# How to do the following...



## TeenLinux (Jan 11, 2016)

Hello everyone! I am somewhat new to Linux, I used it for about a year and owned multiple VPS's, however, most of the things I did with it were able to be done via control panels and setup scripts therefore I did not learn much... My Linux distro of choice is CentOS, and I am currently running CentOS 6 32bit Minimal for my small VPS. I would like to set up LightHTTPD (or Nginx as a last option) as I do not have a lot of system resources, and it is extremely lightweight and offers noticeable speed improvements. I will also need to install MySQL as I am going to be hosting multiple websites, mainly small forums... I have followed many tutorials online (countless hours of trial and error...) and I am still unable to get it set up. I would also like some help setting up a good Fail2Ban configuration, to monitor a manual port (as I changed the SSH port from 22 to something else). I will also need a mail server set up. Thanks in advance!


----------



## ChrisM (Jan 11, 2016)

How much RAM & Hard Drive space do you have to work with?


----------



## TeenLinux (Jan 11, 2016)

KnownHost-ChrisM said:


> How much RAM & Hard Drive space do you have to work with?



I have a 128MB RAM and 12GB SSD VPS which is where I got the "mini VPS" statement from. However, I realized that I will need more resources for what I intend to do, which is eventually run some game servers and teamspeak servers along with an online radio. I have an "VPS SSD 1" plan from OVH which includes 1 vCore @ 2.4GHz, 2GB of RAM and 10GB SSD. Space isn't an issue for me as what I intend to do won't use anymore than 1-2GB.


----------



## wlanboy (Jan 12, 2016)

TeenLinux said:


> Hello everyone! I am somewhat new to Linux, I used it for about a year and owned multiple VPS's, however, most of the things I did with it were able to be done via control panels and setup scripts therefore I did not learn much... My Linux distro of choice is CentOS, and I am currently running CentOS 6 32bit Minimal for my small VPS. I would like to set up LightHTTPD.



I will start to port my tutorials to CentOS - first start will be Lighttpd + PHP.


----------



## TeenLinux (Jan 12, 2016)

wlanboy said:


> I will start to port my tutorials to CentOS - first start will be Lighttpd + PHP.



Thank you very much, as I am a big fan of your reviews and tutorials. Also, do you mind making a tutorial on how to preform basic security hardening? I know to move SSH from port 22 to another number is a good idea, and will lessen the chance of being bruteforced greatly, however I would like to know how to stop port scanning scripts from pruning my server.


----------



## ikoula (Jan 12, 2016)

Hello,


You could install fail2ban it will automatically generate firewall rules to blacklist ip who tried too much times (user defined) to access your server.


----------



## drmike (Jan 12, 2016)

Mail server isn't low resources normally... not simple to install nor to keep healthy.


Lighty and Nginx are very approachable first steps in DIY install config world.  MySQL or better, MariaDB is pedestrian self install via whatever install method your OS offers. 


I encourage you to use search here and elsewhere to find tutorials and give things a try.  It will take time to perfect your installs and configurations.  Document it and repeat.  Ideally your documentation works for years to come.


----------



## graeme (Jan 13, 2016)

Have disallowed root logins over ssh? Some people advocate ssh key logins for security, but make sure private keys require a pass phrase to unlock because of the risk of someone stealing the keys from your PC.

If you want to learn Linux, run it on your desktop as well, preferably the same distro you use on servers or a closely related on and force yourself to do as much as possible on the command line.

I am not sure you should rule out Apache - event MPM is pretty efficient and it is very well documented and flexible. I find Lighty easy to configure as well.


----------



## graeme (Jan 13, 2016)

@drmike just how much work is running a mail server? Web servers can pretty much be configured and then only touched when you change something. I assume mail servers need more than that? I am thinking of setting one up, but it would need to handle multiple domains and dozens of users (no mailing lists of anything, just normal business and personal email addresses).


----------



## drmike (Jan 13, 2016)

graeme said:


> @drmike just how much work is running a mail server? Web servers can pretty much be configured and then only touched when you change something. I assume mail servers need more than that? I am thinking of setting one up, but it would need to handle multiple domains and dozens of users (no mailing lists of anything, just normal business and personal email addresses).



