Skip to main content Help Control Panel

Rod Morison Software —  Technotes

Home «   Articles «  

Ubuntu Install

How to get a basic installation of an Ubuntu 8.04 server edition up, running, firewalled, and networked.
  1. Get the Ubuntu iso - First step, download and burn an Ubuntu server CD. Follow the links from http://releases.ubuntu.com/8.04/ to a mirror. Be sure to get the correct server iso for your install, most likely the ubuntu-8.04.1-server-i386.iso (or newer release in the 8.04 series).
  2. Ready the Hardware - Get your machine ready to boot, and networked to your switch. This doc assumes you'll boot initially on a private network with DHCP, then move the box to its public static IP after the firewall is setup.

    You'll need a monitor and a keyboard for the install on the console (a KVM is handy for this). You don't need anything fancy, though. It will all be text screens and when your finished, the server shouldn't need the monitor. You may still need the keyboard, however: many non-server motherboards won't boot without a keyboard plugged in.
  3. Boot the CD - Be sure to do any bios configs at this point, typically configuring a hardware raid and/or setting the CD to boot before any other devices. After loading a kernel, the CD will walk you through a series of screens on the console.
  4. Language - The CD will boot into the Ubuntu install menu, and immediately ask what language you would like to work in. Use arrow keys to select and hit return. Initial Language SelectInitial Language Select
  5. Install Menu - Select Install Ubuntu Server from this screen. Note the Rescue a broken system though, which is a valuable tool for inspecting a broken system. Ubuntu Install MenuUbuntu Install Menu
  6. Choose Language - After "Loading Linux Kernel" completes and the installer is loaded, you'll get another language select. In this case you'll select the default language for the server. Choose Default LanguageChoose Default Language
  7. Choose Language Pt 2 - Select a country. Choose CountryChoose Country
  8. Keyboard layout - Either let the installer detect your keyboard type or nav through the menus to select. Detect Keyboard LayoutDetect Keyboard Layout
  9. Detect and Load - The installer will now detect your hardware and load more software off the CD. Detect HardwareDetect Hardware Load Additional ComponentsLoad Additional Components
  10. Hostname - Enter the hostname, not including the domain part, in this case "mailserver". Set Host NameSet Host Name
  11. Time Zone - Choose the time zone this server will run in. Select Time ZoneSelect Time Zone
  12. Partition - After detecting disks, the installer will offer to guide you through partitioning. If you're not experienced with partitioning, take the simple, default, single partition+swap setup (shown here.) Experienced users may setup LVM, software RAID and other customizations in the following few screens. For the simple case, choose "Guided - use entire disk" Partition DisksPartition Disks
  13. Guided Partitioning Step 1 - Select the disk to partition. If you have a single disk, that's all there is to select. Select DiskSelect Disk
  14. Guided Partitioning Step 2 - Accept the default partition and select "Yes". This setup gives a swap 3x the size of physical RAM and the remainder on a single partition, "/" (read that "slash", the root of the Linux file system.) Write Partitions to DiskWrite Partitions to Disk
  15. Partition & Install - The installer will proceed with the partitioning and base package installation. You'll have time to a get coffee while it installs.

