Debian installation
This is a record of the installation and later updates of a Debian 4 system. The page is intended to help running or repeating the server setup.
We use XenServer Express (see Server virtualization) and installed the Xen template for Debian 4.0 (kernel modified for paravirtualization) with the standard setup. This is a documentation of the steps performed to get the Debian server working. These notes are meant to enable non-Linux people to reproduce the setup, and Linux experts to spot problems or errors. A highly useful reference was [1].
See also Biowikifarm server hardware.
Contents
Basics
The server can be reached at 160.45.63.55 with ssh enabled. Settings for ssh:
- /etc/ssh/ssh_config default settings for ssh when used as client
- /etc/ssh/sshd_config default settings for ssh as server
Current port and firewall situation: See Server ports and shorewall installation.
Partitioning and formatting additional storage
Xen will partition and format the first two hard drives (system and swap), but any additional, medium needs to be partitioned manually. The name of the third virtual hard disk under XEN is xvdc. Run:
fdisk /dev/xvdc # type n for new partition, p for primary, 1 for first partition, # accept defaults for size, type w to write out new partition. # To format with ext3 filesystem: mkfs.ext3 /dev/xvdc1 # repeat the above for a temp and backup disk (/dev/xvde + /dev/xvde1), then # To label partitions: e2label /dev/xvda1 root e2label /dev/xvdc1 storage e2label /dev/xvde1 dump
Note that the fourth harddisk (used for dispensible content like logs or backup duplicates) had been xvde, with xvdd being fixed to the DVD device.
Correct function of partitioning can be tested, e.g. using webmin (Hardware, Partitions on Local disks). To permanently mount, add the following line to "/etc/fstab":
/dev/xvdc1 /mnt/storage ext3 rw,noatime 0 0 /dev/xvde1 /mnt/dump ext3 rw,noatime 0 0 # to mount temporarily use something like: "mount /dev/xvdc1 /mnt/XXX"
During Xen-Debian install, the swap partition had been changed from 512 to 1024, however, to actually use more than 512 one needs to issue:
mkswap /dev/xvdb1 -L swap swapon /dev/xvdb1
Check with
cat /proc/swaps
Resizing virtual disks
- The disk needs to be deactivated in XenCenter before resizing.
- Resizing the virtual storage unit does not change the size of the partition under Linux!
- Method 1 (manual): if the disk contains only relatively easily migrated data (no dev/ports, etc.), copy all content to another disk using
cp -pr
(preserving owner, permission, recursive) ortar -p -s
. Use fdisk as above, delete and recreate partition, format and label disk. Copy all back, delete temporary copy. - Method 2 (better, tip Manol, not yet tested):
- install parted:
apt-get install parted
or gparted (graphical frontend) - unmount partition and check with parted
- OR: install
apt-get install dump
(dump - 4.4bsd dump and restore for ext2 filesystems) and use this to store and
- install parted:
Network, Hostname and IP address
Open "nano /etc/hostname" and enter the desired hostname, like:
OudemansD
Open "nano /etc/hosts" and enter the desired fully qualified hostname, like:
160.45.63.55 oudemans.diversitycampus.net OudemansD
Open "nano /etc/network/interfaces" and enter:
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or # /usr/share/doc/ifupdown/examples for more information. # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 160.45.63.55 netmask 255.255.255.0 network 160.45.63.0 broadcast 160.45.63.255 gateway 160.45.63.1 dns-nameservers 160.45.8.8 160.45.10.12 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
(Note: 160.45.8.8 and 160.45.10.12 are FU DNS)
Reboot now (first command) and run the following commands (the two hostname commands verify that the hostname setting is ok):
reboot hostname hostname -f apt-get update apt-get upgrade apt-get dist-upgrade
It may be good to repeat this, some updates came only in second round. Finally, we may want to do some cleanup:
apt-get autoclean
After doing this, the ssh fingerprints may have to be changed on all machines trying to access the new Debian by ssh (security issues fixed). Remove the keys for the previously opened IPs in the following file:
nano /root/.ssh/known_hosts
sudoers
Add to /etc/sudoers:
%sudo ALL=(ALL) ALL
This lets all users of group sudo run any command as root without knowing the root password.
