Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Tutorial Subsonic - How to install a music streamer similar to a Jukebox 2010-06-03 13:14:58 "Subsonic is a free, web-based media streamer, providing ubiquitous access to your music. Use it to share your music with friends, or to listen to your own music while at work. You can stream to multiple players simultaneously, for instance to one player in your kitchen and another in your living room. Subsonic is designed to handle very large music collections (hundreds of gigabytes). Although optimized for MP3 streaming, it works for any audio or video format that can stream over HTTP, for instance AAC and OGG. By using transcoder plug-ins, Subsonic supports on-the-fly conversion and streaming of virtually any audio format, including WMA, FLAC, APE, Musepack, WavPack and Shorten. If you have constrained bandwidth, you may set an upper limit for the bitrate of the music streams. Subsonic will then automatically resample the music to a suitable bitrate. In addition to being a streaming media server, Subsonic works very well as a local jukebox. The intuitive web interface, as well as search and index facilities, are optimized for efficient browsing through large media libraries. Subsonic also comes with an integrated Podcast receiver, with many of the same features as you find in iTunes. " (www.subsonic.org) I was looking for an easy solution to share musics, videos and to be able to listen my music collections from everywhere but without having to use SAMBA, or FTP, just with a simple and very userfriendly tool. And I found Subsonic among others. But why did I choose Subsonic and not another one ? They are plenty of online jukebox solution (IceCast, Subsonic, Gnump3d, Ampache, Jinzora, etc...) But as I wanted a complete solution under GPL, with a nice and powerful interface, I finally restricted the number of available softwares to 3: Ampache, Jinzora and Subsonic. And after testing the demo of Ampache (here), Subsonic (here) and seeing several screenshots of Jinzora, I finally did not wanted Jinzora as I've heard that this one was using quite a lot of CPU and was very slow when browsing large collections.... Then between Ampache (In PHP) and Subsonic (Java...), the choice was difficult, but I have decided to go for Subsonic, even if Ampache is in my opinion, the most powerful of these 3 (A lot of specific features, fast, etc...) but the interface is not really clear, may be too many features, and not as user friendly as Subsonic. As I don't need very specific features, but I just want to be able to listen my collections in the clearest manner, Subsonic sounds perfect for me. So let's see how to install it. Installation: To be able to install Subsonic, you need to install Java if you don't have it already. To do so, simply run: sudo apt-get install openjdk-6-jre

Notice that, to be able to use their great transcoding feature (To convert music on-the-fly), you need to install a couple of package: sudo apt-get install lame flac faad vorbis-tools ffmpeg

page 1 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

And then download their .deb package here. In my case, on my server, to download the current latest version (4.0.1), I have to run: wget http://prdownloads.sourceforge.net/subsonic/subsonic-4.0.1.deb

And to install it: sudo dpkg -i subsonic-4.0.1.deb

The service will automatically start. After the installation, simply open the Subsonic web page on http://yourIP:4040 In my case, www.freelydifferent.com:4040 So don't forget to open the port 4040. You can also modify the port number, Java memory settings or other startup parameters into the file /etc/default/subsonic. I let you discover this tool by your own. You will see it's very easy to use it. PS: You can change the theme as you wish, if you don't like the default one.

page 2 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Your ideas are more than welcome 2010-05-27 17:20:29 Dear readers, I didn't expect that much traffic on my website, (50 to 100 unique visitors per day), but here we are, so first, I'd like to think you for reading and commenting my articles, and also those who sent me some emails to thanks me. Now I would love to gather some of you ideas of which interesting services to provide or to test on my server and then write a tutorial. So please feel free to comment this article and give me your ideas. Just for letting you know, I am currently working on different tutorials during my spare time (And I don't have that much, recently). I'm currently trying: - Funambol (A mobile cloud sync software, useful to sync your contacts, schedules, etc...on your mobile phone and also computer) - A Jukebox software as Ampache, Jinzora, Subsonic (I haven't decided yet which one to go for...) I guess, It would be nice to write a "how to" on my blog about SAMBA (Even if I don't use it, I should try to test and write a tuto) May be some of you can be interested in a dhcp server too (Never try) Anyway, if you would like to see something here, tell me. EDIT: I've realized that I didn't talk about how to backup your system ! (I'll put it on my To do list as an important task)

page 3 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Images Hosting - Sharing pictures as with ImageShack - Chevereto tutorial 2010-05-14 17:18:51 Chevereto is a free script, written in php, that lets you set up your own image hosting on your web server. It is your hosting and your rules, say goodbye to the closures and restrictions. (chevereto.com) I'm sure you have already used some Image hosting website to share a picture with friends, to post an image on a forum, and so on. Some websites are quite good, but some others ask you to register and quite often your picture is a bit lost around all the ads. You got a server ? (Or want to ?) why not hosting yourself such service and be free. I was looking not for a gallery, but for something very similar to imageshack, tinypic, imagehosting, etc... in a word: SIMPLE. Simple to implement but especially easy for the user to upload a pic. (No need to register, few click to upload a pic, etc...) And then I've tried Chevereto which was perfect for that ! So, let's see how to install Chevereto I assume you have already a server running with Apache. (If not, check my others tutorials) Requirements: What you need first, is to install CURL and GD if you don't have them already. sudo apt-get install php5-curl php5-gd

Download: As this project is quite new, I recommend you to download the latest version available (Currently, it is the version 1.9) To get the link, visit this page. So, you need to download the archive, extract it and upload the content of the folder "Upload" it into your server. As I'm using SSH, I will do all these in command line (As every article here) Create a folder in /var/www/ to receive the files. Let's call it "pix" sudo mkdir /var/www/pix

then download the archive v1.9 (Take the latest): cd /var/www/pix wget http://code.google.com/p/chevereto/downloads/detail?name=chevereto_nb1.9.zip

Extract the archive: As I like 7z, I will do it with this software 7z x chevereto_nb1.9.zip

page 4 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Delete the unnecessary files and move the content of the folder Upload to the root of your pix folder. When you have read the license, and the others files, run: rm -R chevereto_nb1.9.zip Docs/ Firefox_ex/ Please\ Donate\!.url Sources/ license.txt license_agreement.txt third_party.txt mv Upload/* . rm -R Upload

May be you have runned some commands with sudo and now the user "www-data" (In my case) do not owned the pix folder, To resolve that, run: sudo chown -R www-data:www-data pix/

You will also need to add write permissions to the folders "up", "images" and "thumbs". To do so, simply run: sudo chmod 777 -R up images thumbs

And now, Chevereto is correctly installed. Virtualhost: In my case, I want to use Chevereto as a subdomain (http://pix.freelydifferent.com/) So, I need, first, to create a redirection of this subdomain to my IP via my registrar. And then I will create another virtualhost for this service. I suggest you to use a virtualhost you have already created, or if you don't have any, use the default one. Anyway here is mine:

ServerAdmin [email protected] ServerName pix.freelydifferent.com ### YOUR URL ServerAlias pix.freelydifferent.com ### YOUR URL DocumentRoot /var/www/pix

###YOUR EMAIL

### Your folder

Options FollowSymLinks AllowOverride FileInfo ### Your folder Options Indexes FollowSymLinks MultiViews AllowOverride FileInfo Order allow,deny allow from all ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog /var/log/apache2/error.log

page 5 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

# Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128

As I told you, it is easier to modify an existing virtualhost. (It is what I did with my virtualhost called "gallery") cd /etc/apache2/sites-available/ sudo nano gallery

I've modified the ServerName, ServerAlias, DocumentRoot and Directory fields. Don't forget to save it under a different name (In my case, I called it "pix") Now, you need to activate your virtualhost, pix. Simply run: sudo a2ensite pix

And finally, reload apache: sudo /etc/init.d/apache2 reload

You should now be able to see and upload pictures with Chevereto. Frequently Encountered Problem: I've seen and encountered some problems, here are they: - You don't see any pictures, logo and buttons on your Chevereto page. This occur when Chevereto do not have the proper permissions. Check who own your Chevereto folder. Running sudo chown -R www-data:www-data: pix/

did the trick in my case. If this doesn't work, you can also change the permissions of the folder /var/www/pix (pix in my case) by running: sudo chmod 775 -R pix/ sudo chmod 777 -R pix/up pix/images pix/thumbs

page 6 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

- When you upload a picture, you don't see any thumbnail and you cannot access to the pictures. If you want to, you get the following error: Internal Server Error

I had the same problem, it was due to the .htaccess located in images/ and thumbs/. I've deleted them and the problem went away. But, now, people can have access to all your hosted pictures in yourcheveretowebsite/images... What I did, is to create a file called index.php and to add a redirection to the main page in this file. Hence people won't be able to go there and better, they will be redirected to the main page. So, create the file index.php in images/ and thumbs/. Then you can paste something like that: where http://pix.freelydifferent.com is your main page. I hope this tutorial helped you to install this great tool !! Do not hesitate to post comment.

page 7 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Promote free & legal music - Under Creative Commons licenses 2010-04-28 20:11:25 I've decided recently to promote free & legal music. Indeed, after having listened a lot of free music from the so famous Jamendo platform and the really nice webradio: OxyRadio (Webradio available in OGG or MP3), I feel like there are a lot of great artists who deserve not less than the best. I even prefer some artists I've heard on the webradio than some common artists on normal radio. So what is it and how does it works ? By free music, we often mean, under Creative Commons Licences "Creative Commons is a nonprofit corporation dedicated to making it easier for people to share and build upon the work of others, consistent with the rules of copyright. We provide free licenses and other legal tools to mark creative work with the freedom the creator wants it to carry, so others can share, remix, use commercially, or any combination thereof." (http://creativecommons.org/about) Artists are free to distribute their music for free and freely (Think Free bear and Free speech) Why would they do that ? (It is radically different than the music distributed by the majors as Warner and co) By publishing a song under CC (Creative Commons) license, roughly, we are free to listen and share the song as long as it is not for a commercial use. Thus, we, the community, are able to spread for free these songs as long as we respect the license, hence, do the promotion for free of these artists. It is actually a win/win partnership...We got free songs, they got "free fans" ! But is it sustainable ? It is not because it's free that the artist doesn't receive any income for their jobs/hobbies/work/joy. Unlike any "Major" (Warner, Universal, Sony Music and EMI Group) which remunerate artists 1$ for a retail album CD (Estimation based on the David McCandless' study), and the remaining goes for the "Major" (Marketing, production, and indeed, comfortable premium). But obviously, 1$ multiplied by 1.000.000 albums, well, I guess it's quite enough for an artist. But it is not so common to sell this amount of album. They, actually, earn far more with their concerts ! Artists who decide to publish their songs under CC licenses, apart having less constrain thanks to the license (and the fact of non having any pressure from the Majors), can get an income from the user's donations and by selling commercial license. Usually, donation represents the highest part of their revenues. Indeed, when something is free and you enjoy it, you don't really mind to make a donation to thanks its creator. It is my case, at least. I didn't buy that much Retail CD (Non free) from any shop, but I've done several donations to thanks artists I liked when it was possible for me to do so. I've even know some artists earning far more by publishing their songs under CC license than previously with their contract with a famous major. It is then sustainable and a good alternative. Infact, you can find a lot of different kind of music. and some of them are really really good. So I truly suggest you to have a try by listening Oxyradio (Nice webradio) or directly by the Jamendo platform. (Starting by the TOP100 should give you a nice overview) Or you can also download the OGG compilation I've made ! It is actually a torrent file: Click here to download the torrent Have fun with it !

