** JUST SO IT IS OBVIOUS, I GAVE UP ON THIS FOR THE MOMENT. DON'T HAVE THE TIME TO KEEP WORKING ON USING ARCH. GONE BACK TO MY UBUNTU SETUP WHICH IS DISAPPOINTING BUT NOT UP FOR THE FIDDLING REQUIRED AT THE MOMENT. MAYBE IN A WHILE YES.**
Just wanted to try and work out how much effort is required to get Dovecot, Exim, DSPAM, Procmail, Nginx to match Ubuntu's versions in some form.
For instance, stock Exim is missing TLS support (though apparently now in testing version). Is DSPAM compiled for virtual users? So on and so forth.
====== The Apps on Ubuntu ======
===== Exim4 =====
tarasis ~/: sudo exim -bV
Exim version 4.67 #1 built 04-Oct-2007 22:20:19
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf
===== Dovecot =====
tarasis ~/: sudo dovecot --build-options
Build options: ioloop=epoll notify=dnotify ipv6 openssl
SQL drivers: mysql postgresql sqlite
Passdb: checkpassword ldap pam passwd passwd-file shadow sql
Userdb: checkpassword ldap passwd prefetch passwd-file sql static
===== Procmail =====
Nothing useful
tarasis ~: procmail -v
procmail v3.22 2001/09/10
Copyright (c) 1990-2001, Stephen R. van den Berg
Copyright (c) 1997-2001, Philip A. Guenther
Submit questions/answers to the procmail-related mailinglist by sending to:
And of course, subscription and information requests for this list to:
Locking strategies: dotlocking, fcntl()
Default rcfile: $HOME/.procmailrc
It may be writable by your primary group
Your system mailbox: /var/mail/robertm
===== DSPAM =====
Some info [[http://packages.ubuntu.com/gutsy/mail/dspam|on the ubuntu package]] site about dependencies.
Hmm from the 3.6.8 diff for ubuntu
+The possible values for DEB_BUILD_OPTIONS are listed below.
+
+ [ standard ]
+ noopt - disable optimizations
+ nostrip - disable binary stripping
+
+ [ dspam specific ]
+ disable_virtual_users - disable storing the users in a database
+ disable_preferences_extension - disable storing the users' preferences in a database
+ disable_clamav - disable ClamAV antivirus support
+ verbose_debug - enable extensive debug (EXTREMELY DISCOURAGED for production systems)
+ debug - enable debug (currently enabled by default)
===== MySQL =====
No idea what compile options used.
===== Apache 2 =====
tarasis ~: sudo apache2 -V
Server version: Apache/2.2.4 (Ubuntu)
Server built: Feb 4 2008 20:29:58
Server's Module Magic Number: 20051115:5
Server loaded: APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture: 64-bit
Server MPM: Worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT=""
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
===== Nginx =====
tarasis ~: sudo nginx -V
nginx version: nginx/0.5.35
built by gcc 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2)
configure arguments: --sbin-path=/usr/local/sbin --with-http_ssl_module
====== Arch's defaults ======
===== Exim4 =====
robertm ~/abs/local/exim $ exim -bV
Exim version 4.68 #1 built 23-Nov-2007 20:17:06
Copyright (c) University of Cambridge 2006
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() PAM TCPwrappers OpenSSL Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/mail/exim.conf
===== Dovecot =====
robertm ~/abs/local/exim/pkg/usr/sbin $ dovecot --build-options
Build options: ioloop=poll notify=inotify ipv6 openssl
SQL drivers: mysql postgresql
Passdb: checkpassword pam passwd passwd-file shadow sql
Userdb: checkpassword passwd prefetch passwd-file sql static
===== Procmail =====
===== DSPAM =====
===== MySQL =====
===== Apache 2 =====
===== Nginx =====
====== Using ABS on Arch ======
Okay so would need to play with yaourt & srcpac.
Tweak PKGBUILD for new options / version if they haven't been updated.
Note that if you want a new version than what the PKGBUILD is for then you have to also change the MD5 checksum for the src package.
Also the depends will need to be amended depending on what compile options are used.
====== Install Guide ======
The following steps are taken on my own and partly copied from the [[http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-1|Ubuntu Gutsy articles]] on Slicehost.
===== Initial Setup =====
First login, change your password
[root@tarasis ~]# passwd
Enter new UNIX password: A-NEW-PASSWORD
Retype new UNIX password: A-NEW-PASSWORD
passwd: password updated successfully
Next add a new user for general usage
[root@tarasis ~]# adduser robertm
Login name for new user: robertm
User ID ('UID') [ defaults to next available ]:
Initial group [ users ]:
Additional groups (comma separated) []:
Home directory [ /home/robertm ]
Shell [ /bin/bash ]
Expiry date (YYYY-MM-DD) []:
New account will be created as follows:
---------------------------------------
Login name.......: robertm
UID..............: [ Next available ]
Initial group....: users
Additional groups: [ None ]
Home directory...: /home/robertm
Shell............: /bin/bash
Expiry date......: [ Never ]
This is it... if you want to bail out, hit Control-C. Otherwise, press
ENTER to go ahead and make the account.
Creating new account...
Changing the user information for robertm
Enter the new value, or press ENTER for the default
Full Name []: Robert McGovern
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Account setup complete.
Next add the new user to the sudo users list.
