A Tutorial To Build A Debian 11 Web Site Hosting Server Using Apache, BIND, Dovecot, MariaDb, PureFTPD and ISPConfig
By: Edward Kimmel
This tutorial exists for these OS versions
- Debian 11.5
- Debian 11.4
- Debian 11.3
- Debian 11.2
- Debian 11.1
- Debian 11
Page Quick Links
Build a Debian 11 Web Site Hosting Server
Ever wanted to host your own website? It’s not as hard as you would think. Simply use my first tutorial to create a Debian 11 boot flash drive. Then follow the step by step procedure of my second tutorial to install the Debian 11 OS on your computer using the Graphical Expert Install method. This Tutorial will show you how to install and configure open source software on your Debian 11 (Bullseye) computer which can be used to easily host not just one web site, but multiple web sites if the need be.
This tutorial will teach you how to create a LAMP server (Linux, Apache, MariaDb & PHP) for your Debian 11 computer. We will set up a Dovecot mail server with spam and antivirus protection, install and configure RoundCube to give the mail server a web portal. We’ll follow that by installing PHPmyAdmin so you can easily access the MariaDb database server. Finally we will install ISPConfig to administer your web site(s), mail servers, FTP access and BIND DNS server. After installing ISPConfig will install multiple versions of PHP which will give you one powerful commercial grade web server.
0.02 Project Preparation Details
Computer Set Up
Network IP: 192.168.0.150
Network Mask: 255.255.255.0
Network Gateway: 192.168.0.1
Network DNS: 192.168.0.1
ISPConfig MariaDb Database: dbispconfig
ISPConfig MariaDb Database Username: ispconfig
ISPConfig MariaDb Database Password: ISPcfg4Me2@ccessU
MyDomain.com ISPConfig Client
ISPConfig Client Company Name: MyDomain.com
ISPConfig Client Contact Name: Owner
ISPConfig Client Username: client1
ISPConfig Client Password: Client14Me2@ccessU
ISPConfig Client Language: English
ISPConfig Client Theme: default
ISPConfig Client Country: United States
ISPConfig Client Email: email@example.com
ISPConfig Client Internet: https://
MyDomain.com ISPConfig FTP User
ISPConfig FTP User Username: client1_ftp
ISPConfig FTP User Password: Client14Me2@ccessU
MyDomain.com WordPress Configuration
WordPress Username: client1
WordPress Password: Client14Me2@ccessU
WordPress Email: firstname.lastname@example.org
WordPress Site Title: MyDomain.com
WordPress MariaDb Database Name: WP1
WordPress MariaDb Database Username: client1
WordPress MariaDb Database Password: Client14Me2AccessU
RoundCube MariaDB Database: roundcube
RoundCube MariaDB Database Password: RCBcfg4Me2@ccessU
0.03 Before We Get Started
Before we will start our commercial grade web hosting server project there may be a few things you’ll need to do to make your server a bit more administrative friendly. You may not need to do some of these things but it doesn’t hurt to know how.
0.04 Enable Superuser ‘root’
By default, a fresh Debian 11 OS installation disables the superuser ‘root’ account from local and
remote SSH login to your computer for security reasons. You can test this by trying to log into your computer as superuser ‘root’. If you discover that you can’t you must use the other login you created during the Debian 11 installation.
Log in to the server using the Other User Account you created. Then use “su -” command to log into the root account.
Enter root password when prompted.
Now we can enable the superuser ‘root’ for local and remote SSH login by editing the following files.
To enable the superuser ‘root’ to be allowed to used to log in locally to your computer we must edit two system files. First edit the daemon.conf file:
Find the [security] marker and on the next line add “AllowRoot=true”.
[…] [security] AllowRoot=true […]
Then save and close the file using Ctrl + X.
Now we edit the second gdm-password file:
Comment out this line with a ‘#’ placed at the beginning:
“auth required pam_succeed_if.so user != root quiet_success”.
[…] #auth required pam_succeed_if.so user != root quiet_success […]
Save and close the file using Ctrl + X. You can now use the superuser ‘root’ to login locally to the computer.
Now let’s enable the superuser ‘root’ to be able to log into the computer remotely using SSH. To do this we need to edit the sshd_config file:
Find the “PermitRootLogin” parameter and uncomment the line and then change it to “yes” or simply add a new line ‘PermitRootLogin yes‘.
