Slashdot Mirror
Building A Web-And Mail Server With CentOS 4.3
hausmasta writes "This is a detailed description how to set up a CentOS 4.3 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). This tutorial is written for the 64-bit version of CentOS 4.3, but should apply to the 32-bit version with very little modifications as well."
There seem to be "perfect setup" articles about every major Linux distro. I even used one on my own site. However, you need to be aware that these articles are written for ISP Config. In fact, they seem to be almost a viral marketing tool designed to pimp ISP Config.
/var/www. A newbie may also be perplexed as to why he can get to his site on http://url443/ but not on https://url./
Now, there is nothing wrong with that. Just be aware that some things may not work if you do not install ISPC.
For instance, a newbie following along may not notice that he disable the ability for his server to run php in
I've even seen examples that suggested installing compilers and tools to build modules needed by SpamAssasin. Anyone installing a compiler on a production web server should be shot.
In short, unless you go on to install the ISPc, your site will be broken and may be vulnerable to attack.
So, buyer (reader?) beware! You may not be getting what you want.
I'd rather you do it wrong, than for me to have to do it at all.
How long will it be before our buddy in Oklahoma's inbox is flooded with this tip??
Skivvy Niner? Email me!
HEY! Look left just ONE MORE TIME!
Obvious:
CentOS is Red Hat Enterprise, with a
Not so obvious:
They also recompile for additional arches, most notably Alpha (I have a couple of faculty members who don't want to be rid of their Digital machines; this makes a great alternative to paying $1000+/year for a True64 license to HP who hasn't looked at the code for 4.x since they bought it).
Get it here:
http://www.centos.org/modules/tinycontent/index.p
There are a LOT of mirrors, and being on the listserv, I see more and more being added all the time. Including lots of tier 1 mirrors at Universities, if you're on Internet2. There are also lots of local mirrors around the world, so if you're not a USAian, check for one in your locale; you may get better speeds than a general mirror.
Best mirror? http://mirror.cs.vt.edu/ =)
~Will
sig?
SME 7.0 is based on CentOS 4 and is a fairly turn-key installation and it has all these features already built in and it has a web based configuration interface. (http://www.contribs.org)
I see your point after reading TFA regarding ISP Config, it definitely expects you to install it. But I have to wonder, after checking out ISP Config, if this is a bad thing. It's not as if this is a closed-source or commercial product, so I don't think that the article writer is getting any sort of kickback from recommending it or using it in his easy setup article. It's BSD licensed, actually, so (depending on your personal definition of free, etc.) it's less thorny an issue in terms of use than Linux itself in many cases.
I guess I'm just wondering what the arguments are against using ISP Config, and why it wouldn't be a good thing to use on a production server or why people dislike it. If you're new enough that you're using a Perfect Setup article to build a server, installing a GUI utility (which is all ISPConfig is) might not be a bad idea. The only downside to it that I can see immediately is that you end up running a totally separate Apache webserver and PHP setup for it, in addition to the one you're using to actually serve web pages. This seems like it might double your security exposure, if it's not kept up to date and patched/locked-down correctly.
It's kind of like all those "how to build a blog" articles that tell the user to install PHPMyAdmin in step 3, and then have later steps that are only explained using PHPMyAdmin, even though they could easily be done using commandline SQL commands. I think the assumption is that if you know how to use the MySQL utilities directly, then you probably are above the level of the intended audience of the howto in the first place.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
On page 3, the system gets connected to the Internet, at which point he promptly disables the firewall and other important security features that he doesn't understand (that's warning sign #1 right there, the comments about SELinux). Then, on page 6, the system gets re-secured with this ISPConfig software, which may or may not be good.
I hope you're feeling lucky, because I've watched my share of servers get hacked during the period between when the firewall etc. was taken down "just for a minute" and when it was turned back on again. Anyone considering following this unsafe tutorial, do yourself a favor and at least practice this much paranoia: download all the packages recommended, then disconnect your network cable during the period when you have the RedHa...er, CentOS firewall service down. Don't reconnect yourself to the network unless a) you've correctly configured the ISPConfig software, or b) you've turned the firewall back on temporarily because you need to download something else.