NamHB's Blog

Setup Home Server on CentOS Tutorial

Nam Ha Bach's photo
Nam Ha Bach
·

10 min read

This is my first tutorial, which i use English. I use resource from: http://www.server-world.info/en/ and my old tut. It is easy to complete it. You can publish your server by using Port-Forwarding. If Using it, you should Port forwarding many port: 80, 20,21,25,443,110.

Step 1: Install OS: CentOS

Step 2:
a. Config Static IP: 192.168.1.10 + Default gateway + DNS server
ping yahoo.com ok!
b. Synchonoirous Time:
yum install -y ntp*
ntpdate time.nist.gov
c. Disable FireWall + SeLinux
d. Config hostname

[vim /etc/sysconfig/network]
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server.hbn.local
GATEWAY=192.168.1.1

[vim /etc/hosts]
192.168.1.10 server.hbn.local server
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

Step 3: Install DNS-Bind
a. yum -y install bind caching-nameserver
b. Test

[vim /etc/named.conf]
options {
directory "/var/named";
forwarders {203.162.0.181; 203.162.0.11; 210.245.0.11; 210.245.0.58; 208.67.222.222; 208.67.220.220; 8.8.8.8; 8.8.4.4;};
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
};

zone "localhost" IN {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
};

[vim /etc/resolv.conf] #Edit DNS server
nameserver 192.168.1.10
nameserver 192.168.1.1

[/etc/init.d/named start] #Test
Starting named: [ OK ]
c. Config:

[vim /var/named/192.168.1.0.db]
$TTL 86400
@ IN SOA hbn.local. root.hbn.local. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.hbn.local.
10 IN PTR dns.hbn.local.

[vim /var/named/hbn.local.db]
$TTL 14400
@ IN SOA root.hbn.local. hostmaster.hbn.local. (
2009102800
14400
3600
1209600
86400 )

IN NS hbn.local.
IN NS hbn.local.

ftp IN A 192.168.1.10
hbn.local. IN A 192.168.1.10
localhost IN A 127.0.0.1
mail IN A 192.168.1.10
pop IN A 192.168.1.10
smtp IN A 192.168.1.10
www IN A 192.168.1.10
hbn.local. IN MX 10 mail

hbn.local. 14400 IN TXT "v=spf1 a mx ip4:192.168.1.10 ~all"

[vim /etc/named.conf] #Add below
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.0.db";
};

zone "hbn.local" {
type master;
file "hbn.local.db";
};

nslookup hbn.local #Test
chkconfig named on
Step 4: Apache with PHP, SSL
a. Install
yum -y install httpd php php-mbstring php-pear mod_ssl php-gd
service httpd start
chkconfig httpd on

b. Config

[vim /etc/httpd/conf/httpd.conf]
ServerTokens Prod // line 44: change

KeepAlive On // line 74: change to ON

ServerAdmin root@hbn.local // line 250: Admin's address

ServerName hbn.local:80 // line 264: server's name

Options FollowSymLinks // line 319: change (disable Indexes)

AllowOverride All // line 326: change

#UserDir disable // line 354: make it comment

UserDir public_html // line 361: make valid

// line 369 - 380 : remove # and make valid

AllowOverride All // change
Options None

Order allow,deny
Allow from all

Order deny,allow
Deny from all

// line 390: add file name that it can access only with directory's name
DirectoryIndex index.html index.php

ServerSignature Off // line 523: change

##########################################################

cd /var/www/html
echo "Test hbn.local" > index.html
echo "" > index.php

c. SSL
cd /etc/pki/tls/certs
make server.key
openssl rsa -in server.key -out server.key
make server.csr
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
chmod 400 server.*

[vim /etc/httpd/conf.d/ssl.conf]
DocumentRoot "/var/www/html" // line 84: make valid

ServerName hbn.local:443 // line 85: make valid and change

SSLCertificateFile /etc/pki/tls/certs/server.crt // line 112: change

SSLCertificateKeyFile /etc/pki/tls/certs/server.key // line 119: change

service httpd restart
https://192.168.1.10
d. Virtual Hosting
Reg one account in no-ip.org. My domain: namhb.no-ip.org
Use client to update your ip.
Edit DNS: Create like hbn.local.

