Upon first install Virtualmin, you will need to set a few
configuration parameters:
- I recommend running Clam and SpamAssassin as servers, if you handle
email. If you delegate all email to a separate server, leave these
off.
We will be disabling root login to webmin / virtualmin. Start by
creating an administration group:
From the Virtualmin control panel, click at the top: Webmin
Open the webmin drop-down on the left
Click Webmin Users
Under Webmin Groups, click Create a new Webmin group
Call it "admins" or "devel" or as you wish. There is a Select All
link at the bottom of the list of permissions; use it.
Back on the Webmin User panel, click Convert Unix users to Webmin
users
Click in the radio-button for "Users with group" and put "wheel"
into the box (see previous post, where we set our administrator
users into the wheel group)
The default should be to use Unix authentication for the Webmin users.
That means, resetting your Unix password will update your Webmin login
as well.
Logout of Webmin and then back in with your username. Go back to Webmin
Users and click on the 'root' user in the list of users. Set the
password to "No password accepted" and voilá, your Webmin is now a
little more secure.
Disabling Unused Cronjobs
CentOS in particular puts unwanted tasks in the cron entries. They do
not appear in the 'crontab' proper but in /etc/cron.daily and
/etc/cron.hourly. Rename these files to be their hidden dotfile
equivalents:
cron.daily/.00webalizer
cron.daily/.freshclam
cron.daily/.makewhatis.cron
cron.hourly/.awstats
Otherwise, awstats will run every hour for every domain, regardless of
the settings you make in Virtualmin. Also I disabled 'makewhatis'
'webalizer' and 'freshclam' as I am not using them.
If you want support for MP3 files, Youtube video, and Java on your
webpages, you could hunt down several packages - or just install the
ubuntu-restricted-extras package install all the codecs and other files
in one step. This also includes Microsoft core fonts.
sudo apt-get install ubuntu-restricted-extras
Eliminate Irritating Update Notifier Pop-Unders
This from Joseph Sinclair
In Ubuntu 9.04, update-notifier doesn't display an icon, it actually
runs update-manager full-screen as a "pop-under". It's easy to miss,
and there's no way to make it NOT run (so on a laptop, for instance,
where stupid useless no-change updates are pending, you'll get the
blasted thing running every time you boot, and quite often multiple
times in a session).
There is a "magic" command to make it stop and go back to how it used
to run (which you may have to run regularly since some updates seem to
overwrite it), but it must be run for every user who can run updates:
gconftool -s --type bool /apps/update-notifier/auto_launch false
Adding that to /etc/bash.bashrc seems to be a quick-and-dirty fix that
restores it for every user, and resets it if it gets overwritten.
There's no guarantee this will work after the 9.10 update, but at least
it works for now.
Once you know these few steps, setting up a LAMP
(Linux/Apache/MySQL/Perl-PHP) server on a Linode
(please use that link, as it includes my referral code) is insanely
simple:
First, starting with a freshly provisioned CentOS install, ssh into the
root account. First, update the base system --
`
yum update
`
I find it convenient to also install the console version of emacs:
`
yum install emacs-nox
`
Next, edit /etc/sysconfig/network and change the hostname. That file
is read at boot, so you might also want to set the hostname for the
current session:
`
hostname www.example.com
`
Download the install.sh script from http://www.virtualmin.com/download.html
into /usr/src ... and then execute it:
`
cd /usr/src # wget http://software.virtualmin.com/gpl/scripts/install.sh
sh install.sh
`
Then login, as root, to your new virtualmin configuration at your
linode's address: https://li99-999.members.linode.com:10000 where the
99-999 is replace with your linode's address (see the linode control
panel).
Install problem: awstats
Ran into this error message after install, when clicking the "Check
Your System" button --
The AWstats command /usr/share/awstats/wwwroot/cgi-bin/awstats.pl was
not found on your system.
Complicated by the fact that "yum install awstats" said it was already
installed. But where? "rpm -ql awstats" gives the answer... and then I
just copied it as follows:
# mkdir -p /usr/share/awstats/wwwroot/cgi-bin
# cp -a /var/www/awstats/awstats.pl /usr/share/awstats/wwwroot/cgi-bin
Install problem: clamd (after update)
NOTE: After installing Virtualmin updates, I got an error:
ERROR: Command rejected by clamd (wrong clamd version?)
which I resolved with:
# /etc/rc.d/init.d/clamd-virtualmin restart
Default settings when you configure
Under System Settings / Server Templates and then Default Settings --
Mail for Domain / Mail alias mode for alias domains: * Copy
aliases from target*. Catchall is the default! And you don't want
that. See also "Postfix relaying" below.
Spam Filtering / Automatically delete old spam? Yes, if older than
7 days (or as you desire)
BIND DNS Domain / Hostname to your preferred world-visible
hostname; SPF DNS disabled (until you configure each domain
manually)
Upgrading PHP and MySQL
This is one place where Centos 5.3 lags behind the times. If you need
PHP 5.2 or above, you will have to enable an alternate repository. As
of this writing, the "Centos Testing" repository contains a pre-release
version that does not include the mcrypt and memache modules -- a
real problem. NOTE: Although I was able to upgrade a running server,
I'd recommend doing this before loading any production domains. Follow
the instructions at
http://www.virtualmin.com/documentation/system/bleed
Double-Check Postfix Relaying
Postfix was accepting email for anything@aliased-domain.com ... to
solve this, open the aliased sub domain in Virtualmin, and under:
Server Configuration
Email Settings
change:
Virtual server email-related settings
Mail aliases mode
from Catchall forwarding to Copy aliases from target. You
probably want to change this on the System Settings / Server Templates
/ Default Settings for Sub-Servers page as well. If you have already
created several domains, you can adjust this all at once:
# virtualmin modify-mail --alias-copy --all-domains
NOTE: Is there a bug in Virtualmin 3.68.gpl? I had to manually:
# cd /etc/postfix
# postmap virtual
# postfix reload
to force that to refresh.
Tuning clamd
Rather than spend too much time tuning the memory, I simply killed
clamd as it is a huge memory pig and leads to Out Of Memory webserver
freezes.
Tuning Apache
With the default settings, Apache can veer out of control and eat all
available memory. In /etc/httpd/conf/httpd.conf, change as follows in
the section shown:
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
# was: MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 400
0
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 10
ServerLimit 64
MaxClients 64
MaxRequestsPerChild 400
</IfModule>
Tuning Spamassassin
Dramatically reduce memory footprint by changing the number of threads
that spamassassin will execute at once from 5 down to 1. In /etc/sysconfig/spamassassin
(your location may vary) --
change:
SPAMDOPTIONS="-d -c -m<strong>5</strong> -H"
to
SPAMDOPTIONS="-d -c -m<strong>1</strong> -H"
-- William Lindley Automatically delete old spam?
No
Yes, if older than
daAutomatically delete old spam? No
Yes, if older than days
ys