[..] #LoginGraceTime 2m #PermitRootLogin prohibit-password PermitRootLogin yes #StrictModes yes […]
Save and close the file using Ctrl + X. Then restart the SSH server:
systemctl restart ssh
You can now use the superuser ‘root’ to login remotely to the computer using secure SSH.
0.05 Disable Computer Auto Suspend And Hibernation
Now we need to prevent the server from “suspending” or going into “hibernation” or “sleeping”. Even if you log in and edit the power setting using the Settings GUI to prevent sleeping, the computer will go into hibernation (sleep mode) after you log out. This is a power saver feature to save electricity and built into most all modern day operating systems. This may be OK for most desktop computers, but your web server will need to accessed 24×7 and sleeping is not an option!
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
0.06 Modify the Package Manager Sources List File
If you installed your Debian 11 OS from an ISO Image, DVD media, or a flash drive; that installation media was set as main source for the Package Manager. If you used the Graphical Expert Install method form my tutorial and followed my recommendations then you will not have to make very many changes to the APT source settings. First let’s make a backup copy of the original /etc/apt/sources.list file.
cp /etc/apt/sources.list /etc/apt/sources.list.old
Now lets open the file to modify it’s content:
This was my default file after I used the Graphical Expert Installation mode to install my copy of Debian 11 OS to my computer as instructed in the tutorial.
# deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ – Official amd64 DVD Binary-1 20220709-10:33]/ bullseye contrib main deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ – Official amd64 DVD Binary-1 20220709-10:33]/ bullseye contrib main deb http://deb.debian.org/debian/ bullseye main non-free contrib deb-src http://deb.debian.org/debian/ bullseye main non-free contrib deb http://security.debian.org/debian-security bullseye-security main contrib non-free deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free # bullseye-updates, to get updates before a point release is made; # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free deb-src http://deb.debian.org/debian/ bullseye-updates main contrib non-free # bullseye-backports, previously on backports.debian.org deb http://deb.debian.org/debian/ bullseye-backports main contrib non-free deb-src http://deb.debian.org/debian/ bullseye-backports main contrib non-free
The only change I had to make was comment out the DVD source line by using a ‘#’ at the start of the line like this:
[…] # deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ – Official amd64 DVD Binary-1 20220709-10:33]/ bullseye contrib main #deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ – Official amd64 DVD Binary-1 20220709-10:33]/ bullseye contrib main […]
If you didn’t use the Graphical Expert Installation or skipped some of my recommendations you want to make sure your file has a network source listed like this:
deb http://deb.debian.org/debian/ bullseye main non-free contrib
deb-src http://deb.debian.org/debian/ bullseye main non-free contrib
You also should have a security source listed like this:
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
You also need to have an update source listed like this:
deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free
deb-src http://deb.debian.org/debian/ bullseye-updates main contrib non-free
You may need to add a backports source list like this:
deb http://deb.debian.org/debian/ bullseye-backports main contrib non-free
deb-src http://deb.debian.org/debian/ bullseye-backports main contrib non-free
You also want to make sure all three components (main contrib non-free) are listed for each source list. Here is a brief description of each component:
- main consists of DFSG-compliant packages, which do not rely on software outside this area to operate. These are the only packages considered part of the Debian distribution.
- contrib packages contain DFSG-compliant software, but have dependencies not in main (possibly packaged for Debian in non-free).
- non-free contains software that does not comply with the DFSG.
After you are done modifying your file, save and close the file using Ctrl + X.
0.07 Computer Hostname
Check the computer’s hostname.
Output should look like this:
root@server:~# hostname -f
If you want to change your computer’s hostname you need to edit the ‘/etc/hostname’ file.
Save any changes you may make and close the file using Ctrl + x. Any changes you make will not take effect until you reboot your computer.
0.08 Computer Hosts File
If you make changes to your computer’s hostname, you will also need to update your ‘/etc/hosts’ file. You should also add listings for any web domain or sub-domain you will be hosting on your server once it’s operational. Use this command to open your hosts file:
I added the last section shown here to my hosts file:
127.0.0.1 localhost 192.168.0.150 server.mydomain.com server # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # The following lines are web domains and sub-domains hosted on this server 192.168.0.150 www.mydomain.com www 192.168.0.150 mydomain.com 192.168.0.150 mail.mydomain.com mail
Save any changes you may make and close the file using Ctrl + x. Any changes you make will not take effect until you reboot your computer.