[/etc/named.conf] Add bellow
zone "namhb.no-ip.org" IN {
type master;
file "namhb.no-ip.org.hb";
};

[/var/named/namhb.no-ip.org.hb]
$TTL 14400
@ IN SOA root.namhb.no-ip.org. hostmaster.namhb.no-ip.org. (
2009102800
14400
3600
1209600
86400 )

IN NS namhb.no-ip.org.
IN NS namhb.no-ip.org.

ftp IN A 192.168.1.10
namhb.no-ip.org. IN A 192.168.1.10
localhost IN A 127.0.0.1
mail IN A 192.168.1.10
pop IN A 192.168.1.10
smtp IN A 192.168.1.10
www IN A 192.168.1.10
namhb.no-ip.org. IN MX 10 mail

namhb.no-ip.org. 14400 IN TXT "v=spf1 a mx ip4:192.168.1.10 ~all"
Add user:
useradd hbn
mkdir /home/hbn/public_html

[/etc/httpd/conf.d/httpd.conf]
NameVirtualHost *:80 // line 971: make valid
// bottom: add these lines
DocumentRoot /var/www/html
ServerName hbn.local
ErrorLog logs/hbn.local-error_log
CustomLog logs/hbn.local-access_log common

DocumentRoot /home/hbn/public_html
SuexecUserGroup hbn hbn
ServerName namhb.no-ip.org
ErrorLog logs/namhb.no-ip.org-error_log
CustomLog logs/namhb.no-ip.org-access_log common

Similar like https 443

[/etc/httpd/conf.d/ssl.conf]
NameVirtualHost *:443
// line 81: change
SuexecUserGroup hbn hbn
// add in the bottom of the file: configuration for namhb.no-ip.org for SSL

DocumentRoot "/home/cent/public_html"
ServerName namhb.no-ip.org:443
ErrorLog logs/namhb.no-ip.org_ssl_error_log
TransferLog logs/namhb.no-ip.org_ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key

SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

e. Finish: /etc/rc.d/init.d/httpd restart
Step 5: FTP Server:
a. Install vsftpd:
yum -y install vsftpd
b. Config

[/etc/vsftpd/vsftpd.conf]
anonymous_enable=NO // line 12: no anonymous
ascii_upload_enable=YES // line 79: make valid
ascii_download_enable=YES //(permit ascii mode transfer)
chroot_list_enable=YES // line 94: make valid
chroot_list_file=/etc/vsftpd/chroot_list // line 96: make valid
ls_recurse_enable=YES // line 102: make valid
chroot_local_user=YES // bottom: enable chroot
local_root=public_html // root directory
use_localtime=YES // use local time

[/etc/vsftpd/chroot_list]
//Add user you permit. User hbn
hbn

e. Finish:
/etc/rc.d/init.d/vsftpd start
chkconfig vsftpd on
Step 6: Install Mail.
a. Install:
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
b. Config:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8'

[/usr/lib/sasl2/smtpd.conf]
pwcheck_method: saslauthd
mech_list: plain login

Generation keys:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Then:
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

postconf -e 'myhostname = server.hbn.local'

[ /etc/dovecot.conf]
..
protocols = imap imaps pop3 pop3s
..

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start

c. Virtual Hosting

[/etc/postfix/main.cf]
mydestination = /etc/postfix/local-host-names

[/etc/postfix/local-host-names]
localhost
localhost.localdomain
server.hbn.local
hbn.local
namhb.no-ip.org

[/etc/postfix/virtualusesrtb]
hbn@hbn.local root
hbn

postmap /etc/postfix/virtualusesrtb
Finish my tutorial. You should use txt tutorial to view many entry can be changed by bbcode.
Txt tut: http://www.mediafire.com/?e09ve6p703fngdt

------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

Nam Habach