Very big pain.


There are some "easy" to use scripts and howtos... but too many moving parts, too much that can and will break... Too many issues with lists and crypto.


It can be done on a 1GB VPS instance for something like your minimal needs.  Getting it to work and continue working is the challenge.


Gmail and others have market share for a reason.  Not that I like or endorse such services.  MxRoute is a cheap service lots of folks seem to like ran by @jarland.  cPanel does email and may cover your needs also with a low cost host.  I mention these because usually the route to stick until you have the ungodly bulk of free time to figure out your own email server ins and outs.


----------



## jarland (Jan 13, 2016)

graeme said:


> @drmike just how much work is running a mail server? Web servers can pretty much be configured and then only touched when you change something. I assume mail servers need more than that? I am thinking of setting one up, but it would need to handle multiple domains and dozens of users (no mailing lists of anything, just normal business and personal email addresses).



Quite honestly it can be the most painful thing to run and maintain. Some people don't have much in the way of needs, or get really lucky with an IP range not blocked by major providers (Looking at you, Microsoft & Verizon), but outside of those circumstances.... when delivery is of importance and inbox delivery even more so, running your own mail server will be unbelievably more involved than running a web server. It's literally the reason Mitchell wrote this for our community team:


https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server


As with anything else, the effort is always worth it if you're willing to do it. However, when you're like me and run into two brand new /27s blocked by Microsoft and Verizon, neither will speak to you about it, and customers are beating down your door about it.... you outsource to those who can. It's why MXroute's outgoing email all goes through MailChannels now.


----------



## raindog308 (Jan 13, 2016)

jarland said:


> As with anything else, the effort is always worth it if you're willing to do it.



I don't believe you.


In my experience, being a mail admin sucks no matter what you do, and has for at least 25 years.  Weird concepts to master, weird syntax (regardless of mail package), arms race with bad guys, shotguns constantly going off as people try to defend themselves, crappy protocols that guarantee nothing and yet everyone thinks mail is ubercritical, etc.


----------



## drmike (Jan 13, 2016)

raindog308 said:


> I don't believe you.
> 
> 
> In my experience, being a mail admin sucks no matter what you do, and has for at least 25 years.  Weird concepts to master, weird syntax (regardless of mail package), arms race with bad guys, shotguns constantly going off as people try to defend themselves, crappy protocols that guarantee nothing and yet everyone thinks mail is ubercritical, etc.



I'll raise my stupid hand.


I find email to be one of the worst, outdated, clumsy and deficient ways of interacting with others.  There is no great reason for email to exist today.  Just inheritance mainly.


I am forced to use email and detest it ... for business. My value in it, is approaching zero.  When I use it, I recall the days where faxing was all the rage.  Fax still exists, but barely.


Email could be alright, but to make it such would fundamentally change how it works and why bother complicating that mess more.


----------



## DomainBop (Jan 13, 2016)

jarland said:


> when you're like me and run into two brand new /27s blocked by Microsoft and Verizon, neither will speak to you about it, and customers are beating down your door about it.... you outsource to those who can. It's why MXroute's outgoing email all goes through MailChannels now.



If Microsoft and Verizon are blocking you then you must be doing something wrong.  I don't have a problem with them  (...my current problem is ATT/SW Bell/ which decided to block my company mail server last week).  Getting removed from Microsoft/Verizon/ATT blacklists is always a fun experience because they don't reply to tickets and when they do reply the person replying is either an escapee from the short bus or formerly worked at Time Warner as level 1 support and is completely clueless .



> There are some "easy" to use scripts and howtos... but too many moving parts, too much that can and will break... Too many issues with lists and crypto.
> 
> 
> It can be done on a 1GB VPS instance for something like your minimal needs.  Getting it to work and continue working is the challenge.



Lots of moving parts, and some of those parts could earn you a spot on a blacklist if you use the default install configuration (thinking of Amavis-New on Debian - default configuration creates backscatter).