page 8 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Don't hesitate to contact me or post comments. I thank and give all credits to the artists I've picked up. I also thank the website "Freetorrent" for their nice free tracker.

page 9 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Munin - How to easily display meaningful graphs 2010-04-12 19:44:04 In my previous article we saw how to install and monitor your server through graphs. But you may have notice that there are a lot of graphs and you don't need to check some of them if you don't have any problem with your server. So, the aim of this article is to select some of the useful graphs and to add them to a new webpage. Which graphs: Here is what I have selected and why: First of all, I've selected only daily and weekly graph. I know that sometimes you can detect a problem only by checking a large period of time to see the trend, but as I wanted to do a single page with the most useful graphs to look at everyday or so, I don't need to display monthly or yearly graphs. Anyway, I will be still able to check them if I need to. So let's have a look of what I have: - CPU Usage: Quite obvious if you don't want to have a server to slow. - Memory Usage: Important to check if you have enough free ram (= Unused + Cache + Buffers) otherwise you will start to swap and them your server will be very slow. - Disk Usage: To check if you have still enough space on your server - IO Stat: This graph is useful to know whether your disk is over used or can still handle a bit more traffic ;) - Load Average, the lower, the better. The load average is calculated as an exponential moving average of the number of processes that are running or runnable. A common rule is that this load number shouldn't exceed to much the cores number of your machine. In my case, on my dual core, if I got a load average of 2, this means that on average, there is always a process in the running or runnable state. Hence, my CPU is being utilized 100% of the time. If I try to run another process, it will have to wait in the run queue before being executed. But the load average doesn't take into account only the % of CPU used. It also takes different parameters. So as long as my load average doesn't exceed 2 - 2.5, I'm fine with it. - MySQL Queries: Important to monitor your mysql tables ! - Eth0 traffic: This is, for me, the most important/viewed graph as I don't have a symmetric connection or optic fiber, my server can be stuck if my connection cannot handle the load of ... you, avid readers ;) Hence, these 6 graphs x2 (Daily/weekly) is enough for myself to monitor my server. Now, let's see how to display them. Create a html page to display your selected graphs: If you don't want to display all the munin graphs and want to sort your selected graphs, the easiest way to do it is to write a html page with your graphs in it. How to do it: Simply create a text file with the extension: ".html" (In my case, it is called "Server_status.html") Then copy the links of your graphs that you want to select (With Firefox, you can right click on the graph and select "Copy Image Location" by example) And in your html file, paste your links and add the code

before your URL and "/>

after.

page 10 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

In my case, here is my Server_status.html file:

Once you have done that, simply upload this file on your server, wherever you want this page be accessible. (In my case, I've simply uploaded my file in /var/www/freelydifferent/. Hence my page is accessible through www.freelydifferent.com/Server_status.html) If you are using SSH, you may not know how to upload (Or download a file). You can easily use the command "scp" Here is how it works: scp -P 2222 /Where/It/Is/Server_status.html [email protected]:/Where/I/Want

"- P" for selecting the port (If you have changed it. Default is 22) then indicate where is the file you want to upload (/Where/It/Is/Server_status.html ) "[email protected]:", to connect to your server, indicate your SSH user and the IP of your machine. /Where/I/Want, in which folder of your server you want to upload the file. So, in my case, I do: scp -P 2222 /home/morgan/Desktop/Server_status.html [email protected]:/var/www/freelydifferent/

If your user doesn't have the permission to write into /var/www/yourfolder, you can by example upload your file in the home folder of your user, then log on your machine and move the file with sudo. And if you want to download a file from your server to your computer, the command is quite similar: scp -P 2222 [email protected]:/Where/It_is/on_the_server /Where/I/want/on_my_computer

And that should do the trick ! I hope this will be helpful for you ! PS: You will be able to find more great graphs on the MuninExchange website

page 11 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Monitoring your server through grahps - Munin 2010-04-09 19:52:59 "Munin is a networked resource monitoring tool that can help analyze resource trends and "what just happened to kill our performance?" problems. It is designed to be very plug and play. A default installation provides a lot of graphs with almost no work."(munin-monitoring.org) I was looking for a way to easily monitor my server. The command "top" is nice to see your RAM and CPU used, but not very beautiful and without any past data. Obviously there are others several commands to display useful information, but I prefer to see graph instead. After trying Cacti, which is not simple to use, I finally found Munin. Easy to install, widely used, and with a lot of default graphs. You can have directly a look of which kind of graph Munin provides by displaying the "Server status" of my machine (Top menu). Pretty useful not ? And as I told you the installation is really easy: sudo apt-get install munin

And voilà... You don't need to modify the Munin conf file if you have installed munin on the same machine that you want to monitor. (My case as I have only one server to monitor) By default, the graphs are refreshed every 5mn, if you want to decrease or increase this length, you can modify the munin cron entry by modifying the file /etc/cron.d/munin All the default munin graph will be displayed at www.yourdomainorIP.com/munin I will soon make a new article on how to add graph and simply display your wanted graphs. PS: It is now done.

page 12 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Easy tutorial to host a forum - MyBB 2010-04-09 13:14:33 MyBB, also known as MyBBoard or MyBulletinBoard, is a powerful, efficient, and free forum package, developed using PHP and MySQL. MyBB has been designed with both the end user (you and your subscribers) and the people who staff your message board in mind. Full control over your discussion system is presented right at your fingertips, from the ability to have multiple themes to the ultimate customization of your forums using the template system and plugins. MyBB also presents a wide variety of useful features that make it unique. Most important of all, MyBB is completely free. (wiki.mybboard.net) As you can read, MyBB is a nice and easy to install, forum package written in php. This one has a lot of features and start to be widely used. But the first question that you may have is, why did I choose this one and not another one ? (BB-press, vanilla, smf, fluxBB, phpBB, and so on) - BBpress, (Demo) is a basic forum without a lot of features but very easy to install and to administrate. This one is usually coupled with Wordpress. They can share the same database for your registered users (from your blog to your forum). This one is nice for a really small forum. But this one doesn't seems to accept emoticons, attachments, post quoting, and others common useful features in a regular forum. - FluxBB (Demo). This one is quite a good forum package but without, again, useful option in my opinion (As mail notification, guest posting, backup database, attachments, ...). I think this one is nice for a small-mid forum if you don't think needing these missing features. - Vanilla (Demo). This one is quite similar ti FluxBB in my POV, but lighter to load and with a really different skin and way to administrate. Because I'm not very familiar to that, this forum is not my cup of tea. - Simple Machines Forum (Example). Well I use this one quite often as an admin of this actual example website and I have to admit it is a really good forum package. A lot of features, easy to admin. But this one is not 100% free (free as freedom, not free beer, ...as someone said) and is not under GPL Licence. Even if their licence is not so bad, as there are a lot of different php forums, I rather choose another one even if I think it is one of the best forum package. - Drupal forum (Demo). I like this one because you can add a lot of features by installing plugins. Then, your forum is quite flexible and can suit your need quite well. But I don't really like the way how to administrate it. And finally to suit my needs, I have to install a lot of plugins. So this one is a good one, but not the best one for my needs. - Vbulletin (Demo), is may be also one of the best forum package I've seen. Great features, easy to administrate, etc.. but with a proprietary licence and it will cost you around 200$... - phpBB (demo), I have really hesitated between phpBB and myBB, but finally, after trying deeper the demo mode and reading several users opinion, I've chosen myBB. But, phpBB is the most widely used forum kit, it has a lot of features, is free and most of all has a large community (then a good support). After their latest release which had corrected several security issues, there isn't that much negative points except that it is not as easy as myBB to instal plugins. But I prefer the way how to administrate myBB instead of phpBB. I found this one quite messy in the admin panel (Several times the same options but in different menus, etc...) and I have to admit, I like giving a chance to alternative software if it is still well supported. So, to conclude this part, I decided to use MyBB which is for me one of the best bulletin board. If I had to rank the 3 best forums, I will do as following: 1) MyBB

page 13 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

2) phpBB 3) SMF But, if I had 200$ to spent and not an issue with proprietary sotfwares, I would have chosen Vbulletin. And if I hadn't 200$ but not an issue with a non 100% free sotfwares (I mean free as freedom again), I would have gone with SMF instead of MyBB. But according to my needs and my free software preference, MyBB is definitely what I need and want ! So, as usual, let's see how to install it ! Installation: You shoud already have mysql and php installed on your computer. If you have followed some of my tutorial, you should have them already installed. In my case, I want to install the forum on the same parent folder than my website (Hence in /var/www/freelydifferent/) as I don't need and want an extra subdomain, then it will be even easier to do so. Hence, I will create a sub-folder called "forum" and download the kit in this sub-folder. To log on your server with your apache user (in my case webadmin) and to create the folder forum, run: sudo su webadmin mkdir /var/www/freelydifferent/forum

Replace freelydifferent/ by what ever you want. Download the latest zip version by running: cd /var/www/freelydifferent/forum wget http://www.mybboard.net/download/latest mv latest latest.zip

And then extract the archive with your favorite tool (7z is really easy to use) 7z x latest.zip

Remove the archive and unnecessary files: rm latest.zip rm -R Documentation/

and move the content from the folder "Upload" to the your folder's root: mv Upload/* . rm -R Upload/

