FreeBSD VPS v3 User's Guide
Contents
1. usr local mysql bin mysql u root Install Additional Supported Features 33 Namazu FreeBSD VPS v3 User s Guide This command will start the MySQL client as the root user Add more users by following the directions in the MySQL Reference Manual or another reliable MySQL resource To make starting MySQL easier create a file with all your start up options instead of having to type in all the different flags at the command prompt To do this create a file in your etc directory named my cnf The contents of the file would appear as follows if you wanted MySQL to report error messages in Japanese mysqld language japanese default character set ujis Access manual pages by typing the following during an SSH session with your server man mysql For more information refer to the MySQL Developer Zone Web site http dev mysql com doc Your server supports Namazu an open source full text search engine maintained by the Namazu Project http www namazu org The software is available for free under the terms of the GPL Your server includes a vinsta11 utility for the search engine software Open WebMail PHP Your server provides support for Open WebMail http openwebmail org a Webmail system designed to manage very large mail folder files in a memory efficient way It also provides a range of features to help users migrate smoothly from Microsoft Outlook to Open WebMail Your server provides a custom ins2. Install Additional Supported Features 42 FreeBSD VPS v3 User s Guide Tomcat Yes TWIG Yes urchin urchin5 Webmin wordpress wpoison Zend Optimizer PHP enhancing application Zope open source content management package WordPress WordPress is an open source software distributed under the terms of the GPL WordPress utilizes PHP and MySQL The software is highly customizable and provides you with the cah1pability to deliver information by means of audio video and other media including blogs and podcasts A blog is a collection of short articles essays or loosely formatted thoughts usually written by one individual A podcast is a multimedia file audio video or multimedia distributed in a series of episodes A customer can subscribe to your podcast download it as soon as it is available and then play it on their compatible devices such as MP3 players Available Features The following list provides an overview of some of the available features included with WordPress e Integrated theme system e Trackback support e Pingback support e Spam protection e Full user registration e Password protected blog postings e Support for importing content from previously designed blogs such as MoveableType e Common blog XML RPC support e Workflow post and draft tools e Intelligent text formatting e Support for services such as Ping O Matic designed to update Web search engines As an open source
3. The vadduser command is a custom script with which to add user accounts If you are not familiar with the command refer to the manual pages man vadduser To run the vadduser command connect to your server by means of SSH and then type vadduser at the command prompt The on screen instructions prompt you for the required information The vedituser command is a custom script that modifies an existing user account It prompts you to modify the user information including permissions and quota Because user account information is stored in several locations including in hashed databases it is important to use the tools listed above rather than attempting to modify account information by editing the files directly When a user account is no longer needed remove the account using the vrmuser command This gives you the option to keep or remove the home directory as well Do not use this command to disable a user who you intend to reestablish at a later time In those cases it is better to change the password or to disable a user s privileges User information is stored in several different files on your server First the etc passwd file contains a list of user names along with some account information The following is a sample entry for the user test test 1001 1001 Test User Account home test usr local bin tcsh The entry contains seven fields in a colon delimited list The first field is the username followed by an asteri
4. example User agent Disallow spammers Zend Optimizer Zend Optimizer enables you to run encoded files and enhance the performance of your PHP scripts The package is a passive module which runs within the framework of PHP and uses multi pass code optimizations to potentially double the running speed of current PHP applications This add on is appropriate for all PHP users who can benefit from the better response time featured by the package The increase in speed for running PHP code reduces the CPU load for the server and cuts latency time in half Once you install the package the version is updated automatically by means of server software updates Zend is a trademark of Zend Technologies Ltd http www zend com products zend_optimizer and is distributed under the terms of that organization Install Zend Optimizer Follow these steps to install Zend Optimizer 1 Connect to your server by means of SSH 2 Verify you are signed into your account as root su to root 3 Run the following command vinstall zendoptimizer 4 The install will ask the location of your php ini file By default this file will be located in the usr local php5 1ib directory 5 Run the following command restart_apache Go Beyond Zend Optimizer Basics Zope To learn more about configuring and using Zend Optimizer features refer to the online Optimizer forum http www zend com zend optimizer forum php Zope is an open source c