[root@tarasis ~]# visudo
At the end of the file add the following line
USERNAME= ALL=(ALL) ALL
On your local box (if not already done), create a directory for ssh keys
mkdir ~/.ssh
Then generate a key, press return if you don't want to add a passphrase
ssh-keygen -t rsa
Next copy the public key to the slice
scp ~/.ssh/id_rsa.pub USER@SLICE-IP-ADDRESS:/home/USER-HOME-DIRECTORY/
Next put the key in the right location and fix permissions on the file. Note the first gotcha (compared to Ubuntu) is that the default group for a new user is ''users'' and not the username.
[root@tarasis ~]# mkdir /home/robertm/.ssh
[root@tarasis ~]# mv /home/robertm/id_rsa.pub /home/robertm/.ssh/authorized_keys
[root@tarasis ~]# chown -R robertm:users /home/robertm/.ssh
[root@tarasis ~]# chmod 700 /home/robertm/.ssh
[root@tarasis ~]# chmod 600 /home/robertm/.ssh/authorized_keys
[root@tarasis ~]# mkdir /root/.ssh
[root@tarasis ~]# mv /root/id_rsa.pub /root/.ssh/authorized_keys
[root@tarasis ~]# chown -R root:root /root/.ssh
[root@tarasis ~]# chmod 700 /root/.ssh
[root@tarasis ~]# chmod 600 /root/.ssh/authorized_keys
Next, make SSH a bit more secure
vim /etc/ssh/sshd_config
# Set the follow or check the are set
Port 22 <--- change to a port of your choosing
Protocol 2
PasswordAuthentication no
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers robertm root
Next save the existing iptables rules
[root@tarasis ~]# iptables-save > /etc/iptables.up.rules
See what the current rules are
[root@tarasis ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@tarasis ~]# vim /etc/iptables/iptables.test.rules
#### Set the contents to
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
Save the new rules and test them
[root@tarasis ~]# iptables-restore < /etc/iptables/iptables.test.rules
[root@tarasis ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
If they look ago then save them.
iptables-save > /etc/iptables/iptables.up.rules
Now we want those rules used next time we startup so edit
vim /etc/conf.d/iptables
Then change the file like so, I commented out the IP6Tables lines because Slicehost at this time does not support IP6.
# Configuration for iptables rules
IPTABLES=/usr/sbin/iptables
#IP6TABLES=/usr/sbin/ip6tables
#IPTABLES_CONF=/etc/iptables/iptables.rules
IPTABLES_CONF=/etc/iptables/iptables.up.rules
#IP6TABLES_CONF=/etc/iptables/ip6tables.rules
IPTABLES_FORWARD=1 # enable IP forwarding?
Now edit the main config file to enable the iptables daemon on boot
[root@tarasis etc]# vim /etc/rc.conf
Search the file (should be at the end) and add iptables to the end of the DAEMONS line like this
DAEMONS=(syslog-ng network netfs crond sshd iptables)
Now reboot your slice and make sure that everything is working correctly
Then check that the kernel modules have been loaded correctly.
[root@tarasis ~]# lsmod
Module Size Used by
ipt_LOG 10752 1
xt_limit 7040 1
xt_tcpudp 7808 7
xt_state 6912 2
ip_conntrack 58920 1 xt_state
nfnetlink 10952 1 ip_conntrack
ipt_REJECT 9216 3
iptable_filter 7424 1
ip_tables 23256 1 iptable_filter
x_tables 19720 6 ipt_LOG,xt_limit,xt_tcpudp,xt_state,ipt_REJECT,ip_tables
usbcore 129724 1
Now lets log in as our user (robertm)
robert-mcgoverns-macbook:~ rob$ ssh robertm@67.207.135.17
Last login: Tue Feb 19 13:55:30 2008 from p5b05ef6a.dip.t-dialin.net
Lets make the terminal prompt a little prettier
[root@tarasis ~]# vim ~/.bashrc
The default contents are
alias ls='ls --color=auto'
PS1='[\u@\h \W]\$ '
We want to make the server name and current directory different colours to make things stand out a little better. Comment out the existing PS1 line (add a # symbol before it) and add the following PS1 line. Note for further configuration tips then use [[http://wiki.archlinux.org/index.php/Color_Bash_Prompt|this]] document.
For the user:
PS1='\[\e[0;32m\]\u\[\e[m\] \[\e[1;34m\]\w\[\e[m\] \[\e[1;32m\]\$ \[\e[m\]\[\e[0;37m\] '
Foor root:
PS1='\[\e[0;31m\]\u\[\e[m\] \[\e[1;34m\]\w\[\e[m\] \[\e[0;31m\]\$ \[\e[m\]\[\e[0;32m\] '
Then set the following command aliases to save some typing for regular commands.
alias update='sudo pacman -Sy' # pacman upgrade alias
alias upgrade='sudo pacman -Syu' # Sync & Update
alias install='sudo pacman -S' # Install a specific package
alias remove='sudo pacman -Rns' # Remove a specific package
alias search='pacman -Ss' # Search for a package
Lets run our first upgrade to get the baseline system up to date. First say Y to the replace mktemp question. Next Y to upgrading Pacman first.
robertm ~ $ upgrade
Password:
:: Synchronizing package databases...
core 23.7K 91.8K/s 00:00:00 [##########################################################################################################################] 100%
extra 303.3K 392.4K/s 00:00:01 [##########################################################################################################################] 100%
:: Starting full system upgrade...
:: Replace mktemp with core/coreutils? [Y/n] Y
warning: dnsutils: forcing upgrade to version 9.4.2-1
:: pacman has detected a newer version of the "pacman" package.
:: It is recommended that you allow pacman to upgrade itself
:: first, then you can re-run the operation with the newer version.