Adding repositories to package manager
It is possible to add further repositories to the package manager by editing the repository file: "nano /etc/apt/sources.list". One important addition is the backports (needed for OpenID further down), and we also expanded the scope from "main" to "main non-free contrib":
deb http://ftp.debian.org/debian/ etch main non-free contrib deb http://www.backports.org/debian etch-backports main wget -O - http://backports.org/debian/archive.key | apt-key add - # perhaps redundant to above (but working, adding keyring security data): apt-get install debian-backports-keyring # Necessary for webmin: deb http://download.webmin.com/download/repository sarge contrib
The last command adds a gpg security key for the backport repository. (Documentation of further testing: We also tested the Google repository as an example. Using root console, we first had to get a pgp key (note: the original google instructions requested using https, but only http worked): wget -q http://dl-ssl.google.com/linux/linux_signing_key.pub -O- | apt-key add -
, and add deb http://dl.google.com/linux/deb/ stable non-free
.)
JAVA
Debian does not normally install Sun Java, but a slower "free Java". It is possible to install sun software after modifying the repository sources to include non-free software and backports (see here for more information: http://www.debian.org/doc/manuals/debian-java-faq/ch6.html):
apt-get install sun-java6-jre
The install location is /usr/lib/jvm/java-6-sun/. Sun recommends to update the Debian "alternatives system" to have Sun's tools as the default:
update-java-alternatives -s java-6-sun
Then edit /etc/profile (as user root), add:
export JAVA_HOME=/usr/lib/jvm/java-6-sun/ export JRE_HOME=/usr/lib/jvm/java-6-sun/jre PATH=$JAVA_HOME/bin:$PATH
(The last line before "export PATH"; this export is probably only necessary (e.g. for Tomcat, see below) if an earlier version of Java is still running and is located in a path that is looked up first by the system.)
Log out and log back in again (this may also be another user) and then confirm that these settings are in effect by:
echo $JAVA_HOME echo $JRE_HOME echo $PATH
NOTES: apt-get suggested these packages (not installed):
binfmt-support sun-java6-demo sun-java6-doc sun-java6-source sun-java6-plugin ia32-sun-java6-plugin sun-java6-fonts ttf-baekmuk ttf-unfonts ttf-unfonts-core ttf-kochi-gothic ttf-sazanami-gothic ttf-kochi-mincho ttf-sazanami-mincho ttf-arphic-uming libmyodbc odbc-postgresql libct1
apt-get recommended packages (not installed):
libasound2 libnss-mdns gsfonts-x11
NOT DONE, TOMCAT WOULD BE REMOVED: The gcj packages were then removed:
NOT DONE, TOMCAT WOULD BE REMOVED: apt-get remove ecj-bootstrap-gcj gcj-4.1-base java-gcj-compat libgcj-bc libgcj-common libgcj7-0 libgcj7-jar
Alternatively (and initially on this server, only later changed to apt-get!, following instructions at Sun/Java plus instructions [http://www.cs.wcupa.edu/rkline/netbeans-lin.html here) a downloaded Sun distribution may be manually installed: move downloaded file: "mv /home/vncroot/Desktop/jdk-6u6-linux-i586.bin /usr/local/". Run: "chmod +x jdk-6u6-linux-i586.bin" to make executable. Go to /usr/local/, run the file as: ./jdk-6u6-linux-i586.bin, remove the downloaded file (rm jdk-6u6-linux-i586.bin). -- With manual install in usr/local, to make installations version-independent, issue the following command: cd /usr/local/; ln -s jdk1.6.0_06 jdk (success is not returned, check whether in addition to the jdk1.6.0_06 a new jdk folder is present in /usr/local). Test with /usr/local/jdk/jre/bin/java -version, returns version number if all works. Later (2008-11), for safety, /usr/local/jdk was linked to /usr/lib/jvm/java-6-sun/
MySQL, Apache PHP, etc.