MyBB requires certain files and directories to have different permissions in order for it to write to the files So you need to modify the permissions of some files/folders. sudo chmod -R 775 /var/www/freelydifferent/forum/*

page 14 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

then adjust the permission as given in the offical doc: sudo chmod 666 ./inc/config.default.php ./inc/settings.php ./inc/languages/english/* ./inc/languages/english/admin/* sudo chmod 777 ./cache/ ./cache/themes/ ./uploads/ ./uploads/avatars/ ./admin/backups/ ./inc/languages/ sudo chmod 775 ./inc/languages/english/admin/

Rename the file "config.default.php" into "config.php" mv ./inc/config.default.php ./inc/config.php

And pheww, no more command line for a while (Okay, I love it!) As you may know, myBB requires a MySQL base to work on, so I recommend you to create manually a new user with a specific database to improve the security of your server. As we did before, to create a new user with a specific database under phpmyadmin, here are the main steps: - Create a database - Then a user without any privileges - and finally add to your new user, "Database-specific privileges" on your newly created database Don't forget the name and password of your user and the name of its specific database, you will need it soon. Finally, to install the forum, simply go to www.yourwebsite.com/forum/install/ (In my case http://www.freelydifferent.com/forum/install/) And follow the steps. The installation script is quite easy to follow but I don't let you down ;) Here are my print screens: And as you can see during the last step, you need to delete the install folder: sudo rm -R /var/www/freelydifferent/forum/install

And tadam !! You can now access to your forum and discover all myBB's great features ! PS: I thank www.forum-software.org for their Bulletin Boards' demos.

page 15 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Easy Web Gallery - Piwigo 2010-03-30 18:28:43 "Piwigo is a photo gallery software for the web, built by an active community of users and developers. Extensions make Piwigo easily customizable. Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource." (piwigo.org) Piwigo is a really powerful tool to host your gallery (It's easy to upload and modify your pictures with their software, you can grant access for your family, friends, or any other user, etc...by category of user). And furthermore, the community around the project is very dynamic! It's one of the best gallery I found so far. Have look to their demo Let's see how to install this great tool Installation: You can directly create a new folder in your website, then, in this folder, download the installation script. With this method (Very easy), your gallery will be accessible with the URL: www.mywebsite.com/thefolder Or you can create a new virtual host as we did before, to create a new subdomain. In this case, the gallery will be accessible from www.myfolder.mywebsite.com As in my case, I prefer that the gallery will be accessible from www.gallery.freelydifferent.com So I will explain this method. First you have to redirect this subdomain in the interface of your domain provider to reach your IP. Then, you have to create a new folder in /var/www/ called "gallery" by example: sudo mkdir /var/www/gallery

And now create a new vhost as we did before. You can modify one of your existing vhost or the example file: cd /etc/apache2/sites-available/ sudo nano -w default

Mine will be something like:

ServerAdmin [email protected] ServerName gallery.freelydifferent.com ServerAlias gallery.freelydifferent.com DocumentRoot /var/www/gallery Options FollowSymLinks AllowOverride None

Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all

page 16 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

[…] ##At the end of the file I will also activate the bandwidth limit as explained before on my blog BandWidthModule On ForceBandWidthModule On BandWidth 192.168.0.0/24 0 ##Unlimited for people from your network Bandwidth all 50000 ## 50kb/s limit to every one else LargeFileLimit * 8000 80000 ## 80kb/s for file larger than 8mb

And save it as a different name, example: gallery Activate this new virtualhost: sudo a2ensite gallery

Reload apache: sudo /etc/init.d/apache2 reload

Now, because we have created this folder with the root user (sudo command), we need to give back the permission of this folder to our user webadmin. So, as we did before, run the command: sudo chown webadmin:www-data /var/www/gallery/

and add some permission to this folder: sudo chmod 775 /var/www/gallery

Now you can download the latest script in your /var/www/folder. To avoid permission problem, I recommend you to use the webadmin user for the followings commands. To change user, you can run: sudo su webadmin

Now go to your newly created folder and download the latest script: cd /var/www/gallery/ wget http://piwigo.org/download/dlcounter.php?code=netinstall

rename the file into piwigo-netinstall.php: mv dlcounter.php\?code\=netinstall piwigo-netinstall.php

page 17 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Now, you need to create a new database for piwigo. You can even create a new user with only some rights on the piwigo database, or use your previous user. I prefer to create a new user with some restricted permissions and user of only the DB piwigo, (as we did before). Briefly, you need, to create an user, without any rights, when create your Database, and finally add some rights to your user to this specific database. (The first four of the categories Data and Structure should be fine) Now to finally install PIWIGO, simply go to www.yourfolder.yourwebsite.com/piwigo-netinstall.php In my case, gallery.freelydifferent.com/piwigo-netinstall.php and follow the steps. (It will ask you your newly created user of your database and obviously the name of this database) And now you can enjoy this nice gallery and share a lot of pictures with your family, friends, or any users.

page 18 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Jabber - OpenFire 2010-03-27 13:47:57 Cross-platform, open source XMPP server written in Java, with web based administration. Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance. (www.igniterealtime.org) This article will be added to my Self-hosting tutorial as I think, have a Jabber server is one of the easiest and useful step to do. 2 years ago, I've self hosted my first Jabber service with Ejabberd. It was on my personal laptop. As you may know, you don't need a dedicated machine for that if you just need to self host your only jabber account. You can only use your personal computer as you will turn this one on when you want to use you Jabber account. But now, as I got my dedicated server@home, I will directly use this one though. So first question, why did I choose Openfire (Yes I did) and not Ejabberd ? or Prosody ? etc... In my view, Prosody is a very young project and not enough mature (But I know we have to use it and report everything to help it to get mature). And when I tried to install it, it wasn't so easy to configure the server. (EDIT: I love young project ! As soon as written this article, a team member of the Prosody project sent me an email to ask me how can they improve their software ! So, feel free to contact them too) Then why not Ejabberd ? I really like this one, very mature, a lot of features, lot of docs, and very light to run. But after using Openfire and its nice web administration panel...difficult to find an easier one... Even if Ejabberd get a web adminstration panel, you cannot do that much with it. But the power of Ejabberd lies in its config files. So I've decided to install OpenFire and to write a tutorial about that. But I have to say, OpenFire, based on Java, use quite a lot of memory. I'm sure I can configure some files to reduce the load, but don't know which one and how but anyway, I got plenty of RAM for now, so it's not really a problem. (My 2GB are far unused for now) So, lets see how to install and configure OpenFire Installation: As I told you, OpenFire is based on Java, so you need to install it Java is a proprietary software (So I recommend you to install the free one), but you can still install it on Ubuntu by running the command: sudo apt-get install sun-java6-bin

If you prefer using the Open-Source version (I do !), run: sudo apt-get install openjdk-6-jre

And now download the latest version: (Currently the 3.6.4, but a 3.6.5 should come soon): wget http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_3.6.4_all.de b

page 19 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

OpenFire do not recognize the OpenSource Java version, you need then to modify a bit the software. But if you have installed the proprietary one, to install OpenFire simply run: sudo dpkg -i openfire_3.6.4_all.deb

To modify the .deb to accept the package "openjdk-6-jre", here is what you need to do: Extract the .deb: sudo dpkg-deb --extract openfire_3.6.4_all.deb openfire_package

Then run: sudo dpkg-deb --control openfire_3.6.4_all.deb openfire_package/DEBIAN

Open the file "openfire_package/DEBIAN/control", and change the "Pre-Depends:" line to Pre-Depends: java-runtime-headless | sun-java5-jre | sun-java6-jre | openjdk-6-jre-headless sudo nano openfire_package/DEBIAN/control

and modify the line. Now, open the file "openfire_package/etc/init.d/openfire", and insert at line 15: t=/usr/lib/jvm/java-6-openjdk && test -d $t && JAVA_HOME=$t

(without this line, Openfire does not give you any error message: it just exits silently.) sudo nano openfire_package/etc/init.d/openfire

and add the line. And finally rebuild the package: sudo dpkg-deb --build openfire_package/ openfire_3.6.4_all_openjdk.deb

You can now install this new package: sudo dpkg -i openfire_3.6.4_all_openjdk.deb

(May be should I provide you directly the modified package ?) Configuration: You need to open some ports: - 9090 for the web administration panel - 9091 for the secure web administration panel (HTTPS)

page 20 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

- 5222 for the client - 5223 for the client (Old SSL Port) - 5269 for the server to server connection You might also need to open the port 7777 for the file transfer proxy and some others, but you will find the list into the web admin panel. And to configure your server, go to www.yourdomain:9090 or :9091 to use SSL (Better) and follow the steps. Afterward, restart OpenFire: sudo /etc/init.d/openfire restart

You should now be able to connect to your web administration panel: www.yourdomain:9091 with the login "admin" and your password, previously initialized during the Openfire setup. DNS redirection: You might not be able to connect right now to your Jabber server, and/or to get a working s2s (server to server) connection. In fact you need to create the SRV records: _xmpp-client._tcp.domain.com. 7200 IN _xmpp-server._tcp.domain.com. 7200 IN

SRV SRV

10 0 5222 xmpp.domain.com. 10 0 5269 xmpp.domain.com.

Replace domain.com by your domain name. In my case, my records are: _xmpp-client._tcp.freelydifferent.com. 7200 IN _xmpp-server._tcp.freelydifferent.com. 7200 IN

SRV SRV

10 0 5222 im.domain.com. 10 0 5269 im.domain.com.