::
:: Upgrade pacman first? [Y/n] Y
resolving dependencies... done.
looking for inter-conflicts... done.
Targets: libarchive-2.4.11-1 libdownload-1.3-1 pacman-3.1.1-1
Total Package Size: 1.26 MB
Proceed with installation? [Y/n] Y
:: Retrieving packages from core...
libarchive 328.2K 346.8K/s 00:00:01 [##########################################################################################################################] 100%
libdownload 55.2K 128.7K/s 00:00:00 [##########################################################################################################################] 100%
pacman 903.6K 751.1K/s 00:00:01 [##########################################################################################################################] 100%
checking package integrity... done.
error: missing package filelist in /var/cache/pacman/pkg/pacman-3.1.1-1-x86_64.pkg.tar.gz, generating one
cleaning up... done.
(3/3) checking for file conflicts [##########################################################################################################################] 100%
(1/3) upgrading libarchive [##########################################################################################################################] 100%
(2/3) upgrading libdownload [##########################################################################################################################] 100%
(3/3) upgrading pacman [##########################################################################################################################] 100%
>>> The makepkg.conf syntax has changed, please note the new format
>>> when merging the pacnew file with your old configuration.
>>>
>>> The pacman.conf default file has changed. Please update your
>>> config to use the single mirrorlist, and any additional files
>>> in /etc/pacman.d/ (core, extra, etc.) can be deleted.
>>>
>>> The location of sync DBs has moved from /var/lib/pacman/ to
>>> /var/lib/pacman/sync/ for several reasons. To delete older
>>> DBs, please run pacman -Sc and follow the instructions.
>>> You will also have to run pacman -Sy to refresh the sync DBs.
>>>
>>> abs is no longer included; please install the 'abs' package
>>> to use abs. You may need to edit abs.conf to re-enable repos.
Now carry out the clean printed out at the end of the upgrade process (if you get it)
robertm ~ $ cd /etc/pacman.d/
robertm /etc/pacman.d $ ls
community core extra mirrorlist release testing unstable
robertm /etc/pacman.d $ sudo rm community core extra release testing unstable
robertm ~ $ sudo pacman -Sc
Password:
Cache directory: /var/cache/pacman/pkg/
Do you want to remove uninstalled packages from cache? [Y/n] Y
removing old packages from cache... done.
Database directory: /var/lib/pacman/
Do you want to remove unused repositories? [Y/n] Y
Do you want to remove /var/lib/pacman/core? [Y/n] Y
Do you want to remove /var/lib/pacman/extra? [Y/n] Y
Database directory cleaned up
Move the testing repository to the end of ''/etc/pacman.conf'' and enable it.
# Testing is disabled by default. To enable, uncomment the following
# two lines. You can add preferred servers immediately after the header,
# and they will be used before the default mirrors.
[testing]
Include = /etc/pacman.d/mirrorlist
Now lets try upgrading the system again. As its been a while there are a number of packages to upgrade. This was the output when I ran it.
robertm /etc/pacman.d $ upgrade
:: Synchronizing package databases...
core 23.8K 271.0K/s 00:00:00 [##########################################################################################################################] 100%
extra 304.4K 1325.5K/s 00:00:00 [##########################################################################################################################] 100%
community 336.1K 1362.5K/s 00:00:00 [##########################################################################################################################] 100%
testing 20.0K 340.3K/s 00:00:00 [##########################################################################################################################] 100%
:: Starting full system upgrade...
:: Replace mktemp with core/coreutils? [Y/n] Y
warning: dnsutils: forcing upgrade to version 9.4.2-1
warning: flex: forcing upgrade to version 2.5.33-4
resolving dependencies...
looking for inter-conflicts...
Remove: mktemp
Total Removed Size: 0.05 MB
Targets: coreutils-6.10-2 readline-5.2-7 bash-3.2.033-2 automake-1.10.1-2 device-mapper-1.02.24-1 dhcpcd-3.2.0-1 dialog-1.1_20071028-1 diffutils-2.8.1-5 dnsutils-9.4.2-1
e2fsprogs-1.40.4-1 file-4.23-1 filesystem-2007.11-6 findutils-4.2.32-1 flex-2.5.33-4 gcc-libs-4.2.3-3 gmp-4.2.2-2 mpfr-2.3.1-1 gcc-4.2.3-1 pcre-7.6-3
grep-2.5.3-3 groff-1.19.2-4 iputils-20070202-4 less-418-1 libgpg-error-1.6-1 libgcrypt-1.4.0-1 libtool-1.5.26-1 licenses-2.3-1 logrotate-3.7.5-1 lvm2-2.02.33-1
man-1.6f-2 man-pages-2.77-1 mkinitcpio-0.5.17-2 nano-2.0.7-1 python-2.5.1-5 sudo-1.6.9p12-1 syslog-ng-2.0.6-1 tzdata-2007k-1 vi-7.1.228-1 vim-7.1.228-1
wget-1.11-1 which-2.19-2
Total Download Size: 63.85 MB
Proceed with installation? [Y/n]
Answer yes to this question, now twiddle your thumbs for a few moments as the packages install. During the install process some warnings might be issued. For instance I got the following. Diff the differences and either put the pacnew version in place or adjust the existing config file if you wish to.
warning: /etc/profile installed as /etc/profile.pacnew
warning: /etc/nanorc installed as /etc/nanorc.pacnew
warning: /etc/sudoers installed as /etc/sudoers.pacnew
Install bash shell completion
robertm /etc/pacman.d $ sudo vim /etc/profile
ADD The following lines to the bottom of the file
# Enable Bash Completion for all users
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
Also add the following to the ''.bashrc'' to get colourized output when doing a search.