5. office microsoft com en us frontpage default aspx For more see FrontPage on page 27 Java Java Servlets and JavaServer Pages Your Pro or Pro Plus server plan provides support for Java Java Servlets and JavaServer Pages http java sun com Java is a trademark of the Sun Corporation Java products are developed maintained and distributed by that organization Although they include the same software and packages other plans such as Starter and Basic do not include this support for Java applications Your server includes a set of custom installation utilities or vinstal1 for the Java Developer s Kit JDK and Java Runtime Environment JRE For more see Java on page 28 iManager Web based Server Utility Comparable to the CPX Control Panel Manager is a Web based server utility which enables you to manage many of the common tasks involved in server administration In addition to basic user and subhost configuration tools it includes an IMAP style email manager and an easy to use file manager Your server provides a vinstal1 utility for iManager PHP4 PHP5 Your server supports PHP Hypertext Preprocessor http www php net the widely used general purpose and open source scripting language distributed with most UNIX binaries Your server includes a set of vinstall utilities for PHP For more see PHP on page 34 MIVA Empresa Your server supports MIVA Empresa to provide Web development and
6. 5DJtV223gnq0fKq7se32r9INOPW3F 3jD1JC 4zZzry5LRiSPNImCYgq2E1578 h6S6i6auD1nTDDOLAgMBAAGgGDAWBgkqhkiG9w0BCOcxCRMHZ3JvYmxpb jJANBgkq hkiG9IwWOBAQOFAAOBGOANWO 7wudkfkxrrZA41Xb0YeXWLngHtNdzPJ8WyzO3jGof4h JkpDPV6SIJqHEszpmZl1jEgb6fxgeiM4cpWSFGJA1ONFzZ Ra8 msrLLBMM zPuHpER OPFCsrIErmaBgnmymGOk DiHvhV LqCkAgjcS2Kpn0cOy8KRyXzUc4k TTw0Uw ES END CERTIFICATE REQUEST You are required to enter information about your company including the official company name and address Default Applications for Your Server 18 FreeBSD VPS v3 User s Guide After you have ordered your certificate and sent in the requested documents the signing authority will issue you a signed certificate Once you have your signed certificate you can install your signed digital certificate Install your Custom Digital Certificate Once you have obtained a signed digital certificate install it and configure SSL to use your certificate and private key instead of the default When you got your certificate you most likely saved it to a file on your local computer Copy the file onto your server by means of SCP Be sure to copy the file using ASCII format to avoid corrupting the file Once the certificate is on your server get the Private Key which you generated at the same time as you generated the CSR and confirm it is in the usr local certs directory with the name ss1 px Verify to keep a copy of the Private Key in a different location as well so
7. Private Key files to the new server Copy the files to the usr local certs directory The certificate is in a file named ssl cert and the key is in a file named ssl pk If you use FTP be sure to copy the file using ASCII format to avoid corrupting the file 3 Verify the Private Key has been decrypted by looking at the file If the key has not been decrypted the first few lines appear as in the following example Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC BCC23A5E16582F3D 4 To decrypt the key connect to your server by means of SSH and run the following commands cd usr local certs openssl rsa in ssl pk out ssl pk Create a PEM file that contains both the certificate and key To do this run the following commands cd usr local certs cp ssl pk YOUR DOMAIN NAME pem cat ssl cert gt gt YOUR DOMAIN NAME pem 5 Edit your www conf httpd conf file to look for your certificate file by adding the following command SSLCertificateFile usr local certs MY DOMAIN NAME pem Default Applications for Your Server 20 FreeBSD VPS v3 User s Guide 6 Once you have added the certificate directive to your www conf httpd conf file issue restart_apache to make Apache start using the new certificate Renew Custom digital certificates Order signed digital certificates for periods of one to three years depending on the signing authority It is important to renew digital certificates no less
