Linux Server Setup 3

[cbrenchley]

Help! I have just been volunteered to be our companies new IT/Webmaster/System Admin. I feel comfortable with IT and web design, but I can feel myself drowning in System Admin. This is what the bosses want me to do.
1, Get a domain name and IP address
2. Set up our company website on a server running Fedora Core
3. Set up our company email accounts and user names
4. Maintain a DNS server.
5, Maintain a print server.
6. Set up Samba for our windows systems

I have no problem setting up a webserver using Apache, I can get php and mysql up and runining, I can set up and maintain Samba and the print server, the fuzzy area will be the DNS and the email servers. My question is, can I put a mail server, DNS server and a web server all in one box? Do I need to have a primary DNS server separate from a secondary DNS servers? Is a Cache server a third box that I need to set up. How do I set up a mail server? Is that another box(server) that needs to be set up? Please help, I can feel the unemployment office on my shoulder.

 

[RhythmAce]

The latest version of fedora is 6. Everything you have listed comes already installed.

You can get a domain name from a registrar such as godaddy.com. It will set you back about nine dollars a year. You can use their dns servers to point your domain name to your ip address. Most business internet accounts come with at least one static ip address. This is the one you will point your domain name to. Within your network, you will need to setup a server with a static ip address also. Your router should have a range of addresses that are not in the dhcp pool. Use your router's port forwarding to route all http traffic to your server's local ip such as 192.168.1.20 on port 80.

By default, fedora comes with sendmail already running. You will need to get it to look for requests on the eth0 device rather than the loopback though. Look for a line in /etc/mail/sendmail.mc that starts with Daemon Feature. There are a few lines that start with that but the one you want will have it looking at 127.0.0.1. You want to look at the server's local ip address. Any time you edit sendmail.mc, you need to rebuild sendmail.cf. This is done with the m4 macro compiler. Simply issue this command:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

To add mail accounts, you just create regular linux user accounts. If these will be mail only accounts and do not need to login to the server, then set their login shell to /sbin/nologin and their home directory to /dev/null. This will will save a lot of space on the server. All incoming mail will go to a file called /var/spool/mail/username. The first time a user gets mail, a file with his name gets created here. All that user's mail will go into one file until a pop3 request is made and it is sent to the user's email client. Fedora installs dovecot by default and is a great imap/pop3 server which doesn't need to be configured.

If you need a dns server it is called 'bind' and you may want to google that for for a good tut. Fedora also come with a good proxy server but for the life of me, I can't get it to come to mind. I'll think of it as soon as I click the Post button. To answer you last question, all servers can be on one box with no problems at all. The reason for that is, even though they share a common ip address, every server uses a unique port. By the way, fedore comes with an ftp server as well. Just make you website's directory your home directory and your all set. For more specific help, there is a forum for each of the servers here at tek-tips. Have fun and enjoy your new job.

 

[RhythmAce]

Wha'd I tell ya? The name of that caching proxy server I couldn't remember is called squid. I also forgot to mention samba but that can be used for both file and printer sharing. I should point out the linux is not 100 percent reliable when writing to ntfs drives. It may be ok in most cases but do not rely on it with critical files.

 

[cbrenchley]

Hey, Thanks a million for the reply. You have pointed me in the right direction I see. One other problem, what do I do if I set up a virtual website in apache and have to set up two domains in sendmail?

 

[cbrenchley]

Also, What host name do I call my server?
mail.myDomain.com
ns1.myDomain.com
ns2.myDomain.com
or just
myserver.myDomain.com

 

[RhythmAce]

None of the servers know anything about each other. So you can host web only or mail only if you wanted to and there is no limit on how many of each. The host name hardly ever comes into play. However, when you boot up, any name you assign to eth0 will try to be resolved. This may slow things down if it is no a registered domain name. As for your dns records none of that matters. The only thing that is important is your ip address. When you create a dns "A" (Address) record, you assign a domain or sub-domain name to an ip address. If you host many domains, you would still point all of them to the same ip address. For every mail server, you will need to have at least one "A" record and one "MX" (Mail eXchange) record. Generally, you create a sub-domain name for the mail server. For example mail.domain1.com and assign it the same address as your webserver. Like I said earlier the only thing that matters is that the ip address can be accessed from the internet and that there is a mail server listening on port 25. Once you create the "A" record, now you create the "MX" record. All this does is say the mail.domain1.com handles the mail for domain1.com. Remember that mail.doamain1.com is just a name for that mail server and does not exist anywhere else in the world. If you host more than one mail server, you would do the same for domain2.com and so on. There is no limit to how many domains you can host on one mail server. In other words, you only need one instance of sendmail running. Getting back to the webserver you only need one instance of apache running also. You will use name based addressing. That is, all the domains that are pointing to your server, will be answered by apache. It will listen for all requests that come in on port 80 (http) and look at the header for a domain name. It tries to match it with the ServerName contained in each vhost container. This is called name based addressing and is how web servers can host an unlimited amount of domains. To add one small note about you hostname. All mail that goes out from your server has to but the return path in the header. That means that the hostname will appear if anyone opens the full header in the e-mail. If you do not have a hostname, localhost.localdomain is used.

