. You will see the various computers connected to your router. In my case the local address assigned to my "sever" is: 192.168.1.103
Now select the "Applications & Gaming" window from the primary menu bar. Then select the "DMZ" sub-menu item. Here you will select "Enable" DMZ Host IP Address 192.168.1.103 or whatever local IP address you determined in the previous step. Select save and then close your router access page.
Zoneedit.com Configuration---
I looked at a number of dynamic domain services including Zoneedit.com, Dynamic Domain Services, Inc., and TZO.com. The only one that is truly "free" using your own custom domain name is Zoneedit. The others charge a fee for something other than a name based on their service.
Note: Each of the Dynamic Domain Name services provide a wealth of information of this process. Please refer to their documentation as you are setting up the domain name service.
Once you have purchased a domain name such as XXX from a domain name vendor, register with Zoneedit.com. Each domain name is one zone. You can use as many variations
of that name as necessary and it is still one zone. For example: www (rupert.com) and rupert.com. Zoneedit will send all traffic for those domain names to your IP address.
Zoneedit offers service for up to 5 zones free. You can purchase service for additional zones at a very reasonable price. After you add your zone to zoneedit, you will be assigned two domain name servers. These are the servers that you will have to have your domain name DNS servers to at your domain service admin page. (I have used Godaddy for a number of years. I have found their fees reasonalbe and their service and reliability excellent.) Once you have set the dns servers to the ones provided by zoneedit at your domain name provider, you should go back to zoonedit and edit your zone. All you need to do is tell zoneedit which IP address to send your domain name traffic to. That will be the IP address you determined int the "status" window of your router. ie. 555.44.33.222
That's it! After all of the domain name and IP addresses have propagated through the internet system you should be able to type XXX in a browser window and go directly to your home based internet server.
The only time my service provider changes my designated IP address is when I shut down my modem and restart. I installed a UPS on the modem and router to minimize that occurrence. Whenever the address does change, you can again go to the router control web interface and get the new address from the status window. Software is available to do this automatically but I have found it to be an unnecessary additional route for Murphy to play his games. The Linksys router actually has an internal hardware based method to do this but it uses the fee based dynamic domain service vendors. Even those vendors don't suggest using that method as it is less reliable the the softare packages. The Dynamic Domain Nave vendors, such as zoneedit each reccomend software packages that will perform this service if you are interested.
QED!
I will discuss ssh shell access and sftp file transfer in another HOWTO
My next venture is a purpose built server with RAID 1 support. Stand by for the sequel.
fos....
PS. I have already had to XXX out the example domain names as it offered to send you to the actual domains that really exist. :)