Server Stuff

[SgtM]

Yeah my dad is going to see what he can grab for me from work next time he goes in (business trip tonight so I think he said Tuesday). It's on a Mini-ITX mobo though so I only have 2 IDE spots and no SATA. I don't need an optical drive so I should be ok though.

I'm thinking about trying out some music/video streaming. Like, from the server to my computer (free up some space on here). Has anyone done this before? My system isn't the greatest (1GHz Via C3, 512MB RAM) but I should be able to, right?


Edit: Ooo, Torrentflux refreshes itself every 60 seconds. Cool! I have another question though, it's about sub-domains. How exactly does a sub-domain work? For example, say I wanted TorrentFlux to have it's own sub-domain instead of typing the path to it's location? Like, instead of blahblah dot com/torrentflux/blah/blah.php, how could I make it torrentflux dot blah dot com?

Easy one.. once you have your domain set up, make a subdomain for it, i.e. torrentflux.domain.com. Then, within the server, point the sub domain to your torrentflux path. BTW, I haven't used it, but I've heard really good things about ISP Config.

[.Maleficus.]

ISP Config looks cool! I wish I had seen that when I first started this. I'm using WebMin right now, and it works pretty good.

The subdomain stuff is done through Apache, right? I think I figured it out through WebMin, but since I still haven't bought the domain yet (I'm looking at prices right now) I'm not sure if I did it right.

+rep for the link to ISP Config though

[SgtM]

Webmin looks pretty cool. It looks like it should handle the sub domain stuff for you. I'm going to have to check that out after I move and get my network setup. +rep for that.

::EDIT::
I just noticed that webmin will handle a squid proxy server. That's EXACTLY what I need for my network! I'll definitely be checking it out.

[OvRiDe]

I have been using Webmin for years, it is a REALLY handy tool. Since I never have direct access to our Co-Lo its been invaluable for quick tasks. This thread started out talking about security, and having a server that has been compromised I gotta throw my .02 in...

FTP --- Unless you have it configured for virtual users and jailed to a single controlled dir... Dump it. All your usernames and passwords are transmitted in clear text. Which means a basic packet sniffer could easily capture any un/pwd that are being sent to it, if those are actual shell account usernames and passwords-- they are in the box. There are some other ways of handling it, such as Auth TLS or SSL encrypted ftp. I recommend GLFTPd if you choose that route. Since you have SSH up and running, you could do what I do.. SFTP or SCP, its part of OpenSSH so you already have it, and pretty much SSH encrypts all the traffic including usernames and password. I use a client named WinSCP to transfer files to and from my linux server on Windows.

SSH -- Change your default SSH port from 22 to something else. (Just make sure you don't use a port you might need for something else. ) There are thousands of zombied' machines out there scanning on port 22 trying to brute force servers. 3 days after we put the co-lo on line we had literally thousands of hits from hundreds of IP's trying to brute force SSH. Once I changed it, life settled down a bunch.

As for remote administration, make sure you enable SSL for Webmin (HTTPS). The option is under Webmin Configuration > SSL Encryption. Also I came across an AWSOME remote control program called NoMachine;s NX Server. Its SSH encrytped and uses it for authentication as well. It seems very fast and there wasn't any configuation issues when it came to the xorg.conf. I highly recommend it. To install it is a snap. I was thinking about writing a quick article on this before but haven't taken the time.. so here it is in a nutshell for Ubuntu.

1. Install OpenSSH (Looks like your done with that part )
2. Goto http://www.nomachine.com/download.php under NX Free Edition for Linux download the client, node, and server.
3. Install the packages in this order
-A Client
-B NxNode
-C Server
4. Download and install the Windows Client (Free) from the download page
5. Bring up the client and connect using your credentials and ENJOY!

Hope this helps and great job!!

EDIT: Looks like they have put the instructions right on the download page now so its even easier now..

[SgtM]

Nice write up OvRiDe! +rep

[.Maleficus.]

Holy crap. Major +rep Ovride.

1. I'll look into encrypted FTP. I did the SSL thing you said, will that do it, or do I have more to do for that? I went through the options in ProFTPD and I couldn't find anything about SSL or encryption.

2. I'll change the port Just have to find one that I'm not using... Any suggestions? I tried changing it to 44 (random number, just to see what worked) and enabled port forwarding for it in my router settings but now I get "Connection failed" when I try to connect with SSH.

3. Did the SSL thing . I'll try out that program, thanks for the suggestion! Question, will that make me not need to have VNC? Is it like it's own program or something? Because no matter what I do, every time I start X11VNC it gives me a damn error about not running it with a password... even though it saved my password in the password file...

Thanks again man!


Edit: Never mind about the port thing, I guess I'm just really dumb and I didn't hit "Apply Changes". Works now. Since I have that working, I'm going to install that NoMachine program.

[OvRiDe]

1. I'll look into encrypted FTP. I did the SSL thing you said, will that do it, or do I have more to do for that? I went through the options in ProFTPD and I couldn't find anything about SSL or encryption.

I don't think that ProFTPD supports SSL encryption. I use a package called GLFTPd. It allows you to create virtual users, so that you don't have to add shell accounts to allow users to connect to your FTP. I believe that ProFTPd will let you do that as well. It also uses TLS (SSL) to encrypt the username and password as well as the data that is being transferred. The downside is I don't think there is a debian package for the install, so you will need to actually compile it. Its not that hard and should be a good learning experience if you decide to go that route. The other thing about using an encrypted FTP you will need to use a client that supports the encryption. I know that Filezilla, FlashFXP, RushFTP, and WSFTP all support, unfortunately the normal windows ftp does not. Oh, and if you do go the encrypted route make sure that you reject all non-SSL attempts, so that you force all users to use SSL and keep them passwords safe.

2. I'll change the port Just have to find one that I'm not using... Any suggestions? I tried changing it to 44 (random number, just to see what worked) and enabled port forwarding for it in my router settings but now I get "Connection failed" when I try to connect with SSH.

44 is an excellent choice. That will definitely hold those bots at bay. The port you use is not important, just that its not used by any other standard service and of course its one you can remember

3. Did the SSL thing .

Good deal, just make sure you always connect using https:// or better there is a setting under the SSL Encryption in Webmin "Redirect non-SSL requests to SSL mode?" set it to Yes and it will always redirect it to the https://

I'll try out that program, thanks for the suggestion! Question, will that make me not need to have VNC? Is it like it's own program or something? Because no matter what I do, every time I start X11VNC it gives me a damn error about not running it with a password... even though it saved my password in the password file...

I had that EXACT problem, until I started using NX. VNC is a breeze to set up on Windows, but for some reason there are always little issues with it on Linux. The NX program made it so much easier, and gave me a bunch more options for Window Manager, etc. There is alot it can do that I haven't even touched yet. I really think you will like it.

Edit: Never mind about the port thing, I guess I'm just really dumb and I didn't hit "Apply Changes". Works now.

If I had a nickel for every time that something like that has happened to me!!

Looks like your off to a GREAT start, and I hope everything works out like you plan. I know it can be frustrating at times, but there is a great satisfaction when it all comes together. If you run into problems you know we are here for ya!

Oh yah.. ISPConfig -- I didn't care for it, mainly because it didn't suit my needs when we set up our hosting box, and I am used to doing everything from the config files. But that said, it may be perfect for you. There is a pretty good HowTo on HowTo Forge for setting it up. http://www.howtoforge.com/perfect_setup_ubuntu704
Its a pretty good read even if you are already setup.

[r0adawg]

for ports, you can choose anything upto 65535 and be good..

http://tinyurl.com/863p9

good info...

also you can check /etc/services (I'm hoping that is the file on Ubuntu... have not played with it as of yet) for a listing of what ports are standard... if you don't what that service running, the put a # in front of the line and save the file... (make a backup tho, just in case)

[Airbozo]

Also for easy connection to the box, just run a serial cable from another system if you need access to the console and fire up Tera Term Pro.

[OvRiDe]

Also for easy connection to the box, just run a serial cable from another system if you need access to the console and fire up Tera Term Pro.

The ultimate secure connection!!

Opps I didn't really answer one of the questions.

Question, will that make me not need to have VNC?

That would be a resounding YES!!! You can leave VNC installed since they don't conflict, but you shouldn't ever need it again.