Slackware Server Setup Checklist

  1. add to /etc/ntp.conf:
    	server 0.north-america.pool.ntp.org
	server 1.north-america.pool.ntp.org
	server 2.north-america.pool.ntp.org
	server 3.north-america.pool.ntp.org

	restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
  2. Setup Samba
    1. useradd -M -N -g users -s /bin/false <username>
    2. smbpasswd -a <username>
  3. Setup Apache
    1. Edit /etc/httpd/httpd.conf to match desired configuration.
      • Uncomment mod_ssl
      • Fill in ServerAdmin and ServerName
    2. Create a self-signed certificate (source/cached)
      1. Generate a Private Key:
        openssl genrsa -des3 -out server.key 1024
      2. Generate a CSR (Certificate Signing Request):
        openssl req -new -key server.key -out server.csr
      3. Remove Passphrase from Key:
        cp server.key server.key.org
        openssl rsa -in server.key.org -out server.key
      4. Generate a Self-Signed Certificate: (alternative is to get it signed by a CA)
        openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
      5. Install the Private Key and Certificate:
        cp server.crt /etc/httpd/
        cp server.key /etc/httpd/
        chmod 600 /etc/httpd/server.key         (make sure server.key is owned and readable by root only)
  4. Alternatively, set up Lighttpd:
    1. Install lighttpd.
    2. Create lighttpd group:
      groupadd -g 208 -r lighttpd
    3. Create lighttpd user:
      useradd -M -N -g lighttpd -s /bin/false -r -u 208 lighttpd
    4. Add to /etc/rc.d/rc.local:
      	if [ -x /etc/rc.d/rc.lighttpd ]; then
		/etc/rc.d/rc.lighttpd start
	fi
    5. Add to /etc/rc.d/rc.local_shutdown:
      	if [ -x /etc/rc.d/rc.lighttpd ]; then
		/etc/rc.d/rc.lighttpd stop
	fi
    6. Copy php.ini from /etc/httpd to /etc/lighttpd
    7. chgrp lighttpd /var/lib/php
    8. Create SSL certificate:
      • openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
      • chmod 400 server.pem
    9. Edit /etc/lighttpd/lighttpd.conf:
      • Uncomment mod_rewrite, mod_redirect, mod_access, mod_auth, mod_setenv, and mod_fastcgi.
      • Uncomment the fastcgi.server section:
        	fastcgi.server = (
		".php" => (
			"localhost" => (
				"socket" => "/var/run/lighttpd/php-fastcgi.socket",
				"bin-path" => "/usr/bin/php-cgi -c /etc/lighttpd/php.ini"
				"allow-x-send-file" => "enable"
			)
		)
	)
      • Uncomment the SSL engine section:
        	$SERVER["socket"] == ":443" {
		ssl.engine              = "enable"
		ssl.pemfile             = "server.pem"
		server.document-root    = "/path/to/www/"
		$HTTP["url"] =~ "\.html$" {
			setenv.add-response-header = ( "Cache-Control" => "no-store, no-cache, must-revalidate, post-check=0, pre-check=0" )
			etag.use-inode = "disable"
			etag.use-mtime = "disable"
			etag.use-size = "disable"
		}
		url.rewrite-once = (
			"^/1stdir/(.*)$" => "/1st.php/$1",
			"^/2nddir/(.*)$" => "/2nd.php/$1"
		)
		url.redirect = (
			"^/1stdir$" => "/1stdir/",
			"^/2nddir$" => "/2nddir/"
		)
		auth.require = (
			"/admin/" => (
				"method" => "basic",
				"realm" => "Administrators Only",
				"require" => "user=admin"
			)
		)
	}
      • Uncomment the auth module section:
        	auth.backend               = "plain"
	auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.users"
      • Create /etc/lighttpd/lighttpd.users
        	user:password
  5. Setup MySQL (Refer to Setup and configure MYSQL in Slackware Linux/Cached)
    1. Create my.cnf
    2. mysql_install_db --user=mysql
    3. Start mysqld
    4. mysql_secure_installation
    5. Create SSL Certificate for remote access:
      1. openssl genrsa 2048 > ca-key.pem
      2. openssl req -new -x509 -nodes -days 3600 -key ca-key.pem > ca-cert.pem
      3. openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem > server-req.pem
      4. openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
