Setup Home Server on CentOS Tutorial

This is my first tutorial, which i use English. I use resource from: and my old tut. It is easy to complete it. You can publish your server by using Port-Forwarding. If Using it, you should Port forwarding many port: 80, 20,21,25,443,110.

Step 1: Install OS: CentOS

Step 2:
    a. Config Static IP: + Default gateway + DNS server
        ping ok!
    b. Synchonoirous Time:
        yum install -y ntp*
    c. Disable FireWall + SeLinux
    d. Config hostname
        [vim /etc/sysconfig/network]
        [vim /etc/hosts]    server.hbn.local server       localhost.localdomain localhost
        ::1             localhost6.localdomain6 localhost6
Step 3: Install DNS-Bind
    a. yum -y install bind caching-nameserver
    b. Test
        [vim /etc/named.conf]
        options {
            directory "/var/named";
            forwarders {;;;;;;;;};
        zone "localdomain" IN {
            type master;
            file "";

        zone "localhost" IN {
            type master;
        file "";

        zone "" IN {
            type master;
            file "named.local";

        zone "" IN {
            type master;
            file "named.broadcast";

        zone "" IN {
            type master;
            file "";
        [vim /etc/resolv.conf] #Edit DNS server
        [/etc/init.d/named start] #Test
        Starting named: [  OK  ]
    c. Config:
        [vim /var/named/]
        $TTL    86400
        @       IN      SOA     hbn.local. root.hbn.local.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
                IN      NS      ns1.hbn.local.
        10       IN      PTR     dns.hbn.local.
        [vim /var/named/hbn.local.db]  
        $TTL 14400
        @       IN      SOA     root.hbn.local.      hostmaster.hbn.local. (
                                                86400 )

               IN      NS      hbn.local.
               IN      NS      hbn.local.

        ftp        IN      A
        hbn.local.       IN      A
        localhost          IN      A
        mail       IN      A
        pop        IN      A
        smtp       IN      A
        www        IN      A
        hbn.local.      IN      MX      10 mail

        hbn.local.    14400   IN      TXT     "v=spf1 a mx ip4: ~all"
        [vim /etc/named.conf] #Add below      
        zone "" IN {
                    type master;
                    file "";

        zone "hbn.local" {
                    type master;
                    file "hbn.local.db";

        nslookup hbn.local #Test
        chkconfig named on
Step 4: Apache with PHP, SSL
        a. Install
        yum -y install httpd php php-mbstring php-pear mod_ssl php-gd
        service httpd start
        chkconfig httpd on

        b. Config
        [vim /etc/httpd/conf/httpd.conf]
        ServerTokens    Prod             // line 44: change

        KeepAlive    On            // line 74: change to ON

        ServerAdmin    root@hbn.local        // line 250: Admin's address

        ServerName    www.hbn.local:80        // line 264: server's name

        Options        FollowSymLinks         // line 319: change (disable Indexes)
        AllowOverride    All            // line 326: change
        #UserDir disable                // line 354: make it comment

        UserDir public_html            // line 361: make valid

        // line 369 - 380 : remove # and make valid
                AllowOverride    All        // change
            Options        None
                         Order allow,deny
                         Allow from all

                         Order deny,allow
                         Deny from all


        // line 390: add file name that it can access only with directory's name
        DirectoryIndex index.html index.php

        ServerSignature        Off        // line 523: change
        cd /var/www/html
        echo "Test hbn.local" > index.html
        echo "" > index.php
        c. SSL
        cd /etc/pki/tls/certs
        make server.key
        openssl rsa -in server.key -out server.key
        make server.csr
        openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
        chmod 400 server.*
        [vim /etc/httpd/conf.d/ssl.conf]
        DocumentRoot        "/var/www/html"        // line 84: make valid

         ServerName        www.hbn.local:443        // line 85: make valid and change

         SSLCertificateFile        /etc/pki/tls/certs/server.crt    // line 112: change

         SSLCertificateKeyFile    /etc/pki/tls/certs/server.key    // line 119: change

        service httpd restart
        d. Virtual Hosting
        Reg one account in My domain:
        Use client to update your ip.
        Edit DNS: Create like hbn.local.
        [/etc/named.conf] Add bellow
        zone "" IN {
            type master;
            file "";
        $TTL 14400
        @       IN      SOA (
                                                86400 )

