Difference between revisions of "Test Web Server Documentation"

From edegan.com
Jump to navigation Jump to search
imported>Alex
m (minor link formatting cleanup)
imported>Alex
(Added dates and section on setting up SSH connection)
Line 1: Line 1:
 
Alex's notes from creating a test web server that will eventually host important stuff (aka a test run on a cheap Dell Inspiron).
 
Alex's notes from creating a test web server that will eventually host important stuff (aka a test run on a cheap Dell Inspiron).
  
== Installing Ubuntu ==
+
== Installing Ubuntu (12/18/15 - 1/1/16) ==
  
 
I chose the 14.04.3 (aka "Trusty Tahr", sometimes abbreviated as "trusty" in online package documentation) [http://www.ubuntu.com/download/server Ubuntu Server] ISO image for the installation process. I did so after unsuccessfully trying to install from the [http://help.ubuntu.com/community/Installation/MinimalCD Minimal] ISO image. I found [http://help.ubuntu.com/community/BootFromCD this Ubuntu documentation page] helpful during the install, and I even did a MD5 checksum verification for the first time to make sure I downloaded the ISO image correctly.
 
I chose the 14.04.3 (aka "Trusty Tahr", sometimes abbreviated as "trusty" in online package documentation) [http://www.ubuntu.com/download/server Ubuntu Server] ISO image for the installation process. I did so after unsuccessfully trying to install from the [http://help.ubuntu.com/community/Installation/MinimalCD Minimal] ISO image. I found [http://help.ubuntu.com/community/BootFromCD this Ubuntu documentation page] helpful during the install, and I even did a MD5 checksum verification for the first time to make sure I downloaded the ISO image correctly.
Line 15: Line 15:
 
As a note, I did have to turn off Secure boot in the Dell's UEFI firmware menu (the one that you get to by mashing F2 when the computer just turned on and shows you the Dell logo) because Ubuntu kept having Kernel panics about something attempting to kill init. This probably won't be a problem on the production server, but for replicatability's sake, now you know.
 
As a note, I did have to turn off Secure boot in the Dell's UEFI firmware menu (the one that you get to by mashing F2 when the computer just turned on and shows you the Dell logo) because Ubuntu kept having Kernel panics about something attempting to kill init. This probably won't be a problem on the production server, but for replicatability's sake, now you know.
  
== Installing the LAMP stack ==
+
== Installing the LAMP stack (1/1/16) ==
  
 
With the Server ISO image, one of the options during installation is to select packages that you might want to install. Obviously, I checked the LAMP server box. The Minimal installation has a similar screen, except with more options (mostly desktop-related packages, like GUIs and fonts). And now you have all that you need. Don't forget to update the package manager and upgrade all your packages:
 
With the Server ISO image, one of the options during installation is to select packages that you might want to install. Obviously, I checked the LAMP server box. The Minimal installation has a similar screen, except with more options (mostly desktop-related packages, like GUIs and fonts). And now you have all that you need. Don't forget to update the package manager and upgrade all your packages:
Line 21: Line 21:
 
  $ sudo apt-get upgrade
 
  $ sudo apt-get upgrade
  
== Network troubleshooting ==
+
== Network troubleshooting (1/2/16 - 1/3/16) ==
  
 
I'm not sure if this is my house's ethernet or my own fault, but I spent a lot of time digging into Ubuntu network configuration. I know it can work: I installed packages during the installation of Ubuntu! Anyways, with the help of the internet ([http://ubuntuforums.org/showthread.php?t=25557 this thread] and [http://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax this SO question] were useful, as was [https://help.ubuntu.com/12.04/serverguide/network-configuration.html#name-resolution this Ubuntu documentation]) and man pages, here's a quick troubleshooting guide:
 
I'm not sure if this is my house's ethernet or my own fault, but I spent a lot of time digging into Ubuntu network configuration. I know it can work: I installed packages during the installation of Ubuntu! Anyways, with the help of the internet ([http://ubuntuforums.org/showthread.php?t=25557 this thread] and [http://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax this SO question] were useful, as was [https://help.ubuntu.com/12.04/serverguide/network-configuration.html#name-resolution this Ubuntu documentation]) and man pages, here's a quick troubleshooting guide:
Line 48: Line 48:
  
 
Also, for some reason, I was able to connect to the internet upon rebooting, but after trying the ifdown/ifup commands above, I wasn't able to get to the internet anymore. But then I rebooted again, and now I'm able to connect to the internet even after ifdown/ifup.
 