# colorized pacman output with pacs alias:
alias pacs="pacsearch"
pacsearch () {
echo -e "$(pacman -Ss $@ | sed \
-e 's#core/.*#\\033[1;31m&\\033[0;37m#g' \
-e 's#extra/.*#\\033[0;32m&\\033[0;37m#g' \
-e 's#community/.*#\\033[1;35m&\\033[0;37m#g' \
-e 's#^.*/.* [0-9].*#\\033[0;36m&\\033[0;37m#g' )"
Install [[http://www.archlinux.fr/yaourt-en/|Yaourt]], add the following to the end of ''/etc/pacman.conf''. Update the sync files and install yaourt.
[archlinuxfr]
Server = http://repo.archlinux.fr/x86_64
Finally, lets install ABS which is the Arch Build System
robertm ~ $ install abs
resolving dependencies...
looking for inter-conflicts...
Targets: csup-20060318-5 abs-1.0-1
Total Download Size: 0.06 MB
Proceed with installation? [Y/n]
Next edit the abs config file to enable the repos you want.
robertm ~ $ vim /etc/abs/abs.conf
Remove the exclamation marks to enable a repo and add an exclamation mark before the repo name to disable it.
SUPFILES=(core extra !unstable community testing)
Some setup the repositories, as root run the following. It will take a few moments as it pulls down relevant diffs and PKGBUILD files.
sudo abs
Edit the build CFLAGS to set theme as you wish (for instance to not delete the docs / info dirs from your builds)
sudo vim /etc/makepkg.conf
Create a build directory in your home directory
robertm ~ $ mkdir -p /home/robertm/abs/local
Then to build the ABS way (following pinched from here http://wiki.archlinux.org/index.php/ABS_-_The_Arch_Build_System#The_build_function.2C_the_ABS_way)
ABS is an elegant tool which allows for powerful assistance and customization for the build process, and creates a package file for installation. The ABS method involves copying an ABS from the Tree to a build directory, and doing makepkg. In our example, we will build the slim display manager package.
1. Copy the slim ABS from the Tree to a build directory.
cp /var/abs/extra/x11/slim/* /home/yourusername/abs/local/slim
2. Navigate to the build directory
cd /home/yourusername/abs/local/slim
3. Do makepkg, which will automatically download the source tarball, unpack, compile, and create foo.pkg.tar.gz The -i option invokes pacman to automatically install the resulting slim.pkg.tar.gz package file
makepkg -i
That's it. You have just built slim from source and cleanly installed it to your system with pacman. Package removal is also handled by pacman- (pacman -R slim)
Alternatively, you may do makepkg without the -i option, and manually install with pacman by doing:
pacman -U slim.pkg.tar.gz
The ABS method adds a level of convenience and automation, while still maintaining complete transparency and control of the build and installation functions by including them in the PKGBUILD.
TIP (from Cactus on the Slicehost forum)
"If you are running an Archlinux slice, you can save some ram.. about 3MB (heh).
open up /etc/inittab, and comment out the c2 through c6 lines. Those ttys are not used, and so that is wasted ram used to spawn those processes. I believe tty1 (c1) is used for the ajax console thing in the management interface.
A reboot later, and those additional agetty instances will now be gone.
Anyway. Random tip."
===== Build your slice =====
==== Webserver ====
=== Install NGINX ===
Okay first install NGINX
robertm ~ $ install nginx
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: nginx-0.5.35-1
Total Download Size: 0.21 MB
Total Installed Size: 0.55 MB
Proceed with installation? [Y/n] Y
This installs NGINX, creates the user and group ''nginx'', it sets the default html directory and sets where the logs will be stored. The html placement is unusual and will not be used. Sites will instead be stored in /home/sites
robertm /etc/nginx $ ls -la
total 12
drwxr-xr-x 3 root root 4096 2008-02-20 09:06 .
drwxr-xr-x 30 root root 4096 2008-02-20 09:06 ..
drwxr-xr-x 3 root root 4096 2008-02-20 09:24 conf
lrwxrwxrwx 1 root root 19 2008-02-20 09:06 html -> /srv/www/nginx/html
lrwxrwxrwx 1 root root 14 2008-02-20 09:06 logs -> /var/log/nginx
First lets create a directory for our virtual hosts
robertm /etc/nginx/conf $ cd /etc/nginx
robertm /etc/nginx/conf $ sudo mkdir sites
Backup the default nginx config file ''nginx.conf''
robertm /etc/nginx/conf $ sudo cp nginx.conf nginx.conf.org
Edit the config file and set the contents to the following
user nginx nginx;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include conf/proxy.conf;
include conf/fastcgi.conf;
include conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 3;
gzip on;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf/sites/*;
}
Lets create a test site and see things are working properly. Edit a file ''test'' in the sites directory and copy the following content in
server {
listen 80;
server_name test.tarasis.net;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Then start NGINX up by hand, if you have a configuration error you will see a fail message.
robertm /srv/www/nginx/html $ sudo /etc/rc.d/nginx start
:: Checking configuration [BUSY]
2008/02/20 09:56:52 [info] 9745#0: the configuration file /etc/nginx/conf/nginx.conf syntax is ok
2008/02/20 09:56:52 [info] 9745#0: the configuration file /etc/nginx/conf/nginx.conf was tested successfully
[DONE]
:: Starting Nginx [DONE]
Good, now point your browser to your slices ip address and checkout the default welcome message. In you see the following then it is working.