               IN      NS
               IN      NS

        ftp        IN      A       IN      A
        localhost          IN      A
        mail       IN      A
        pop        IN      A
        smtp       IN      A
        www        IN      A      IN      MX      10 mail    14400   IN      TXT     "v=spf1 a mx ip4: ~all"
        Add user:
            useradd hbn
            mkdir /home/hbn/public_html
            NameVirtualHost *:80    // line 971: make valid
                    // bottom: add these lines
                DocumentRoot /var/www/html
                   ServerName www.hbn.local
                   ErrorLog logs/hbn.local-error_log
                   CustomLog logs/hbn.local-access_log common

                   DocumentRoot /home/hbn/public_html
                SuexecUserGroup hbn hbn
                   ErrorLog logs/
                   CustomLog logs/ common
            Similar like https 443
            NameVirtualHost *:443
                // line 81: change
            SuexecUserGroup hbn hbn
            // add in the bottom of the file: configuration for for SSL
                DocumentRoot "/home/cent/public_html"
                ErrorLog logs/
                TransferLog logs/
                LogLevel warn
                SSLEngine on
                SSLProtocol all -SSLv2
                SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
                SSLCertificateFile /etc/pki/tls/certs/server.crt
                SSLCertificateKeyFile /etc/pki/tls/certs/server.key
                   SSLOptions +StdEnvVars

            SetEnvIf User-Agent ".*MSIE.*" \
               nokeepalive ssl-unclean-shutdown \
               downgrade-1.0 force-response-1.0
            CustomLog logs/ssl_request_log \
                   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        e. Finish: /etc/rc.d/init.d/httpd restart
Step 5: FTP Server:
    a. Install vsftpd:
        yum -y install vsftpd
    b. Config
        anonymous_enable=NO        // line 12: no anonymous
        ascii_upload_enable=YES        // line 79: make valid
        ascii_download_enable=YES    //(permit ascii mode transfer)
        chroot_list_enable=YES        // line 94: make valid
        chroot_list_file=/etc/vsftpd/chroot_list  // line 96: make valid
        ls_recurse_enable=YES        // line 102: make valid
        chroot_local_user=YES        // bottom: enable chroot
        local_root=public_html        // root directory
        use_localtime=YES        // use local time
        //Add user you permit. User hbn
    e. Finish:
        /etc/rc.d/init.d/vsftpd start
        chkconfig vsftpd on
Step 6: Install Mail.
    a. Install:
        yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
    b. Config:
        postconf -e 'smtpd_sasl_local_domain ='
        postconf -e 'smtpd_sasl_auth_enable = yes'
        postconf -e 'smtpd_sasl_security_options = noanonymous'
        postconf -e 'broken_sasl_auth_clients = yes'
        postconf -e 'smtpd_sasl_authenticated_header = yes'
        postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
        postconf -e 'inet_interfaces = all'
        postconf -e 'mynetworks ='
            pwcheck_method: saslauthd
                      mech_list: plain login
        Generation keys:
        mkdir /etc/postfix/ssl
        cd /etc/postfix/ssl/
        openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
        chmod 600 smtpd.key
        openssl req -new -key smtpd.key -out smtpd.csr
        openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
        openssl rsa -in smtpd.key -out smtpd.key.unencrypted
        mv -f smtpd.key.unencrypted smtpd.key
        openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
        postconf -e 'smtpd_tls_auth_only = no'
        postconf -e 'smtp_use_tls = yes'
        postconf -e 'smtpd_use_tls = yes'
        postconf -e 'smtp_tls_note_starttls_offer = yes'
        postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
        postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
        postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
        postconf -e 'smtpd_tls_loglevel = 1'
        postconf -e 'smtpd_tls_received_header = yes'
        postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
        postconf -e 'tls_random_source = dev:/dev/urandom'
        postconf -e 'myhostname = server.hbn.local'
        [ /etc/dovecot.conf]
        protocols = imap imaps pop3 pop3s
        postconf -e 'home_mailbox = Maildir/'
        postconf -e 'mailbox_command ='
        /etc/init.d/postfix restart
        chkconfig --levels 235 sendmail off
        chkconfig --levels 235 postfix on
        chkconfig --levels 235 saslauthd on
        chkconfig --levels 235 dovecot on
        /etc/init.d/sendmail stop
        /etc/init.d/postfix start
        /etc/init.d/saslauthd start
        /etc/init.d/dovecot start

    c. Virtual Hosting
        mydestination = /etc/postfix/local-host-names
            hbn@hbn.local        root
        postmap /etc/postfix/virtualusesrtb
Finish my tutorial. You should use txt tutorial to view many entry can be changed by bbcode.
Txt tut:

Thanks for reading
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.  


Popular posts from this blog

Python - Multithread to read one file


An toàn thông tin ứng dụng Web