0.09 Check If Additional Firmware Needs Installed
You may have been ask to install ‘non-free’ software during the Debian 11 OS installation or some firmware may not of initially installed during the installation process. Let’s make sure all of the needed firmware has been installed:
We can see firmware rtl8192cfw.bin failed to load as we review the output (you will see error text in RED):
[ 12.618316] rtl8192ce: Using firmware rtlwifi/rtl8192cfw.bin
[ 12.618571] rtl8192ce 0000:03:00.0: firmware: failed to load rtlwifi/rtl8192cfw.bin (-2)
[ 12.618695] firmware_class: See https://wiki.debian.org/Firmware for information about missing firmware
[ 12.618854] rtl8192ce 0000:03:00.0: Direct firmware load for rtlwifi/rtl8192cfw.bin failed with error -2
Now we use apt-file to find the package needed that contains the file:
apt install -y apt-file
apt-file find rtl8192cfw.bin
Your output may look similar to this:
root@server:~# apt-file find rtl8192cfw.bin
Now, we can simply install the ‘firmware-realtek‘ package like this:
apt-get install -y firmware-realtek
Sometimes just using this command will fix some unknown firmware issues that doesn’t display with the ‘dmesg‘ command:
apt-get install -y firmware-misc-nonfree
0.10 ISPConfig Preparation
ISPConfig is a free open-source control panel application that allows website owners to easily administer their sites, similar to cPanel and Plesk. It also allows resellers to manage multiple accounts on multiple physical or virtual servers. ISPConfig requires the Debian 11 OS /bin/sh symlink to /bin/bash. Debian 11 OS defaults /bin/sh symlink to /bin/dash. To insure ISPConfig will install properly you must reconfigure your Debian 11 OS to use /bin/bash.
To change the default shell /bin/sh, we run this shell script:
Once the shell script executes you’ll be asked if you want to use dash as the default shell, simply answer No.
Use dash as the default system shell (/bin/sh)? <– No
You should see output like this:
root@server:~# dpkg-reconfigure dash Removing 'diversion of /bin/sh to /bin/sh.distrib by dash' Adding 'diversion of /bin/sh to /bin/sh.distrib by bash' Removing 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by dash' Adding 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by bash' root@server:~#
0.11 Update Debian 11 OS
Now lets update the Debian 11 OS:
apt update && apt upgrade -y && apt dist-upgrade -y
0.12 Install Basic Software And Utilities
This is a list of software apps and packages that will be needed to configure the web hosting server. We will use the following command to install these apps and packages.
SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data.
OpenSSH is a powerful collection of tools for the remote control of, and transfer of data between, networked computers. You will also learn about some of the configuration settings possible with the OpenSSH server application and how to change them on your Ubuntu system.
OpenSSL is an open-source command line tool that is commonly used to generate private keys, create CSRs, install your SSL/TLS certificate, and identify certificate information.
GNU nano is an easy to use command line text editor for Unix and Linux operating systems. It includes all the basic functionality you’d expect from a regular text editor, like syntax highlighting, multiple buffers, search and replace with regular expression support, spellchecking, UTF-8 encoding, and more.
On Unix-like operating systems, vim, which stands for “Vi Improved”, is a text editor. It can be used for editing any kind of text and is especially suited for editing computer programs.
This APT transport supports access to repositories through the HTTP Secure protocol (HTTPS), often known as HTTP over TLS. It has been provided by default since apt 1.5, and it was previously available in the package apt-transport-https.
The CA verifies the certificate request and your identity, and then sends back a certificate for your secure server. Alternatively, you can create your own self-signed certificate. Note that self-signed certificates should not be used in most production environments.
Wget is a free GNU command-line utility tool used to download files from the internet. It retrieves files using HTTP, HTTPS, and FTP protocols. It serves as a tool to sustain unstable and slow network connections.
Git is a free and open-source version control system used to handle small to very large projects efficiently. Git is used to tracking changes in the source code, enabling multiple developers to work together on non-linear development. Linus Torvalds created Git in 2005 for the development of the Linux kernel.
GnuPG stands for GNU Privacy Guard. GnuPG is an open implementation of OpenPGP ( Pretty Good Privacy ) standard as defined in RFC 4880. In this article we will cover the installation and the basics of generating keys using gnupg.
software-properties-common facilitates to manage the repositories that you install software from (common) It provides an abstraction of the used apt repositories. It allows you to easily manage your distribution and independent software vendor software sources.
