OpenSUSE small server basics (dec 2021)
< Open SUSE small-server 2021-2022 | Configuring a small home server in 2021 with openSUSE Leap 15.3 | Public/private key authentification with ssh >
Starting Point
Hardware and partitioning
I own a hosted server on the kimsufi.com site, part of the ovh.com hosting service (one of the biggest french one).
Nowaday there is no reason to save disk space. Use 100Gb root partition or even more, that way you can use unlimited mailbox space (usually in /var/spool) or database, without moving them to /home or /data partition.
Get a Domain Name
I know you can use a dynamic system, but having your own domain name is very handy and very cheap. I use http://gandi.net and pay only €18 a year for my dodin.org domain name (I own also other one, but this is an other story). I always had fixed IP, including at home, so I don't know much about a server on a variable IP system.
You can also have a free domain name, with fr.cr, fr.nf tld on Azote.org. May be there are some other international free domain provider, but I don't know them.
Know what you want
The first task is to take a paper and a pencil and write down exactly what you want. Of course, when working, you will understand better your needs and change accordingly, but any change can give painfull results.
As an example, gandi.net allows you to have a full mail server with no administration and unlimited e-mails for as low as €1 (one!) a month and if you want only the myname@mydomain e-mail, better use it. I wanted to learn mail administration, so I decided to go the hard way and install my own one.
What I wanted was:
- an http server for me and my family;
- a mail server. I want to be able to manage all my mails from this server, to be able to read them (and the archives) from any computer on the world, without having to bring one with me;
- a ftp server to store files as needed and allow customers to do also;
- of course ssh access;
Basic config
Update
It's mandatory to make an immediate update. Using "zypper up" is probably the best way, at this step if there is a failure it's easy to install again.
Langage
The langage should be utf8, this is not universally adopted. Verify it with
env | grep LANG
Setup repositories in YaST
I use to remove "source" or "test" repositories and to add packman one, that is necessary is the server have at anytime to manage multimedia (likely).
Install basic stuff
Depending of your initial install you will probably have to install a lot of things. My provider installed a very minimal system. I had to install nearly all by hand. Begin to install all the meaningfull YaST modules (search for yast in software install). I had yast (mandatory!), but not yast2 (no gui) when using "ssh -X -C" to connect then yast2 is much friendlier. Notice that ssh -X seems to need a minimal X install. I use to install xfce4 basics (but not to run it at boot).
I didn't write down all what I installed. A short list is probably: mc, w3m, yast2-gtk and qt, vsftpd (ftp), dovecot (mail imap/pop3), mrtg (http statistics), inn (news server), mailman (list server), spamassassin (spam fighter), apache2, ntp (time sync), tightVNC (remote admin). X and xfce may be usefull some day.
Don't forget to activate the necessary services in YaST, system, services manager. You may want to use "systemctl enable", read the systemctl man page, it's pretty important by the time.
Using patterns is friendly, but for example I ended with libreoffice and Gimp, not really necessary on a web server :-) (don't forget to remove them :-).
Automatic updates
You should have a YaST module to manage automatic security updates? If you don't have, you didn't install the relevant module. Do and configure the update. The module name (13.1) is "yast2-online-update-configuration". It's available from software management/config, but only in qt version (not ncurse) with install on the go. With ncurse (xterm) version, install it yourself. after that it's available in the control centrer menu as Online Update Config.
Firewall
I don't need a firewall, as my computer is alone on his network.
Default openSUSE firewall is now firewalld. Set it up with the YaST2 module.
The main error to avoid is to launch the firewall before having setup the sshd opening - doing so you will lose the connection to the server...
Test the firewall: http://www.auditmypc.com/firewall-test.asp (but from the tested computer). To be able to use this easily look at Doc.TunnelSshEtFirefox.
Add:
- dovecot
- smtp (postfix)
- http (apache)
- https
- VNC
- vsftp
Services
Do verify all your daemons are running and launched at start.
Specially:
- inn if you want a newsgroup server
- mailman for mailing lists
- rsyncd (do not seems to be mandatory)
- vsftpd
In YaST was "running levels", is now "service manager" (13.1). You may also want to use "systemctl enable".
X11Forwarding
To allow X11 forwarding to work on modern distributions, you have to add
X11Forwarding yes #X11UseLocalhost no AddressFamily inet
to "/etc/ssh/sshd_config".
then log in with "ssh -X -C [-p <port>] url
This config was activated as default in my 2014 install.
< Open SUSE small-server 2021-2022 | Configuring a small home server in 2021 with openSUSE Leap 15.3 | Public/private key authentification with ssh >