You can set any target you want (ie, xmpp.domain.com or im.domain.com) but be sure to get an A record from your target to your IP. You might need to wait a couple of hours that your DNS spread. But after that you should have a nice working Jabber server ! The Web Administration Panel is quite clear, so I let you discover it. Enjoy ! Previous article: ProFTPd

|

Next article: Miscellaneous

page 21 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Deluge torrent - Daemon + WebUI 2010-03-24 19:50:43 Deluge is a full-featured BitTorrent client for Linux, OS X, Unix and Windows. It uses libtorrent in it's backend and features multiple user-interfaces including: GTK+, web and console. It has been designed using the client server model with a daemon process that handles all the bittorrent activity. The Deluge daemon is able to run on headless machines with the user-interfaces being able to connect remotely from any platform. Deluge features a rich plugin collection; in fact, most of Deluge's functionality is available in the form of plugins. Deluge was created with the intention of being lightweight and unobtrusive. It is our belief that downloading shouldn't be the primary task on your computer and therefore shouldn't monopolize system resources. (dev.deluge-torrent.org/wiki/About) I was looking for a nice torrent client to run on my Ubuntu Server. By nice, I mean, light, easy to install, easy to use and highly capable. I wanted to be able to manage my torrent client through a web interface but also by a remote control. So, I found 3 differents torrent clients, transmission, rtorrent and deluge. I already know rtorrent and this one is quite light, highly capable but not very pretty and not so easy to configure. About Transmission, I know this from one of my previous Ubuntu Desktop as Transmission is part of Ubuntu. But in fact, I don't really like this one, not so fast, ...and well..I don't really know..But when I was using this one, I didn't really appreciate it. However for a couple of years, I was using (And I'm still using) Deluge-torrent. But I didn't know it was possible to run deluge as a daemon (Without graphic interface) and especially that a web interface was available ! Great, my favorite torrent client can also run on my server and satisfy all my needs ! Well, Deluge torrent, I like you even better now ! Furthermore, the Web-UI in Ajax (Refresh continuously) is quite complete. Have a look: But why installing a torrent client on my server ? It is quite useful to share large files through torrent and to be helped to seed them, thanks to the P2P network. Even if it doesn't remain me a lot of upload bandwidth, I'm sure 10kb/s won't cause to much trouble on my server. And then, I will be able to share some of my projects (Modified Ubuntu ISOs, etc...) and help people/friends to share their projects too. So, let's see how to install and configure this torrent client. By the way, this installation will be perfect for a seedbox. Installation: To get the latest version, I suggest you to add the deluge repository into your sources.list ie: sudo nano -w /etc/apt/sources.list

and add the line: deb http://ppa.launchpad.net/deluge-team/ppa/ubuntu karmic main

or replace "karmic" by your version (Jaunty, etc...) Now add the key and update apt:

page 22 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

gpg --keyserver keyserver.ubuntu.com --recv C5E6A5ED249AD24C gpg --export --armor C5E6A5ED249AD24C | sudo apt-key add sudo apt-get update

You can now install deluged (daemon) and deluge-webui (the web panel) sudo apt-get install deluged deluge-webui

Configuration: Before configuring deluge, you need to create a new user dedicated to deluge (Hence, deluge will have its own configuration) Run: sudo adduser --disabled-password --system --home /var/lib/deluge --gecos "SamRo Deluge server" --group deluge sudo touch /var/log/deluged.log sudo touch /var/log/deluge-web.log sudo chown deluge:deluge /var/log/deluge*

then, you can create its configuration file: sudo nano -w /etc/default/deluge-daemon

and paste: # Configuration for /etc/init.d/deluge-daemon # The init.d script will only run if this variable non-empty. DELUGED_USER="deluge" # Should we run at startup? RUN_AT_STARTUP="YES"

And now, you need to create an init script to be able to start/stop the deluge daemon: sudo nano -w /etc/init.d/deluge-daemon

and paste: #!/bin/sh ### BEGIN INIT INFO # Provides: # Required-Start: # Required-Stop: # Should-Start: # Should-Stop: # Default-Start: # Default-Stop: # Short-Description: # Description:

deluge-daemon $local_fs $remote_fs $local_fs $remote_fs $network $network 2 3 4 5 0 1 6 Daemonized version of deluge and webui. Starts the deluge daemon with the user specified in

page 23 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

# ### END INIT INFO

/etc/default/deluge-daemon.

# Author: Adolfo R. Brandes # Modified: Sami Olmari PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DESC="Deluge Daemon" NAME1="deluged" NAME2="deluge-web" DAEMON1=/usr/bin/deluged DAEMON1_ARGS="-d -c /var/lib/deluge -l /var/log/deluged.log -L warning" DAEMON2=/usr/bin/deluge-web DAEMON2_ARGS="-p 9092 -c /var/lib/deluge -l /var/log/deluge-web.log -L warning" PIDFILE1=/var/run/$NAME1.pid PIDFILE2=/var/run/$NAME2.pid PKGNAME=deluge-daemon SCRIPTNAME=/etc/init.d/$PKGNAME # Exit if the package is not installed [ -x "$DAEMON1" -a -x "$DAEMON2" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$PKGNAME ] && . /etc/default/$PKGNAME # Load the VERBOSE setting and other rcS variables [ -f /etc/default/rcS ] && . /etc/default/rcS # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions if [ -z "$RUN_AT_STARTUP" -o "$RUN_AT_STARTUP" != "YES" ] then log_warning_msg "Not starting $PKGNAME, edit /etc/default/$PKGNAME to start it." exit 0 fi if [ -z "$DELUGED_USER" ] then log_warning_msg "Not starting $PKGNAME, DELUGED_USER not set in /etc/default/$PKGNAME." exit 0 fi # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --background --quiet --pidfile $PIDFILE1 --exec $DAEMON1

page 24 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

\ --chuid $DELUGED_USER --user $DELUGED_USER --test > /dev/null RETVAL1="$?" start-stop-daemon --start --background --quiet --pidfile $PIDFILE2 --exec $DAEMON2 \ --chuid $DELUGED_USER --user $DELUGED_USER --test > /dev/null RETVAL2="$?" [ "$RETVAL1" = "0" -a "$RETVAL2" = "0" ] || return 1 start-stop-daemon --start --background --quiet --pidfile $PIDFILE1 --make-pidfile --exec $DAEMON1 \ --chuid $DELUGED_USER --user $DELUGED_USER -- $DAEMON1_ARGS RETVAL1="$?" sleep 2 start-stop-daemon --start --background --quiet --pidfile $PIDFILE2 --make-pidfile --exec $DAEMON2 \ --chuid $DELUGED_USER --user $DELUGED_USER -- $DAEMON2_ARGS RETVAL2="$?" [ "$RETVAL1" = "0" -a "$RETVAL2" = "0" ] || return 2 } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user $DELUGED_USER --pidfile $PIDFILE2 RETVAL2="$?" start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user $DELUGED_USER --pidfile $PIDFILE1 RETVAL1="$?" [ "$RETVAL1" = "2" -o "$RETVAL2" = "2" ] && return 2 rm -f $PIDFILE1 $PIDFILE2 [ "$RETVAL1" = "0" -a "$RETVAL2" = "0" ] && return 0 || return 1 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME1" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop)

page 25 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME1" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME1" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac :

This script is a bit different compare to the original one. (Example: The port is different. It is not the 8112 anymore, but the 9092) Then, add the permission 755 to this script: sudo chmod 755 /etc/init.d/deluge-daemon

Set the script to be load at the boot time: sudo update-rc.d deluge-daemon defaults

And start it: sudo /etc/init.d/deluge-daemon start

After opening the port 9092 you should be able to connect to the delube WEB-UI by pointing : www.yourdomaine.com:9092

page 26 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

In my case: www.freelydifferent.com:9092 The default password is "deluge" don't forget to change it ASAP in the option of the interface.

Et voila. You now have a working torrent client on your server.

page 27 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

AjaXplorer - File Explorer 2010-03-23 21:17:51 AjaXplorer is an easy-to-install file explorer for remotely managing files on a web server. Its « rich client » layout and actions make it accessible to any end-user for a variety of purposes: file management/sharing, photo gallery, code browsing, etc. (www.ajaxplorer.info) As I was looking for a mean to share easily a large amount a photos, I first thought to set up a FTP server, with a TSL/SSL encryption, but I admit, I'm not a big fan of FTPS, I rather prefer SFTP (based on SSH). But both solutions required for the client to use a FTP software such as FileZilla by example. And I think, these softwares are not very easy to use, well, at least not very "user-friendly" for some people. (I basically think of my family members, who doesn't know anything about computer) It would have been much more easy for them to use a standard FTP through their Windows explorer. (As we can log into a FTP with the windows explorer). But as told previously, FTP is far unsecured and unfortunately, Windows doesn't support FTPS or SFTP... So, I was looking for a very easy solution for the user, and I found this, AjaXplorer, a Web file explorer. People just need to log and share file. To get an idea, I suggest you to have a look to their demo. Login: demo Pass: demo Here are the features: File Manipulation * Rename/Copy/Move/Delete/Download files or folders * Upload multiple files and track status with progress bar (Flash required and no https) * Create folders and empty files, edit permissions (chmod) * Edit Text files and code files (js, php, html, java, sql, perl), syntax is highlighted in the editor * View Images online, preview images in the list, diaporama of a given folder * Listen to MP3s online without downloading them * View Flash videos (FLV) online and full screen. * Browse and Extract ZIP files online * Generate a public download link, with optional password and expiration date Rich GUI * Select multiple files or folders (copy/move/delete action can be applied) * Drag’n'Drop selection to copy/move * List/Thumbnail Display * Keyboard Shortcuts: Ctrl + Up/Down Arrow = toggle selection, Tab = navigate between panels, Esc = close dialog windows Advanced Features * Bookmarks system * Search recursively in folders * Send URLs with file links to a friend for convenient sharing * Recycle Bin with restore action * User Preferences to set preferred language, display or password * Multiple Languages: English, French, Dutch, German, Italian and Spanish * Customizable GUI with header and footer templates Admin Features

page 28 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

* User Management system * Multiple Root Directory to define separate repositories and assign access rights for each user * Logging system

I'm very satisfied with it. So let's see how to install it. Prerequisites: Again, I prefer to use another sub-domain for this service. It will be: partage.freelydifferent.com Hence, I need to create this folder in /var/www, install AjaXplorer in it, configure a virtualhost and of course, create a "A" redirection of this URL to your IP. To create the folder, run: sudo mkdir /var/www/Partage

To change the owner (currently the root user as we used the command "sudo"), run: sudo chown webadmin:www-data /var/www/Partage/

Change "webadmin" by any user you want and www-data by any group you want. To avoid permission problems, I recommend you to log with the owner of this folder (in my case, webadmin): sudo su webadmin

Before downloading the AjaXplorer package, be sure to be in the correct folder, or you can run: cd /var/www/Partage/

Currently, the latest version is the 2.5.5. To download it, do: wget http://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/2.5.5/AjaXplorer-2.5.5.zi p/download

Or replace the http link by the version you want. Because it is a .zip file, I suggest you to install the package p7zip (Opensource) to be able to extract this and almost any archive. sudo apt-get install p7zip-full

And extract the content:

page 29 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

7z x AjaXplorer-2.5.5.zip

You may want to delete the archive (Not needed anymore) rm AjaXplorer-2.5.5.zip

As you can see, you have now a folder called AjaXplorer-2.5.5/ with everything in it. To move all these files into your folder, run: mv AjaXplorer-2.5.5/* .

