Setting Up Debian as a Postfix Mail Server

This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. This post starts at the point of setting the server up to be able to send emails. If you still need to setup your hypervisor and virtual server or install and configure Debian, check out my post Installing Virtualbox and Debian on Windows 10.

Install Postfix

For the purposes of this post, I have chosen to install Postfix. It is a simple solution that works for what we need; sending emails directly from our server cluster. If you are trying to start an email company, this might not be the right option for you ūüėõ

In order to install PostFix and the associated tools, run the following commands as root in debian;

apt-get -y install postfix
apt-get -y install mailutils

Once installation is complete, you will receive the following prompt;

postfix1

postfix2

In this case, I choose “Internet Site.” You will then be prompted to enter the FQDN for the site.

There are lots of options for configuring Postfix. Check out this tutorial if you want more information about postfix…

First lets edit the config file with the command;

nano /etc/postfix/main.cf

We need to make sure the following lines have the correct values. Make sure to replace yoursite.com with your fqdn.

myorigin=yoursite.com
myhostname=yoursite.com
inet_interfaces = 127.0.0.1

Because we are changing the inet_interfaces, a simple reload of postfix is not enough. We need to stop and start it in order for this change to take effect.

postfix stop
postfix start

Now we need to create a firewall rule to disable any connections to the smtp server not coming from localhost with the following command. Be careful as messing this up could be difficult to fix. What it does is create a rule to block any incoming connections to port 25 from our ethernet connection.

iptables -A INPUT -i eth0 -j REJECT -p tcp --dport 25

Now setup your webmaster address. Type the following command and you will see a list of aliases set to root. At the end, you will see root and your username. Change your username to the email you want these emails to be forwarded to, then save.

nano /etc/aliases

Type this command to save the changes to aliases.

newaliases

Type the following two commands to reload the server to let the changes take effect. Normally this step is sufficient for most changes that need to take effect other than inet_interfaces changes.

postfix reload

Now it’s time to test the server…

telnet localhost 25

You should see something like this;

root@mail1:~# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 f2.tech2u.com ESMTP Postfix (Debian/GNU)

Now send a test email! (These commands need to be entered one at a time)

mail from: 
rcpt to: 
data
To: me@myemaildomain.com
From: example@testdomain.tld
Subject: TEST SUBJECT
This is a test email sent by telnet through postfix!
.

You will then get something like “250 2.0.0 Ok: queued as EBECF8B” This means your message has been queued to send and will go out shortly! Type the command ‘quit’ to get out of telnet.

You should receive your email after just a moment!

If configured as specified, your new email server should be very secure and only accessible from localhost.

Setting up Debian as a LAMP Server

This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. This post starts at the point of setting up our LAMP stack on the a new Debian server. If you still need to setup your hypervisor, virtual server and install Debian, then check out my post Installing Virtualbox and Debian on Windows 10.

Setting Up Debian as a LAMP Server

The first step to setting up the server is to log into the machine as root using the password you setup for your root account.

Setup a Static IP

Use the text editor nano to edit the network configuration file by typing the following command;

nano /etc/network/interfaces

You will find something like this;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

Comment out the old settings for the primary network interfaces and add the new lines shown below. You will need to select an IP and use the correct gateway for your network;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto eth0
iface eth0 inet static
	address 8.0.0.11
	netmask 255.255.255.0
	gateway 8.0.0.1

Hold down control+x and then press enter to save your changes. Type the command “reboot” into the console to restart the server and apply the changes.

Enable SSH

Type the following command to get to the config file for SSHD, the service which allows you to remote into the terminal and access

nano /etc/ssh/sshd_config

Find the line that says PermitRootLogin with-password and change it to;

PermitRootLogin yes

Save your changes.
 
Enabling root remotely is potentially a security concern as someone could brute-force the password and have root access. So we need to install fail2ban to prevent this. If too many failed attempts are made, the remote user will be banned from attempting to log into the server.

apt-get -y install fail2ban

This is a good time to reboot; then you can use putty to connect securely to the server! At this point, I switch to putty instead of using the virtual machine, as it is much easier to do the rest of this process with the ability to copy and paste commands. This is not possible when using the console directly, outside of putty. Putty is free software available through ninite or from putty’s website.

Set APT To Online-Only

We need to set the package manager to use the online-repositories only, so it won’t be constantly asking us to insert the CD.

Type out

nano /etc/apt/sources.list

Find the line that starts with “deb cdrom”… Add a “#” at the beginning to comment it out, and then Ctrl+X to save! Simple as that.

Install Apache2 With SSL

If you do not want to buy an SSL certificate, you can create your own, but it will prompt visitors that your certificate is invalid every 24 hours when they look at your page. Depending on what you are doing, either option might be appropriate, but in the spirit of doing this for free, I am demonstrating the free self-signed certificate process option.

