Installing a host system

Really, if you're going to run a hosting service based on open source stuff and Unix, you should have mastered your target operating system(s), and they should have no secrets for you. Using an RCS system such as Subversion is necessary, and although we try to keep a clean system at trunk, fixing things will on occasion be entirely necessary.

You can use a number of different operating systems as paphosting hosts. We have tried to make all working components available for each of the operating systems using out of the box software packages and configs. There are subtle differences though, and it's good to be aware of them up front. Please read on in sections (A), (B) and so on, for install tweaks.

A) Using OpenBSD

1. Install OpenBSD

You can get OpenBSD on www.openbsd.org and a good place to start is their FAQ. Once installed, you should try to stay at the GENERIC kernel, but i386 or sparc or alpha or amd64 really doesn't matter much (do note, though that some ports are not available on all architectures). We used i386 and amd64 and sparc, and found all of the bits and pieces we need available (or, we made them available upstream).

2. Create paphosting user

User ID 999 is necessary because some of the servers you may be installing will want to setuid to a numeric userid. If you do not want to use 999, then you may need to override configs. We are going to log in to this account remotely using ssh(1).
sudo groupadd -g 999 paphosting
sudo useradd -m -d /home/paphosting -c "paphosting admin user" \
  -G named -g paphosting -k /etc/skel -u 999 -s /bin/ksh \
  -p `dd if=/dev/arandom count=1 bs=1024 2> /dev/null| md5` \
  paphosting
sudo pkg_add -v unbound # Or use local bind9 resolver.

3. Allow remote access

Your admin client will want to log in to the machine as user paphosting to perform various tasks (as user and sometimes as root using the sudo(1) program). It's good to have keys available (they are in the repository as config/ssh-keyring.pub), and put them in this account's authorized_keys file. You should verify that you can indeed log in as paphosting.

B) Using Ubuntu LTS

1. Install Ubuntu LTS

You can get Ubuntu on www.ubuntu.com, and likely choose the Server LTS (long time support) images. A good place to read up on Ubuntu install procedures is their support pages. Really, if you're going to run these frontends, you should have mastered either OpenBSD or Ubuntu entirely - one of them (or both) should have no secrets for you.

Another great way to do this, for the Xen and virtualisation addicts, is to build an image with python-vm-builder, for example like so:

hostname=chbtl01
$ sudo vmbuilder kvm ubuntu --suite trusty -o \
  --libvirt qemu:///system --mirror=http://ch.archive.ubuntu.com/ubuntu \
  --rootsize=8000 --domain=paphosting.net --hostname=$hostname \
  --addpkg=linux-image-generic --addpkg=openssh-server 
After installing, take care to remove grub and replace it with grub2, ensuring you install-grub /dev/vda and run update-grub after you did your first files-push (see below). This will force grub to boot onto the serial console in KVM, in addition to setting up a serial within Linux (ie /etc/init/ttyS0.conf.

2. Create paphosting user

User ID 999 is not necessary, it's just a proposal. It can be different per host. We are going to log in to this account remotely using ssh(1).
su -
apt-get install sudo unbound
addgroup --gid 999 paphosting
adduser --home /home/paphosting --shell /bin/bash \
  --uid 999 --gid 999 --disabled-password --gecos \
  "paphosting admin user" --quiet paphosting
nb. We use unbound to ensure our mailserver has working DNSBL, as many providers of black/whitelists have decided to refuse to answer queries from 'open' providers like Google's 8.8.8.8 and 8.8.4.4.

3. Create a workdir (partition)

If you'll be putting apache and thttpd sites on this machine it's best to create a >250GB partition for us to write on. Mount this on /paphosting and chown that to paphosting:paphosting.

4. Allow remote access

Your admin client will want to log in to the machine as user paphosting to perform various tasks (as user and sometimes as root using the sudo(1) program). It's good to have keys available (they are in the repository as config/ssh-keyring.pub), and put them in this account's authorized_keys file. You should verify that you can indeed log in as paphosting.

5. Push Files

Now that all is setup, from a management host push the files, from svn/paphosting dir:
scripts/files-push -v -f 

6. Enable Firewall

Enable the firewall by adding a call to it in /etc/rc.local, if it's executable and configured:
[ -x /etc/rc.firewall -a -r /etc/rc.firewall.conf ] \
  && /etc/rc.firewall
Now reboot the machine to see how happily it comes up.

EOF :)