Doc /

OpenSUSE small server (second edition)

<-OpenSUSE-small-server (second edition - june 2011)

Starting Point

Hardware

I own a hosted server on the kimsufi.com site, part of the ovh.com hosting service (one of the biggest french one). As of June 2011, the cheaper one is a Celeron 64 bits, dualcore, 2Go RAM and 1000GB Hard drive, much enough for a personal server.

Get a Domain Name

I know you can use a dynamic system, but having your own domain name is very handy and very cheap. I use http://gandi.net and pay only €12 a year for my dodin.org domain name (I own also the dodin.net one, but this is an other story). I always had fixed IP, including at home, so I don't know much about a server on a variable IP system.

know what you want

The first task is to take a paper and a pencil and write down exactly what you want. Of course, when working, you will understand better your needs and change accordingly, but any change can give painfull results.

As an example, gandi.net allows you to have a full mail server with no administration and unlimited e-mails for as low as €1 (one!) a month and if you want only the myname@mydomain e-mail, better use it. I wanted to learn mail administration, so I decided to go the hard way and install my own one.

What I wanted was:

  • an http server for me and my family (I have two daughters working as singer and actress, so they need also web site);
  • a mail server. I want to be able to manage all my mails from this server, to be able to read them (and the archives) from any computer on the world, without having to bring one with me;
  • a ftp server to store files as needed and allow customers to do also;
  • of course ssh access;
  • rsync daemon to use my server as backup server;

Installation et partitionning

The server is given pre-installed, but the default install don't fit my needs. It's possible to do again the install with manual partitionning quite easily, so I did and got this:

fdisk -l

Disk /dev/sda: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00064c61

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        4096    20975616    10485760+  83  Linux
/dev/sda2        20975617   125831870    52428127   83  Linux
/dev/sda3      1952468993  1953520064      525536   82  Linux swap / Solaris
/dev/sda4       125833216  1952468991   913317888    f  W95 Ext'd (LBA)
/dev/sda5       125835264   167782399    20973568   83  Linux
/dev/sda6       167784448  1952444415   892329984   83  Linux

Partition table entries are not in disk order
kim3:/home/jdd # df -h
Filesystem            Size  Used Avail Use% Mounted on
rootfs                 10G  4,7G  4,8G  50% /
/dev/root              10G  4,7G  4,8G  50% /
devtmpfs              983M  268K  983M   1% /dev
tmpfs                 983M     0  983M   0% /dev/shm
/dev/sda2              50G   11G   37G  24% /home
/dev/sda6             838G   52G  744G   7% /data

You may notice I built one extra (sda5) and one "data" partition. I keep room to be able, eventually, to install an other distro on the same computer (for example as update). In that case, having the same home is not handy. So I have basic home and important data in the "data" partition.

After this part, you can log in the server and you are on your own.

Notice that on this 2011 install my provider partitionned with only two partitions, a small / (root) and the rest as /home, so I could resize the /home and din't have to reinstall.

Basic config

Update

It's mandatory to make an immediate update. Using zypper dup is probably the best way, at this step if there is a failure it's easy to install again.

Given the special boot installed by my provider, it's a bit scary, but if ever the update fail, it's easy to reinstall as there is nearly nothing new. June 2011, the update copied the grub files, but this do not prevent the computer from booting!

Langage

The langage was not utf8.So I had to change

/etc/sysconfig/language

(at the end of the file)

# List of installed language supports, use by YaST2
#
INSTALLED_LANGUAGES="fr_FR.UTF-8"

Then run SuSEconfig. Can probably be done with YaST.

Setup repositories

Use YaST (preferably yast2 through ssh -X) to setup the repositories. Add updates, may be Packman if you want very new stuff. You probably don't want restricted licence files (why have a mp3 reader on a hosted server?).

Install basic stuff

Depending of your initial install you will probably have to install a lot of things. My provider installed a very minimal system. I had to install nearly all by hand. Begin to install all the meaningfull YaST modules (search for yast in software install). I had yast (mandatory!), but not yast2 (no gui) when using sh -X to connect then yast2 is much friendlier. Notice that ssh -X seems to need a minimal X install.

I didn't write down all what I installed. A short list is probably: mc, w3m, yast2-gtk and qt, vsftpd (ftp), dovecot (mail imap/pop3), mrtg (http statistics), inn (news server), mailman (list server), spamassassin (spam fighter), apache2, ntp (time sync), tightVNC (remote admin). X and xfce may be usefull some day.

Don't forget to activate the necessary services in YaST, system, services (run levels).

Automatic updates

You should have a YaST module to manage automatic security updates? If you don't have, you didn't install the relevant module. Do and configure the update.

On the way do install the YaST backup and make it automatic. With a such large disk (1TB!) you have plenty of room to store updates. Probably better ftp them locally.

Firewall

Default openSUSE firewall is SuSEFirewall2. Most options are setup with the YaST2 module.

The main error to avoid is to launch the firewall before having setup the ssh opening - doing so you will lose the connection to the server...

Test the firewall: http://www.auditmypc.com/firewall-test.asp (but from the tested computer). To be able to use this easily look at Doc.TunnelSshEtFirefox.

Add:

  • dovecot
  • smtp (postfix)
  • http (apache)
  • https
  • VNC
  • vsftp

Runlevels

Do verify all your daemons are running and launched at start.

Specially:

  • inn if you want a newsgroup server (not yet for me)
  • mailman for mailing lists (not yet for me, but I will need it soon)
  • rsyncd (do not seems to be mandatory)
  • spamd (not yet)
  • vsftpd