General installations
apt-get install gcc cpp libtool binutils make autoconf automake1.9 flex apt-get install zip unzip rar unrar p7zip p7zip-full apt-get install librsvg2-2 librsvg2-bin
The librsvg2-2/librsvg2-bin is an svg-renderer used by MediaWiki (requiring some extra work in settings files though). In our installation, it was already installed with a previous package.
To use MediaWiki with high traffic, a memcached memory cache should be installed prior to installing MediaWiki:
apt-get install memcached php5-memcache
Without further configuration, a single memcached daemon on default port 11211 will be active, limited to localhost (testing from outside with telnet 160.45.63.55 11211 confirmed this), using up to 64 MB of your RAM.
This can not be changed by editing /etc/init.d/memcached
, but /etc/memcached.config
must be modified. We increased size: -m 128 = 128 MByte, user: -u www-data (run under same user as Apache) and -l 127.0.0.1 = listen only on local loopback interface.
Note: At the time of this writing, a fairly old version of memcached (1.1.12) is installed by apt-get of Debian 4 and No backports are available.
Update: at present, memcached has been de-installed because PHP-APC is used as object cache instead (single-machine setup).
MySQL
apt-get install mysql-server mysql-client libmysqlclient15-dev nano /etc/mysql/my.cnf # ... and change port to "port = 8088" and comment out: "#bind-address = 127.0.0.1" # so that mysql can be reached from outside. Then restart: /etc/init.d/mysql restart
Console commands
Test with netstat (debian seems to report 8088 as omniorb) and set a password for root (otherwise anybody can access your MySQL database!):
netstat -tap # -u = login as this user mysqladmin -u root password (ThePassword)
(Note: it was also recommended to to do the same with -h for hostname: "mysqladmin -h oudemans.diversitycampus.net -u root password (ThePassword)", but this resulted in the error message 'Host 'oudemans.diversitycampus.net' is not allowed to connect to this MySQL server' and seemingly in a user with no password (which was deleted later). Not sure whether this provides a security hole.)
New users can be created and granted privileges inside the mysql console:
# enter the mysql console (asks for passwort): mysql -u root -p # within the console: grant all privileges on *.* to 'username'@'localhost' identified by 'PASSWORD' with grant option; grant all privileges on *.* to 'username'@'%' identified by 'PASSWORD' with grant option; # to exit the mysql console type: exit
Notes: a) grant will create a user if it does not exist yet. b) username, hostname, PASSWORD must be quoted with '. c) the '%' allows the user to log in from any other host except localhost; an explicit grant for localhost is thus required in addition to the '%'.
Done for mb-gw and mb-gh, ('wikiuser@'localhost' for the mediawiki will be created by the mediawiki install script itself).
Some other mysql console commands are:
show databases; use mysql; Select * from user; drop user root@OudemansD;
Important note: entering mysql command line with "mysql -u wikiuser -p"
will ask for password; if you want to include the password (e.g. when using pipe into) do not add a blank between p and the password. Also, when using the -h host option, only -hlocalhost, but not -hlocalhost:8088 will work! The host can usually be omitted. See the following examples:
mysql -uwikiuser -pTHEPASSWORD mysql -hlocalhost -u wikiuser -pTHEPASSWORD < openid_table.sql
Copying or moving a MySQL database
Unlike MS SQL Server, you cannot reliably move a MySQL database by detaching, moving, and attaching binary files in the MySQL directory. You must dump the mysql database to a sql/text file using the mysqldump command. The SQL commands can then re-create the tables and contents. To use the file, start the mysql command interface, create and use the database and give the command "source your_filename" which reads and executes the commands from the dump file.
Over the web, myphpadmim offers backup (which works) and restore (which does not work for any reasonably sized database, despite uploading as zip file, we are getting out of memory errors). So we have to use command line programming. Note that the dump created by myphpadmin includes a database create statement; to copy to a different database name you need to modify this (extremely long lines may become corrupted in some editors!); the mysqldump does not contain database statements and is easier to reuse.