Logged in as root, run the command;

apt-get -y update && apt-get -y upgrade

This will update all your installed packages and get you ready to run this command to install Apache2;

apt-get -y install apache2

Now enable SSL by executing the following series of commands;

a2enmod ssl
a2enmod rewrite
apt-get -y install mysql-server
a2ensite default-ssl
service apache2 reload
mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

SSL will ask you several questions as shown below. The most important one is the FQDN which should be the domain name if you are using one or else the hostname or ip if you are not using a public domain.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Sacramento
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CJTrowbridge
Organizational Unit Name (eg, section) []:Projects
Common Name (e.g. server FQDN or YOUR name) []:projects.cjtrowbridge.com               
Email Address []:cj@cjtrowbridge.com

Now run this command to set the correct permissions for your new self-signed certificate;

chmod 600 /etc/apache2/ssl/*

Now you need to edit the configuration file for both SSL and non-SSL connections in Apache by running the following commands;

You will need to pick a document root. The typical default is /var/www/html but i prefer /var/www for simplicity’s sake. Just make sure it matches in both of the following files…

Most likely this will already be basically setup correctly. You will need to set the correct paths to the certificate files you created above, change ‘example.com’ to your FQDN, set the correct email address, and make sure these other lines are written somewhere in the file and not commented out with a hashtag before them.

nano /etc/apache2/sites-enabled/default-ssl.conf
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName example.com:443
        DocumentRoot /var/www

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    </VirtualHost>
</IfModule>
nano /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName example.com:443
        DocumentRoot /var/www
</VirtualHost>

Run the following command to restart apache now that these changes have been saved;

service apache2 reload

Test the SSL by typing in your hostname or ip to a browser like ‘https://8.0.0.11’ You should see a warning about an invalid certificate. Select the option to proceed anyway, or in chrome type out the word ‘danger’ and it will bypass this screen for 24 hours. These warnings can be very obnoxious, and it is a tempting buy at around $50/year for a valid SSL certificate, but the 24 hour setting can also be changed in chrome in order to avoid paying for a certificate while also avoiding the warnings. :]

Install MySQL

For the purposes of this project, I will creating a separate, dedicated MySQL server. BUT, installing MySQL on this server fulfills some dependencies for PHP and Apache that can cause issues with connecting to databases, so we install it anyway by running the following command;

apt-get -y install mysql-server

You will be prompted to create a root MySQL password. Make it a strong one! After installation is done, execute the following command to run the secure installation. It will give you lots of suggestions for securing your installation.

mysql_secure_installation

Install PHP

Now we install PHP, the real heart and soul behind the web applications we will be building on this server. Type the following commands;

apt-get -y install php5 php-pear php5-mysql

Install mcrypt to enable php to use cryptography.

apt-get install php5-mcrypt
php5enmod mcrypt

cURL is required by things like wordpress, and generally good to have, so let’s install that too;

apt-get install php5-curl

Finally restart apache to let all the changes take effect;

service apache2 restart

Test Your Server!

Let’s create a phpinfo file. Run the following command;

nano /var/www/info.php

Note that depending on the path you used in setting up your SSL configuration file, the file might need to be in /var/www/html instead of /var/www/

Put the following code into the file and save it.

<?php phpinfo(); ?>

The moment of truth…

Now navigate to https://hostname/info.php

If it works, you will get a certificate error and then a page like this telling you all about your php server ūüėÄ

phpinfo

Now you’re ready to move on to Setting Up Debian as a Postfix Mail Server

Installing Virtualbox and Debian on Windows 10

This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. This post starts at the very beginning of setting up the servers. It assumes you are familiar with the game plan from the previous post mentioned above. Once we are done with this post, we will be ready to move on to Setting up a Debian LAMP Server!

We will start by setting up our hypervisor. I have chosen to use the free hypervisor Virtualbox which will host the virtual servers we setup. The first step is to download the installer from Oracle’s Virtualbox website.
https://www.virtualbox.org/wiki/Downloads

Next we install Virtualbox. I am using a Windows 10 host. This machine has an i7 processor with lots of RAM and an SSD so it should be more than capable of handling the workload we will be giving it today and in the foreseeable future. In my case, I said yes to every prompt during installation and used all the default settings while setting up Virtualbox.

virtualbox_install_done

Now that Virtualbox is installed, we need to download the installation media for the operating system we will be using. I like Debian Linux because it is fast, stable and widely supported; so I will be setting these servers up with Debian 8, the latest version at the moment.

Since we are running an i7 CPU and Windows 10 on the host machine, I could use the 64 bit version of Debian Linux as long as the host computer’s motherboard and chipset support the necessary virtualization features required by Virtualbox, but I have found that the 32 bit version is usually more stable with Virtualbox, less difficult to setup and use, and easier to find software for.

