Over the past week or so, I’ve been setting up the SACM server in P 111 (the server you are on right now!) For the record, here’s what I did to get it up and running. This doesn’t include making the server accessible via http://sacm.uwec.edu – that was done by the UWEC network administrators.
- First, I installed Debian (squeeze). I used the mini.iso image, which contains only the installer and downloads all the other system components. I just installed the standard system components. There’s no GUI on the server, but it would be possible to add one.
- Next I installed the server software using the package manager “aptitude”:
- SSH server, for remote console access and file transfer (openssh-server). I use the Windows clients PuTTY and WinSCP to access the server.
- MySQL, which is used by WordPress (mysql-server, mysql-client)
- Apache and PHP (apache2, php5, php5-mysql, libapache2-mod-php5)
- phpMyAdmin, for adding the WordPress user/database (phpmyadmin)
- The next step was to install WordPress. Debian has a wordpress package, but it’s designed for multiple servers – to make the setup easier, I just downloaded the WordPress .zip file from http://www.wordpress.org and unzipped it to /var/www/wordpress. (/var/www is where the website is stored. I also needed to install “unzip” before I did this!)
- I used phpMyAdmin (which runs in a web browser), logged in as the mySQL root user (I made a password for this root user when I installed mysql-server), and added a user with a certain password. I also checked the box: “Create database with same name and grant all privileges”. This username, password and database name I put into WordPress’s wp-config.php.
- Once that was done, I could access WordPress from http://sacm.uwec.edu/wordpress. The first time I went to the site, it gave me a one-page setup menu which I filled out to create a username and password.
- The last thing I did outside of wordpress was using “iptables” to set up a firewall. Basically, I blocked SSH for everybody except the computer itself (127.0.0.x) and computers within the UWEC network (137.28.x.x). I accomplished this by adding three lines to /etc/rc.local:
iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range 0.0.0.0-184.108.40.206 -j DROP iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range 127.0.1.0-220.127.116.11 -j DROP iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range 18.104.22.168-255.255.255.255 -j DROP
These commands run on boot (like AUTOEXEC.BAT in DOS). The iptables commands just tell iptables to block incoming packets on port 22 for IP addresses from 0.0.0.0 through 22.214.171.124, 127.0.1.0 through 126.96.36.199, and 188.8.131.52 through 255.255.255.255. The end result is that SSH works from 127.0.0.0 through 127.0.0.255 (localhost) and 184.108.40.206 through 220.127.116.11 (UWEC network).