Also, for some reason, I was able to connect to the internet upon rebooting, but after trying the ifdown/ifup commands above, I wasn't able to get to the internet anymore. But then I rebooted again, and now I'm able to connect to the internet even after ifdown/ifup.
 +
 +
'''Edit (1/3/16):''' Dr. Egan notes (possibly from reading [http://askubuntu.com/questions/230698/how-to-restart-the-networking-service this SO post]) that the following command to restart the network service is equivalent to the ifdown/ifup commands:
 +
$ sudo service network-manager restart
 +
 +
== Setting up SSH remote connection (1/3/16) ==
 +
 +
I got the brilliant idea to set up a remote connection to the Ubuntu box so that I could continue working on the box despite not being physically able to access it. Dr. Egan suggested SSH, and the adventure began. First, I installed the OpenSSH server, which receives SSH connections from SSH clients (I installed [http://www.putty.org/ PuTTY] as my SSH client on my Windows laptop):
 +
 +
$ sudo apt-get install openssh-server
 +
 +
Then, according to suggestions from [http://help.ubuntu.com/lts/serverguide/openssh-server.html this Ubuntu help page], I backed up the sshd_config file to a read-only copy:
 +
 +
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
 +
$ sudo chmod a-w /etc/ssh/sshd_config.original
 +
 +
Now the real fun begins. I wanted to use SSH keys (specifically RSA keys) for authentication instead of password authentication (as suggested by [http://help.ubuntu.com/community/SSH/OpenSSH/Configuring this other Ubuntu help page]), but I needed a way to copy the public RSA key on my laptop (the SSH client) onto the Ubuntu box (the SSH server). I basically decided to strip all forms of authentication off of the SSH connection by editing sshd_config and then restarting the SSH service to apply the changes:
 +
 +
$ sudo vi /etc/ssh/sshd_config
 +
$ sudo service ssh restart
 +
 +
The sshd_config man page helped a lot (especially in noting which options were on or off by default), but I basically disabled password authentication, RSA authentication, and pubkey authentication. Then, with my laptop connected to the same network as the Ubuntu box, I opened the SSH connection and copied my key into the authorized keys list (I had to make a new authorized_keys file):
 +
 +
$ vi ~/.ssh/authorized_keys
 +
$ [copy my public key to ~/.ssh/ajiang_rsa.pub]
 +
$ cat ~/.ssh/ajiang_rsa.pub >> ~/.ssh/authorized_keys
 +
$ rm ~/.ssh/ajiang_rsa.pub
 +
 +
Then I went back to sshd_config and enabled RSA and pubkey authentication, kept password authentication off, allowed TCP and X11 forwarding, set the port to 23 (according to Dr. Egan's suggestion), and explicitly specified the authorized keys file (though the default would have worked too), restarting the SSH service again to apply the changes.
 +
 +
$ sudo vi /etc/ssh/sshd_config
 +
$ sudo service ssh restart
 +
 +
I checked that the sshd service was running and which ports it was listening to with:
 +
 +
$ ps -A | grep sshd
 +
$ sudo ss -lnp | grep sshd
 +
 +
Now I had to configure my network's router firewall to allow port forwarding from outside the network (aka a pinhole). I fixed the IP address assigned to the box to a single IP address that I knew would work, and then I went to the port forwarding configuration page to allow TCP port forwarding on port 23 to the Ubuntu box on port 23. The router gave me a public IP address, and I used that in my PuTTY client (along with my private key and port 23) to try a SSH connection, and it worked!

Revision as of 02:34, 4 January 2016

Alex's notes from creating a test web server that will eventually host important stuff (aka a test run on a cheap Dell Inspiron).

Installing Ubuntu (12/18/15 - 1/1/16)

I chose the 14.04.3 (aka "Trusty Tahr", sometimes abbreviated as "trusty" in online package documentation) Ubuntu Server ISO image for the installation process. I did so after unsuccessfully trying to install from the Minimal ISO image. I found this Ubuntu documentation page helpful during the install, and I even did a MD5 checksum verification for the first time to make sure I downloaded the ISO image correctly.

The menus for both installations were almost identical (go figure), but the Server ISO image offered a subset of the choices presented by the Minimal ISO image (for example, the Minimal installation asks about shadow passwords and Linux kernels), in a slightly different order. Here are some of the less obvious choices that I made when installing from the Server ISO image; the remaining choices were either locale-based (e.g. time zone, keyboard layout, etc.) or network configuration (I chose the wired connection as the primary interface):

  • hostname: mcnairtestwebserver
  • encrypted home directory? no
  • how to partition disk? Guided - use entire disk and set up LVM
  • how much of volume group should be used for guided partitioning? 75%
  • automatic updates? no

As a note, I did have to turn off Secure boot in the Dell's UEFI firmware menu (the one that you get to by mashing F2 when the computer just turned on and shows you the Dell logo) because Ubuntu kept having Kernel panics about something attempting to kill init. This probably won't be a problem on the production server, but for replicatability's sake, now you know.