    Partitions FormattingPartitions Formatting Installing SystemInstalling System
  16. Setup Users - Enter the full name of the "initial" user doing the install, then a login ID, then a password. Access to root, i.e., the admin account, will be on a command by command basis via the sudo program. Even during installations, it's preferred to take root credentials only as needed, and not be logged in for long stretches as root. User Full NameUser Full Name User IDUser ID User PasswordUser Password User Password ConfirmUser Password Confirm
  17. Configure apt-get - The program apt-get will install Ubuntu software packages, usually from an Ubuntu fileserver or mirror. It is the primary and preferred way to install and update software on the system. If you need to go through an http proxy to browse, enter the info here so apt-get can do the same. Most users can leave this blank. Configure apt-get ProxyConfigure apt-get Proxy
  18. Software Selection - The next screen will ask what services should be installed. We'll only install the OpenSSH server at this point, for command line access over a network. The remaining packages we'll install with apt-get once the system is up, running, and networked. Arrow down to the OpenSSH selection, hit space, tab to continue, and hit return. Install OpenSSHInstall OpenSSH
  19. Installation Complete - Hit Continue to reboot the system and get a login prompt. Installation CompleteInstallation Complete Login PromptLogin Prompt
  20. Login - Login with the user credentials created previously.
  21. Config ssh - There are quite a few scanners out there that try to guess passwords for user IDs like "guest", "test", "root", "www", etc. Because all of these that I've encountered work the standard ssh port, 22, I make it a practice to change ssh to a high numbered port. We'll use 9999. You can choose your own, but keep it above 1023 (see http://en.wikipedia.org/wiki/Well_known_ports). Or, you can skip this step and keep it at the standard port 22. 
    sudo vi /etc/ssh/sshd_config
    [sudo] password for rod:
    The sudo program will run the command given on the same line as the root user. As configured on Ubuntu server, sudo requests the invoking user's password, not root's password. This arrangement is a good thing, btw, making it easier to give or revoke root privs, compared to handing out the root password. Also, sudo can fine grain access to specific commands by user ID, group, etc. For more information, man sudo and inspect the settings in /etc/sudoers (for which you will need...sudo.) sudo vi /etc/ssh/sshd_configSudo vi /etc/ssh/sshd_config

    It's assumed you can edit text files. The vi editor is used in these examples; pico is also installed, and is a little more intuitive for those that didn't grow up with vi. Run man vi or man pico or google around for more info.

  22. Set the Port - Edit the line Port 22 and change the 22 to your new ssh port. Save and exit. Change ssh PortChange ssh Port
  23. Restart the ssh server. 
    sudo /etc/init.d/ssh restart
  24. Setup the Firewall - ufw initUfw initNow we'll configure the Ubuntu ufw firewall...it's easy to use and has just enough configuration for this mail server setup. For docs on ufw and a list of more powerful firewall options, see the Ubuntu Server Manual Firewall section. We'll start ufw in it's most restrictive form (block everything) and then open the ssh port configured above. 
    sudo ufw default deny
    sudo ufw enable
    sudo ufw allow 9999
    sudo ufw status
  25. Config Static IP - Assuming you installed on a net with DHCP, you should see something like the following when you type /sbin/ifconfig: 
    rod@mailserver:~$ /sbin/ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:0c:29:a5:2f:f1  
              inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fea5:2ff1/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:1586 errors:0 dropped:0 overruns:0 frame:0
              TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:138577 (135.3 KB)  TX bytes:7227 (7.0 KB)
              Interrupt:16 Base address:0x2000 

    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    That means your assigned address is 192.168.1.101. (If you're not seeing that, then I'm note sure how you got this far! ) Fyi sudo ethtool eth0 is handy and will tell you if your adapter detects a link to the switch.)

    Skip or modify the rest of this step if your building an experimental system that will stay on your private network

    Edit the network config file 
    sudo vi /etc/network/interfaces
    and edit the eth0 section from the word "dhcp" so that it reads 
    iface eth0 inet static
            address xx.xx.xx.xx
            netmask yy.yy.yy.yy
            gateway zz.zz.zz.zz
    replacing xx.xx.xx.xx with your static IP, yy.yy.yy.yy with the netmask, and zz.zz.zz.zz with the gateway IP (these should have come with the static.)
  26. Edit DNS

    Skip this step if you're staying on the DHCP provided address. 

