Installing a host systemReally, if you're going to run a hosting service based on open source stuff and Unix, you should have mastered your target operating system(s), and they should have no secrets for you. Using an RCS system such as Subversion is necessary, and although we try to keep a clean system at trunk, fixing things will on occasion be entirely necessary.
You can use a number of different operating systems as paphosting hosts. We have tried to make all working components available for each of the operating systems using out of the box software packages and configs. There are subtle differences though, and it's good to be aware of them up front. Please read on in sections (A), (B) and so on, for install tweaks.
A) Using OpenBSD
1. Install OpenBSDYou can get OpenBSD on www.openbsd.org and a good place to start is their FAQ. Once installed, you should try to stay at the GENERIC kernel, but i386 or sparc or alpha or amd64 really doesn't matter much (do note, though that some ports are not available on all architectures). We used i386 and amd64 and sparc, and found all of the bits and pieces we need available (or, we made them available upstream).
2. Create paphosting userUser ID 999 is necessary because some of the servers you may be installing will want to setuid to a numeric userid. If you do not want to use 999, then you may need to override configs. We are going to log in to this account remotely using ssh(1).
sudo groupadd -g 999 paphosting sudo useradd -m -d /home/paphosting -c "paphosting admin user" \ -G named -g paphosting -k /etc/skel -u 999 -s /bin/ksh \ -p `dd if=/dev/arandom count=1 bs=1024 2> /dev/null| md5` \ paphosting sudo pkg_add -v unbound # Or use local bind9 resolver.
3. Allow remote accessYour admin client will want to log in to the machine as user paphosting to perform various tasks (as user and sometimes as root using the sudo(1) program). It's good to have keys available (they are in the repository as config/ssh-keyring.pub), and put them in this account's authorized_keys file. You should verify that you can indeed log in as paphosting.
B) Using Ubuntu LTS
1. Install Ubuntu LTSYou can get Ubuntu on www.ubuntu.com, and likely choose the Server LTS (long time support) images. A good place to read up on Ubuntu install procedures is their support pages. Really, if you're going to run these frontends, you should have mastered either OpenBSD or Ubuntu entirely - one of them (or both) should have no secrets for you.
Another great way to do this, for the Xen and virtualisation addicts, is to build an image with xen-tools, for example like so:
hostname=paphosting sudo xen-create-image --hostname=$hostname --dhcp --dist=jaunty \ --arch=amd64 --partitions=ipng-default --boot --passwd --role udev
2. Create paphosting userUser ID 999 is not necessary, it's just a proposal. It can be different per host. We are going to log in to this account remotely using ssh(1).
su - apt-get install pdksh sudo unbound addgroup --gid 999 paphosting adduser --home /home/paphosting --shell /bin/ksh \ --uid 999 --gid 999 --disabled-password --gecos \ "paphosting admin user" --quiet paphostingnb. We use unbound to ensure our mailserver has working DNSBL, as many providers of black/whitelists have decided to refuse to answer queries from 'open' providers like Google's 184.108.40.206 and 220.127.116.11.
3. Create a workdir (partition)If you'll be putting apache and thttpd sites on this machine it's best to create a >250GB partition for us to write on. Mount this on /paphosting and chown that to paphosting:paphosting.
4. Allow remote accessYour admin client will want to log in to the machine as user paphosting to perform various tasks (as user and sometimes as root using the sudo(1) program). It's good to have keys available (they are in the repository as config/ssh-keyring.pub), and put them in this account's authorized_keys file. You should verify that you can indeed log in as paphosting.
5. Push FilesNow that all is setup, from a management host push the files, from svn/paphosting dir:
scripts/files-push -v -f
6. Enable FirewallEnable the firewall by adding a call to it in /etc/rc.local, if it's executable and configured:
[ -x /etc/rc.firewall -a -r /etc/rc.firewall.conf ] \ && /etc/rc.firewallNow reboot the machine to see how happily it comes up.