And remove the unneeded folder: rm -R AjaXplorer-2.5.5/

You can now stop using webadmin: exit

Virtualhost configuration: As we did before: sudo nano -w /etc/apache2/sites-available/default

Modify it and save it under a different name. Or quicker, you can directly edit one you've previously created and simply modify a couple a words. As I suggest you to use SSL/TLS encryption, you should modify one of your SSL virtualhost file. In my case, I will modify my webmail-ssl sudo nano -w /etc/apache2/sites-available/webmail-ssl

It should be something similar to this one:

ServerName partage.freelydifferent.com ### your sub-domain Redirect / https://partage.freelydifferent.com ## the redirection, to use only https protocol

ServerAdmin [email protected] ServerName partage.freelydifferent.com ## your sub-domain ServerAlias partage.freelydifferent.com DocumentRoot /var/www/Partage

## your folder previously created

page 30 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Options FollowSymLinks AllowOverride None ## your folder previously created Options Indexes FollowSymLinks MultiViews AllowOverride None [etc...]

But save it under a different name ! And reload Apache sudo /etc/init.d/apache2 reload

Installation: You need to give AjaXplorer write permissions on Partage/files and Partage/server. To do so, simply run: sudo chmod -R 777 /var/www/Partage/files sudo chmod -R 777 /var/www/Partage/server

FYI, AjaXplorer's user-accounts are managed by AjaXplorer and not by the server. Hence, AjaXplorer user never can access other repositories than those set for them by AjaXplorer. And now, go to the URL: yoursubdomain.yourdomain.com/index.php In my case it was: partage.freelydifferent.com/index.php A test should be running. If you don't have any fatal errors, you can skip the test and start using this great tool. The first thing you need to do is to change the admin password of this panel. I let you discover this tool. You will see how easy is it to use and how many things you can do. (From managing a dynamic photo album’s pictures to using this explorer as a type of collaboration tool) Increase the maximum file size limit: It is quite likely that you get a file size limit with this tool. As may be you want to share large archive or any kind of file, you might want to increase this limit. As we did before with Roundcube configuration, you have to modify the php.ini file: sudo nano -w /etc/php5/apache2/php.ini

Modify the lines: - memory_limit = 128M to 700M for example - post_max_size = 20M to 500M by example - upload_max_filesize = 20M to 500M by example And finally, restart apache: sudo /etc/init.d/apache2 restart

page 31 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

You should now be able to upload larger file. For more information, check the official website

page 32 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Webmin - Web-based interface for system administration 2010-03-18 19:03:46 Webmin is a web-based system configuration tool for Unix-like systems. With it you can configure many operating system internals, such as users, disk quotas, services, configuration files etc., as well as modify and control many open source apps, such as the Apache HTTP Server, PHP, MySQL etc. Webmin is largely based on Perl, running as its own process and web server. It defaults to TCP port 10000 for communicating, and can be configured to use SSL (Wikipedia) Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely. (webmin.com) Today, someone was asking me, after following my self-hosting tutorial, some questions about webmin. I've often heard about this control panel, but I have never installed it, until today. I have to admit, it is very easy to use and there are a lot of great features and information ! As I guess this panel can be very useful to several people, let me tell you how to install it, in the easiest method I know. Installation: You can easily install webmin by apt (With the command apt-get install) To do so, you need first, to add the Debian's webmin repository to your Ubuntu sources.list: sudo nano -w /etc/apt/sources.list

and add at the end: deb http://download.webmin.com/download/repository sarge contrib

But to update the list of the available packages, you need to add the webmin repository GPG key to your system: wget http://www.webmin.com/jcameron-key.asc sudo apt-key add jcameron-key.asc

And now you can run: sudo apt-get update

and install webmin by running: sudo apt-get install webmin

This will install webmin with its dependencies and with the SSL module (No configuration needed, cool isn't it ?) After opening the port 10000 in your firewall, you should have access to the webmin panel by pointing to https://www.yourwebsite.tld:10000 Simply log in with your root user or any users who can use sudo.

page 33 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Got it! Go gack to the tutorial

page 34 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Self-hosting for dummies 2010-03-10 17:50:17 As I’ve decided to self-host all my needs, and I wasn’t able to find a clear global how to (From A to Z), I thought it would have been a good idea to write mine. You will here find every step I did. Obviously, you will have to adapt this ‘How to’ for your configuration. Feel free to comment everything. Basically, I’ve installed GNU/Linux, Openssh to have distant access to my server, Apache for my website, postfix + courrier-imap + procmail + spamassassin for my mail, Roundcube as my webmail. 1. Self-hosting, what is it and why ? 2. Requirements 3. Which OS ? 4. OpenSSH 5. Network configuration 6. Mail Server 7. Web server 8. SSL 9. phpMyAdmin 10. Webmail 11. Blog platform 12. FTP 13. Jabber Server 14. Miscellaneous You may also want to see some others tutorials I wrote: - MyBB, a nice bulletin board. - Webmin, to easily administrate your server - Piwigo, powerful photo gallery software to share all your pictures - Deluge Torrent, BitTorrent client with great features (Can run as a deamon, easy to connect remotely from any platform, web interface (WebUI) and a lot of plugins) - AjaXplorer, file explorer with a nice Ajax interface. Perfect to share easily big files. - Munin - Part1, or how to monitor your server. - Munin - Part2, how to display your graphs. - Images Hosting - To share pictures on a forum, website, or with friends

page 35 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Self hosting - Introduction 2010-03-10 17:49:34 Self hosting is the act of hosting some services on your own computer. In such a case, you have the entire control of these services. As you may know, Internet is a network of networks in which every client is also a server or can be one. There is not an unique node but a network of nodes all connected to each others. Internet and OpenSource/Free software movement have a lot in common actually. First, each one was born around the same period (At the end of the 70's), several persons were working at the same time, in the development of Internet and of the free software. Both had a similar growth during this period and were working in the same manner (Collaboratively). Even now, both are very linked. No free software without Internet and no Internet without free software (No Internet without BIND, IP routing protocol, free and open) But most of all, Internet represents freedom/liberty. Unfortunately not for every one. Indeed, the 12 'Enemies of the Internet' - Burma, China, Cuba, Egypt, Iran, North Korea, Saudi Arabia, Syria, Tunisia, Turkmenistan, Uzbekistan and Vietnam - have all transformed their Internet into an Intranet in order to prevent their population from accessing ‘undesirable’ online information, Reporters Without Borders said. In these authoritarian countries, Internet is strongly restricted and it doesn't offer anymore a unique space for discussion and information-sharing Unfortunately, these restrictions are also coming in several developed countries (As Australia, but also in France). Besides this trample of our freedom rights, we also assist to a manipulation of our Internet, how it has been designed. Indeed, the nodes number is getter lower and lower, a lot of machines are not servers anymore and are used only as a client. (ie, we are getting closer to a star network with central computers) To buttress this, let me give you some example: - Email: [email protected] means the user morgan on the machine hotmail.com... which is not my machine actually but a wide network of Microsoft machines (or any other provider)...which are also the machines used by millions users. Why my private mail, my truly private life would be on someone else computer but mine ? whom, by the way, read/scan my e-mails to "provide" me, targeted advertising and earn money on that....and in which I don't have any control and guarantee about the content. - Video: Same thing, why the baptism video of my son is on Youtube and not into my own computer ? without any control on it (If Youtube decide to stop broadcasting my video or to remove it..what can I do ? Nothing...; If I want to delete my video, what guarantee me that the video has really been deleted on their servers ?...Nothing except its word...). And I don't talk about the targeted advertising here again. - Search engine: Google is the Most Popular Search Engine in the World with more than 60% of world wide search (According to comScore and even a bigger % in some countries). But it is not the 8000 computers of Google which own the knowledge of the Humanity, on the contrary, it is the contents created around. Another point, regarding the heart of Internet, the "pipes". Before, there were hundreds of ISP, now you can count them on the fingers on one hand. To ensure leaders positions, biggest ISPs have often thrown "a monkey wrench into the machine" of the others small ISPs. By, per example, blocking the interconnection, requiring a high price for that, etc...And now, we assist of the Net neutrality debate. And we can even imagine that happen:

And now, the government also try to limit the access of the Web by Internet filtering...

page 36 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Hence, self hosting your services will not only, guarantee you the entire control of your mail, websites, blogs, photos, videos and provide you a valuable knowledge and independance, but also take a large step into more Freedom on the Web, defend the Internet Neutrality and promote Free software, and OpenSource. Because of all these reasons and also because I believe that Internet is the only place where we are all equal, I've decided to self-host myself and to write all these articles in the clearest manner I was able to do. Feel free to comment every articles, and to share my blog and my articles to everyone (As knowledge grows when shared !) Previous article: Tutorial - Main page

|

Next article: Requirements

page 37 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Requirements 2010-03-10 17:48:44 All requirements depend of your needs, but in this part I will give general requirements and what I did. Hardware requirements: According to your needs, you can choose to use your own personal computer as a server or to buy a new one. Surprisingly, a server doesn’t need to be very powerful. You can minimally host your website, mail, and some others services with an old computer as the following: 100Mhz Pentium or higher 32MB RAM 2GB Hard Drive You just need a fast Internet connection, especially the upload part. In my case, I build a new computer based on an ITX motherboard. Here is my hardware: - Thermaltake Element Q - MB Intel DG41MJ – ITX, socket 775 - Processor Intel E5300 2.5Ghz - 2GB DDR2 RAM - 250GB 2.5 7200tr/m Hard Drive I paid something close to 250€. Obviously this computer is far more powerful than a 100Mhz Pentium, but as I’m not using it only as a server, that is why I bought this one. (But who can do more can do less) An ITX configuration is quite expensive for what is it in term of performance, but so much more convenient. Small and not very heavy but also beautiful and not very noisy. But if you don’t wish to buy a new computer, you can also directly use your own computer or use a virtual machine. Internet Connection: You need a reliable Internet connection to host your services. Even if a slow connection as a dialup (56k) is sometimes enough (Basically for an instant messaging service), but it is not sufficient for a website, mail, or others. The faster the connection, the better the quality and quantity :p . In my case, I have ADSL 2+ connection (22 MB in download and 1MB in upload) which I think is quite good for hosting all the services I want/need. The most obvious way to self-host is to obtain a static IP address from your ISP, buy a domain name and map the domain name to the static IP. But if you don’t have access to a static IP you can still use a free Dynamic DNS as DynDNS Thanks to my provider (Free.fr), I have a static IP. (Should be easier) Domain Name: You can connect to your website or others services by your IP address, but we have to admit that it is not convenient at all. So, I suggest you to buy a domain name, or to use a free one. I’ve recently bought this domain name on netissime website (for a couple of bucks) and I’ve just mapped my domain name to my static IP. (I’ve also created some sub-domains and redirected them) DNS Setup: As I’ve mentioned, you will have to setup your DNS records to redirect your domain name to your IP. This is not complicated to do, but it’s crucial. According to your needs, you will have to add different DNS records. In my case, for the mail service, I have to add a MX record, pointing to my IP or a sub-domain. For the website, I’ve used a A record, pointing to my IP. For any sub-domain, you have to add a A record as well to your IP. Here is the screen of my settings:

page 38 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Firewall: A firewall helps to keep your computer more secure. It restricts information that comes to your computer from other computers, giving you more control over the data on your computer and providing a line of defense against people or programs that try to connect to your computer without invitation. I hope you have a firewall with your connection, if not, don’t forget to install a software firewall on your computer. Finally, you will have to open some ports on your firewall to be able to establish a connection to your server. I will try to point which port to open as often as possible. Previous article: Introduction

|

Next article: The Operating System

page 39 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

The choice of the Operating System 2010-03-10 17:47:49 Being self-hosted, require a stable machine as it will run (or should) 24/7. So I recommend you to use a GNU/Linux operating system. There are a lot of different distributions, each has his advantages and disadvantages. For example, my personal computer is running Gentoo 64. But Gentoo is not really easy to administrate. Basically, the most famous distributions for a server are Debian and also Ubuntu (Based on Debian). I will not compare these two but roughly, Debian is more stable than Ubuntu, you can customize your system a bit more but is harder to use. As the aim of this how to, is to run a server as easy as possible, I recommend you to take Ubuntu Server (64b if your proc is a 64b) if you are a beginner.

Just install it with the command line install. If you need, I might be able to write a specific tutorial. Just let me know Obviously you don’t need any Graphical User Interface on your server, Hence, your system will, most of all, consume less RAM. At the end of the installation, you should have a system using approximately 100MB of RAM with this Linux version. So let’s start to configure our server. Previous article: Requirements

|

Next article: SSH

page 40 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

OpenSSH – Secure Shell 2010-03-10 17:46:26 “Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices.” (Wikipedia) This allow you to control your computer from another computer. It’s very useful as it give you full access to your machine. (And finally you don’t need any other keyboard :) ) Installation: Type the following command to install OpenSSH: sudo apt-get install openssh-server

Utilisation: From a windows computer you can use the software “Putty”. You just need to enter the local IP of your server. As I don’t have Windows, I will just explain how to use SSH from a GNU/Linux machine. Type a command similar to this one: ssh -p 22 [email protected]

Replace admin by the user you have created during the OS’ installation, and 192.168.0.IP by the IP of your machine. If you don’t know the IP of your server, type the following command on your server to get your IP. It should be something like 192.168.x.x: sudo ifconfig

It will ask you your user’s password. Type it. (No character will be shown) And now you shoud be connected ! Security settings: SSH is known to be secure, but I recommend you to modify some parameters to lock down your server and make SSH more secure. 1) Create and use DSA key instead of simple password To improve your security, the main step is to use encryption keys + password. - On the client, (not the server), create a couple of DSA key. (Public and private) As your regular user, type: ssh-keygen -t dsa

Enter file in which to save the key Just press Enter. Choose a strong password, with letters+numbers+Maj or/and specific characters. Be sure to choose something difficult. - Now that your couple of key has been created, you have to add your id_dsa.pub into the accepted key of your

page 41 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

server. On the client, type ssh-copy-id -i /home/YOURUSER/.ssh/id_dsa.pub [email protected]

With this command, the ssh-copy-id script will automatically load your key in the authorized_keys file of your server. 2) Use only this authentication and change some value to improve the security So you have to modify the file sshd_config located in etc/ssh/ of your server. You can do it directly from the server, or through the SSH. Type: sudo nano -w /etc/ssh/sshd_config

- The first modification will be to modify the port number. Indeed, most cracking attacks come from automated scripts that scan the net for ssh daemons and attempt to break in, usually on the default port, ie 22. Hence, modify the line: Port 22 by Port 2222 by example. Changing the port can be useless for a cracker, but it works for several scripts, bots, etc… So you have to open in your firewall the port 2222 ! - Now find the line PermitRootLogin Yes and replace change it by PermitRootLogin No This will disable root login, ie it will block the user “root” to log in (Not very necessary on Ubuntu as there is no Root user if I remember) This doesn’t prevent anyone from breaking into your normal user account, but it secure a bit more the root user. - Uncomment the line #PasswordAuthentication No And be sure to have ChallengeResponseAuthentication no Now save your file (By pressing CTRL+X, then Y for yes, and press Enter to save it) You can also deny users or allow users on this file, but I didn’t use these options.

page 42 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

And there are also different others solutions to improve the SSH security (as the Port Knocking, fail2ban and others complementary security) You can now restart your SSH server: sudo /etc/init.d/ssh restart

And try now to establish a connection: ssh -p 2222 [email protected]

Don’t forget to replace 2222 by your new port number. It should ask you your pass-phrase. When all of this is done, you will now be protected by a DSA key and a hopefully a difficult password. It will never be perfect, but it is still far more secure. You can now continue to set up you server through SSH connection ! Previous article: The Operating System

|

Next article: Network configuration

page 43 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Networks configuration & System Clock synchronisation 2010-03-10 17:45:15 Configure your network: Because the Ubuntu installer has configured your system to get its network settings via DHCP, it is better to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs sudo nano -w /etc/network/interfaces

Mine is something similar to that : # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 #eth0 is my network interface. See sudo ifconfig for your. iface eth0 inet static address 192.168.0.10 #Here is my static IP netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1

Save it (CTRL+X) and restart your network: sudo /etc/init.d/networking restart

Now edit /etc/hosts sudo nano -w /etc/hosts

And it should be something similar to that: 127.0.0.1 localhost.localdomain localhost 192.168.0.10 server.freelydifferent.com server # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts

Then run : echo

server.freelydifferent.com > /etc/hostname

page 44 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

You will now, need to reboot your server: sudo reboot

Modify your sources.list: To download and install required softwares you need to complete your source.list file by adding Universe and Multiverse repositories. So, run: sudo nano -w /etc/apt/sources.list

to modify your source.list if you don’t know what to add, I suggest you to generate automatically your sources.list with the website: repogen.simplylinux.ch Then you can copy paste this new one. Finally, update apt-get by doing: sudo apt-get update

Synchronize the System Clock: To always have your system “on time”, it is a good idea to synchronize the system clock with an NTP (Network Time Protocol) server over the Internet. Run: sudo apt-get install ntp ntpdate

Now your system has grown enough to be a server. Previous article: SSH

|

Next article: Mail Server

page 45 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Setting up your mail server 2010-03-10 17:44:32 There are different possible configuration to run a mail server. This article will explain how to set up a mail service with postfix + courier-imap + procmail + clamav (Antivirus) + spamassassin (Anti-SPAM) and trashscan Installation: Run the following command: sudo apt-get install courier-imap postfix procmail clamav spamassassin

It will ask you whether you want to create directories for web-based administration or not. You can choose yes.

Then, for postfix, Select the internet Site type of configuration And then type your mail name In my case, I called it was "mail.freelydifferent.com" Don't forget to create a MX redirection into your admin panel of your domain name provider. Now download trashscan: This little script allows you to scan incoming email attaches for suspicious virus code. By example if you want the v0.12 (Currently the latest), run: wget http://schlayer.org/trashscan-0.12.tar.gz

Extract the archive: tar -zxvf trashscan-.tar.gz

You can configure a bit this software by changing the "Settinx section" in the header of trashscan to hit your needs. sudo nano -w trashscan-0.12/trashscan

(But I didn't change anything) And now, copy trashscan to /usr/local/bin sudo cp trashscan-0.12/trashscan /usr/local/bin

Configuration: The main configuration file for your mail server is the /etc/postfix/main.cf Modify /etc/postfix/main.cf: sudo nano -w /etc/postfix/main.cf

page 46 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Here is mine: append_dot_mydomain = no biff = no command_directory = /usr/sbin daemon_directory = /usr/lib/postfix program_directory = /usr/lib/postfix queue_directory = /var/spool/postfix myhostname = mail.freelydifferent.com mydomain = freelydifferent.com masquerade_domains = freelydifferent.com mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost inet_interfaces = all mynetworks = 192.168.0.0/24, 127.0.0.0/8 myorigin = $mydomain relayhost = smtp.free.fr home_mailbox = Maildir/ mailbox_command = /usr/bin/procmail -Y -a $DOMAIN alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases setgid_group = postdrop mail_owner = postfix mailbox_size_limit = 0 message_size_limit = 20480000 mail_spool_directory = /var/spool/mail smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) delay_warning_time = 4h recipient_delimiter = +

myhostname is the hostname of your server. mydomain is the domain name of your server. mynetworks is your network address, not the IP of your server. (Example: If the IP of your server is 192.168.0.100, then you have to specify 192.168.0.0. If your server got the IP 192.168.1.10, it will be 192.168.1.0. Clear ?) relayhost, if you don't specify the relayhost of your ISP, you might have difficulties to send email to Microsoft services (Such as htomail.com), as Microsoft doesn't work with a blacklist but a whitelist. Usually, your relayhost is: smtp.yourISP.something. home_mailbox with courier-imap is Maildir/ mailbox_size_limit = 0 means no limit for the size of your mailbox. message_size_limit = 20480000 fix the message size limit at 20mb. When you're done, save your file and restart postfix: sudo /etc/init.d/postfix restart

