I recently setup a few LAMP servers on the RackSpace Cloud and thought I would write a post to document the process. I needed separate servers for a couple different projects and wanted to be able to quickly setup new LAMP servers in the future with their imaging system so I don’t have to repete this process again for future servers. I looked around and found the RackSpace Cloud Server which seem fairly economical, you can start at around $11/mo per server and scale from there whereas with Amazon EC2 your starting cost is about $72/month albeit for a more powerful server (small instance plus S3 storage).

Quick Breakdown of what needs to be done to get your server up and running:

  1. Setup a RackSpace Cloud Account and create your Ubuntu Cloud Server
  2. Setup an account with SSH for Remote Access and sudo permission
  3. Update/Upgrade Server Packages using Aptitude
  4. Install/Setup LAMP Stack and Email
  5. Secure Server with a Firewall
  6. Create Server Image

1) Setup a RackSpace Cloud Account and create your Ubuntu Cloud Server

Setup a RackSpace Cloud Account. To setup your Rackspace account go to https://signup.rackspacecloud.com/signup and create your account, pretty straight forward. RackSpace will call you to confirm your account. (If you find this article useful, consider signing up for your Rackspace Account with this link).

Create your Ubuntu Cloud server. Again, nothing complicated here, once you get into your account just click “Hosting” then “Cloud Servers”.

Cloud Server

You can then add a new server, select Ubuntu 10.10 (or which ever server variant you want to setup).

Ubuntu 10.10

Give the server a name (this is what the server’s hostname will be) and choose the server size (RAM 256MB / DISK 10GB, RAM 512MB / DISK 20GB, etc…) which will determine the hourly rate you pay, the RAM, total disk space and CPU of the server. I would probably just choose a 256MB/10GB size while you setup the server as you won’t need anything more than that for the setup, you can also resize the server at a later time (requires a restart and the resize is queued). The setup of the server takes less than 5 minutes and once it is done you will receive an email with your root account.

2) Setup an account with SSH for Remote Access and sudo permission

Now that you have your server running you are given this sleek looking and easy to use dashboard.

RackSpace Server Dashboard

Load up your favourite SSH client (putty on Windows or Terminal on Mac) and login using your root account, you can also do this from the console from the dashboard but I didn’t find easy to use. You might want to reset your password, type

passwd

and follow the prompts. Next you will want to setup a new user account type

adduser username

and follow the prompts. Once your done you will probably want to add your user account to the sudogroup, type

adduser username sudo

and this will add the user to the sudo group allowing that account to use the sudo command. I always like to login using my account and not the root account, so log off and back on as the new user you just created.

3) Update/Upgrade Server Packages using Aptitude

Now that you are logged in as your own user from a SSH terminal I would start updating the server to ensure all your packages are up to date. This is just good practice before you install anything on your system, make sure it is the latest release. To do this run these commands

sudo aptitude update

sudo aptitude upgrade

This should take a while, it will download and upgrade all the packages on the system. Apparently on average it takes less than 8 minutes for a computer connected to the internet to be infected if it doesn’t have the latest updates.

4) Install/Setup LAMP Stack and Email

Okay, now we start to actually setup the server for what it was meant to do. The simplest way to get this done is to use the tasksel to install the lamp-server, I like simplicity so I gonna do it this way but if you feel like you install the individual packages. If you don’t know what you are installing I would recommend reading what packages are installed.

To install the LAMP server role, type:

sudo tasksel install lamp-server

This will guide you through the installation, enter a MySQL root password and don’t forget it. Next we want to secure your MySQL installation, type:

mysql_secure_installation

Next, we should configure apache with a FQDN (Fully Qualified Domain Name) otherwise apache will complain.

 echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn

Okay, now we want to be able to access and manage your MySQL databases so we are gonna install phpmyadmin:

sudo apt-get install phpmyadmin

Once phpmyadmin is installed you should restart apache to ensure all the settings are loaded and your installation is up running:

sudo apachectl restart

At this point you can access phpmyadmin by going to http://SERVER_IP/phpmyadmin and you can confirm apache is running by going to http://SERVER_IP/ which should show you a “It works!” page.

Preparing your Ubuntu Cloud Server to Send Emails

The next step is to get email working on the server which I found to be quite a problem for some on the forums. I think this is because sendmail doesn’t work that great on Ubuntu and sendmail can be a pain if you don’t configure it correctly. I use to setup FreeBSD servers and used sendmail by itself but since I moved to Ubuntu I’ve started to use postfix for sending email, which I found to be much easier to setup and administer. Basically, my recommendation is use POSTFIX not sendmail for Ubuntu servers.

At this point we will need to setup a FQDN for the server as this is important for sending emails. To do this you need a registered domain name (e.g. symana.com), I like to use the hostname of the server plus the domain name so your FQDN would be in this format: hostname.domainname.com. You will need to setup DNS Host(A) record for this server on a publicly available DNS server, your domain register usually provides this free of charge.