 

[cbrenchley]

So, When I set up this server and give it a hostname, I can call it server.myDomain.com
and my mail server will be called server.myDomain.com
and my dns server will be called also server.myDomain.com
as long as I set up my mx record to point to server.myDomain.com and my ns record to point to server.myDomain.com

P.S. Thanks a million for your help, your saving my bacon.

 

[RhythmAce]

Yes. I doesn't matter what the hostname is. DNS is like dialing 411. A dns record points a name to a number. That number is your public ip address. In most cases, your router is the gateway in and out of your local network. The outside would knows nothing of your network. Your router will answer all requests coming into it and route them as you have designated based on the protocol of the request. So you can have http and ftp forwarded to 192.168.1.20 and the smtp and pop3 requests go to 192.168.1.10 or have everything go to one machine. As you can see, hostnames never enter into the picture. If there is an exception, it would be your mail server. The rules for internet mail specify the mail needs to be traced back to the very machine where it was originated. If you send mail through your isp account to a friend's isp account, They can open the header and see that the message originated from the machine name of the computer at your home. It is in the form of hostname.mailserver.yourisp.net. Forgive me if I'm going over stuff you already know but it seems like you are getting hung up on stuff that doesn't matter. And just to touch on the DNS server issue, I want to point out that you do not need your own dns servers to host a webserver. The registrar that sold you your domain name will provide dns service and give you access to modify these records. To point to your own dns servers, you will need to provide at least two ip addresses. Unless you are running something like a server farm, you shouldn't need your own dns server. Another reason would be if you are letting people host sites within your intranet.

 

[cbrenchley]

Ok, first of all I would like to thank you for taking the time to help this rookie. I’m starting to get a general picture of what I need to do. Here is the information that I have about my setup so far:
OS Fedora Core 2
Web server: Apache
FTP server is on and running
Samba is working
Printers are shared
Shared folders are online
The server is behind a DSL modem with a firewall enabled and port forwarding to all necessary ports
The first thing I think I need to do is change the hostname on the system, it is now localhost.localdomain
Second thing I need to do is setup the dns server
Third, I need to setup sendmail.
We have one static ip address and a domain that is pointing to the name servers that resolve the ip address.
Question: how do I change the hostname and domain name from localhost.localdomain to xxx.OurNewDomain.com
What Zones do I need to setup in DNS and how?????
If I get this far this week, I will worry about sendmail later. Thanks again!

 

[cbrenchley]

ok, here is the problem I'm having now. I've setup my network in two ways and both ways, it does not work as far as the email. The webserver works but I can't get email to work. First, I have set the server in a DMZ zone and I can't get the webserver to work or the email. Second, I used port forwarding and keeped the server behind the dsl modem firewall. Which way should I try to set up the topology?

 

[RhythmAce]

The dsl modem goes way on the outside. It is hooked directly to the outside world. Next is your router. There should be a port that is labeled WAN or Uplink. That is the one that gets connected to your dsl modem. The WAN setup of the router will have the public ip address provided by your internet provider. The ip address of your dns servers will go there also. These are the dns servers from your isp, not your domain registrar. On the LAN side the router will have the local ip address. It is usually the lowest on the sub-net i.e. 192.168.1.1. Generally you will want to reserve a block of adresses for special purposes such as servers. So you may want to start the range of addresses for the DHCP pool to begin at 192.168.1.100. There is nothing set in stone. You can start whereever you want. Now all your workstations can setup their network configurations automagically using dhcp. The server on the other hand needs to be setup with a static ip. For kicks we'll make it 192.168.1.10. Sub-net mask will be 255.255.255.0 and the dns server will be 192.168.1.1. Wait a minute you say. That's the address of my router. Exactly! Your sub-net doesn't need to know where the dns servers are because your router already has that covered. The gateway will also be set to 192.168.1.1. If your server can see the outside world then you have your network setup correcly. If not, look for a file called /etc/resolve.conf. This should have the address of your router/gateway. To change the hostname, just type hostname and the name you want to give it. For example:

hostname new.hostname

Any time you want to see what it is set to, just type hostname by itself and just like magic the name will appear. Setting up sendmail will take a thread all by itself. There is a forums just for sendmail here at tek-tips where you can get specific help just for setting up your mail server. There is also an apache forum. Keep us uptodate on how you are doing.

 

[thedaver]

There's also a qmail forum!

(ROTFLOL, sorry RA, it's becoming a bad joke, I promise to stop soon...)

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[cbrenchley]

One quick question. Can I leave my server host name and domain, localhost.localdomain ? Working on the named.conf file and other dns files.

 

[cbrenchley]

p.s. So far the job sucks! Way too much pressure.

 

[RhythmAce]

That depends. All machines call themselves localhost. That means you cannot request a remote machine with that name. The name localhost is usually associated with the loopback device (lo) which has an address of 127.0.0.1. The name localhost.localdomain is generally an alias. All these point to lo. When you configure your network device (eth0), you assign an ip address and/or name including an FQDN to it so it cann be accessed from your network. Other devices on your network connect your network to the outside world or the other way around. Now you can see why I get confused when you bring up the issue of hostname. It doesn't have much bearing on on what the outside world sees. And when you talk about servers, thats what we're talking about. Don't let pressure of the job get to you. What you want to do is break this down into small manageable pieces. If you see this as one big problem with one big solution, you will be overwhelmed. You will need a place to start. If you need a dns server for your network, then that would be a very good place to start. Right now though, I'm not convinced you even need one. Can you tell me what you need it for?

 

[cbrenchley]

The reson that I need a dns server, I think, is that we will be hosting two domains on one ip and Qwest only lets us point one domain to that ip. What I thought was that if I point my domains to Qwest name servers it would find my dns server and resolve to my main domain and one virtual domain on Apache.

 

[RhythmAce]

I just checked Qwest's Terms of Service and can't find anything that says you can only point one domain name to your ip address. The only thing I found that came close to that was If you have a web page that they host (comes free with account), you can point your own domain name to that. They call the domain name a vanity name. This is not what you want to do. You want to host your own webserver. Most webservers including apache let you host many domains with one ip address. You don't need your own dns server for this. If you already have a registered domain name, then the registrar you bought it from will provide dns services. You can edit your dns records and have the domain point to your ip address. If you will be hosting a second domain, you will need whoever has admin privs for that account to go to their registrar and point their domain name to your ip address. When an http request comes in to your router it should forward it to the apache server. Apache will get the name of the domain being requested and look at all the virtual servers (also called virtual hosts or vhosts) you have configured and fulfill the request. Apache can be setup to use name based addressing. You will create a vhost container for each domain on your server. Each vhost container will have a ServerName directive. One vhost would be domain1.com and the next will be domain2.com. Your isp's dns servers don't even figure into the equation.

 

[cbrenchley]

Great that helps alot, you are a life saver. The one huge problem is that when I goto

https://manage.opensrs.net

to change my dns servers, they only will let you enter namerservers such as authns2.dnvr.qwest.net. It will not let me point to my ip address. Not sure what to do about that.
Again, thanks a million for your help.

 

[RhythmAce]

Yes, that is normally how it works. You need to point to at least 2 dns servers. Most registrars will have you setup to use theirs by default. I looked to see who the dns servers were for opensrs.net and the list these 3:

dns1.tucows.com
dns2.tucows.com
dns3.tucows.com

If you got you domain through opensrs.net, then these would be your dns servers as well. If you don't mind giving the name of your domain, I can tell you what dns servers you currently have. Or if you would rather not, you can go to the shell terminal and type 'dig dns yourdomain.com' without the quotes and it will tell you. If it comes back empty, use those listed. Some times it takes several hours for the dns servers to propagate so if you do dig right aftr assigning dns servers, it may not show up. Once you get the dns thing taken care of, you will be on you way. You may want to start a new thread to tackle the next issue though. ;-)

 

[cbrenchley]

normally I goto this place to change my nameservers:

https://manage.opensrs.net

the domain is jjvalvesandcontrols.com
Is there another place that I can goto so I can add my ip address along with my nameserver that I think I have set up?
On my server I have a forward and reverse zone and I have also set up the mx zone. I would feel better about the whole thing if I could not only list my nameserver but I would like to list my ip address too.