Welcome to nginx!
Now stop the server and lets enable it to start on boot
robertm /srv/www/nginx/html $ sudo /etc/rc.d/nginx stop
robertm /srv/www/nginx/html $ sudo vim /etc/rc.conf
##Add NGINX to the end of the daemons line
DAEMONS=(syslog-ng network netfs crond sshd iptables nginx)
#### While you are there, change the timezone to your time zone. Have a look in /usr/share/zoneinfo/ to find the right entry for you
TIMEZONE="Europe/Berlin"
Lets reboot and check that it has worked as expected. If you see the right time for you and nginx processes then it has worked.
robertm ~ $ date
Wed Feb 20 19:09:51 CET 2008
robertm ~ $ ps -A | grep nginx
1197 ? 00:00:00 nginx
1198 ? 00:00:00 nginx
1199 ? 00:00:00 nginx
1201 ? 00:00:00 nginx
1202 ? 00:00:00 nginx
=== Install PHP ===
First lets get the base PHP installed.
robertm /var/log/nginx $ install php
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: libxml2-2.6.31-1 php-5.2.5-5
Total Download Size: 11.31 MB
Proceed with installation? [Y/n] y
:: Retrieving packages from extra...
libxml2-2.6.31-1-x86_64 1687.3K 3.6M/s 00:00:00 [#####################################################################################################################################################] 100%
php-5.2.5-5-x86_64 9.7M 3.0M/s 00:00:03 [#####################################################################################################################################################] 100%
checking package integrity...
(2/2) checking for file conflicts [#####################################################################################################################################################] 100%
(1/2) installing libxml2 [#####################################################################################################################################################] 100%
(2/2) installing php [#####################################################################################################################################################] 100%
==> PHP modules
PHP has been built with optional modules. To enable these modules,
uncomment the modules from php.ini
Some of them require extra packages to be installed:
* bz2 : bzip2
* curl : curl
* dba : gdbm
* gd : libpng, libjpeg, freetype2
* imap : pam
* ldap : libldap
* mcrypt : mcrypt, libtool
* mysql/mysqli : libmysqlclient
* odbc/pdo_odbc : unixodbc
* openssl : openssl
* pgsql/pdo_pgsql : postgresql-libs
* pspell : aspell
* snmp : net-snmp
* sqlite : sqlite3
* tidy : tidyhtml
* xsl : libxslt
==> PHP-CGI and FCGI
There are several cgi relevant settings in your php.ini. Make sure to
adjust them according to your needs. At least you should activate the
cgi.fix_pathinfo directive in php.ini by uncommenting it.
At the moment there are only three modules enabled, the rest are currently disabled.
# from /etc/php/php.ini
extension=gettext.so
extension=session.so
extension=zlib.so
=== Install PHP Fast-CGI ===
When we installed PHP above we also get the binary php-cgi which is used for cgi calls. Next we need the fastcgi libraries. To install:
robertm /etc/php $ install fcgi
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: fcgi-2.4.0-4
Total Download Size: 0.06 MB
Proceed with installation? [Y/n] y
Next edit ''php.ini''
--
To get the ''spawn-fcgi'' binary
robertm /etc/php $ install lighttpd
resolving dependencies...
looking for inter-conflicts...
Targets: lighttpd-1.4.18-1
Total Download Size: 0.33 MB
Proceed with installation? [Y/n] y
:: Retrieving packages from extra...
lighttpd-1.4.18-1 342.9K 1314.4K/s 00:00:00 [#####################################################################################################################################################] 100%
checking package integrity...
(1/1) checking for file conflicts [#####################################################################################################################################################] 100%
(1/1) installing lighttpd [#####################################################################################################################################################] 100%
--> This release marks a minor (NOT micro!) version change and is not 100%
--> compatible with former versions. Have a look at the new lighttpd.conf,
--> there are some changes in the index files syntax and nested conditions
--> are possible by now. Also please read the documentation in
--> /usr/share/lighttpd or on lighttpds's hompage: http://lighttpd.org
--> for the following OPTIONAL modules (when choosen from lighttpd.conf)
--> you will need the following dependencies:
mod_webdav : libxml2, sqlite3, e2fsprogs
mod_cml: libmemcache, lua
mod_magnet: lua
mod_trigger_b4_dl: libmemcache, gdbm
mod_auth.so: libldap
mod_mysql_vhost: libmysqlclient
Creating file /var/log/lighttpd/error.log
Creating file /var/log/lighttpd/access.log
Creating file /var/log/lighttpd/error-ssl.log
Creating file /var/log/lighttpd/access-ssl.log
Creating directory /home/lighttpd/vhosts/
Creating directory /var/cache/lighttpd/compress/
Creating directory /srv/www/htdocs/
Creating directory /home/lighttpd/html-ssl
Edit ''/etc/conf.d/spawn-php'' and change the following lines from 6, 1000 to 4 & 500 to see how they go.
## number of PHP childs to spawn
PHP_FCGI_CHILDREN=4
## number of request server by a single php-process until is will be restarted
PHP_FCGI_MAX_REQUESTS=500
Next uncomment the following line in ''php.ini''
cgi.fix_pathinfo=1
Then add the nginx html dir (''/src/www/nginx/html/'') to ''open_basedir''
open_basedir = /home/:/tmp/:/srv/www/nginx/html/:/usr/share/pear/
Now start the spawn-fcgi process
/etc/rc.d/spawn-php start
Also add spawn-php to the list of daemons to start (''/etc/rc.conf'')
DAEMONS=(syslog-ng network netfs crond sshd iptables spawn-php nginx)
Okay, lets test that we have php now working in NGINX. Edit our ''test'' conf again and add the following lines
location ~ .*.php$ {
include conf/fastcgi_params;
fastcgi_pass 127.0.0.1:1066;
fastcgi_index index.php;
fastcgi_redirect_errors on;
fastcgi_param SCRIPT_FILENAME /srv/www/nginx/html/$fastcgi_script_name;
}
Next create a simple ''index.php'' file in the root directory (''/srv/www/nginx/html/'')
And point your brower to http://yoursliceipaddress/index.php and if everything is working you should see a long page of info from PHP.