The Network Time Protocol (NTP) is a protocol used to synchronize computer system clock automatically over a networks. The machine can have the system clock use Coordinated Universal Time (UTC) rather than local time.
gdebi lets you install local deb packages resolving and installing its dependencies. apt does the same, but only for remote (http, ftp) located packages. It can also resolve build-depends of debian/control files.
The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code.
The sudo command allows you to run programs with the security privileges of another user (by default, as the superuser). It prompts you for your personal password and confirms your request to execute a command by checking a file, called sudoers , which the system administrator configures.
cURL, which stands for client URL, is a command line tool that developers use to transfer data to and from a server. At the most fundamental, cURL lets you talk to a server by specifying the location (in the form of a URL) and the data you want to send.
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the jailkit utilities that doing so ‘by hand’.
unzip lists, tests, or extracts files from archives of the zip format, which are most commonly found on MS-DOS and Windows systems. The default behavior (with no options) is to extract into the current directory (and possibly the subdirectories below it) all files from the specified zip archive.
bzip2 command in Linux is used to compress and decompress the files i.e. it helps in binding the files into a single file which takes less storage space as the original file use to take. It has a slower decompression time and higher memory use.
Archiver for .arj files. A file with the ARJ file extension is an ARJ Compressed file. Like most archive file types, they’re used to store and compress multiple files and folders into one easily manageable file.
nomarch lists, extracts, or tests ‘.arc’ archives. (An alternate extension sometimes used was ‘.ark’; these work too.)
Lzop is a file compressor which is very similar to gzip. Lzop uses the LZO data compression library for compression services, and its main advantages over gzip are much higher compression and decompression speed (at the cost of some compression ratio).
lzip is a free, command-line tool for the compression of data; it employs the Lempel–Ziv–Markov chain algorithm (LZMA) with a user interface that is familiar to users of usual Unix compression tools, such as gzip and bzip2.
cabextract is a program that un-archives files in the Microsoft cabinet file format (. cab) or any binary file which contains an embedded cabinet file (frequently found in .exe files). cabextract will extract all files from all cabinet files specified on the command line.
p7zip is the Unix command-line port of 7-Zip, a file archiver that handles the 7z format which features very high compression ratios. p7zip-full provides utilities to pack and unpack 7z archives within a shell or using a GUI (such as Ark, File Roller or Nautilus).
The unrar command is used to extract, list, or test archive files only. It has no option for creating RAR files under Linux.
LRZIP is a file compression program designed to do particularly well on very large files containing long distance redundancy. lrztar is a wrapper for LRZIP to simplify compression and decompression of directories.
apt-listchanges is a tool to show what has been changed in a new version of a Debian package, as compared to the version currently installed on the system. It does this by extracting the relevant entries from both the NEWS.
The perl-ldap distribution is a collection of perl modules which provide an object orientated interface to LDAP servers.
SASL is a generic mechanism for authentication used by several network protocols. Authen::SASL provides an implementation framework that all protocols should be able to share.
A daemon (usually pronounced as: day-mon , but sometimes pronounced as to rhyme with diamond ) is a program with a unique purpose. They are utility programs that run silently in the background to monitor and take care of certain subsystems to ensure that the operating system runs properly.
The IO::String module provide the IO::File interface for in-core strings. An IO::String object can be attached to a string, and will make it possible to use the normal file operations for reading or writing data, as well as seeking to various locations of the string. The main reason you might want to do this, is if you have some other library module that only provide an interface to file handles, and you want to keep all the stuff in memory.
Package libio-socket-ssl-perl in sid. This module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client.
Package: libnet-ident-perl is a Perl module to lookup the username on the remote end of a TCP/IP connection. Net::Ident is a Perl module implementing the RFC1413 Identification Protocol, also known as “ident”. It provides both a simple interface for doing one ident lookup at a time, and an asynchronous interface to perform (possibly) many simultaneous lookups, or simply continue serving other things while the lookup is proceeding.
The zip command is a command-line tool in Linux that allows us to create an archive of files and directories. Besides that, it also provides a multitude of functionalities for manipulating an archive.
Package: libnet-dns-perl performs DNS queries from a Perl script.