Mail address management: To create a mail address, you just need to create a new user on your system, but you will have to create a mail directory for every mail account you will create, and for the SPAM configuration file as well. So I prefer add the required file in /etc/skel and then when I will create a new user for an email account, every file

page 47 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

will be automatically created and with the right permissions. I recommend you to do the same as it is very easy to do so. Simply create the mail directory in /etc/skel with the commands: cd /etc/skel sudo maildirmake Maildir

then create the file /etc/skel/.procmailrc sudo nano -w /etc/skel/.procmailrc

And paste: SHELL=/bin/bash MAILDIR=$HOME/Maildir/ DEFAULT=$MAILDIR ORGMAIL=$MAILDIR LOCKFILE=$HOME/lockfile.lock ASSASSINLOCK=$HOME/assassin.lock DEFAULT=$HOME/Maildir/ JUNKMAIL=$HOME/Maildir/.junkmail/ TRASH=$HOME/Maildir/.Trash NEWBIE=$HOME/Maildir/.LinuxNewbie/ EXPERT=$HOME/Maildir/.LinuxExpert/ VIRUS=$HOME/Maildir/.virus/ BITBUCKET=/dev/null LOGFILE=/var/log/procmailrc.log VERBOSE=yes LOGABSTRACT=all # Email filter : # With spamassassin :0 * ^To:.*[email protected] * { :0c: spamassassin.spamlock | sa-learn --spam :0 $JUNKMAIL } #Double check :0 * ^To:.*[email protected] * { :0c: spamassassin.hamlock | sa-learn --ham

page 48 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

:0 $TRASH } #Execute Transhscan with the antivirus Clamav :0 * multipart * !^X-Virus-Scan: | /usr/local/bin/trashscan #Suspicious label :0 * ^X-Virus-Scan: Suspicious $VIRUS #News filter :0 : * ^Sender: newbie-owner $NEWBIE :0 : * ^Sender: expert-owner $EXPERT #SPAM redirection :0 * ^From: Sms Message $BITBUCKET #Execute SpamAssassin daemon :0 fw : $ASSASSINLOCK | spamc :0 * ^X-Spam-Flag: YES $JUNKMAIL

Replace "freelydifferent.com" by your domain name Save it as .procmailrc And activate spamassassin by editing the file /etc/default/spamassassin: sudo nano -w /etc/default/spamassassin

Enable spamassassin with "ENABLED=1" and the spam database update with "CRON=1"

page 49 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Create a mail account: As I told you, to create an email address, you have to create a new user. In my case, I want to create the email address: “morgan.duarte AT freelydifferent_DOT_com" so I need to create the user “morgan.duarte”: sudo useradd -d /home/morgan.duarte -m morgan.duarte

This will automatically create the user morgan.duarte but also create his home directory with his maildir and .procmailrc (thanks to the /etc/skel) And run: sudo passwd morgan.duarte

to assign a password. Save and restart your mail service: sudo /etc/init.d/postfix restart && sudo /etc/init.d/courier-imap restart && sudo /etc/init.d/courier-authdaemon restart

And now you can try your mailbox ! (With thunderbird by example) Previous article: Network configuration

|

Next article: LAMP

page 50 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

LAMP, for Linux, Apache, MySQL, PHP 2010-03-10 17:43:20 LAMP is an acronym for a solution stack of free, open source software, originally coined from the first letters of Linux (operating system), Apache HTTP Server, MySQL (database software), and PHP, Python or Perl (scripting language), principal components to build a viable general purpose web server. (Wikipedia) Installation: To directly install the required software, ie, apache2, mysql-server, php5, php5-mysql, phpmyadmin, you can run the command: sudo tasksel install lamp-server

During the installation, you will have to set a password for your MySQL server

Now launch apache: sudo /etc/init.d/apache2 start

But you might have the following error: * Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName httpd (pid 4501) already running

In this case, you have to set the servername of apache (ie localhost). Simply run: sudo echo ServerName localhost >> /etc/apache2/apache2.conf

This will add to your apache2.conf the value: ServerName localhost Now try again to launch apache: sudo /etc/init.d/apache2 restart

Configuration: You need now to create your website folder. In my case I plan to have several subdomains as for example this actual website: www.freelydifferent.com, but also some blog, let's say, blog.freelydifferent.com, and may be later a gallery website (Very useful to share photo with my family), why not gallery.freelydifferent.com for example. So in this case I need one specific folder for each website. So, let's configure apache for that. First, you need to set up some virtual hosts to establish the correct redirection. 1) Modify the file /etc/hosts sudo nano -w /etc/hosts

page 51 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

You will have to add as much line as subdomains you want. In my case, for the moment, with 2 websites I will add: 127.0.0.1 freelydifferent.com 127.0.0.1 blog.freelydifferent.com

Don't forget to redirect your addresses to your IP Of course, adapt this to your configuration. Or if you have others domains name you can do : 127.0.0.1 freelydifferent.com 127.0.0.1 freelynotthesame.com 2) Create a specific user: It is usually recommended to create a specific user, owner of the /var/www folder, to improve the security of your server. Let's call this user "webadmin" Create him by running: sudo adduser webadmin

3) Create sub-folders: Now you need to create separate folder(s) in /var/www/ for each sub domain you want. in my case, as I want 2 websites (2 blogs in fact) I run: sudo mkdir /var/www/freelydifferent sudo mkdir /var/www/blog

But because you have used the command sudo to create these folders, root is now the owner. Hence, you have to change the owner of these folders: sudo chown -Rf webadmin:www-data /var/www/freelydifferent sudo chown -Rf webadmin:www-data /var/www/blog

in my case. With this command, you assign to the user webadmin, and the group www-data, the folder /var/www/YOURFOLDER Now modify the permissions of these folders and files. - For the folder(s): sudo find /var/www/freelydifferent -type d -exec chmod 750 {} \; sudo find /var/www/blog -type d -exec chmod 750 {} \;

- For the files:

page 52 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

sudo find sudo find

/var/www/freelydifferent -type f -exec chmod 640 {} \; /var/www/blog -type f -exec chmod 640 {} \;

(Read and write and exec on the folder(s) for the owner (webadmin) and Read and Exec for the group (www-data) and 0 permissions for the others. Now you can set which domain(s) or subdomain(s) you want. 4) Domain(s) / Subdomain(s) Go to /etc/apache2/sites-available: cd /etc/apache2/sites-available

And add as much file as subdomain/domain you want. In my case I will create 2 files: freelydifferent and blog You got already a generic file called "default" Modify it to suit your need. sudo nano -w default

Mine is:

ServerAdmin [email protected] ## your real address ServerName freelydifferent.com ## what you have added in your /etc/hosts ServerAlias www.freelydifferent.com ## From your domain redirection DocumentRoot /var/www/freelydifferent

## The folder you have just created

Options FollowSymLinks AllowOverride None ## The folder you have just created Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all

ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit,

page 53 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

# alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128

Save it not as "default" but as another name (In my case, freelydifferent for this first one) and do the same for your others domains/subdomains. in my case my other file “blog” will contain :

ServerAdmin [email protected] ServerName blog.freelydifferent.com ServerAlias blog.freelydifferent.com DocumentRoot /var/www/blog Options FollowSymLinks AllowOverride None ##the folder you have created Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all

ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined

page 54 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128

Now you need to create links between /etc/apache2/sites-available and /etc/apache2/sites-enabled. Easy busy with the command a2ensite: sudo a2ensite freelydifferent sudo a2ensite blog

(With the name of the files you gave in /etc/apache2/sites-available) And finally, restart apache: sudo /etc/init.d/apache2 restart

Don't forget to create an A redirection of your sub-domain to your IP and to open your port 80 (TCP) to be able to see your website. Previous article: Mail Server

|

Next article: TLS/SSL

page 55 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

TLS/SSL - Secure your server 2010-03-10 17:42:44 Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. (Wikipedia) Installation: To create the certificat, run: sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/localhost.pem

It will ask you about the common name. INDICATE THE DOMAIN NAME YOU WANT TO SECURE ! In my case: freelydifferent.com

Then, activate the SSL module: sudo a2enmod ssl

And now, configure apache Be sure to be into the folder /etc/apache2/sites-available/ otherwise do: cd /etc/apache2/sites-available/

Copy the default configuration for SSL sudo cp default ssl

Assign the port 443 to the SSL: sudo sed -i '1,2s/\*:80/*:443/' ssl

(So don't forget to open the port 443 into your firewall) Now add SSLEngine On and SSLCertificateFile /etc/ssl/private/localhost.pem to the configuration: sudo sed -i "3a\\\tSSLEngine On\n\tSSLCertificateFile /etc/ssl/private/localhost.pem" ssl

Activate the website configuration: sudo a2ensite ssl

And finally, reload apache:

page 56 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

sudo /etc/init.d/apache2 force-reload

SSL should now be implemented. Previous article: LAMP

|

Next article: phpMyAdmin

page 57 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

PhpMyAdmin - MySQL web administration 2010-03-10 17:41:44 phpMyAdmin is a free software tool written in PHP intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. The most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions, etc), while you still have the ability to directly execute any SQL statement. (www.phpmyadmin.net) To manage your MySQL base, I strongly recommend you to use phpMyAdmin. Installation: Simply run: sudo apt-get install phpmyadmin

It will ask you if you want to reconfigure your webserver. Select apache (with [SPACE] and then okay)

Then, the next question should be: Configure database for phpmyadmin with dbconfig-common? Answer No, I don't think you need it.

Now that it's done, you should have access to phpmyadmin from https://www.yourwebsite.com/phpmyadmin/ Don't forget the https to secure your connection. Your login is root and your password is the one you set during the installation of MySQL Configuration: We will now create a new database and a regular user (more secure):

Go to the TAB 'Databases', then 'Create new database'

Now, go to the TAB Privileges, then click 'add a new user' Choose your User name, and his password. And as host, type: localhost Do not add any privilege as no database has been chosen yet, this will restrict the user to only a database. (Better) Now that your user has been created, edit his privileges: In Database-specific privileges, select your database and add some privileges

Well done, now you can build your website. You can set up some easy websites with some CMS, such as Joomla for example, or if you prefer something easier, as a blog, you can use wordpress for example) Previous article: TLS/SSL

|

Next article: Webmail

page 58 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Roundcube - Webmail 2010-03-10 17:40:06 Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. (roundcube.net) I have to admit, it is very useful to be able to check my email from everywhere. But it's not convenient to configure evolution or thunderbird on every computer I might use. As hotmail, gmail, yahoo, etc... it is possible to host a webmail service, which is actually a web interface for your email. As always, there are several webmail interfaces available, but this how to will be based on Roundcube as in my POV it is an easy webmail interface to use, to configure and do everything I want. Also, I think it's quite pretty. Installation: sudo apt-get install php-mdb2-driver-mysql roundcube

Don't forget the php-mdb2-driver-mysql package, otherwise you might have this following error: DATABASE ERROR: CONNECTION FAILED! Unable to connect to the database! Please contact your server-administrator.

And if you check /var/www/webmail/logs/errors, you might find the log: MDB2 Error: not found

Here are the main steps of the installation: Say YES to configure the database for roundcube

Select "mysql" as the correct database type

Then, type your mysql root user

Finally, choose a password for your roundcube

And now you can configure Roundcube Configuration: In my case, I want to add another virtualhost, in order to be able to connect to the webmail by the URL: webmail.freelydifferent.com (Obviously, I have to create a new redirection with my domain provider) Because the installation will save all roundcube files in /usr/share/roundcube, you need either to make a symbolic link or copy paste the file in the directory of your choice.

page 59 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

In my case, I prefer to do a symbolic from /usr/share/roundcube to webmail sudo ln -s /usr/share/roundcube/ webmail

Now create a new virtual host: As I want to allow ONLY the https connection on the webmail (more secure), I will edit the file /etc/apache2/sites-available/default-ssl to include this rule. sudo nano -w /etc/apache2/sites-available/default-ssl

In my case the beginning of the file will be:

ServerName webmail.freelydifferent.com Redirect / https://webmail.freelydifferent.com

ServerAdmin [email protected] ServerName webmail.freelydifferent.com ServerAlias webmail.freelydifferent.com DocumentRoot /var/www/webmail Options FollowSymLinks AllowOverride None

Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all etc...

Modify it to suit your need and save it under a different name, example: webmail-ssl Now activate this virtual host: sudo a2ensite webmail-ssl

And reload the conf: sudo /etc/init.d/apache2 reload

You might have the following error: [warn] _default_ VirtualHost overlap on port 443, the first has precedence

page 60 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

In this case, you need to had the line: NameVirtualHost *:443 to your httpd.conf located in /etc/apache2/ And finally reload it sudo /etc/init.d/apache2 reload

Now you can check that you have access to your email account from "subdomain.domain.com" In my case, on Firefox, if I go to "webmail.freelydifferent.com" It automatically redirects me to https://webmail.freelydifferent.com ! Yeahh :p Now I just have to type my login (from my real email address), my password and as in the server field, just type localhost. By the way, you might have some problems to send email to microsoft services (hotmail, live, etc..) as they basically have not a black list, but a white list. In this case, you have to contact them to declare yourself as an email provider, to be able to send email to hotmail without being considered as spam. Or you can simply use the smtp relayhost of your ISP. Miscellaneous: 1) Hide the server field Oh, I already see you wondering if you can avoid to type the server field as it will always be "localhost"...Indeed you can ! You have to edit the file config/main.inc.php In my case: sudo nano -w /var/www/webmail/config/main.inc.php

And find the line $rcmail_config['default_host'] = '';

Modify it to be: $rcmail_config['default_host'] = 'localhost';

Done ! 2) Choose the name you want to display in your headers Still in the same file, find: $rcmail_config['mail_domain'] = 'domain.com';

and add your domain name Now, in Roundcube, go to personal settings --> Identities TAB and modify these data. The name you want to display, and your email address ([email protected]) 3) Increase the maximum allowed upload file size If you want to increase the maximum allowed upload file size (2MB by default), you have to modify the php.ini:

page 61 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

sudo nano -w /etc/php5/apache2/php.ini

modify the lines: - memory_limit = 16M to 128M for example - post_max_size = 8M to 20M by example - upload_max_filesize = 2M to 20M by example And finally, restart apache: sudo /etc/init.d/apache2 restart

Enjoy your webmail account and feel free to send me an email :p (morgan DOT duarte at freelydifferent DOT com) Previous article: phpMyAdmin

|

Next article: Wordpress

page 62 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Wordpress - Blog platform 2010-03-10 17:39:54 WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time. More simply, WordPress is what you use when you want to work with your blogging software, not fight it. (wordpress.org) Now that your apache server is configured, you might want to do your website or blog, isn't it ? If you just want to do a blog or a basic website (Similar to this one for example), I recommend you to use Wordpress. So let's install it. Download the archive: To avoid permissions problem, I suggest you to use the correct user, owner of /var/www. (In my case, webadmin) Through SSH, you can use the command: sudo su webadmin

Then go to your website folder: cd /var/www/freelydifferent

and then download the latest version with the command: wget wordpress.org/latest.tar.gz

Now unzip the package using: tar -xzvf latest.tar.gz

This command will unzip the package in a new the folder freelydifferent/wordpress. But I prefer have everything in freelydifferent/ without any sub-folder. So you can move your file from freelydifferent/wordpress to freelydifferent/ mv wordpress/* .

Don't forget the space and the point at the end. Now remove the empty folder 'wordpress' rm -R wordpress/

Okay, now you can set up the wp-config.php Copy the sample file and then edit it. cp wp-config-sample.php wp-config.php nano -w wp-config.php

page 63 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

You have to modify usually 3 values: 1)DB_NAME – Type your database name (created previously with phpmyadmin). In my case I add: "freelydifferent" 2)DB_USER – The user you have created in Mysql, in my case: "webadmin" 3)DB_PASSWORD – The DataBase password Save the wp-config.php file. Now with your favorite browser, point to "www.yourwebsite.com/wp-admin/install.php" or where wp-admin/install.php are. In my case, it was "www.freelydifferent.com/wp-admin/install.php" And just follow the quick procedure. Now you should have a nice wordpress blog to work on ! You can install a lot of themes, plugins, etc.. to enrich wordpress. You can just download them from any website, and add them to the proper wordpress folder, or directly use the internal system which will download and install automatically what you have chosen, which is far more convenient. But in this case, you will need to have a ftp or ftps. Previous article: Webmail

|

Next article: Proftpd

page 64 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

FTP - For wordpress (Local use only) 2010-03-10 17:38:58 ProFTPD is a high-performance, extremely configurable, and most of all a secure FTP server, featuring Apache-like configuration and blazing performance.(www.proftpd.org) As I told you previously, it is very convenient to have a working ftp to use with wordpress. You can then easily install any plugins or themes. As you may know, or not, there are differents way to build a FTP server. And a lot of people does'nt know which protocol to use. FTP ? FTPS ? SFTP. Well, FTP (or File Transfer Protocol) "is a standard network protocol used to exchange and manipulate files over a TCP/IP-based network, such as the Internet." (Wikipedia). Then FTPS will use the FTP protocal + TLS/SSL protection. A SFTP (Secure File Transfer Protocol) is radically different because it's based on OpenSSH (IMO, newer technology, more secure and better designed) Hence, if you want to create a real FTP server, I strongly recommend you to use SFTP and never a simple FTP as this one is really unsafe. Indeed, with this protocal, your login and password are exchanged in clear... But in our case, as I want a simple FTP only for wordpress, and because both are on the same machine. Using FTP without any protection is enough, as the transfert of the login/password will be done on the same machine, without using external connection. So, for a local use, FTP seems fine. Installation: sudo apt-get install proftpd

You can select to run proftpd as standalone server. Don't forget to add the line: /bin/false

in /etc/shells file sudo nano -w /etc/shells

Configuration: Modify the proftpd configuration file: sudo nano -w /etc/proftpd/proftpd.conf

Feel free to change any information on this file, but it is not required. But for a safer connection, you might want to give access to this ftp only to one user.

page 65 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Then, add at the end of the file

AllowUser user1 DenyALL

user1, is your user, in my case it will be the user of the webserver, ie webadmin Finally, restart the ftp server: sudo /etc/init.d/proftpd restart

And check this out by installing a theme or plugin in your wordpress blog. The Hostname will be localhost, the Username, in my case webadmin and its password. Previous article: Wordpress

|

Next article: OpenFire

>

page 66 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

Miscellaneous - Easy tips 2010-03-10 17:37:14 I found some good tips to improve my server (Security, speed, etc...). Obviously you can do a lot of things to secure your apache server, ftp, wordpress, etc... but I will post here only what I did, and only basic stuffs. 1) Hide Apache version By default, Apache show the version number you use, your Operating System, and others details. To inactivate these values: sudo nano -w /etc/apache2/conf.d/security

And edit the line - ServerTokens - and, ServerSignature as follow: ServerTokens Prod ServerSignature Off

Save the file 2) Block IP You can also configure your virtual host file by adding some parameters to block some IPs, to deny the download of your .htaccess, and others stuff. As the manner to do it, is quite clear, I will not explain the procedure. When you have configured what you wanted, restart apache sudo /etc/init.d/apache2 restart

3) Limit bandwidth and reduce access time You also may want to limit the bandwidth per user and to compress the data sent to the client to save your bandwidth and access time. To do so, you can use 2 mod: - Mod_bw – To limit the bandwith Install the module: sudo apt-get install libapache2-mod-bw

and enable it: sudo a2enmod bw

And now, in your Virtual hosts, you have to some lines: cd /etc/apache2/sites-enabled/ sudo nano -w yourVirtualHostFile

page 67 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

At the end of the file, just before the , add: BandWidthModule On ForceBandWidthModule On BandWidth 192.168.0.0/24 0 Bandwidth all 20480 LargeFileLimit * 8000 50000

This will activate the mod, add no limit for people from your network (192.168.0.0), limit everyone to 20kb/s and if they download a file larger than 8000kb, the limit will be fixed at 50kb/s. You can adapt theses parameters according to your speed connection. - Mod_deflate - To compress the content sent to the client Activate the modules 'deflate' and 'headers': sudo a2enmod headers sudo a2enmod deflate

Configure the deflate module: Create or modify the file mod_deflate.conf sudo nano -w /etc/apache2/conf.d/mod_deflate.conf

and paste:

# Insert filter SetOutputFilter DEFLATE # Netscape 4.x has some problems... BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 # the above regex won't work. You can use the following # workaround to get the desired effect: BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Don't compress images SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary

Then restart apache: sudo /etc/init.d/apache2 restart

page 68 / 69

Freely Different - You decide Think & Act differently http://www.freelydifferent.com

And now, your web pages will be sent compressed when the client support it. Previous article: OpenFire

page 69 / 69