      5. openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem > client-req.pem
      6. openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
  6. Setup PostgreSQL
    1. su - postgres
    2. psql postgres
    3. CREATE DATABASE <db>;
    4. CREATE USER <user> WITH PASSWORD <password>;
    5. GRANT ALL PRIVILEGES ON DATABASE <db> TO <user>;
  7. Setup phpPgAdmin
    1. Set $conf['servers'][0]['defaultdb'] = 'postgres'; to phpPgAdmin/conf/config.inc.php
  8. Setup PHP:
    • Install PEAR packages:
      • Mail
      • Mail_Mime
      • Net_SMTP
  9. Setup gitolite
    1. Create git user
    2. Download gitolite:
      git clone git://github.com/sitaramc/gitolite
      (Use http if port 9418 is firewalled)
    3. Install gitolite symlink:
      gitolite/install -ln /usr/local/bin
    4. Run gitolite setup:
      • Copy public key for admin user to /tmp/<name>.pub
      • gitolite setup -pk /tmp/<name>.pub
      • Delete /tmp/<name>.pub
    5. Download gitolite admin settings:
      git clone git@<server>:gitolite-admin.git
    6. Create repositories in conf/gitolite.conf.
    7. Commit and push to server.
    8. Import existing repository into new gitolite repository:
      • git clone git@<server>:<repo>.git
      • cd <repo>
      • Create .gitignore containing "*~" to ignore backup files and stage to commit.
      • git commit -m "Initial gitolite repository setup."
      • git remote add -f wip <path to old repo>
      • git merge -s ours wip/<branch>
      • git read-tree --prefix=/ -u wip/<branch>
      • git commit -m "Subtree merge in wip"
    9. Clone repository into client working directory.
    10. Ignore configuration files:
      git update-index --assume-unchanged <file>
    11. Ignore backup files:
      git config --global core.excludesfile ~/.gitignore and create ~/.gitignore:
      	*~
  10. Setup Dovecot
    1. Add dovecot group:
      groupadd -g 202 dovecot
    2. Add dovecot user:
      useradd -d /dev/null -s /bin/false -u 202 -g 202 dovecot
    3. Install Dovecot
    4. Add dovenull group:
      groupadd -g 201 dovenull
    5. Add dovenull user
      useradd -d /dev/null -s /bin/false -u 201 -g 201 dovenull
    6. Add vmail group:
      groupadd -g 500 vmail
    7. Add vmail user
      useradd -d /dev/null -s /bin/false -u 500 -g 500 vmail
    8. Copy mail to maildir
    9. Copy configuration files to /etc/dovecot/
    10. Add to /etc/rc.d/rc.local: 
      	# Start Dovecot mail server:
	if [ -x /etc/rc.d/rc.dovecot ]; then
		. /etc/rc.d/rc.dovecot start
	fi
    11. Add to /etc/rc.d/rc.local_shutdown: 
      	# Stop the Dovecot mail server:
	if [ -x /etc/rc.d/rc.dovecot ]; then
		/etc/rc.d/rc.dovecot stop
	fi
  11. Setup SABnzbd
    1. Extract SABnzbd to /usr/local/src/
    2. Install Cheetah Template Engine
      • Extract cheetah to a temporary directory and cd to it
      • python setup.py build
      • python setup.py install
    3. Install YENC
      • Extract YENC to a temporary directory and cd to it
      • python setup.py build
      • python setup.py install
    4. Install par2cmdline.
    5. Install unrar.
    6. Install pyOpenSSL.
    7. Add to /etc/rc.d/rc.local: 
      	# Start sabnzbd usenet downloader server:
	if [ -x /etc/rc.d/rc.sabnzbd ]; then
		. /etc/rc.d/rc.sabnzbd start
	fi
    8. Add to /etc/rc.d/rc.local_shutdown: 
      	# Stop sabnzbd usenet downloader server:
	if [ -x /etc/rc.d/rc.sabnzbd ]; then
		/etc/rc.d/rc.sabnzbd stop
	fi
    9. Create /etc/rc.d/rc.sabnzbd and give it execute permissions: 
      	#!/bin/sh

	case "$1" in
	start)
		echo "Starting SABnzbd..."
		/usr/bin/sudo -u server -H /usr/local/src/sabnzbd/SABnzbd.py -d -f /home/server/sabnzbd/sabnzbd.ini
	;;
	stop)
		echo "Shutting down SABnzbd."
		/usr/bin/wget -q --delete-after "http://localhost:8080/sabnzbd/api?mode=shutdown&apikey=0314c8531cf082cb1a5f5b634555931a"
	;;
	*)
		echo "Usage: $0 {start|stop}"
		exit 1
		esac

	exit 0