So I am growing up. I want to be a full Internet grownup. Running an Internet server. A proper citizen in the Internet society, doing everything according to best practices and standards. And I would like to do it with deb packages.

Also I think there are more people like me. That is why I think it would be cool to write some kind of article series or a proper guide how to bring a modern Debian box to the Internet in the best way. There are a lot of information online, but sometimes old or for other distributions. If someone knows a good guide I'd love to hear it. (of course Debian Administration has a lot of good material already)

Why not some kind of Wiki sandbox somewhere, and then when the guide is done, it could added to the site.

I have been using Debian since 1998, and I feel I know my way around Debian. Before Christmas I reserved 3 domainnames via a service that does not offer webhosting. I wanted it this way since I would like to take the next step, from running small servers at home to a real internet server.

I have arranged for a fast internet link, 10 Mbit (fiber to the ISP, not sure about the exact bandwidth to the Internet) with my own computer attached to it. It runs Debian and I have full control over it. Currently it runs Debian stable. I only have one IP.

I have spent some time reading up on DNS and email and other things that Internet grownups needs. Still it is a bit of dark magic, and I want to have a properly configured thing.

I want to use this server for all the things that one can need to have accessible over the Internet. That to the highest possible security and encryption. I do not wear a tinfoil hat but I think privacy is important. I want to be able to differentiate what the general public and my familly sees. Living abroad, this is one way to share photoes or other more private thougths.

I would like to ask for tips and hint from all you Debian Administration gurus that already are running this kinds of servers on the Internet.

The services I have in mind so far is :
For the 3 domains

• WWW - apache2
  • Proper SSL certificate hierachy that works with all three sites. I have only one IP.
  • Should be easy to add subdomains, not only www.example.com but also another.example.com. The SSL certificate should handle that too. The apache rewrite mod might be a solution, I am not sure how proper DNS handling would work. Also running 3 apache sites should be enough. One per domainname.
  • I will run a couple of webapps. Beeing a DocBook fan I am trying to build up something like Norman Walsh site, for interesting in-depth articles. Have a start but needs more work.
  • Some python framework for SQL apps, still looking into which. Hoped that the Python BDFL would give some nice hint in his evaluation, but I am still looking.
  • I know my ways around Apache good enough and I will use Apache2.
• Email - exim3/exim4/postfix/cyrus ?
  • IMAP
  • Sieve
  • Secure connections (SSL, TSL, SALS, SMTP Auth)
  • Easy to add private users, I would like to be able to add users when registrating for different webforums etc. To sort out spam etc, from where it originates, etc.
  • Email lists - with SSL user protected Archive, if needed, some lists will be open
  • Other things ? (currently I have a private and a work email, both on IMAP, so I am just a user)
  • have no idea which email package is best for this task.
• LDAP
  • I want to build different type of users. shellaccess, email access, emaillist access, website access (some different levels there too), subversion. Still I want it easy and managable.
  • Secure setup, but currently I am only looking at one machine, and the LDAP does not have to authenticate on different machines. Might be needed in the future, if I go xen or vmware, or get more machines.
  • Secondary LDAP server when needed.
• DNS
  • Not sure if it helps to run ones own DNS server ? Running on external free DNS services like Xname is still a needed I guess?
  • Treatment of subdomains like www.example.com and another.example.com. No experience.
• Bastille
  • Generaly hardening the system.
• Timeserver
  • Configure NTP properly.

For my main domain

• Subversion
  • WebDAV
  • Have set that up before, just need to make sure it is secure, and look into if LDAP is possible to use in authentication.
• WebDAV calendar
  • not sure yet, but I do run Sunbird alpha. I'd like to be prepared as the Sunbird becomes better. In a dreamworld I'd like to securely share a private calendar with others, to schedule apointments etc.
• ssh/scp/rsync+ssh
  • normal ssh server - secure setup with SSH host key protection
  • passwordless access with keys - secure setup
• Backup
  • Local back up solution - currently mirrored home (no backup)
  • For all important data (digital photoes, so space is needed)
  • Some ideas but needs work. DVD-R is maybe too weak ?

There are many other questions. Is a pure Debian box the way to go? or Xen or WMware to separate the services better ? Can I script everything so I can rebuild a broken server fast? What goes where ? Webserver in /var/www or in /srv ? since subversion should go to /srv ? Keeping the configurational details in subversion, saving only files that I change ?

What are the best practices to become a real Internet grownup ?