Once that is done you can start configuring your server’s hostname. To determine what your server’s current host name is, type:

hostname -f

This should output the name you entered when you setup the server, mine was kundera. Next you tell the server what your new hostname will be, to do this edit the /etc/hostname file:

sudo nano /etc/hostname

And replace your hostname with your FQDN for this server (e.g. hostname is replaced with hostname.domainname.com). Next, you should edit your /etc/hosts file so the server resolves your servers FQDN to your localhost. To do this, edit the /etc/hosts file and replace hostname with hostname.domainname.com:

sudo nano /etc/hosts

Mine, had a line with “127.0.0.1 hostname” and I replaced it with “127.0.0.1 hostname.domainname.com”. You should now setup a reverse DNS record which is extremely important in ensuring your email is not marked as spam by receiving servers. You should also setup an SPF record which will also help with getting through the spam filters.

You should now reboot your server to ensure these settings take effect.

sudo reboot

If you are struggling to get through on preparing your server for email please reference the RackSpace Cloud Servers KB Article which covers the process in more depth.

Installing and Configuring Postfix to Send Email

Okay, we are now ready to install Postfix to give our server the ability to send email (not to receive email), specifically for the use of the php mail() function. To do this we will want to install the mailutils package and the postfix package. To do this type:

sudo apt-get install postfix mailutils

During the installation of postfix it will ask you for some input, setup your server as an “Internet Site” and enter your FQDN (e.g. hostname.domainname.com) we configure earlier when prompted.

Some guides will instruct you to install telnet as well but unless you plan to receive email there is no reason to do this. Remember, this is about setting up a server to send email using the php mail function not receive email. I don’t recommend managing email on your own server these days as it is a very complicated and time consuming service to maintain, instead I would just recommend going with one of the main hosted options for a minimal fee or free (Google Apps, Hosted MS Exchange, etc..).

For reference here are two articles on setting up postfix if you want to learn more:

Once you have postfix installed, you will want to test that you can send emails. At the terminal, type:

echo "hello world, my email works!" | sendmail -v email@domainname.com

This will send an email with the subject that was echoed. Assuming that this worked you can now move on to securing your server.

5) Secure Server with a Firewall

Setting up a firewall could be the first step of this tutorial but I like to have the services setup so I can test them and then worry about firewall rules. It creates more complications if you need to troubleshoot firewall rules while setting up internet services. Also, setting up a firewall is not the only security measure you should take, I plan to write a more in depth article on how to secure your server a later date.

To start you need to review what services you want available to the public, for me this was HTTP, HTTPS and SSH. Everything else I could do without. I believe this is a common misconception that to send emails you need to have the SMTP port open for incoming requests, this is not the case and you should open port 25 unless you plan to receive emails on your server. Ubuntu has a great article on how to setup IPTables as a firewall that I used as a reference. For our project we need a handful of rules, type at the command prompt

To allow established connections to continue to function:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

To allow SSH Traffic

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

To allow HTTP traffic

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

To allow HTTPS traffic

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Drop all remaining traffic

iptables -A INPUT -j DROP

Optional, you can log dropped packets to syslog

 iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Now we need to save the rules to a file

sudo iptables-save > /etc/iptables.rules

Okay, so we aren’t done yet. We need to apply the firewall rules to our network card that is configured with our public IP address (for me this started with 184.x.x.x, it definitely is not the 10.x.x.x IP which is your private IP). For me I added one line to load the iptable.rules file when the NIC is loaded in the /etc/network/interfaces file. In the terminal type:

sudo nano /etc/network/interfaces

Now that you are editing the file, go to your network card configuration with the public IP and add:

pre-up iptables-restore < /etc/iptables.rules

This should go right below the line “iface eth0 inet static” and it should be indented like the other lines. IMPORTANT NOTE: This should be redone as well as the hosthame configuration for each new server you setup from this image.

Now to ensure everything is loaded correctly from the configuration files preform a reboot (soft reboot).

6) Create Server Image

Now that your server is setup and fully configured you should first confirm everything is functioning correctly and then you should create a server image and save it to cloud files so you can use this as a “base” or “gold” image for future servers. This will save you from going through this process for each new server you want to setup and is really powerful if you want to setup multiple LAMP servers. Just remember you will need to go through the Firewall and hostname configuration for each new server but this will image should save you a lot of time.

To create a image, go to the “images” tab for your server, create a “new on-demand image” and move it to your cloud files. When ever you want to setup a new server and use this image just select it from the “My Images” tab when setting up the server. This process is also excellent for quickly setting up a development or staging server.

Please feel free to leave any comments or feedback on this post.

References:

To setup the server I used a couple of different articles but found these two quite useful resources: