Wednesday, July 28, 2010

Setup Home Server on CentOS Tutorial

This is my first tutorial, which i use English. I use resource from: http://www.server-world.info/en/ and my old tut. It is easy to complete it. You can publish your server by using Port-Forwarding. If Using it, you should Port forwarding many port: 80, 20,21,25,443,110.

Step 1: Install OS: CentOS

Step 2:
    a. Config Static IP: 192.168.1.10 + Default gateway + DNS server
        ping yahoo.com ok!
    b. Synchonoirous Time:
        yum install -y ntp*
        ntpdate time.nist.gov
    c. Disable FireWall + SeLinux
    d. Config hostname
        [vim /etc/sysconfig/network]
        NETWORKING=yes
        NETWORKING_IPV6=no
        HOSTNAME=server.hbn.local
        GATEWAY=192.168.1.1
        [vim /etc/hosts]
        192.168.1.10    server.hbn.local server
        127.0.0.1       localhost.localdomain localhost
        ::1             localhost6.localdomain6 localhost6
Step 3: Install DNS-Bind
    a. yum -y install bind caching-nameserver
    b. Test
        [vim /etc/named.conf]
        options {
            directory "/var/named";
            forwarders {203.162.0.181; 203.162.0.11; 210.245.0.11; 210.245.0.58; 208.67.222.222; 208.67.220.220; 8.8.8.8; 8.8.4.4;};
        };
        zone "localdomain" IN {
            type master;
            file "localdomain.zone";
        };

        zone "localhost" IN {
            type master;
        file "localhost.zone";
        };

        zone "0.0.127.in-addr.arpa" IN {
            type master;
            file "named.local";
        };

        zone "255.in-addr.arpa" IN {
            type master;
            file "named.broadcast";
        };

        zone "0.in-addr.arpa" IN {
            type master;
            file "named.zero";
        };
        [vim /etc/resolv.conf] #Edit DNS server
        nameserver 192.168.1.10
        nameserver 192.168.1.1
        [/etc/init.d/named start] #Test
        Starting named: [  OK  ]
    c. Config:
        [vim /var/named/192.168.1.0.db]
        $TTL    86400
        @       IN      SOA     hbn.local. root.hbn.local.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
                IN      NS      ns1.hbn.local.
        10       IN      PTR     dns.hbn.local.
        [vim /var/named/hbn.local.db]  
        $TTL 14400
        @       IN      SOA     root.hbn.local.      hostmaster.hbn.local. (
                                                2009102800
                                                14400
                                                3600
                                                1209600
                                                86400 )

               IN      NS      hbn.local.
               IN      NS      hbn.local.

        ftp        IN      A       192.168.1.10
        hbn.local.       IN      A       192.168.1.10
        localhost          IN      A       127.0.0.1
        mail       IN      A       192.168.1.10
        pop        IN      A       192.168.1.10
        smtp       IN      A       192.168.1.10
        www        IN      A       192.168.1.10
        hbn.local.      IN      MX      10 mail

        hbn.local.    14400   IN      TXT     "v=spf1 a mx ip4:192.168.1.10 ~all"
        [vim /etc/named.conf] #Add below      
        zone "1.168.192.in-addr.arpa" IN {
                    type master;
                    file "192.168.1.0.db";
        };

        zone "hbn.local" {
                    type master;
                    file "hbn.local.db";
        };


        nslookup hbn.local #Test
        chkconfig named on
Step 4: Apache with PHP, SSL
        a. Install
        yum -y install httpd php php-mbstring php-pear mod_ssl php-gd
        service httpd start
        chkconfig httpd on

        b. Config
        [vim /etc/httpd/conf/httpd.conf]
        ServerTokens    Prod             // line 44: change

        KeepAlive    On            // line 74: change to ON

        ServerAdmin    root@hbn.local        // line 250: Admin's address

        ServerName    www.hbn.local:80        // line 264: server's name

        Options        FollowSymLinks         // line 319: change (disable Indexes)
  
