Home Server (v2)

In v1 of my Home Server setup, I used CentOS for my server installation.  While CentOS is nice, a “mature” distribution, I was getting frustrated by the package system.  CentOS uses much older packages than are currently available.  For example, nano is version 1.2, while the latest version is 2.4.  It’s not like nano is a quickly evolving technology, either.

I’ve since switched to using Ubuntu as my home server.  Ubuntu is a bit more “bleeding edge”.  If you can operate a CentOS box, it’s not a stretch to run an Ubuntu box.  It also made sense, at least to me, to make the switch since XBMC uses Ubuntu as a base, and I needed to install a new hard drive on my server.  I wanted to keep the data files separate from the OS, so that required a reformat and new partition tables anyways.

As before, most of the credit for this setup goes to http://www.howtoforge.net.  A few things I pieced together through bits and pieces of other sites on the ‘net.

sudo apt-get install openssh-server ssh

sudo  apt-get update

sudo apt-get safe-upgrade

sudo reboot

dpkg-reconfigure dash

Install dash as /bin/sh? <– No (This is so that we can run in the normal “bash” operating environment.  Not 100% necessary, but never a bad idea.)

sudo /etc/init.d/apparmor stop
sudo update-rc.d -f apparmor remove
sudo apt-get remove apparmor apparmor-utils

sudo apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

 sudo apt-get install mysql-server mysql-client libmysqlclient16-dev

Make sure you set your Mysql “root” password.

sudo nano /etc/mysql/my.cnf

Comment out the line bind-address = 127.0.0.1. So that MySQL listens on all ports.  (Do this only if you want MySQL to be able to operate with remote connections.)

sudo install postfix libsasl2-2 sasl2-bin libsasl2-modules

Selected “Internet Site” for the postfix setup.  We’ll reconfigure in a second.

sudo dpkg-reconfigure postfix

You can usually just hit “enter” for everything assuming you’ve properly setup your hostname and all.  We’re not installing “procmail”, so that’s a “No”.

sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_authenticated_header = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
sudo echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

sudo mkdir /etc/postfix/ssl
sudo cd /etc/postfix/ssl/
sudo openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

sudo chmod 600 smtpd.key
sudo openssl req -new -key smtpd.key -out smtpd.csr

sudo openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

sudo openssl rsa -in smtpd.key -out smtpd.key.unencrypted

sudo mv -f smtpd.key.unencrypted smtpd.key
sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

sudo postconf -e 'myhostname = <strong>server1.example.com</strong>'

sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_use_tls = yes'
sudo postconf -e 'smtpd_use_tls = yes'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'

sudo mkdir -p /var/spool/postfix/var/run/saslauthd

sudo /etc/default/saslauthd

Now we have to edit /etc/default/saslauthd in order to activate saslauthd. Set START to yes and change the line OPTIONS=”-c -m /var/run/saslauthd” to OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”.

sudo adduser postfix sasl

sudo /etc/init.d/postfix restart
sudo /etc/init.d/saslauthd start

At this point, we’d normally setup other mail delivery agents (MDA).  Since I suggest using Zarafa (http://www.zarafa.com/community), we won’t do that.

sudo postconf -e 'home_mailbox = Maildir/'
sudo postconf -e 'mailbox_command ='
sudo /etc/init.d/postfix restart

sudo postconf -e 'relayhost = your.smtprelay.com:port'
sudo postconf -e 'smtp_sasl_auth_enable=yes'
sudo postconf -e 'smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd'
sudo postconf -e 'smtp_sasl_security_options='

sudo echo outbound.mailhop.org:2525 userid:password > /etc/postfix/sasl_passwd

chown root:root /etc/postfix/sasl_passwd && chmod 600 /etc/postfix/sasl_passwd

postmap hash:/etc/postfix/sasl_passwd

sudo apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2-suexec libexpat1 ssl-cert

sudo apt-get install libapache2-mod-php5 libapache2-mod-ruby libapache2-mod-python php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

 sudo nano etc/apache2/mods-available/dir.conf

change the Directory Index line to read:  DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml

sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod suexec
sudo a2enmod include
sudo a2enmod dav_fs
sudo a2enmod dav

sudo /etc/init.d/apache2 restart

sudo nano /etc/mime.types

Comment out the application/x-ruby line.

sudo /etc/init.d/apache2 restart

sudo apt-get install ntp ntpdate

sudo apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl libnetaddr-ip-perl libarchive-tar-perl

sudo apt-get install libcupsys2 samba samba-common

sudo nano /etc/samba/smb.conf

Uncomment the line security = user.

sudo /etc/init.d/samba restart

The next step creates a “generic” folder for sharing.  In my case, I have an entire drive mounted as a folder and that’s set as sharing.  Use this next section strictly as a guide for setting up shares.

sudo mkdir -p /home/shares/allusers
sudo chown -R root:users /home/shares/allusers/
sudo chmod -R ug+rwx,o+rx-w /home/shares/allusers/

sudo nano /etc/samba/smb.conf

Add the following to the end of the file:

[allusers]
comment = All Users
path = /home/shares/allusers
valid users = @users
force group = users
  create mask = 0660
  directory mask = 0771
  writable = yes

Repeat the above block as necessary for all folders you wish to share.  To share user home folders:

[homes]
comment = Home Directories
browseable = no
valid users = %S
writable = yes
create mask = 0700
directory mask = 0700

sudo /etc/init.d/samba restart

useradd tom -m -G users

Or whatever username you want.  If they are a system user, then do this:

sudo passwd tom

If they can only share files through the system, skip the above line, but do this no matter what:

sudo smbpasswd -a tom

Now, outside of setting up Zarafa for mail delivery and reading, you’ve got a home server that will share files between your Windows/Mac machines.  =)