    sudo vi /etc/resolv.conf
    to read 
    search mydomain
    nameserver nameserverIP1
    nameserver nameserverIP2
    where mydomain is your domain name, e.g., foobar.com, and nameserver1 and nameserver2 are two namerserver IP addresses, usually given by your access provider, along with the static IP.
  27. Turn on the Static IP - Run 
    sudo ifdown eth0 ; sudo ifup eth0
    to pick up the new settings.
  28. Ping-Check Your Work - At this point, you'll have to recable (and perhaps move) your server outside your private IP router (or put it in the router DMZ.) Check for link status, and try pinging a few things. 
    sudo ethtool eth0
    and you should see 
    Settings for eth0:
            Current message level: 0x00000007 (7)
            Link detected: yes
    Then, ping the gateway (from /etc/network/interfaces) and a DNS server (from /etc/resolv.conf), hitting control-C when you've seen enough 
    ping 64.81.45.2
    PING 64.81.45.2 (64.81.45.2) 56(84) bytes of data.
    64 bytes from 64.81.45.2: icmp_seq=1 ttl=62 time=27.2 ms
    64 bytes from 64.81.45.2: icmp_seq=2 ttl=62 time=33.0 ms
    64 bytes from 64.81.45.2: icmp_seq=3 ttl=62 time=69.1 ms

    --- 64.81.45.2 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2002ms
    rtt min/avg/max/mdev = 27.290/43.133/69.109/18.515 ms
    Finally, try pinging Google, which will verify that your /etc/resolv.conf settings are good 
    ping google.com
    PING google.com (64.233.187.99) 56(84) bytes of data.
    64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=1 ttl=247 time=97.5 ms
    64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=2 ttl=247 time=96.2 ms
    64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=3 ttl=247 time=98.3 ms

    --- google.com ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2003ms
    rtt min/avg/max/mdev = 96.248/97.380/98.370/0.943 ms
  29. Ntp - Ok, one last thing and we've got a nicely stocked, vanilla Ubuntu server: an NTP daemon. The NTP daemon on your will check regularly with a NTP server that is tied into regional or international standard time servers. See http://www.ntp.org/ntpfaq/NTP-a-faq.htm if you're interested.

    Run 
    sudo apt-get install ntp
    and you should see 
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    Suggested packages:
      ntp-doc
    The following NEW packages will be installed:
      ntp
    0 upgraded, 1 newly installed, 0 to remove and 22 not upgraded.
    Need to get 432kB of archives.
    After this operation, 1069kB of additional disk space will be used.
    Get:1 http://us.archive.ubuntu.com hardy/main ntp 1:4.2.4p4+dfsg-3ubuntu2 [432kB]
    Fetched 432kB in 1s (220kB/s)
    Selecting previously deselected package ntp.
    (Reading database ... 15320 files and directories currently installed.)
    Unpacking ntp (from .../ntp_1%3a4.2.4p4+dfsg-3ubuntu2_i386.deb) ...
    Setting up ntp (1:4.2.4p4+dfsg-3ubuntu2) ...
     * Starting NTP server ntpd                                              [ OK ]
  30. Update NTP Servers - It's highly advisable to configure ntp to talk to several regional servers. First, visit http://www.pool.ntp.org/, click on your region (should be top right of the page, under Active Servers). At the top of the page you should see something that begins, "To use this pool zone, add the following to your ntp.conf file:". Copy or type that text into /etc/ntp.conf. That is, run 
    sudo vi /etc/ntp.conf
    and a few lines down, where you see server ntp.ubuntu.com, remove the Ubuntu server and replace it with your regional pool servers. For North America, the first dozen or so lines of the /etc/ntp.conf file looks like 
    # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

    driftfile /var/lib/ntp/ntp.drift


    # Enable this if you want statistics to be logged.
    #statsdir /var/log/ntpstats/

    statistics loopstats peerstats clockstats
    filegen loopstats file loopstats type day enable
    filegen peerstats file peerstats type day enable
    filegen clockstats file clockstats type day enable


    # You do need to talk to an NTP server or two (or three).
    server 0.north-america.pool.ntp.org
    server 1.north-america.pool.ntp.org
    server 2.north-america.pool.ntp.org
    server 3.north-america.pool.ntp.org
  31. Restart ntp 
    sudo /etc/init.d/ntp restart
That's it! You've got a nice, clean Ubuntu server, ready to rock-n-roll some email.

Next up: Postfix & Cyrus Install

Attach a file ·  Discuss this page

Stay tuned
recent comments
podcasted files
AddThis.com