Link notes
http://blog.codefront.net/2007/06/11/nginx-php-and-a-php-fastcgi-daemon-init-script/
http://bbs.archlinux.org/viewtopic.php?id=33758#p255831
http://trac.lighttpd.net/trac/wiki/FrequentlyAskedQuestions#IgettheerrorNoinputfilespecifiedwhentryingtousePHP
http://209.85.129.104/search?q=cache:BDj3BrKu4I0J:www.timschneider.us/blog/%3Fp%3D4+php+nginx+slow&hl=en&ct=clnk&cd=3&client=safari
http://forum.slicehost.com/comments.php?DiscussionID=1137
http://zh.stikipad.com/notes/show/nginx
=== Install the sites ===
==== Database ====
Okay, MySQL is the one I am most used to (not that I know it better than any other really, DB's are not really my thing). As most things use MySQL by default I am going to stick with that for the moment.
=== Install MySQL ===
First lets get MySQL installed
robertm ~ $ install mysql
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: libmysqlclient-5.0.51-2 mysql-clients-5.0.51-3 mysql-5.0.51-3
Total Download Size: 15.15 MB
Proceed with installation? [Y/n]
Then lets run it up for the first time and set the root password
robertm ~ $ sudo /etc/rc.d/mysqld start
Password:
:: Adding mysql group [DONE]
:: Adding mysql user [DONE]
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h tarasis.net password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
:: Starting MySQL
Lets secure it be setting the root password, removing the anonymous user and the test database. Note I have enabled root login from remote hosts because I have the intention of using the MySQL client tools from my MacBook to maintain the DB. Or phpMyAdmin :)
robertm ~ $ sudo /usr/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Finally add mysqld to ''rc.conf'' to ensure it starts at boot. NOTE Consider backgrounding some tasks.
DAEMONS=(syslog-ng network netfs crond sshd iptables mysqld spawn-php nginx)
In ''php.ini'' remove the ; from the two mysql(i) lines
extension=mysql.so
extension=mysqli.so
Restart php so any scripts can access your DB
=== PhpMyAdmin ===
Lets install PhpMyAdmin and then hook it up to nginx
robertm ~ $ install phpmyadmin
resolving dependencies...
looking for inter-conflicts...
Targets: phpmyadmin-2.11.4-1
Total Download Size: 4.13 MB
Total Installed Size: 12.43 MB
Proceed with installation? [Y/n] Y
This puts the require files in ''/srv/www/phpMyAdmin/'', but we need to first configure it and then point ngnix at it.
robertm /srv/www/phpMyAdmin $ sudo cp config.sample.inc.php config.inc.php
Password:
robertm /srv/www/phpMyAdmin $ sudo vim config.inc.php
Then file in the blowfish secret line with a value, which will be used for the cookies.
Documentation.txt recommends installing mcrypt (esp on 64bit machines)
robertm /srv/www/phpMyAdmin $ install mcrypt
resolving dependencies...
looking for inter-conflicts...
Targets: mhash-0.9.9-1 libmcrypt-2.5.8-1 mcrypt-2.6.5-1
Total Download Size: 0.34 MB
Proceed with installation? [Y/n] Y
Next edit ''php.ini'' and remove the ; from the mcrypt line
robertm /srv/www/phpMyAdmin $ sudo vim /etc/php/php.ini
### like so
extension=mcrypt.so
Now restart php so that it picks up mcrypt being enabled
robertm /srv/www/phpMyAdmin $ sudo /etc/rc.d/spawn-php stop
:: Stopping spawn-php [DONE]
robertm /srv/www/phpMyAdmin $ sudo /etc/rc.d/spawn-php start
:: Starting spawn-php [BUSY] spawn-fcgi.c.186: child spawned successfully: PID: 10824 [DONE]
If you are paranoid, look at the test page we created earlier you should fine 5 instances of the word ''mcrypt''
Next setup the NGINX configuration file for this host. Create a new file ''pma.tarasis.net'' in ''/etc/nginx/conf/sites''. Remember we want to disable access to the libraries directory as directed in the phpMyAdmin documentation. NOTE The directive to deny folder access must come before the php directive otherwise the php directive will process the file before the deny is seen.
server {
listen 80;
server_name pma.tarasis.net;
#access_log logs/host.access.log main;
# deny remote access to the libraries folder.
location ~ ^/libraries/ {
deny all;
}
# disable remote access to .htaccess files, even if nginx doesn't support them
location ~ /\.ht {
deny all;
}
location ~ .*.php$ {
include conf/fastcgi_params;
fastcgi_pass 127.0.0.1:1066;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /srv/www/phpMyAdmin/$fastcgi_script_name;
}
location / {
root /srv/www/phpMyAdmin;
index index.html index.htm index.php;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Now point your browser at your site address and you should be greeted by the login page for phpMyAdmin. If you get the error ''No input file specified'' then you need to add the phpMyAdmin dir to the ''open_basedir'' variable in ''php.ini'' or make the variable contents null.