To dump a database:
mysqldump -u root -p wikidb > /var/backups/wikis/wikidb.sql
This writes the database into a file called sample.sql. To create a new database called xxx and create the tables and insert the data that were present in wikidb, use:
mysql -u root -p CREATE DATABASE xxx; # for a wiki: CREATE DATABASE metawiki DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci; use xxx; # load from a file: source /var/backups/wikis/wikidb.sql;
You can also copy directly a database from one server to another or the same server. The second database must have been created however,
mysql -u root -p CREATE DATABASE metawiki DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci; exit; mysqldump -u root -p(ThePassword) --opt wikidb | mysql -u root -p(ThePassword) --host=localhost -C metawiki
Here wikidb is copied to "localhost" (–C tells mysqldump to use data compression if both servers support it). "localhost" can be replaced by the IP address of any local or remote computer.
Note: a wiki-backup script has been started in /var/backups/scripts
Performance tuning and unicode:
In /etc/mysql/my.cnf we changed:
key_buffer = 64M # was 16M sort_buffer = 8M # did not exist max_connections = 2000 # was 100 table_cache = 256 # was 64 # utf8 init-connect='SET NAMES utf8' character-set-server=utf8 collation-server=utf8_unicode_ci
We include three-letter words in the full text index:
ft_min_word_len=3
(Note: after changing this, run "REPAIR TABLE searchindex QUICK;" in mysql/myadmin on each affected database.)
Apache
apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert nano /etc/apache2/mods-available/dir.conf # add more values to DirectoryIndex: # index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml nano /etc/apache2/ports.conf # add ssl port to the existing "Listen 80" on new line: Listen 443
Now we have to enable some Apache modules (SSL, rewrite, suexec, and include) and execute the last command restart:
a2enmod ssl a2enmod rewrite a2enmod suexec a2enmod include /etc/init.d/apache2 force-reload
Apache config is in /etc/apache2/apache2.conf, the virtual host configurations are included from: /etc/apache2/sites-enabled/ (empty at the moment, not yet configured) and /etc/apache2/sites-available/default (does exist).
By default, the www-root (DocumentRoot) is /var/www/.
SSL was not completely configured. It is possible to self-sign a certificate, using the OpenSSL command, see Apache manual, creating server.key and server.crt. However, further tasks (moving, decrypting to avoid entering the passphrase) did not work as described and need to further expertise to finally perform. SSL on port 443 is not priority, so this was not further pursued.
Finally, already installing webalizer here:
apt-get install webalizer
Subversion
apt-get install subversion libapache2-svn # (note: modules are automatically enabled, no a2enmod necessary)
- Tested with MediaWiki svn download (see below)
- Potential additional instructions (not used): Configuring Subversion
Special commands:
svn update -rXXXX # update to specific revision (XXXX being an integer revision number) svn revert filename # revert a modified file to its original state, so future updates will refresh the file again cd /usr/share/mediawiki; svn status phase3 # show locally modified files (potentially no longer updated)
PHP
Instructions for PHPMyAdmin: http://www.debianhelp.co.uk/phpmyadmin.htm, downloading not necessary, apt will do this.
apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-json php5-mcrypt php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl apt-get install phpmyadmin
Enable php after installing:
a2enmod php5
This creates symbolic links from /etc/apache2/mods-available/php5.conf and /etc/apache2/mods-available/php5.load to /etc/apache2/mods-enabled.
As long as all php runs on a single server, APC is better than memcached. Recommended reading: http://www.mediawiki.org/wiki/User:Robchurch/Performance_tuning it is recommended to use:
apt-get install php-apc
Check phpinfo.php, section apc for success. Note: Initially we did not configure the APC user cache for the mediawiki object cache ($wgMainCacheType = CACHE_ACCEL), but use memcached for this ($wgMainCacheType = CACHE_MEMCACHED) to simplify transition to multiserver setup without APC. However, we have since moved the entire cache action to memcached.
php.ini
For MediaWiki, uploading must be enabled. The php.ini file used by apache is at /etc/php5/apache2/php.ini
and already contains file_uploads = On
and register_globals was already Off. However several settings were changed:
max_execution_time = 120 ; DEFAULT WAS 30; Maximum execution time in seconds of each script max_input_time = 90 ; Maximum amount of time in seconds each script may spend parsing request data memory_limit = 100M ; Maximum amount of memory a script may consume (default 16MB) ## gallery2 install requires at least 34 upload_max_filesize = 50M ; was just 2 post_max_size =52M ; was 5, affects file upload and must be larger fileupload! allow_call_time_pass_reference = Off ; was On
max_execution_time = 120
was increased because certain admin queries on wikis take more than the default 30 seconds allotted.
The ini file for command-line scripts is at /etc/php5/cli/php.ini
; this is separate from the one used for the apache php module.
Syntax errors: The log files are relatively silence if a syntax error exists in php.ini. All values will be used with their defaults; thus this situation can be detected by checking Special:Upload whether it displays an upload limit of 2 MB. To manually check php.ini for syntax errors use:
php --info --php-ini /etc/php5/apache2/php.ini
Important for inserting utf-8 text into mysql:
Although a mysql table may be set to CHARACTER SET utf8
, the mysql client's standard charset may still be Latin1. So when inserting utf-8 data with PHP, the client's charset may have to be changed to utf-8 after creating the connection:
$conn = mysql_connect($MySQL_Host, $MySQL_User,$MySQL_Passwd); mysql_query("SET NAMES utf8", $conn);
PHPMyAdmin
To enable phpmyadmin, edit: /etc/apache2/apache2.conf
and add at end of file:
# Enable PHPMyAdmin Include /etc/phpmyadmin/apache.conf
(Test with "http://160.45.63.55:8087/phpmyadmin" - or any current port)
Since the Debian 4 version is stable but ancient, we also check out the most recent version in parallel (plus create link into www-root and copy the working configuration file from the Debian stable version):
cd /usr/share/; svn checkout https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin phpmyadmin-dev cd /var/www/; ln -s /usr/share/phpmyadmin-dev . cp /usr/share/phpmyadmin/config.inc.php /usr/share/phpmyadmin-dev/config.inc.php
(Subversion updating command shown together with MediaWiki below.)
Mediawiki
Mediawiki installation information is available separately: Mediawiki_installation
Gallery 2
Using apt-get install gallery2
, Debian 4 (Etch) installs only the obsolete Gallery2.1. For Drupal 6 integration we need Gallery2.3, so this is not an option. Instead, we used subversion-based installation:
cd /usr/share/; https://gallery.svn.sourceforge.net/svnroot/gallery/trunk/gallery2 cd /var/www; ln -s /usr/share/gallery2 # Create a folder for gallery data (non-standard name): mkdir /var/gallery2data chmod 777 /var/gallery2data # Create the config file and make sure the webserver can write it: cd /var/www/gallery2/ touch config.php chmod 666 config.php
The Gallery subversion installation can later be updated with:
cd /usr/share/gallery2/; svn update
The database must have already been created (with utf8!), but we use the mediawiki wikidb and the wikiuser for gallery2 as well to simplify backup and maintenance. Install by navigating e.g. to http://160.45.63.55:8087/gallery2. Install is well prompted. For host use localhost
(NOT localhost:8088
; non-TCP/IP connection???). During normal install, a memory error may appear, in php.ini the default "memory_limit = 16M" must be increased to "memory_limit = 40M".
The admin user was set to WikiSysop with same password (but they are unconnected).
We selected a wide spectrum of plugins (but not gallery 1 update or shopping modules). Activation notes:
- The Ffmpeg module was installed, but needs configuration to be activated
- The ImageMagick module was installed, but needs configuration to be activated
- The Jpegtran module was installed, but needs configuration to be activated
- The URL Rewrite module was installed, but needs configuration to be activated
TODO: Followed recommendation from http://codex.gallery2.org/Gallery2:Security#Short_Check_List
Important modules are:
- Link Item - allows external URLs (as well as albums). Link allows to link an external webpage or image (both optionally with an algorithmic thumbnail generation using khtml2png, which, however, is difficult to set up and Linux only)
- Major problem: if web-page thumbnail generation is not active, a "chain" image is used as thumbnail. The thumbnail can be manually set, but NOT to a URL, it seems only to local files!
- MultiLang = content metadata like title, description in multiple languages!
The gallery configuration created by the install process is </code>/var/www/gallery2/config.php</code>, data are stored in </code>/var/gallery2data/</code> outside of www-root. Some security recommendations [2] were applied, e.g.:
chmod 755 /usr/share/gallery2/ chmod 644 /usr/share/gallery2/config.php
Tomcat
Important: to get Tomcat5.5 running after installing, it is necessary that the environment variables JAVA_HOME and JRE_HOME are set correctly and that JDK 5 or higher is used.
apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps apt-get install libapache2-mod-jk
In /etc/default/tomcat5.5 remove comment markers from TOMCAT_USER=tomcat55 (default), or another user, and do the same for JAVA_HOME with the correct path (peferably a symbolic link to current version, e.g. JAVA_HOME=/usr/lib/jvm/java-6-sun). The other options only need to be uncommented if you want to override the defaults (which are set in /etc/init.d/tomcat5.5).
Edit /etc/profile (as user root), add:
export CATALINA_HOME=/usr/share/tomcat5.5
To make Tomcat work with Apache edit /etc/libapache2-mod-jk/workers.properties and set the two lines (using your correct paths):
workers.tomcat_home=/usr/share/tomcat5.5 workers.java_home=/usr/local/jdk
At the end of /etc/apache2/apache2.conf add:
# Enable libapache2-mod-jk Include /usr/share/doc/libapache2-mod-jk/httpd_example_apache2.conf
Restart Apache and Tomcat.
/etc/init.d/apache2 restart /etc/init.d/tomcat5.5 restart
Fedora
See FEDORA Installation, FEDORA Batch Import
For manual Fedora 3.1 start method see section further below under "Stop services / demons"
Note: Fedora does not install the log folder in the log path of debian. GSearch logs become quickly very large (Gigabytes), so it is important to move them. The following code copies existing logs (assuming /var/log/fedora/ already created) and creates symbolic links. THIS NEEDS TO BE REPEATED WITH EVERY UPDATE OF FEDORA TO A NEW VERSION!
cp -pr /usr/share/fedora/server/logs/* /var/log/fedora/ # destination may be /mnt/dump/var/log/fedora /usr/share/fedora/tomcat/bin/shutdown.sh rm -r /usr/share/fedora/server/logs ln -s /mnt/dump/var/log/fedora /usr/share/fedora/server/logs /usr/share/fedora/tomcat/bin/startup.sh
Note 2009-09:
http://fedora.keytonature.net/x/x.jpg
links to /var/lib/tomcat5.5/webapps/x/x.jpg with /usr/share/tomcat5.5/webapps/ being a link to /var/lib/tomcat5.5/webapps/. However the root of http://fedora.keytonature.net/ links to webapps/ROOT, but on 2009-09 was misconfigured to link to fedora-3.1/tomcat/webapps... folder.
Fedora Rebuild Index
In several situations it may be necessary to rebuild the Fedora indices:
- Recovering from inconsistencies and/or corruption of the indexes.
- Upgrading from a previous version of Fedora when the SQL database or Resource Index changed significantly between releases
- Migrating from one SQL database product to another in an existing Fedora installation. Such migration can be done by modifying /usr/share/fedora-3.XXX/server/config/fedora.fcfg to point to a properly-configured <datastore..>
The batch service fedora-rebuild.sh must be started as follows:
* Stop the Fedora server (if using Fedora-Tomcat, this can be done with the /usr/share/fedora/tomcat/bin ./shutdown.sh command) * Run /usr/share/fedora/server/bin ./fedora-rebuild.sh * Select option "1" in order to rebuild indexes * Confirm this procedure with "1" * Restart the Fedora server (if using the Fedora-Tomcat, this can be done with the /usr/share/fedora/tomcat/bin ./startup.sh command)
See also: Fedora Commons documentation.