Binary package libdbd-mysql-perl is a Perl5 database interface to the MySQL database. DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming language and the MySQL programming API that comes with the MySQL relational database management system.
It facilitates to manage the repositories that you install software from (common) It provides an abstraction of the used apt repositories. It allows you to easily manage your distribution and independent software vendor software sources.
The purpose of resolv. conf is to provide a list of global DNS service for our client to query when resolving DNS names. The format of the file is fairly simple.
xz is a new general-purpose, command line data compression utility, similar to gzip and bzip2. It can be used to compress or decompress a file according to the selected operation mode. It supports various formats to compress or decompress files.
RAR is a proprietary archive file format that supports data compression, error correction and file spanning. It was developed in 1993 by Russian software engineer Eugene Roshal and the software is licensed by win. rar GmbH. The name RAR stands for Roshal Archive.
Redis is a high-performance, NoSQL key-value database typically used for caching data to scale high-traffic websites. It is an open source software component licensed under the Three Clause BSD License.
The lsb-release command is a simple tool to help identify the Linux distribution being used and its compliance with the Linux Standard Base. LSB conformance will not be reported unless the required metapackages are installed.
The Net-tools package is a collection of programs for controlling the network subsystem of the Linux kernel.
Lets make sure we have the software apps and packages listed above installed and ready when needed:
apt-get install -y ssh openssh-server openssl nano vim-nox apt-transport-https ca-certificates wget git gnupg software-properties-common ntp gdebi binutils sudo curl jailkit unzip bzip2 arj nomarch lzop lzip cabextract p7zip p7zip-full unrar unrar-free lrzip apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl software-properties-common resolvconf xz-utils rar redis-server lsb-release net-tools
0.13 Reboot Your Computer
If you made any changes to your computer’s hostname or hosts file then you should reboot your computer now. You should also reboot your computer if any files were updated a few steps ago or additional firmware software was just installed. It’s best to just reboot at this point of the tutorial, if for any reason, you may learn how! To reboot your computer:
0.14 Confirm Superuser ‘root’ Has Access
Once your computer reboots and you get to the login screen, log back in to the computer from here on in as the superuser ‘root’ until you complete this tutorial. After the tutorial is completed I recommend that you use the administrator account to log in. Server maintenance to check system logs and maintain your web hosting server is the only time you want to use superuser ‘root’.
0.15 Confirm Suspending And Hibernation Is Disabled
Once you’ve logged back in as superuser ‘root’, use this command to confirm that the computer’s sleeping, suspending and hibernation modes are disabled:
systemctl status sleep.target suspend.target hibernate.target hybrid-sleep.target
Your output should look like this:
root@server:~# systemctl status sleep.target suspend.target
hibernate.target hybrid-sleep.target ? sleep.target Loaded: masked (Reason: Unit sleep.target is masked.) Active: inactive (dead) ? suspend.target Loaded: masked (Reason: Unit suspend.target is masked.) Active: inactive (dead) ? hibernate.target Loaded: masked (Reason: Unit hibernate.target is masked.) Active: inactive (dead) ? hybrid-sleep.target Loaded: masked (Reason: Unit hybrid-sleep.target is masked.) Active: inactive (dead) root@server:~#
0.16 Install acme.sh As Let’s Encrypt Client
ISPConfig is using acme.sh now as Let’s Encrypt client. Install acme.sh using the following command:
curl https://get.acme.sh | sh -s
0.17 Install And Configure Quota
A Quota is a built-in feature of the Linux kernel that is used to set a limit of how much disk space a user or a group can use. It is also used to limit the maximum number of files a user or a group can create on Linux.
Use this command to confirm or install quota:
apt-get install -y quota quotatool
Edit /etc/fstab. Mine looks like this (I added “,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0” to the partition with the mount point /var):
# /etc/fstab: static file system information.
# Use ‘blkid’ to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run ‘systemctl daemon-reload’ after making changes here.
/dev/mapper/server–vg1-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=c9401a67-b523-4023-8d38-8b935789641e /boot ext4 defaults >
/dev/mapper/server–vg1-home /home ext4 defaults 0 2
/dev/mapper/server–vg1-tmp /tmp ext4 defaults 0 2
/dev/mapper/server–vg2-var /var ext4 defaults,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 2
/dev/mapper/server–vg1-swap_1 none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
Then Close and Save the file.
