Weblogs for alfadir

XML Logo

#1
How do one build a proper Internet server ?
Posted by alfadir on Tue 21 Feb 2006 at 13:32
Tags: none.

So I am growing up. I want to be a full Internet grownup. Running an Internet server. A proper citizen in the Internet society, doing everything according to best practices and standards. And I would like to do it with deb packages.

Also I think there are more people like me. That is why I think it would be cool to write some kind of article series or a proper guide how to bring a modern Debian box to the Internet in the best way. There are a lot of information online, but sometimes old or for other distributions. If someone knows a good guide I'd love to hear it. (of course Debian Administration has a lot of good material already)

Why not some kind of Wiki sandbox somewhere, and then when the guide is done, it could added to the site.

I have been using Debian since 1998, and I feel I know my way around Debian. Before Christmas I reserved 3 domainnames via a service that does not offer webhosting. I wanted it this way since I would like to take the next step, from running small servers at home to a real internet server.

I have arranged for a fast internet link, 10 Mbit (fiber to the ISP, not sure about the exact bandwidth to the Internet) with my own computer attached to it. It runs Debian and I have full control over it. Currently it runs Debian stable. I only have one IP.

I have spent some time reading up on DNS and email and other things that Internet grownups needs. Still it is a bit of dark magic, and I want to have a properly configured thing.

I want to use this server for all the things that one can need to have accessible over the Internet. That to the highest possible security and encryption. I do not wear a tinfoil hat but I think privacy is important. I want to be able to differentiate what the general public and my familly sees. Living abroad, this is one way to share photoes or other more private thougths.

I would like to ask for tips and hint from all you Debian Administration gurus that already are running this kinds of servers on the Internet.

The services I have in mind so far is :
For the 3 domains

  • WWW - apache2
    • Proper SSL certificate hierachy that works with all three sites. I have only one IP.
    • Should be easy to add subdomains, not only www.example.com but also another.example.com. The SSL certificate should handle that too. The apache rewrite mod might be a solution, I am not sure how proper DNS handling would work. Also running 3 apache sites should be enough. One per domainname.
    • I will run a couple of webapps. Beeing a DocBook fan I am trying to build up something like Norman Walsh site, for interesting in-depth articles. Have a start but needs more work.
    • Some python framework for SQL apps, still looking into which. Hoped that the Python BDFL would give some nice hint in his evaluation, but I am still looking.
    • I know my ways around Apache good enough and I will use Apache2.
  • Email - exim3/exim4/postfix/cyrus ?
    • IMAP
    • Sieve
    • Secure connections (SSL, TSL, SALS, SMTP Auth)
    • Easy to add private users, I would like to be able to add users when registrating for different webforums etc. To sort out spam etc, from where it originates, etc.
    • Email lists - with SSL user protected Archive, if needed, some lists will be open
    • Other things ? (currently I have a private and a work email, both on IMAP, so I am just a user)
    • have no idea which email package is best for this task.
  • LDAP
    • I want to build different type of users. shellaccess, email access, emaillist access, website access (some different levels there too), subversion. Still I want it easy and managable.
    • Secure setup, but currently I am only looking at one machine, and the LDAP does not have to authenticate on different machines. Might be needed in the future, if I go xen or vmware, or get more machines.
    • Secondary LDAP server when needed.
  • DNS
    • Not sure if it helps to run ones own DNS server ? Running on external free DNS services like Xname is still a needed I guess?
    • Treatment of subdomains like www.example.com and another.example.com. No experience.
  • Bastille
    • Generaly hardening the system.
  • Timeserver
    • Configure NTP properly.

For my main domain

  • Subversion
    • WebDAV
    • Have set that up before, just need to make sure it is secure, and look into if LDAP is possible to use in authentication.
  • WebDAV calendar
    • not sure yet, but I do run Sunbird alpha. I'd like to be prepared as the Sunbird becomes better. In a dreamworld I'd like to securely share a private calendar with others, to schedule apointments etc.
  • ssh/scp/rsync+ssh
  • Backup
    • Local back up solution - currently mirrored home (no backup)
    • For all important data (digital photoes, so space is needed)
    • Some ideas but needs work. DVD-R is maybe too weak ?

There are many other questions. Is a pure Debian box the way to go? or Xen or WMware to separate the services better ? Can I script everything so I can rebuild a broken server fast? What goes where ? Webserver in /var/www or in /srv ? since subversion should go to /srv ? Keeping the configurational details in subversion, saving only files that I change ?

What are the best practices to become a real Internet grownup ?

[3 Comments | Add Comment | XML logo ]

 

User Login

Username:

Password:

[ Advanced Login ]

Register Account

Quick Site Search