If you read my previous posts about development of personal site you probably already guessed that I have installed gentoo linux on my VPS.

Gentoo is my favorite linux distribution over there. I am using it already for 3 years at home, for almost 1 year at work and for 2 months at VPS server :) and not going to change it. Before I have found gentoo I tried RedHat, now I am administrating Debian and RHEL servers at my work, but I’ve never feel enough comfortable with these distributions. I am not sure what are the real reasons for it, probably this is because of lack of knowledge and practical experience with particular distribution or may be I just do not like them and has mental barrier that prevents me to use them efficiently. But anyway I have chosen gentoo and want to describe some details about what software and why I have installed.

Because VPS memory (64Mb RAM + 128Mb swap =198Mb total), CPU and hard drive (3Gb) resources are quite limited at first I doubted that they are enough for source-based linux distribution where you need to compile every single package from sources and also keep a lot of development files (in /usr/include) that are not usually necessary for binary distributions. But it turned out that it is more than enough. Upgrading all packages (including glib and gcc) to the most recent versions and installing all necessary software is a matter of several hours. Additionally I’ve performed some configuration and was able to decrease disk usage. Here are some tips:

• add nodoc, noman, noinfo to your FEATURES in /etc/make.conf (man make.conf for more details)
• make sure that you have configured RSYNC_EXCLUDEFROM (Diverting from the Official Tree). You certainly don’t need ebuilds in such categories like x11-base or kde-base on your server and you can safely remove all such ebuilds from your PORTDIR
• do not allow make to execute several commands simultaneously: MAKEOPTS=”-j1”

While portage tool itself is very convenient it still lacks some helpful functionality. Fortunately there are some tools that fill this gap: gentoolkit and flagedit. I would recommend every gentoo user to install these packages and learn how to use them.

Every site need HTTP server. I have chosen apache, mainly because I want to be able to access my subversion repositories via HTTPS. Another good HTTP server is lighttpd .

Though mail server is not really necessary it is very convenient to have it. I have installed postfix. It is quite simple to configure (it is very good tutorial in gentoo wiki) and has all necessary features that I need out of the box. BTW if you have VPS you can have very cool email address, like yourname@step-inside.org. but I decided that my mailbox at gmail is enough for me and also I don’t want to fight with spam, so postfix is used only for local mail.

Everybody likes statistics. So do I. I have chosen awstats package. I recommend to install Geo-IP package and enable geoip plugin for awstats: you will see what countries your visitors come from. It was necessary to tune apache configuration slightly so awstats can understand its logs: CustomLog logs/access_log combined.

You most probably want to install logrotate , if you don’t want to find out that log files have eaten all your free disk space.

It is very important (and sometimes interesting) to know what your server is doing all those long and boring days and nights when it doesn’t server content of your site. I recommend to use logwatch for this purpose. It will check your log files every day and send summary report to your mail with description what happened. It requires some tuning after installation, particularly I have changed log directory for apache (in /etc/log.d/conf/logfiles/http.conf), and specified that cron and postfix do not use log files and instead rely on syslog service, so logs of these tools should be extracted from /var/log/messages file (in /etc/log.d/conf/services/cron.conf and /etc/log.d/conf/services/postfix.conf). After these changes still some tuning is necessary, but I haven’t figured out what exactly. Probably I will blog about it in future entries.

I was amazed that there were so much breaking attempts: dictionary attacks by SSH happen every day, when I installed apache I immediately started to receive a lot of requests for such URLs like:

/articles/mambo/index2.php?_REQUEST[option ... cho%20YYY;echo|
/blog/xmlrpc.php
/blogs/xmlsrv/xmlrpc.php
/cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|
/drupal/xmlrpc.php
/index.php?option=com_content&do_pdf=1&id= ... cho%20YYY;echo|
/index2.php?option=com_content&do_pdf=1&id ... cho%20YYY;echo|
/mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|
/phpgroupware/xmlrpc.php
/xmlrpc.php

This brings another important issue: security. Gentoo developers pays a lot attention to it. So I have scheduled emerge sync and receive email with warning if my system is affected by any GLSA . Also I have disabled root logins via SSH (Tip: do not forget to add your main user to wheel group before doing it).

Other software packages that I have installed (and you can also find them useful):

• mod_python
• trac
• subversion
• setuptools

Posted by on March 30, 2006  |  development, gentoo, linux, web

Comments