Grab the free installation ISO file from the Debian website here; (Hint: Only the first ISO is necessary, though there are lots of other ones listed. These contain optional features which we will not need. Debian will automatically get any files we need directly from their servers after we setup the base operating system, a process which requires only the first disc!)
http://cdimage.debian.org/debian-cd/8.2.0/i386/iso-cd/

While that is downloading, let’s setup our first Virtual Machine. Start by clicking “New” once Virtualbox opens up.

virtualbox_new

For 32 bit Debian Linux, it is pretty self-explanatory; we will be using the following settings to create our virtual servers;

virtualbox_2_settings

During the next few steps, the only thing I changed from the Default option was to increase the amount of RAM allocated to the server. Web applications running lots of threads can be hungry for resources! I decided to go with 2gb instead of the default 768mb. Then click next on all the prompts until you are back at the main screen and your first virtual server is waiting for you.

Now we need to change the way that Virtualbox’s networking operates by default. With your machine highlighted, click settings and then networking. Change the “Attached to” field from “NAT” to “Bridged.” This will make your server accessible to other computers within the local network.

virtualbox_3_settings

Now we need to put our Debian ISO into the virtual CD drive. Click on “Storage” on the left menu and then select the CD drive listed under “Controller: IDE.” Next click the CD icon to the far right of the menu. This will drop down a menu where we select “Choose Virtual Optical Disc File…” Now we navigate to the Debian ISO we downloaded. Click ok and the virtual disc is now in your virtual server!

Installing Debian

Ok! So here we are booting into the Debian installation disc for the first time;

debian_install_1

Most of this is pretty self-explanatory. Choose a language, timezone, keyboard layout, etc… It goes just like any OS install. I used the hostname lamp1 as part of my larger plan and roadmap for the project. I am forwarding a subdomain from my website to the server cluster, so I used that domain (projects.cjtrowbridge.com) but this step can be skipped if you do not intend to setup a publicly accessible server. And this can easily be changed later.

Next setup your root password. This is the main administrative password for the “root” user account. Choose a strong password because this account has access to everything!

Then comes your user account. This is the account you will use to log into the machine whenever you may need to.

Timezone is critical to many important technologies as well as to web application frameworks working correctly. You’d be surprised how many times mistakes here will create issues.

Now comes partitioning. I recommend using the recommended setting of “Guided – Use Entire Disc” and then selecting just one single partition. Then it will ask you if you are sure. The default option is no, but go ahead and choose yes.

The installer will ask if you want to scan another disc. Select No, it is unnecessary. Then select Yes to using a network mirror and go with the default options. It will download any necessary files which may take a few minutes.

Here is the tricky part. It asks what you want the installer to setup for you. I recommend selecting ONLY “SSH Server” and “Standard System Utilities” from this menu.

debian_install_2

Lastly, it will ask you about the boot loader. You want to install the GRUB boot-loader just like normal. Then it will ask where, there will only be two options. /dev/sda or else enter a location manually. Choose the /dev/sda option and click continue!

Your shiny new Debian install should reboot and be ready to move on to setting it up as a server!

Now we are ready to move on to Setting up a Debian LAMP Server!

Building a Cloud For Free

This post explains how I am building my own cloud at home.

One of my biggest goals is to do this for free, or for as close to free as possible.

What will it do?

  • Serve as a complete virtualized development environment for custom dynamic web applications
  • Multimedia server including secure torrent downloader
  • Use lots of different kinds of technology to make the learning experience as broad as possible
  • Scale to incorporate more¬†physical machines in the future and more apps as I develop them

9465333342_7dfc53074d_b_fullwidth

 
Lets get started…
 

Getting On The Web

I connected this system to a .com domain using Asus’ free DDNS service which is included with my free Asus AC68U router. I set up a new DNS A-Record on a free subdomain of my website which forwards traffic to my new cloud via DDNS.

Building The First Server

The first step was to setup a clean install of Debian Linux on a virtual server. This process is covered in detail in another post here.

After VirtualBox was setup and Debian was installed, I configured it as the first LAMP server in my cloud. When I taught myself to do this, the learning process was very confusing and complicated. I have done my best to explain all the details and the steps that other tutorials have left out in my post Setting up Debian as a LAMP Server

Once the LAMP is setup, it needs to be able to send emails. Click here to see how I got Postfix setup to handle outbound mail for this first server.

Going Forward

Next, it’s time to build a dedicated database server.

Once the database server is setup, it is time to build the nginx server which will eventually manage load-balancing and enable the system to scale up in the future and handle a larger number of simultaneous requests.

The NAS will securely serve files over the web as well as receiving real-time backups from the erst of the cloud as well as all my personal devices. The server also has functions built in to allow file management from the web and even starting downloads remotely.

Arduino will let me incorporate some home automation features as well as monitoring power usage by my cloud.

I will be continuously developing this system and adding features all the time, so check back and make sure to leave feedback!