        AllowOverride    All            // line 326: change
  
        #UserDir disable                // line 354: make it comment

        UserDir public_html            // line 361: make valid

        // line 369 - 380 : remove # and make valid
       
                AllowOverride    All        // change
            Options        None
           
                         Order allow,deny
                         Allow from all
                

               
                         Order deny,allow
                         Deny from all
               

       

        // line 390: add file name that it can access only with directory's name
        DirectoryIndex index.html index.php

        ServerSignature        Off        // line 523: change
        ##########################################################
        cd /var/www/html
        echo "Test hbn.local" > index.html
        echo "" > index.php
       
        c. SSL
        cd /etc/pki/tls/certs
        make server.key
        openssl rsa -in server.key -out server.key
        make server.csr
        openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
        chmod 400 server.*
        [vim /etc/httpd/conf.d/ssl.conf]
        DocumentRoot        "/var/www/html"        // line 84: make valid

         ServerName        www.hbn.local:443        // line 85: make valid and change

         SSLCertificateFile        /etc/pki/tls/certs/server.crt    // line 112: change

         SSLCertificateKeyFile    /etc/pki/tls/certs/server.key    // line 119: change

        service httpd restart
        https://192.168.1.10
        d. Virtual Hosting
        Reg one account in no-ip.org. My domain: http://namhb.no-ip.org/
        Use client to update your ip.
        Edit DNS: Create like hbn.local.
        [/etc/named.conf] Add bellow
        zone "namhb.no-ip.org" IN {
            type master;
            file "namhb.no-ip.org.hb";
            };
        [/var/named/namhb.no-ip.org.hb]
        $TTL 14400
        @       IN      SOA     root.namhb.no-ip.org.      hostmaster.namhb.no-ip.org. (
                                                2009102800
                                                14400
                                                3600
                                                1209600
                                                86400 )

               IN      NS      namhb.no-ip.org.
               IN      NS      namhb.no-ip.org.

        ftp        IN      A       192.168.1.10
        namhb.no-ip.org.       IN      A       192.168.1.10
        localhost          IN      A       127.0.0.1
        mail       IN      A       192.168.1.10
        pop        IN      A       192.168.1.10
        smtp       IN      A       192.168.1.10
        www        IN      A       192.168.1.10
        namhb.no-ip.org.      IN      MX      10 mail

        namhb.no-ip.org.    14400   IN      TXT     "v=spf1 a mx ip4:192.168.1.10 ~all"
        Add user:
            useradd hbn
            mkdir /home/hbn/public_html
        [/etc/httpd/conf.d/httpd.conf]
            NameVirtualHost *:80    // line 971: make valid
                    // bottom: add these lines
                DocumentRoot /var/www/html
                   ServerName www.hbn.local
                   ErrorLog logs/hbn.local-error_log
                   CustomLog logs/hbn.local-access_log common
           

           
                   DocumentRoot /home/hbn/public_html
                SuexecUserGroup hbn hbn
                   ServerName namhb.no-ip.org
                   ErrorLog logs/namhb.no-ip.org-error_log
                   CustomLog logs/namhb.no-ip.org-access_log common
           
            Similar like https 443
        [/etc/httpd/conf.d/ssl.conf]
            NameVirtualHost *:443
                // line 81: change
            SuexecUserGroup hbn hbn
            // add in the bottom of the file: configuration for namhb.no-ip.org for SSL
           
                DocumentRoot "/home/cent/public_html"
                ServerName namhb.no-ip.org:443
                ErrorLog logs/namhb.no-ip.org_ssl_error_log
                TransferLog logs/namhb.no-ip.org_ssl_access_log
                LogLevel warn
                SSLEngine on
                SSLProtocol all -SSLv2
                SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
                SSLCertificateFile /etc/pki/tls/certs/server.crt
                SSLCertificateKeyFile /etc/pki/tls/certs/server.key
           