Last rebuild results:
2009-09-05 at 21:17 this procedure have started for rebuild indexes. 2009-09-05 at 23:45 this procedure succeeded for 271890 objects and 9764177 triples.
Webmin
Webmin is a web-based system configuration tool for Linux. With it you can configure many operating system internals, such as users, disk quotas, services, configuration files etc., as well as modify and control many open source apps, such as the Apache HTTP Server, PHP, MySQL etc. It has it's own web server and a self-signed SSL Certificate Authority. Later configuration of own SSL Certificate is necessary for increased security.
To install, first /etc/apt/sources.list needs to contain the line deb http://download.webmin.com/download/repository sarge contrib"
. Then:
apt-get update apt-get install webmin
You will be asked if you wish to install the package without verification. Select yes. After install is complete, webmin's web service runs on port 10000, secure, by default. To configure this to a different port, edit:
nano /etc/webmin/miniserv.conf
and change port and listen options 10000 to 8010. Restart Webmin by running:
/etc/init.d/webmin stop /etc/init.d/webmin start
To login under https://160.45.63.55:8010/
Any user that can execute sudo can login with their usual password. Help for the standard modules used by Webmin can be found here: http://doxfer.com/Webmin/Modules. A wiki page for webmin can be found here: http://doxfer.com/Webmin
mc (midnight commander) und jed (editor)
Midnight commander is the Linux equivalent of the Norton Commander. Anyone familiar with Norton Commander should feel right at home. Very useful for browsing through the file system. It has an integrated FTP client, editor and file viewer, and supports the use of a mouse inside an ssh window! Similarly, jed is an editor that supports the use of mouse in ssh. Install both with
apt-get install mc jed
No configuration necessary. Run with
mc jed
Tips for simple access of Debian file from remote Windows
Install WinSCP, which will allow to browse the Debian server almost like a Windows explorer (or a graphical Midnight commander). It allows to easily and securely (using sftp, we do not use ftp) create folders, copy files within the server, or upload/download files to your machine.
WinSCP also very nicely integrates with PuTTY, a ssh client. To make this as simple as possible, do the following:
- You can either
- install PuTTY (copy all files from the zip with all executables and help) into the Putty subfolder of WinSCP
- Or (perhaps already) have installed it anywhere else
- In any event go in WinSCP to the menu: Options/Preferences, then in the Dialog box: integration/applications and check the path. It should be something like "%PROGRAMFILES%\PuTTY\putty.exe" if putty has been installed in that folder.
- In the same dialog, turn on Remember... and Automatically...
- Now whenever you open WinSCP, a second window with ssh will automatically be opened.
- To change the display options in PuTTY, go to the Window menu (top left), Change settings (e. g. Window, Color, Use System colors will use black-on-white text if you have set you Windows command window that way). Under Window increase Columns (e.g. to 120), Rows (e.g. to 63), and scrollback (e.g. to 900) to suit your taste. On "Session" itself select "Default" and click "Save" to preserve your changes.
Reversely, adding NTFS support to Debian: In our case this was desirable to add read/write support for NTFS-Formatted USB-disks. Provided backports are installed for apt-get (as instructed above), one can install:
aptitude install ntfs-3g
To temporarily mount from command line use (assuming the usb-disk is xvdf, check in Xen Center)
mount -t ntfs-3g /dev/xvdf1 /mnt/usb-disk
To mount the NTFS during boot add the following to the end of the /etc/fstab file:
/dev/xvdf1 /mnt/usb-disk ntfs-3g defaults 0 0
See ntfs-3g manual for further information. Some note mention that "To mount files with non-ASCII characters one may have to give the option -o locale=XXX to the mount options of ntfs-3g; see http://ntfs-3g.org/support.html#locale for further information." We did not do so far, using UTF-8 seems to work.