Changes
Jump to navigation
Jump to search
Test Web Server Documentation (view source)
Revision as of 02:34, 4 January 2016
, 02:34, 4 January 2016Added dates and section on setting up SSH connection
Alex's notes from creating a test web server that will eventually host important stuff (aka a test run on a cheap Dell Inspiron).
== Installing Ubuntu (12/18/15 - 1/1/16) ==
I chose the 14.04.3 (aka "Trusty Tahr", sometimes abbreviated as "trusty" in online package documentation) [http://www.ubuntu.com/download/server Ubuntu Server] ISO image for the installation process. I did so after unsuccessfully trying to install from the [http://help.ubuntu.com/community/Installation/MinimalCD Minimal] ISO image. I found [http://help.ubuntu.com/community/BootFromCD this Ubuntu documentation page] helpful during the install, and I even did a MD5 checksum verification for the first time to make sure I downloaded the ISO image correctly.
As a note, I did have to turn off Secure boot in the Dell's UEFI firmware menu (the one that you get to by mashing F2 when the computer just turned on and shows you the Dell logo) because Ubuntu kept having Kernel panics about something attempting to kill init. This probably won't be a problem on the production server, but for replicatability's sake, now you know.
== Installing the LAMP stack (1/1/16) ==
With the Server ISO image, one of the options during installation is to select packages that you might want to install. Obviously, I checked the LAMP server box. The Minimal installation has a similar screen, except with more options (mostly desktop-related packages, like GUIs and fonts). And now you have all that you need. Don't forget to update the package manager and upgrade all your packages:
$ sudo apt-get upgrade
== Network troubleshooting (1/2/16 - 1/3/16) ==
I'm not sure if this is my house's ethernet or my own fault, but I spent a lot of time digging into Ubuntu network configuration. I know it can work: I installed packages during the installation of Ubuntu! Anyways, with the help of the internet ([http://ubuntuforums.org/showthread.php?t=25557 this thread] and [http://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax this SO question] were useful, as was [https://help.ubuntu.com/12.04/serverguide/network-configuration.html#name-resolution this Ubuntu documentation]) and man pages, here's a quick troubleshooting guide:
Also, for some reason, I was able to connect to the internet upon rebooting, but after trying the ifdown/ifup commands above, I wasn't able to get to the internet anymore. But then I rebooted again, and now I'm able to connect to the internet even after ifdown/ifup.
'''Edit (1/3/16):''' Dr. Egan notes (possibly from reading [http://askubuntu.com/questions/230698/how-to-restart-the-networking-service this SO post]) that the following command to restart the network service is equivalent to the ifdown/ifup commands:
$ sudo service network-manager restart
== Setting up SSH remote connection (1/3/16) ==
I got the brilliant idea to set up a remote connection to the Ubuntu box so that I could continue working on the box despite not being physically able to access it. Dr. Egan suggested SSH, and the adventure began. First, I installed the OpenSSH server, which receives SSH connections from SSH clients (I installed [http://www.putty.org/ PuTTY] as my SSH client on my Windows laptop):
$ sudo apt-get install openssh-server
Then, according to suggestions from [http://help.ubuntu.com/lts/serverguide/openssh-server.html this Ubuntu help page], I backed up the sshd_config file to a read-only copy:
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
$ sudo chmod a-w /etc/ssh/sshd_config.original
Now the real fun begins. I wanted to use SSH keys (specifically RSA keys) for authentication instead of password authentication (as suggested by [http://help.ubuntu.com/community/SSH/OpenSSH/Configuring this other Ubuntu help page]), but I needed a way to copy the public RSA key on my laptop (the SSH client) onto the Ubuntu box (the SSH server). I basically decided to strip all forms of authentication off of the SSH connection by editing sshd_config and then restarting the SSH service to apply the changes:
$ sudo vi /etc/ssh/sshd_config
$ sudo service ssh restart
The sshd_config man page helped a lot (especially in noting which options were on or off by default), but I basically disabled password authentication, RSA authentication, and pubkey authentication. Then, with my laptop connected to the same network as the Ubuntu box, I opened the SSH connection and copied my key into the authorized keys list (I had to make a new authorized_keys file):
$ vi ~/.ssh/authorized_keys
$ [copy my public key to ~/.ssh/ajiang_rsa.pub]
$ cat ~/.ssh/ajiang_rsa.pub >> ~/.ssh/authorized_keys
$ rm ~/.ssh/ajiang_rsa.pub
Then I went back to sshd_config and enabled RSA and pubkey authentication, kept password authentication off, allowed TCP and X11 forwarding, set the port to 23 (according to Dr. Egan's suggestion), and explicitly specified the authorized keys file (though the default would have worked too), restarting the SSH service again to apply the changes.
$ sudo vi /etc/ssh/sshd_config
$ sudo service ssh restart
I checked that the sshd service was running and which ports it was listening to with:
$ ps -A | grep sshd
$ sudo ss -lnp | grep sshd
Now I had to configure my network's router firewall to allow port forwarding from outside the network (aka a pinhole). I fixed the IP address assigned to the box to a single IP address that I knew would work, and then I went to the port forwarding configuration page to allow TCP port forwarding on port 23 to the Ubuntu box on port 23. The router gave me a public IP address, and I used that in my PuTTY client (along with my private key and port 23) to try a SSH connection, and it worked!