OpenSUSE small server basics
On this page... (hide)
I own a hosted server on the kimsufi.com site, part of the ovh.com hosting service (one of the biggest french one). As of 2014 I stopped using virtual machines in favor of a cheaper harware (7200 bogomips, ,1cpu, 2threads, 1Tb disk).
Now, the smaller server is 500Gb, so there is no reason to save disk space. Use 20Gb root partition or even more, that way you can use unlimited mailbox space (usually in /var/spool) or database, without moving them to /home partition.
I know you can use a dynamic system, but having your own domain name is very handy and very cheap. I use http://gandi.net and pay only €12 a year for my dodin.org domain name (I own also the dodin.net one, but this is an other story). I always had fixed IP, including at home, so I don't know much about a server on a variable IP system.
I buy recently yet an other domain name (dodin.org) to makes it easier to make migrations. I can build the new server on a real domain name and only switch when it's ok. ovh.com is very cheap, around €7 only for a domain name (a year!).
The first task is to take a paper and a pencil and write down exactly what you want. Of course, when working, you will understand better your needs and change accordingly, but any change can give painfull results.
As an example, gandi.net allows you to have a full mail server with no administration and unlimited e-mails for as low as €1 (one!) a month and if you want only the myname@mydomain e-mail, better use it. I wanted to learn mail administration, so I decided to go the hard way and install my own one.
What I wanted was:
- an http server for me and my family (I have two daughters working as singer and actress, so they need also web site);
- a mail server. I want to be able to manage all my mails from this server, to be able to read them (and the archives) from any computer on the world, without having to bring one with me;
- a ftp server to store files as needed and allow customers to do also;
- of course ssh access;
It's mandatory to make an immediate update. Using "zypper up" is probably the best way, at this step if there is a failure it's easy to install again.
The langage should be utf8, this is not universally adopted. Verify it with
env | grep LANG
I use to remove "source" or "test" repositories and to add packman one, that is necessary is the server have at anytime to manage multimedia (likely).
Depending of your initial install you will probably have to install a lot of things. My provider installed a very minimal system. I had to install nearly all by hand. Begin to install all the meaningfull YaST modules (search for yast in software install). I had yast (mandatory!), but not yast2 (no gui) when using "ssh -X -C" to connect then yast2 is much friendlier. Notice that ssh -X seems to need a minimal X install. I use to install xfce4 basics (but not to run it at boot).
I didn't write down all what I installed. A short list is probably: mc, w3m, yast2-gtk and qt, vsftpd (ftp), dovecot (mail imap/pop3), mrtg (http statistics), inn (news server), mailman (list server), spamassassin (spam fighter), apache2, ntp (time sync), tightVNC (remote admin). X and xfce may be usefull some day.
Don't forget to activate the necessary services in YaST, system, services manager. You may want to use "systemctl enable", read the systemctl man page, it's pretty important by the time.
Using patterns is friendly, but for example I ended with libreoffice and Gimp, not really necessary on a web server :-) (don't forget to remove them :-).
You should have a YaST module to manage automatic security updates? If you don't have, you didn't install the relevant module. Do and configure the update. The module name (13.1) is "yast2-online-update-configuration". It's available from software management/config, but only in qt version (not ncurse) with install on the go. With ncurse (xterm) version, install it yourself. after that it's available in the control centrer menu as Online Update Config.
Default openSUSE firewall is SuSEFirewall2. Most options are setup with the YaST2 module.
The main error to avoid is to launch the firewall before having setup the sshd opening - doing so you will lose the connection to the server...
- smtp (postfix)
- http (apache)
Do verify all your daemons are running and launched at start.
- inn if you want a newsgroup server (not yet for me)
- mailman for mailing lists (not yet for me, but I will need it soon)
- rsyncd (do not seems to be mandatory)
- spamd (not yet)
In YaST was "running levels", is now "service manager" (13.1). You may also want to use "systemctl enable".
To allow X11 forwarding to work on modern distributions, you have to add
X11Forwarding yes #X11UseLocalhost no AddressFamily inet
then log in with "ssh -X -C [-p <port>] url
This config was activated as default in my 2014 install.