• View
• Edit
• History
• Print

Open SUSE small-server 2021-2022

Configuring a small home server in 2021 with openSUSE Leap 15.3 | OpenSUSE small server basics (dec 2021) >

Updated on march 19, 2021 and now from september 24 and following...

Presentation

As of 2021, I rent a much better server, still at kimsufi, but with "Serveur KS-7 - Intel i3-2130 - 8GB DDR3 1333 MHz - 2To SATA".

Installing openSUSE on this server was pretty hard, for kimsufi do not provide anymore he openSUSE template, but I could do the job.

I also notice my FAI ("Free" the french FAI) modem "Delta" is a full NAS with raid capability and able to run VM's, I also build a server there (at little cost).

First step: install the system

Kimsufi

I had to start from the kimsufi rescue mode. And first found where the command was on the interface. It's in "netboot". This "netboot" interface is a very pretty kimsufi option, allowing to boot from a provided kernel in place of the hard drive kernel. Very handy for debugging. Here it was booting an complete rescue system, very similar of the one openSUSE provide on its iso images.

Of course it's not openSUSE, only a small debian jessie abstract, but when things get minimal, there are little differences.

So I have to install openSUSE on a remote server, I have no physical access. The details are given here:

Remote openSUSE installation

This is a script, you can copy / Paste it in any opensuse.sh text file. Me, I opened a new file in the kimsufi rescue system with vi (available in the rescue system) and pasted the script content in there.

I changed the super passwd for something a bit simpler (it's only for the time of install, no reason to be hacked) and run "sh opensuse.sh"

I copy here the code, just in case the web page desappear (script CC0 bmwiedemann 2020], but be warned than this script may be obsolete:

#!/bin/bash
 set -xe
 : ${repo:=https://download.opensuse.org/distribution/openSUSE-stable/repo/oss}
 #: ${repo:=https://download.opensuse.org/tumbleweed/repo/oss}
 : ${arch:=$(uname -m)}
 : ${vncpassword:=supercomplexpassword}
 #: ${append:=vnc=1 vncpassword=$vncpassword}
 : ${append:=ssh=1 sshpassword=$vncpassword}
 #append+=" addon=https://download.opensuse.org/update/openSUSE-stable/"
 #append+=" autoyast=https://www.zq1.de/~bernhard/linux/opensuse/autoyast.leap152.xml"
 pkgs="wget kexec-tools"
 zypper -n install $pkgs ||
   DEBIAN_FRONTEND=noninteractive apt-get -y install $pkgs ||
   dnf install -y $pkgs ||
   pacman --noconfirm -S $pkgs ||
   emerge $pkgs ||
   true
 which wget
 which kexec
 mkdir -p /dev/shm/
 mount -t tmpfs tmpfs /dev/shm
 cd /dev/shm/
 wget $repo/boot/$arch/loader/{linux,initrd}
 kexec -l linux --initrd=initrd --reset-vga --append="install=$repo $append"
 sync ; echo u > /proc/sysrq-trigger ; sync
 kexec -e

Run the script, then CR (Enter key). You then can connect to the server IP with the super passwd, then launch "yast2.ssh" and follow the mostly usual yast2 install, including hard drive partitioning. Only very slow, I foubnd me in swedish and danish befire getting my french language interface.

It's probably special to kimsufi, to reboot in my new install I had to go again to netboot interface and choose "hard drive".

Freebox

Simple: There is an openSUSE template, installing openSUSE JeOS.

Network

I activated the network interface during install, so no work to be done here, it worked.

Of course, as soon as you reboot openSUSE it's the openSUSE passwd that counts, not the super one (you can forget this one).

Base

I choosed "server" in the software choice of install interface, of course. Most essential software is installed by default by this server implementation.

"ssh" in started and opened by default, thankfully :-).

I immediately did two things: upgrade 15.2 to 15.3

Upgrade system, official openSUSE doc

and add Packman repo with Yast, then change any application from system to Packman, but at this stage there are none. I need packman, because I have to use multimedia packages.

Connecting with rsa key

Getting a ssh key

If not already done, generate a local (your workstation) ssh rsa key (here size 4096). Do *not* type any pass phrase:

 ssh-keygen -t rsa -b 4096

This gives you a private key, not to be disclosed to anyone, and a public key that can be copied to anybody, exactly bit for bit, mine looks like this:

cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB[long binary chain]pBLDylFAOZ jdd@linux-tivq

Copy all from "ssh" to "vq" - the readable part is probably not relevant.

From install interface

Many server interface allows inserting an ssh key directly from the install script, so the access is immediate after install.

However, having a remote running system without root access can make it very difficult to debug some boot problem, when the system asks for root password to go further... I advice to set a root password, as long and complex you think it possible (but then you have to write it down in some safe place).

After the install

Copy the key to the server, to any account to witch you want to connect easily:

 ssh-copy-id jdd@dodinXXX.nf

After that you shouldn't have to key in password anymore. Very handy for cron jobs.

It could be useful to copy the same key to the server using it's IP in place of the domain name, just in case the domain name -or the DBS - could be unavailable.

Backing up the server

• Complete backup of a server

Automatic updates

You should have a YaST module to manage automatic security updates. If you don't have, you didn't install the relevant module. Do and configure the update. The module name (15.3) is "yast2-online-update-configuration".

I fully trust the openSUSE update system, so I also accept automatic update of recommended software. Nowadays, exploits are to fast to be used to miss an update.

Firewall

I was pretty used with SuseFirewall2, but not at all with the new firewalld, I trust Yast2 config. the defaults from server install seems ok, I don't change them (my machine is alone in it's network).

Services

• Postfix configure (2021 edition)

AND OF 2021 dec 11 UPDATE

• Installing Apache2 (2022)

Tested in 2014

Base

• OpenSUSE small server basics (dec 2021)
• User creation/move/data move
• Hostname
• CommunicatingWithTheServer
• Installing ntp (time setup)

services

• InstallingApache
• Dovecot configure
• Configure Squirrel webmail
• Installer et déplacer Wordpress
• Install and use Spamassassin and amavis

Tips

• Public/private key authentification with ssh
• Complete backup of a server
• Upgrade openSUSE

Tested earlier

Unusefull for my 2014 config

• Partition and large disk
• VirtualBoxHost
• VirtualBoxGuest
• Kimsufi-kernel-and-boot-setup-3 (old pages Kimsufi-kernel-and-boot-setup-2)
• OpenSUSE-small-server_basics-3 (old pages OpenSUSE-small-server_basics-2 OpenSUSE-small-server_basics)
• User creation/move/data move (Sept 2013)
• Communicating-with-the-server-3 (old page Communicating-with-the-server-2 Communicating-with-the-server)
• Installing-ntp-2 (old page Installing-ntp)
• MySQL (old page MySQL)
• Installing-Apache
• Installing-ftp (no change)
• Remote-access-VNC
• Remote-access-NX
• Postfix-configure-2 (old page Postfix-configure) (in french)
• Dovecot-configure-2 (old page Dovecot-configure)
• Configure Squirrel webmail (June 2011) (old page Configure Squirrel webmail)
• Install Piwigo
• Archiver les mails de façon consultable
• Afficher les logs du serveur
• Reinstaller un serveur Kimsufi
• install php scripts
• BackupFtpOvh
• Complete backup of a server
• EditCron?
• Installation notes for package Mailman (2016)

Old pages

May be of some use?

http://en.opensuse.org/Mail_server_HOWTO
http://www.3111skyline.com/linux/openSuSE-server.php#mail

Configuring a small home server in 2021 with openSUSE Leap 15.3 | OpenSUSE small server basics (dec 2021) >