--- CURIOUS WHY DOES THIS INSTALL SHOW THE PHP SESSION INFO ON THE URL ...
=== Tweak the Database ===
Remove some of the storage options (skip-bdb for instance)
==== Email Server ====
=== ClamAV ===
INSTALL
ENABLE FOR START - EDIT /etc/conf.d/clamav - CHANGE OPTIONS TO YES
REMOVE EXAMPLE LINE FROM BOTH CONFIG FILES -- IMPORTANT OTHERWISE CLAMAV WONT START
robertm /etc/clamav $ sudo vim clamd.conf
robertm /etc/clamav $ sudo vim freshclam.conf
CARRY OUT ANY TWEAKS TO CONFIG FILES
robertm /etc/clamav $ sudo /etc/rc.d/clamav start
HAD TO START TWICE FOR SOME REASON. FRESHCLAM WAS RUNNING AFTER FIRST ATTEMPT BUT CLAMD WASN'T LISTED AS RUNNING. POSSIBLE DB's OUT OF DATE - NOTE FOLLOWING LOG DATA
Mon Feb 25 23:40:21 2008 -> +++ Started at Mon Feb 25 23:40:21 2008
Mon Feb 25 23:40:21 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mon Feb 25 23:40:21 2008 -> Running as user clamav (UID 64, GID 64)
Mon Feb 25 23:40:21 2008 -> Log file size limited to 1048576 bytes.
Mon Feb 25 23:40:21 2008 -> Reading databases from /var/lib/clamav
Mon Feb 25 23:40:21 2008 -> Not loading PUA signatures.
Mon Feb 25 23:40:21 2008 -> ERROR: Not supported data format
Mon Feb 25 23:43:38 2008 -> +++ Started at Mon Feb 25 23:43:38 2008
Mon Feb 25 23:43:38 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mon Feb 25 23:43:38 2008 -> Running as user clamav (UID 64, GID 64)
Mon Feb 25 23:43:38 2008 -> Log file size limited to 1048576 bytes.
Mon Feb 25 23:43:38 2008 -> Reading databases from /var/lib/clamav
Mon Feb 25 23:43:38 2008 -> Not loading PUA signatures.
Mon Feb 25 23:43:41 2008 -> Loaded 219068 signatures.
Mon Feb 25 23:43:41 2008 -> Unix socket file /var/lib/clamav/clamd.sock
Mon Feb 25 23:43:41 2008 -> Setting connection queue length to 15
Mon Feb 25 23:43:41 2008 -> Archive: Archived file size limit set to 10485760 bytes.
Mon Feb 25 23:43:41 2008 -> Archive: Recursion level limit set to 8.
Mon Feb 25 23:43:41 2008 -> Archive: Files limit set to 1000.
Mon Feb 25 23:43:41 2008 -> Archive: Compression ratio limit set to 250.
Mon Feb 25 23:43:41 2008 -> Archive support enabled.
Mon Feb 25 23:43:41 2008 -> Algorithmic detection enabled.
Mon Feb 25 23:43:41 2008 -> Portable Executable support enabled.
Mon Feb 25 23:43:41 2008 -> ELF support enabled.
Mon Feb 25 23:43:41 2008 -> Mail files support enabled.
Mon Feb 25 23:43:41 2008 -> Mail: Recursion level limit set to 64.
Mon Feb 25 23:43:41 2008 -> OLE2 support enabled.
Mon Feb 25 23:43:41 2008 -> PDF support disabled.
Mon Feb 25 23:43:41 2008 -> HTML support enabled.
Mon Feb 25 23:43:41 2008 -> Self checking every 1800 seconds.
=== Exim ===
use
pkgname=exim-custom
provides=('exim')
in your PKGBUILD
For the moment, going with the "stock" ''testing'' version of exim because it provides TLS which the current ''extra''s version doesn't. **Note that in future I will likely custom build it to get SPF /SRS & Domainkeys support. This will require custom installs of the SRS libraries & DomainKeys, as only SPF is currently available in AUR. Also to move onto 4.69 over 4.68#1** TODO
robertm ~/abs/local/exim $ yaourt testing -S testing/exim
resolving dependencies...
looking for inter-conflicts...
Targets: exim-4.68-4
Total Download Size: 0.48 MB
Proceed with installation? [Y/n] Y
=== Dovecot ===
First we need to install Dovecot. Note as we installed MySQL earlier its dependency is already met.
robertm ~/abs/local/exim/pkg/usr/sbin $ sudo pacman -S dovecot
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: postgresql-libs-8.2.6-1 dovecot-1.0.10-1
Total Download Size: 2.06 MB
Proceed with installation? [Y/n] Y
=== DSPAM ===
robertm ~/abs/local/exim $ yaourt -S dspam
resolving dependencies...
looking for inter-conflicts...
Targets: dspam-3.8.0-1
Total Download Size: 0.66 MB
Total Installed Size: 1.63 MB
Proceed with installation? [Y/n] Y
:: Retrieving packages from community...
dspam-3.8.0-1 671.1K 377.2K/s 00:00:02 [#####################################################################################################################################################] 100%
checking package integrity...
(1/1) checking for file conflicts [#####################################################################################################################################################] 100%
(1/1) installing dspam [#####################################################################################################################################################] 100%
adding dspam system group... done.
adding dspam system user... done.
>>> To populate the DSPAM database, you need to follow several steps.
>>> First create a database. Login to the mysql command prompt.
