Ubuntu Server Tuning

From Aicip
Jump to: navigation, search

I/O Scheduler


SSH Server

  • show banner: /etc/ssh/sshd_config
 Banner /etc/issue.net
  • allow public key authentication
 PubkeyAuthentication yes
  • generate public/private keypair


Apache Server

  • explicitly give ServerName as 192.168.0.110 for example in /etc/apache2/apache2.conf
  • generate certificate
 openssl genrsa -out server.key 1024
 openssl rsa -in server.key -out server.key.insecure
 openssl req -new -key server.key -out server.csr
 openssl x509 -req -days 999 -in server.csr -signkey server.key -out server.crt
  • install certificate
 sudo cp server.crt /etc/ssl/certs
 sudo cp server.key /etc/ssl/private
  • edit /etc/apache2/ports.conf, disable 80
  # Listen 80
  <IfModule mod_ssl.c>
    Listen 443
  </IfModule>


  • enable SSL loading in Apache
 cd /etc/apache2/mods-enabled
 ln -s ../mods-available/ssl.conf .
 ln -s ../mods-available/ssl.load .

The Ubuntu way of doing this is probably:

 sudo a2enmod ssl
  • Configure SSL in /etc/apache2/site-enabled/ssl, which is a symbolic link to site-available/ssl
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
  • restart apache
  • Testing
openssl s_client -connect localhost:443
GET / HTTP/1.0

Subversion

  • install: subversion, libapache2-svn
  • create /opt/svn and /opt/svn/repos, make this directory's owner to be www-data
  • su to www-data, and create initial repository
 svnadmin create /opt/svn/repos/hqi 
  • add "svn.conf" to /etc/apache2/conf.d, for example:
<Location /svn/hqi>
        DAV     svn
        SVNPath /opt/svn/repos/hqi
</Location>

At this point, SVN is ready to use without authentication.

  • create password file
touch /etc/subversion/passwd
htpasswd -c /etc/subversion/passwd hqi

Setup Printer

  • install cupsys and cupsys-driver-gutenprint
  • setup /etc/cups/cupsd.conf so that you can access the web admin interface, which is located at localhost:631
SystemGroup lpadmin
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL 
BrowseAddress @LOCAL
DefaultAuthType Basic
<Location />
  # Allow shared printing and remote administration...
  Order allow,deny
  Allow all
</Location>
<Location /admin>
  # Allow remote administration...
  Order allow,deny
  Allow all
</Location>
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  # Allow remote access to the configuration files...
  Order allow,deny
  Allow all
</Location>


  • Once you have web admin up and running, the rest is relatively easy. Add printer, to see what is available:
 lpinfo -v

is very helpful, it lists all supported stutff

  • Follow the the guide to add printer, use for example
 direct usb://Samsung/ML-1450
  • After adding the printer, make sure that you can print test page locally.
  • To add this one to Mac client is a bit tricky. Mac has its own CUPS server. Here is what you do: go to http://127.0.0.1:631. This should work.
  • For Samsung ML-1450, Mac doesn't have its driver, so you should go the Samsung's site and download then install its driver first.
  • Then you can follow web admin interface and add this printer, the Samsung ML-1450 should show up on the printer list. When you are asked for address, you should provide one indicated by your local (ubuntu server)'s IPP address:
 ipp://192.168.0.110:631/printers/Samsung-1450

MediaWiki

The general reference can be looked at: http://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Ubuntu

This section talks more about the migration steps.

  • backup database, and a few import directories.
  • download latest wiki distribution, get it installed anyway. Keep "wikiuser", "wikidb" name.
  • then fix the database part:
 mysql -u root -p < wikidb.sql
  • change "wikiuser" password (if desired)
 mysql -u wikiuser -p
 set password for wikiuser@localhost=PASSWORD("new password");
  • give wikiuser full privileges
 mysql -u root -p
 grant create, drop, delete, update, alter, lock tables on wikidb.* to 'wikiuser'@'localhost';


  • since this is an update, we need to fix database schema. You need to have root/admin access to mysql. Change the settings in AdminSetting.php
 cp AdminSetting.sample AdminSetting.php
  • Then run the update script in command line (for this, you need to install php5-cli package)
 cd maintainence
 php -f update.php
  • Setup xcache: it is very slow to run mediawiki without cache. you can install "php5-xcache" on ubuntu. But out of box, xcache doesn't work, IMO very stupid. You need to change configuration /etc/php5/conf.d/xcache.ini
 ; same as aboves but for variable cache
 xcache.var_size  =            64M
 xcache.var_count =            4 
 xcache.var_slots =            8K

The number is ad-hoc, it wasn't explained in the configuration file. There maybe more tuning you can do.

  • backup wiki data: see admin/backup_panda_wiki.sh for more details.

References

Subversion

http://svnbook.red-bean.com/en/1.0/ch06s04.html
https://help.ubuntu.com/8.04/serverguide/C/subversion.html

  • Then print test page, everything should be OK.