A Server (Almost) of Your Own
Would you like to have a dedicated server at an ISP, for the price of a mere virtual hosting account? For most Linux users, the answer is certainly, yes. You want root access to your own box and the ability to run the software that you choose—even if the budget calls for virtual hosting.
In this case, the solution is a Virtual Private Server (VPS). VPS accounts effectively partition a physical computer's resources into several virtual machines. You get root access to your VPS and configure it just like you would a dedicated server.
Of course, the flexibility of a VPS comes at the price of increased complexity. You are the system administrator of your VPS, not your ISP. The correct operation of the virtual machine—particularly security—is your responsibility.
The typical VPS account holder, however, needs to support only a small number of users, with a few relatively simple services. This makes the task of administering the system much easier. If you are at least somewhat comfortable with managing a Linux machine from the command line, you should be able to make a successful transition to a VPS account.
In this article, we focus our attention on the most critical aspect of switching to a VPS from virtual hosting—getting your e-mail working. E-mail is one of the most important communication tools today. With the exception of DNS, it is also the most complex service you are likely to encounter. Learning how to get your e-mail working should give you a good overall sense of how to manage your VPS.
With respect to DNS, you may want your VPS provider to handle it for you entirely, at least in the beginning. Ask about the additional fees before you sign up. They should be a few extra dollars per year. Some domain name registrars and third parties also can provide you with DNS service.
We use the VPS service provided by tummy.com to implement and test our e-mail solution. Its VPS accounts are based on Red Hat's Fedora by default, but you easily can choose Debian instead during the sign-up process. We use the Fedora-based VPS for this article—Fedora Core 3 at the time of writing. Some of the steps shown in the following discussion are specific to Fedora, but most are applicable to any recent Linux distribution. Updates for more recent Linux distributions are available at /article/9380. There is a corrections notice at the start of that document—just keep reading past it to get to the updates.
Here are some names that you will see in the examples. Your VPS hostname is myvps, your workstation is ws, your first domain name is first.domain, and your second domain name is second.domain. Your user name on your workstation is usera, and the mail users on the VPS are maila and mailb.
Additional domain names beyond the first one are optional—only remember to delete all references to second.domain when you use any of the code from the article. You also can host more than two domain names—simply configure them in the same way as second.domain is configured in the examples.
Of course, the actual domain names that you use should be valid and registered to you. For example, my first.domain is openlight.com. You also can call your VPS and workstation anything you want. Now, let's begin.
Log in to your new VPS account as root with ssh root@MY.VPS.IP.ADDRESS. You would have already chosen your root password when you signed up for the account, and your VPS provider should have given you the IP address of your virtual machine.
One of the first tasks when you set up a new Linux server is to configure the built-in iptables firewall. Your VPS provider may have set reasonable defaults, but you should always verify this yourself.
On the Fedora Linux distribution, run the following command:
[root@myvps ~]# system-config-securitylevel-tui
You can now move from one control to another with the cursor keys. Use the spacebar to activate buttons and toggle check boxes. Make sure that the Security Level is set to Enabled. Then, activate the Customize button.
On the next screen, you must enable SSH, WWW and Mail. Do not enable any Trusted Devices.
Next, scroll down to the Other ports text box, and add the entry https:tcp, which allows secure https connections. You will need https if you decide to configure Web mail, as described later in this article.
Activate the OK button when you are finished with the customization screen. Also, activate OK on the next screen. Finally, restart iptables to make sure that the changes take effect:
[root@myvps ~]# /etc/init.d/iptables restart
You must be very careful when you reconfigure your iptables. In addition to the usual danger of creating new vulnerabilities, it is easy to lock yourself out of the remote VPS server. In that situation, you will have to ask your VPS provider for help. Other common ways to render the VPS inaccessible are shutting down networking, the SSH dæmon (sshd) or halting the virtual machine.
Next, create an ordinary user login that you will use later to read and send e-mail. Set the password for the new account:
[root@myvps ~]# useradd maila [root@myvps ~]# passwd maila Changing password for user maila. New UNIX password:
Use names such as maila or pseudonyms for logins. This is more secure and guards against inadvertent release of personal information on-line. Verify that you can log in to the new account. You are now ready to configure your mail server.
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Validate an E-Mail Address with PHP, the Right Way
- RSS Feeds
- Readers' Choice Awards
- Tech Tip: Really Simple HTTP Server with Python
- BASH script to log IPs on public web server
1 hour 39 min ago
5 hours 15 min ago
- Reply to comment | Linux Journal
5 hours 48 min ago
- All the articles you talked
8 hours 11 min ago
- All the articles you talked
8 hours 14 min ago
- All the articles you talked
8 hours 16 min ago
12 hours 40 min ago
- Keeping track of IP address
14 hours 31 min ago
- Roll your own dynamic dns
19 hours 45 min ago
- Please correct the URL for Salt Stack's web site
22 hours 56 min ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?