To enable quota, run these commands:
mount -o remount /var
You may see output similar to this:
root@server:~# mount -o remount /var root@server:~# quotacheck -avugm quotacheck: Your kernel probably supports ext4 quota feature but you are using
external quota files. Please switch your filesystem to use ext4 quota feature
as external quota files on ext4 are deprecated. quotacheck: Scanning /dev/mapper/server–vg2-var [/var] done quotacheck: Cannot stat old user quota file /var/quota.user: No such file or
directory. Usage will not be subtracted. quotacheck: Cannot stat old group quota file /var/quota.group: No such file or
directory. Usage will not be subtracted. quotacheck: Cannot stat old user quota file /var/quota.user: No such file or
directory. Usage will not be subtracted. quotacheck: Cannot stat old group quota file /var/quota.group: No such file or
directory. Usage will not be subtracted. quotacheck: Checked 506 directories and 13801 files quotacheck: Old file not found. quotacheck: Old file not found. root@server:~# quotaon -avug quotaon: Your kernel probably supports ext4 quota feature but you are using external
quota files. Please switch your filesystem to use ext4 quota feature as external
quota files on ext4 are deprecated. /dev/mapper/server–vg2-var [/var]: group quotas turned on /dev/mapper/server–vg2-var [/var]: user quotas turned on root@server:~#
0.18 Install Pure-FTPd
Pure-FTPd supports external authentication modules, and writing a new backend can be as simple as a few lines of shell script. Pure-FTPd supports a virtual quota system : accounts can have individual quota (max number of files, max total size) even when they share the same system uid.
Install Pure-FTPd to configure FTP server to transfer files. Use this command to install Pure-FTPd:
apt-get install -y pure-ftpd-common pure-ftpd-mysql
Configure Pure-FTPd to use SSL/TLS.
Create self-signed certificates.
However. if you use valid certificates like from Let’s Encrypt or others, you don’t need to create this one.
mkdir -p /etc/ssl/private/
Create the self signed certificate with this command:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Output should look similar to this:
root@server:~# mkdir -p /etc/ssl/private/ root@server:~# openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem Generating a RSA private key ...........................................................................+++++ ................................+++++ writing new private key to '/etc/ssl/private/pure-ftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US <-- Hit Enter State or Province Name (full name) [Some-State]:Some-State <-- Hit Enter Locality Name (eg, city) :Some-City <-- Hit Enter Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyDomain.com <-- Hit Enter Organizational Unit Name (eg, section) :MyDomain.com File Server <-- Hit Enter Common Name (e.g. server FQDN or YOUR name) :mydomain.com <-- Hit Enter Email Address :email@example.com <-- Hit Enter root@server:~#
Change the permissions of the SSL certificate:
chmod 600 /etc/ssl/private/pure-ftpd.pem
echo 1 > /etc/pure-ftpd/conf/TLS
Now restart Pure-FTPd:
systemctl restart pure-ftpd-mysql
Confirm Pure-FTPd is working by connecting to your computer remotely using another device.
0.19 Install BIND DNS Server
BIND is a nameserver service responsible for performing domain-name-to-IP conversion on Linux-based DNS servers. The BIND package provides the named service. It reads the configuration from the /etc/named and /etc/named. conf files.
The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers.
Package: dnsutils – This package delivers various client programs related to DNS that are derived from the BIND source tree.
apt-get install -y bind9 dnsutils haveged
0.20 Install GoAccess and AWStats
GoAccess is an open-source real-time web log analyzer and interactive viewer that runs in a terminal and on web browsers in Linux/Unix systems.
AWStats (Advanced Web Statistics) is a freely available analytics tool that is used to generate web/FTP/mail statistics by analyzing the available logs in a server. AWStats produces outputs in the form of an easily readable graphical format. This can easily be installed on a Linux-based server.
apt-get install -y awstats geoip-database libclass-dbi-mysql-perl libtimedate-perl goaccess awffull
Open /etc/cron.d/awstats afterwards…
… and comment out everything in that file using ‘#‘:
[…] #MAILTO=root #*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/> # Generate static reports: #10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/sh> […]
Then Close and Save the file.
Now that you have the superuser ‘root’ enabled for local and remote access, computer hibernation and suspension disabled, your Package Manager set up properly and your computer’s hostname and domain determined we will start to the software to turn your computer into a web site hosting server.