Installing the LAMP stack (1/1/16)

With the Server ISO image, one of the options during installation is to select packages that you might want to install. Obviously, I checked the LAMP server box. The Minimal installation has a similar screen, except with more options (mostly desktop-related packages, like GUIs and fonts). And now you have all that you need. Don't forget to update the package manager and upgrade all your packages:

$ sudo apt-get update
$ sudo apt-get upgrade

Network troubleshooting (1/2/16 - 1/3/16)

I'm not sure if this is my house's ethernet or my own fault, but I spent a lot of time digging into Ubuntu network configuration. I know it can work: I installed packages during the installation of Ubuntu! Anyways, with the help of the internet (this thread and this SO question were useful, as was this Ubuntu documentation) and man pages, here's a quick troubleshooting guide:

First, some diagnostics commands:

$ ping google.com
$ ping localhost
$ hostname -i
$ ifconfig

Check some relevant configuration files (note that my ethernet connection interface is named "p3p1" and is configured for DHCP instead of a static IP address):

$ cat /etc/resolv.conf
$ cat /etc/hosts
$ cat /etc/network/interfaces
$ cat /etc/dhcp/dhclient.conf
$ cat /var/lib/dhclient/dhclient.p3p1.leases

Next, try editing /etc/network/interfaces with sudo vi. I added two lines (Google's public DNS addresses and the DNS domain name of my network) into the p3p1 interface block:

    dns-nameservers 8.8.8.8 8.8.4.4
    dns-search attlocal.net

To make the changes, use sudo ifdown p3p1 and sudo ifup p3p1 to take down and bring back the network interface and try the above diagnostics again.

Also, for some reason, I was able to connect to the internet upon rebooting, but after trying the ifdown/ifup commands above, I wasn't able to get to the internet anymore. But then I rebooted again, and now I'm able to connect to the internet even after ifdown/ifup.

Edit (1/3/16): Dr. Egan notes (possibly from reading this SO post) that the following command to restart the network service is equivalent to the ifdown/ifup commands:

$ sudo service network-manager restart

Setting up SSH remote connection (1/3/16)

I got the brilliant idea to set up a remote connection to the Ubuntu box so that I could continue working on the box despite not being physically able to access it. Dr. Egan suggested SSH, and the adventure began. First, I installed the OpenSSH server, which receives SSH connections from SSH clients (I installed PuTTY as my SSH client on my Windows laptop):

$ sudo apt-get install openssh-server

Then, according to suggestions from this Ubuntu help page, I backed up the sshd_config file to a read-only copy:

$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
$ sudo chmod a-w /etc/ssh/sshd_config.original

Now the real fun begins. I wanted to use SSH keys (specifically RSA keys) for authentication instead of password authentication (as suggested by this other Ubuntu help page), but I needed a way to copy the public RSA key on my laptop (the SSH client) onto the Ubuntu box (the SSH server). I basically decided to strip all forms of authentication off of the SSH connection by editing sshd_config and then restarting the SSH service to apply the changes:

$ sudo vi /etc/ssh/sshd_config
$ sudo service ssh restart

The sshd_config man page helped a lot (especially in noting which options were on or off by default), but I basically disabled password authentication, RSA authentication, and pubkey authentication. Then, with my laptop connected to the same network as the Ubuntu box, I opened the SSH connection and copied my key into the authorized keys list (I had to make a new authorized_keys file):

$ vi ~/.ssh/authorized_keys
$ [copy my public key to ~/.ssh/ajiang_rsa.pub]
$ cat ~/.ssh/ajiang_rsa.pub >> ~/.ssh/authorized_keys
$ rm ~/.ssh/ajiang_rsa.pub

Then I went back to sshd_config and enabled RSA and pubkey authentication, kept password authentication off, allowed TCP and X11 forwarding, set the port to 23 (according to Dr. Egan's suggestion), and explicitly specified the authorized keys file (though the default would have worked too), restarting the SSH service again to apply the changes.

$ sudo vi /etc/ssh/sshd_config
$ sudo service ssh restart

I checked that the sshd service was running and which ports it was listening to with:

$ ps -A | grep sshd
$ sudo ss -lnp | grep sshd

Now I had to configure my network's router firewall to allow port forwarding from outside the network (aka a pinhole). I fixed the IP address assigned to the box to a single IP address that I knew would work, and then I went to the port forwarding configuration page to allow TCP port forwarding on port 23 to the Ubuntu box on port 23. The router gave me a public IP address, and I used that in my PuTTY client (along with my private key and port 23) to try a SSH connection, and it worked!