$ mysql -u root -p
mysql> CREATE database dspam;
>>> Next, you need to create a dspam user. At the same MySQL prompt:
mysql> GRANT ALL PRIVILEGES ON dspam.* TO dspam@'localhost' IDENTIFIED BY 'passwd';
>>> Replacing passwd with your chosen password.
>>> If you want a space optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-space.sql
>>> If you want a speed optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-speed.sql
>>> Enter the password you set in the previous step, and the database should be populated.
>>> Remember to edit /etc/dspam/dspam.conf accordenly
>>> If you want to use the postgresql, sqlite3 or Berekely DB4 backends,
>>> read the documentation
>>>
==> Checking for dspam's vote status
You have to create ~/.aurvote with inside: user=YOUR_AUR_USERNAME pass=YOUR_AUR_PASS To create a new account just go to: http://aur.archlinux.org/account.php
Had to end up buidling this "by hand" as the previous did not include the webui. After asking on the AUR page for DSPAM, its (new I guess) maintainer has updated the PKGBUILD file and the new version is now available for i686 but has yet to appear x86_64. So I have grabed the PKGBUILD and created a folder in my abs build dir and built it there.
robertm ~/abs/local $ cp -a /var/abs/community/network/dspam/ .
robertm ~/abs/local/dspam $ mv PKGBUILD PKGBUILD.old
robertm ~/abs/local/dspam $ vim PKGBUILD
#### PASTED CONTENTS FROM CVS
robertm ~/abs/local/dspam $ makepkg -s
==> Making package: dspam 3.8.0-2 (Sat Mar 1 12:54:40 CET 2008)
==> Checking Runtime Dependencies...
==> Checking Buildtime Dependencies...
==> Installing missing dependencies...
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: postgresql-8.2.6-1 sqlite3-3.5.6-1
Total Download Size: 4.99 MB
Proceed with installation? [Y/n] Y
robertm ~/abs/local/dspam $ sudo pacman -U dspam-3.8.0-2-x86_64.pkg.tar.gz
loading package data... done.
checking dependencies...
(1/1) checking for file conflicts [#####################################################################################################################################################] 100%
(1/1) installing dspam [#####################################################################################################################################################] 100%
adding dspam system group... done.
adding dspam system user... done.
>>> To populate the DSPAM database, you need to follow several steps.
>>> First create a database. Login to the mysql command prompt.
$ mysql -u root -p
mysql> CREATE database dspam;
>>> Next, you need to create a dspam user. At the same MySQL prompt:
mysql> GRANT ALL PRIVILEGES ON dspam.* TO dspam@'localhost' IDENTIFIED BY 'passwd';
>>> Replacing passwd with your chosen password.
>>> If you want a space optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-space.sql
>>> If you want a speed optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-speed.sql
>>> Enter the password you set in the previous step, and the database should be populated.
>>> Remember to edit /etc/dspam/dspam.conf accordenly
>>> If you want to use the postgresql, sqlite3 or Berekely DB4 backends,
>>> read the documentation
>>>
=== Procmail ===
robertm ~/abs/local/exim/pkg/usr/sbin $ sudo yaourt -S procmail
Password:
resolving dependencies...
looking for inter-conflicts...
Targets: procmail-3.22-1
Total Download Size: 0.10 MB
Proceed with installation? [Y/n]
=== Vexim ===
Lets first download Vexim, and put it in our web directory
robertm ~/src $ wget http://silverwraith.com/vexim/vexim2.2.1.tar.gz
robertm ~/src $ tar zxf vexim2.2.1.tar.gz
robertm ~/src $ sudo mkdir /home/sites
robertm ~/src $ cd /home/sites/
robertm /home/sites $ sudo mkdir -p vexim.tarasis.net/{public,private,logs,backup}
robertm /home/sites $ cd ~/src/vexim2/vexim
robertm ~/src/vexim2/vexim $ cp -a * /home/sites/vexim.tarasis.net/public/
Create a user for Vexim whose homedir will be used for the virtual mail. NOTE That Vexim docs suggest a UID/GID of 99 but on Archlinux the user nobody & group nobody use 99.
robertm ~/src/vexim2 $ sudo groupadd -g 200 vmail
robertm ~/src/vexim2 $ sudo useradd vmail -u 200 -g vmail -d /home/vmail -m
Next we need to create the vexim DB in MySQL
robertm ~/src/vexim2 $ vim setup/mysql.sql
#### Scroll to the lines with CHANGE i.e.
uid smallint(5) unsigned NOT NULL default 'CHANGE',
gid smallint(5) unsigned NOT NULL default 'CHANGE',
# and change them to the uid & gid of the user we will use to deliver mail, in our case the UID / GID we set above
# Now goto the next line with CHANGE, which should be the following
GRANT SELECT,INSERT,DELETE,UPDATE ON `vexim`.* to "vexim"@"localhost"
IDENTIFIED BY 'CHANGE';
# change the CHANGE to the vexim db users password
Now create the DB
robertm ~/src/vexim2 $ mysql -u root -p < setup/mysql.sql
Next edit the ''variables.php'' file to have the DB's password
robertm ~/src/vexim2 $ vim /home/sites/vexim.tarasis.net/public/config/variables.php
# Change the line marked CHANGE to the DB password
$sqlpass = "CHANGE";
# Next scroll to these lines
$uid = "99";
$gid = "99";
# Change them to the UID & GID created above
The last thing to do is configure NGNIX to handle the ''vexim.tarasis.net'' domain.
=== Roundcube ===
----
Things of possibly interest:
* http://wiki.archlinux.org/index.php/Backup_with_hdup