This is a search engine friendly export of a TiddlyWiki. Please click here for the actual site.
Coldest Web Server Config
These are the things that need to be done on a fresh install of the Coldest web server.
# Add regular user
# Add regular user to necessary groups (mostly for backups)
** {{{usermod -aG root cybertron}}}
** {{{usermod -aG crontab cybertron}}}
# Allow ssh tunneling to get around stupid port blocks
** Add these lines to /etc/ssh/sshd_config:
*** {{{AllowTcpForwarding yes}}}
*** {{{GatewayPorts clientspecified}}}
*** {{{ListenAddress 64.37.60.218}}}
*** Add Torch root ssh key to coldestgame.com: {{{root@vps:~/.ssh# cat id_dsa.pub > authorized_keys2}}}
** Old method (doesn't work anymore): {{{ssh -f -N -g -4 cybertron@home.nemebean.com -L 25:home.nemebean.com:2555}}}
# {{{aptitude update}}} and {{{aptitude safe-upgrade}}}
# Remove unnecessary packages:
** {{{/etc/init.d/bind9 stop}}}
** Stop sendmail?
** {{{aptitude purge bind9 samba-common sendmail-base}}}
# Enable EPEL
# Install needed packages: {{{yum install php-pecl-apc mysql-server php-mysql fail2ban php-gd php-mbstring SDL_net}}}
# Install needed packages (Debian version): {{{aptitude install apache2 php-apc mysql-server mysql-client php5-mysql fail2ban psmisc php5-gd screen libsdl-net1.2 rsync exim4}}}
# Configure ssh keys
** From home system: {{{scp ~/.ssh/id_rsa.pub coldestgame.com:~/.ssh/id_rsa.vanguard}}}
** Build systems: {{{scp ~/.ssh/id_dsa.pub coldestgame.com:~/.ssh/id_dsa.build[32|64]}}}
** On coldestgame.com: {{{cat ~/.ssh/id_rsa.vanguard ~/.ssh/id_dsa.build* >> ~/.ssh/authorized_keys2}}}
** Ditto: {{{chmod 700 ~/.ssh}}}
** Ditto: {{{chmod 600 ~/.ssh/authorized_keys2}}}
# Copy backup files to system
** etc mysqlbackup sbin site smf robots.txt crontabs
# Restore MySQL files to /var/lib/mysql
** Fix permissions: {{{chown -R mysql:mysql drupal_coldest mysql smf}}}
# Restore configurations
** /etc/mysql/debian.cnf
** /etc/apache/sites-available/default
** /etc/network/interfaces
** {{{a2enmod rewrite}}}
** Fail2ban: /etc/fail2ban
** /root/.my.cnf
*** {{{[client]}}}
*** {{{password=**************}}}
*** {{{[mysqlhotcopy]}}}
*** {{{password=**************}}}
# Restart mysql
# Don't think this is necessary anymore - Fix exim4 permissions
** {{{chown Debian-exim:adm /var/log/exim4/mainlog}}}
** {{{chmod 777 /var/mail}}}
# Configure exim4
** {{{dpkg-reconfigure exim4-config}}} and make sure to allow sending to external domains. IMPORTANT: Do not listen on external interfaces! This is a security risk and we don't need to do it. Trust me on this. ;-)
** {{{update-rc.d -f exim4 remove}}} (Exim won't actually work anyway since we forward port 25 through the ssh tunnel)
# Fix Drupal permissions
** chown -R www-data:www-data /var/www/site/sites/default/files
# --Configure crontab for root--
** Changed permissions so regular user can read crontabs, so this should be restored above
** Crontab file is stored in the root of /backup, it is only readable by root so it's awkward to backup automatically.
** For future updates, the crontab file can be found at /var/spool/cront/crontabs/root
# Install master server
** Server is now 64-bits, so build in 64-bit Debian-based VM
# Optional: Install phpmyadmin
** Apparently it is necessary to uncomment the host and auth_type lines in /etc/phpmyadmin/config.inc.php to get this to work. I don't remember having to do that before, so it's possible this was a one off problem.