You can do a minimal setup on 1GB but SPAM and antivirus filtering  tends to be RAM hungry.



> Gmail and others have market share for a reason



A combination of ease of use and monopoly.  GMail/Google App's SPAM filtering sucks in my opinion.



> Quite honestly it can be the most painful thing to run and maintain.



I guess you've never tried maintaining and upgrading Alfresco. 



> https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server



Good advice for the average person.


----------



## wlanboy (Jan 13, 2016)

I am running my own mail server for years. But only for one domain. Was quite a pain to get it running. Learning a lot by chaos. But there are a lot of things you should not do. I can handle it because there are seven persons using it. None of them doing b...s...


But it would be a nightmare if more people would use it. If I would have to care about every single bit that can break the whole system. Things you often cannot change. Reputation of ip blocks, what other customers do on the net of the same provider. Or if some postadmin found a tutorial about greylisting with insane settings. Not talking about the mail servers of internet providers or changed config parameters.


I moved my most-used domains (~270 users) to a shared hosting plan. Life saver. Why? 


Selfservice. I need a forwarder, I need a second mailbox, I forgot my password, my aunt is not receiving my mails, I get too much spam, I cannot access my mails on my phone...


10% trouble rate. Non techy will generate more trouble. 270 users = 3 questions/problems a day.


----------



## graeme (Jan 14, 2016)

Thanks for the answers, just what I need to know. The context, in my case, is this. I am planning to get a low end dedicated server (or possibly a big VPS) to host my own sites, and some clients' sites. Those clients coming from shared hosting will need new email arrangements (and one who now uses a VPS has kept their shared hosting account just for email, which is not ideal).

The volume of outgoing email will be low, and some people will only want forwards to their Gmail account even for incoming email. I am now trying to decide between running my own, recommending people use MxRoute, and looking for a cheaper alternative to MailChannels for outgoing email (which seems to be what causes most of the problems). If anyone can suggest other alternatives, please do.

@TeenLinux, sorry if I have hijacked your thread, but I think a lot of this discussion will be relevant to you as well if you are considering running a mailserver.


----------



## TeenLinux (Jan 14, 2016)

@graeme all fine.


If anyone is willing to help me, I could still use help and it'll be greatly appreciated. I also have a LES VPS that I would like to (maybe) set this up on. I'll be buying anyone who helps me a NanoVZ/Virtwire VPS up to $10. Really need this done ASAP.


----------



## DomainBop (Jan 14, 2016)

TeenLinux said:


> Really need this done ASAP.



Use CentMinMod https://centminmod.com/ if you want it setup quickly.


install:https://centminmod.com/download.html


configuration: https://centminmod.com/getstarted.html


----------



## TeenLinux (Jan 14, 2016)

DomainBop said:


> Use CentMinMod https://centminmod.com/ if you want it setup quickly.
> 
> 
> install:https://centminmod.com/download.html
> ...



Would that work with a regular VPS with a dedicated IPv4 or also with a Nat IPv4?


----------



## eva2000 (Jan 14, 2016)

TeenLinux said:


> Would that work with a regular VPS with a dedicated IPv4 or also with a Nat IPv4?



works with regular VPS at least KVM, Xen, OpenVZ, VMware see FAQ for more info https://centminmod.com/faq.html


----------



## HN-Matt (Jan 14, 2016)

jarland said:


> Quite honestly it can be the most painful thing to run and maintain. Some people don't have much in the way of needs, or get really lucky with an IP range not blocked by major providers (Looking at you, Microsoft & Verizon), but outside of those circumstances.... when delivery is of importance and inbox delivery even more so, running your own mail server will be unbelievably more involved than running a web server. It's literally the reason Mitchell wrote this for our community team:
> 
> 
> https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server



See also: https://vpsboard.com/topic/7950-email-blacklists/


----------



## brookesdjb (Feb 4, 2016)

I can't recommend Webmin enough! http://www.webmin.com Its a lightweight web interface for linux servers. It gives you a web gui for installing a number of modules, including failtoban (which is great if you accidentally lock yourself out by using it!) and shows various system stats.


----------

