This is the first in a series of articles that will step through setting up a Linux Virtual Server hosted by Rackspace, and configuring that server to be a Hyper File C/S sever to be use with SCM (Source Code Manager), PostgreSQL Server, Apache, and Webdev WAS (Web Application Server)

The purpose of this article isn’t to endorse Rackspace, although I can do so without reservation. With a few changes I am sure you could duplicate all of this configuration on Amazon or any of the other host out there. I just happen to use and prefer Rackspace.

Obviously you will need an account with Rackspace. I will assume that you have completed that step and have made it to the Cloud Control Panel. Below is a screen shot of my control panel with my already existing server shown.

Creating the Server

You am going to create a completely new server for this purpose, so press the Create Server button. This brings you to a Create Server screen where you provide some basic information to configure the server.

First the Identity and Region of the Server. I am naming this Server “WebDev” (you’ll find I am creative that way) and placing it in the Dallas Region (which is where my other server is located)

Next is the image, which is cloud speak for what operating system. I am using Centos 6.3, which is an open source version of Linux, very similar to Red Hat, which is the most likely flavor you will find in a corporate server room. Notice the Saved Tab, this allows you to duplicate a server quickly, by taking a snap shot of your existing server and creating a new server with all the same settings and software setup.

Next is the Size of the server. Unless I have a specific need, I always start with the smallest size and then adjust up as needed. Cloud servers are billed based on their size, hours of use, and bandwidth. So the larger your server the larger your bill. It is a simple change of a setting in the control panel to increase the size of your server later, so it just makes sense to start small and increase the size as needed to achieve the level of performance and number of users you require.

That’s all the settings needed to get started, at the bottom of the screen you will see a create server button, press that to create the server and a screen will popup with the Root Admin Password assigned to your server. Be Sure to copy that somewhere as you will need it to initially log into the server (Don’t worry I’ve already changed it for this my server!)

Once you have copied the password, press the Dismiss Password button and you will see a Server Status screen, the status will update as the Magic Cloud Elf builds and configures your server. Don’t worry he is really fast and it will probably only take him a couple of minutes. Included on this screen is the IP address assigned to your new server as well as a few links to Rackspace Knowlege Center Articles (which are very good) and some links for performing task on the sever.

Once the server status turns green and says Active, congratulations you are now the proud owner of a brand new cloud server. The first step you should take is to reset the password of the Root Admin account for the server, so press the action button and you will see a drop down with several options including “change password”. Click that and follow the instructions.

The server is now up and running but it not terribly useful. So the next step is to add the Apache web server to it. Click the Actions button and click Connect Via Terminal. This will open up a terminal window on the server.

The login is “root” and the password is the password that you set in the step above, remember your login and password are case sensitive. You should now be at a terminal command window ready to accept commands.

Setting up Apache

Most Linux distributions use pre-built programs called packages to install software. A package manager is used to search online software repositories and install the desired packages. Red Hat and Centos use YUM (Yellowdog Updater Modified)  to manage packages. Installing Apache is as simple as executing the following command

yum install httpd

This will search the repositories for Apache and install it, you may have to answer a few yes/no questions as it finds other dependencies that need to be installed. When completely installed you will be returned to the terminal command line.

Apache is now installed, but you need to configure it to automatically start when ever the server is booted with the following statement.

chkconfig --levels 235 httpd on

And to start the service for the first time without rebooting the server use the following command.

service httpd start

By default Centos 6 installs a firewall with most ports blocked. For right now shut it off entirely with the following command. You will configure the firewall later in the process.

servive iptables stop

At this point you can test the Apache installation by opening a browser and viewing the IP address assigned to the server, which should display an Apache test page.

 

Setting up the Firewall

Centos 6 comes with a firewall (iptables) configured by default. You disabled the firewall above to test the Apache installation. It’s now a good time to start configuring the firewall to protect the server. Creating a Bash script to setup the firewall rules will allow you to easily modify the rules at a later time. You are going to use VI to create the script (explaining VI commands is outside the scoop of this document there is a tutorial here)

Create a bash script file called myfirewall with the following command

vi /sbin/myfirewall

And place the following statements in it. This blocks all traffic not explicitly allowed. And allows HTTP, FTP (including some ports for passive mode), ICMP, SSH, DNS and NTP. You will be adding others later.

#!/bin/bash

# Flush the current rules
iptables -F

# Allow SSH, do first incase connected via SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

# Now Block everything by default
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Allow Local Host
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow Established and Related connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# HTTP
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT

# FTP including passive connections
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 10090:10100 -j ACCEPT

# ICMP
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT

# DNS
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT

# Time Server
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

# Save the rules
service iptables save

Be sure everything is typed correct and remember that everything is case sensitive. Next mark the script as being executable with the following command.

chmod +x /sbin/myfirewall

And run the script to start the firewall with the following command

/sbin/myfirewall

Setting up the FTP service

Next setup the FTP service. I am using VSFTP which is one of the most common used on Centos.

yum install vsftpd

Then update the configuration file

vi /etc/vsftpd/vsftpd.conf

The following two lines should already exist but either need the comment removed or their value changed

anonymous_enable=NO
chroot_local_user=YES

Add the next three lines to the end of the file. Some FTP client clients, most notably FileZilla require these lines for passive mode to work correctly, which is why you added these ports to the firewall settings.

pasv_enable=Yes 
pasv_max_port=10100 
pasv_min_port=10090

Next add a user that will be used to upload websites via FTP. You are setting the user’s home directory to the root web document directory and adding them to the Apache group, which is what the web service is running under. The passwd command will prompt you to set the password for the user.

useradd --home /var/www/html -G apache ftpadmin
passwd ftpadmin

And finally set the permissions for the web root document directory.

chmod -R g+w /var/www/html
chmod g+s /var/www/html

Next issue the following command so that the FTP service will automatically restart when the server is rebooted.

chkconfig vsftpd on

And to start the service for the first time issue this command.

service vsftpd start

You should now be able to login via FTP, be in the web root document directory and upload and download files from that directory.

To test that, you can create a simple HTML file named index.html with the following content

<html>
 <h1>Uncle Pete is a cool cat!!!</h1>
 </html>

Upload that via FTP, and now when you open a browser and go to the IP address of the server, you should see the new file instead of the Apache Test page.

DNS Setup

If you use Rackspace to manage your DNS, then you can configure your DNS settings in the same control panel. Below is the control panel displaying my existing domain.

Clicking on the domain will display a detail screen with all the information concerning the domain.

I am going to setup an of additional A record (also known as a Host Record) to point to the new server. “webdev.thenextage.com” by clicking on the Add Record button

Now the web page can be access by it the domain name “http://webdev.thenextage.com” and by FTP at “ftp://webdev.thenextage.com”

Make an Image File

At this point you have a cloud hosted virtual server, with Apache and FTP setup and running, and if you wanted to publish static website you would be done. This is a good time to create an image file. That way you could quickly create additional servers configured identically to this one. It also might come in handy if I really mess something up in the next article!!

From the server action button click on “Create Image” and give it a name.

In the next installment you will be setting up Hyperfile Client/Server and SCM on your new cloud server and then in the final installment you will install the Linux version of the WebDev WAS server and upload and test a couple of sites.

• WEBDEV