                   SSLOptions +StdEnvVars
           

            SetEnvIf User-Agent ".*MSIE.*" \
               nokeepalive ssl-unclean-shutdown \
               downgrade-1.0 force-response-1.0
            CustomLog logs/ssl_request_log \
                   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
           
        e. Finish: /etc/rc.d/init.d/httpd restart
Step 5: FTP Server:
    a. Install vsftpd:
        yum -y install vsftpd
    b. Config
        [/etc/vsftpd/vsftpd.conf]
        anonymous_enable=NO        // line 12: no anonymous
        ascii_upload_enable=YES        // line 79: make valid
        ascii_download_enable=YES    //(permit ascii mode transfer)
        chroot_list_enable=YES        // line 94: make valid
        chroot_list_file=/etc/vsftpd/chroot_list  // line 96: make valid
        ls_recurse_enable=YES        // line 102: make valid
        chroot_local_user=YES        // bottom: enable chroot
        local_root=public_html        // root directory
        use_localtime=YES        // use local time
        [/etc/vsftpd/chroot_list]
        //Add user you permit. User hbn
        hbn
    e. Finish:
        /etc/rc.d/init.d/vsftpd start
        chkconfig vsftpd on
Step 6: Install Mail.
    a. Install:
        yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
    b. Config:
        postconf -e 'smtpd_sasl_local_domain ='
        postconf -e 'smtpd_sasl_auth_enable = yes'
        postconf -e 'smtpd_sasl_security_options = noanonymous'
        postconf -e 'broken_sasl_auth_clients = yes'
        postconf -e 'smtpd_sasl_authenticated_header = yes'
        postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
        postconf -e 'inet_interfaces = all'
        postconf -e 'mynetworks = 127.0.0.0/8'
        [/usr/lib/sasl2/smtpd.conf]
            pwcheck_method: saslauthd
                      mech_list: plain login
        Generation keys:
        mkdir /etc/postfix/ssl
        cd /etc/postfix/ssl/
        openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
        chmod 600 smtpd.key
        openssl req -new -key smtpd.key -out smtpd.csr
        openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
        openssl rsa -in smtpd.key -out smtpd.key.unencrypted
        mv -f smtpd.key.unencrypted smtpd.key
        openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
        Then:
        postconf -e 'smtpd_tls_auth_only = no'
        postconf -e 'smtp_use_tls = yes'
        postconf -e 'smtpd_use_tls = yes'
        postconf -e 'smtp_tls_note_starttls_offer = yes'
        postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
        postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
        postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
        postconf -e 'smtpd_tls_loglevel = 1'
        postconf -e 'smtpd_tls_received_header = yes'
        postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
        postconf -e 'tls_random_source = dev:/dev/urandom'
       
        postconf -e 'myhostname = server.hbn.local'
        [ /etc/dovecot.conf]
        ..
        protocols = imap imaps pop3 pop3s
        ..
        postconf -e 'home_mailbox = Maildir/'
        postconf -e 'mailbox_command ='
        /etc/init.d/postfix restart
       
        chkconfig --levels 235 sendmail off
        chkconfig --levels 235 postfix on
        chkconfig --levels 235 saslauthd on
        chkconfig --levels 235 dovecot on
        /etc/init.d/sendmail stop
        /etc/init.d/postfix start
        /etc/init.d/saslauthd start
        /etc/init.d/dovecot start

    c. Virtual Hosting
        [/etc/postfix/main.cf]
        mydestination = /etc/postfix/local-host-names
        [/etc/postfix/local-host-names]
            localhost
            localhost.localdomain
            server.hbn.local
            hbn.local
            namhb.no-ip.org
        [/etc/postfix/virtualusesrtb]
            hbn@hbn.local        root
            hbn@namhb.no-ip.org    hbn
        postmap /etc/postfix/virtualusesrtb
Finish my tutorial. You should use txt tutorial to view many entry can be changed by bbcode.
Txt tut: http://www.mediafire.com/?e09ve6p703fngdt

------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.  

No comments:

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...