8. The following is an example of HTML source markup lt form method POST action cgi bin formmail pl gt lt input type hidden name recipient value order yourdomain com gt lt input type hidden name subject value Order Request gt lt input type hidden name required value realname email phone gt Please Enter Your Name lt br gt lt input name realname size 40 gt lt p gt Please Enter Your Email Address lt br gt lt input name email size 40 gt lt p gt Please Enter Your Phone Number lt br gt lt input name phone size 40 gt lt p gt lt input type submit value Submit gt lt input type reset value Reset gt lt form gt Once your form is complete you should be able to send email messages using it Install Additional Supported Features 26 FreeBSD VPS v3 User s Guide FrontPage FrontPage provides tool for Web pages designed and implemented with the Microsoft Web development software http office microsoft com en us frontpage default aspx In order to use Microsoft FrontPage in conjunction with your server you must install the FrontPage Server Extensions Your server supports the extensions and provides them without additional of charges You can use a vinstal1 utility to ensure your server includes the extensions you need HTTP Analyze HTTP Analyze is a Web Log Analyzer that watches the transfer log file of you
9. User s Guide e User Specific Filters enables individual users to use different methods of dealing with spam The user specific settings enable you to configure specific users with different ways of dealing with messages tagged as spam Once you tag a message SpamAssassin will do one of the following with the message depending on your system and user settings e Deliver Tagged messages along with Untagged messages enables the user to see if a message is tagged as spam and enables them to make the final decision to read the message or not If you have system wide filtering on it is a good idea to use this option for the system level filtering e Deliver Spam to a special mailbox delivers untagged messages and delivers tagged messages to a special mailbox or IMAP folder This is a good user level setting for all users who don t want potential spam cluttering the user s inbox but want to have the option to check through to see if there is anything important among the tagged messages e Deliver spam to a special mailbox and forward non spam to another address specifies that if a user has another account that they forward the user s messages to this enables you to filter out spam before forwarding the messages to the user s account e Forward Spam to another address specifies non spam is delivered normally but spam can be forwarded to an account on a different server e Delete Spam specifies that all messages tagged as spam are del
10. also includes a set of vinstal1 utilities for the software Perl5 By default Perl is pre installed on your server as a core service Your server supports Perl http www perl org the widely used open source cross platform programming language distributed with most UNIX binaries Your server includes a set of vinstal1 utilities for mod_perl For more see Perl on page 14 E Commerce FreeBSD VPS v3 supports the following e commerce software packages ShopSite For an additional fee you can add ShopSite http shopsite com shopping cart software to your server Once you have made the purchase refer to ShopSite customer documentation and Web site content MIVA Empresa MIVA Empresa http smallbusiness miva com products empresa provides an e commerce solution The server features are the same as other plans but also include the MIVA license and software A set of vinsta11 utilities are available to assist you as you install or upgrade your e commerce plan FreeBSD VPS v3 User s Guide Databases The following add on database software packages are supported by your server e MySQL Your server supports the current stable release of MySQL an open source database server and tool distributed under the terms of the GNU General Public License GPL For more see MySQL on page 33 e PostgreSQL Your server supports the current stable release of PostgreSQL an open source relational database system di
11. application WordPress is not limited to this set of features There are numerous extensions or plug ins developed by the community of WordPress users Refer to the WordPress Web site for more information about standard WordPress features extensions or plug ins Install Additional Supported Features 43 FreeBSD VPS v3 User s Guide Before you Install WordPress Get Started You must uninstall any previously installed version of WordPress present on your account prior to installation using the vinsta11 utility Also make a backup of your previous configuration of blog or podcast software as well as of the databases to which they refer The vinstall utility provides for installing WordPress to any sub host configured in the Apache configuration file httpd conf The vinsta11 utility for WordPress runs a script which places the WordPress version 2 0 2 on your account To install the software run the following command from a SSH prompt vinstall wordpress Note If you are upgrading WordPress from a previous installation ignore any warnings you receive regarding your existing MySQL database After the installation completes use your preferred browser to access the following location https YOURDOMAIN WORDPRESS upgrade php Replace YOURDOMAIN and WORDPRESS with the domain and directory respectively in which you installed WordPress After visiting the upgrade page replace your customizations by utilizing the backup file you m
12. commercial use only If you are going to use PGP for Install Additional Supported Features 34 FreeBSD VPS v3 User s Guide commercial use you must purchase a license from Network Associates This version of PGP has also been modified so that it will work in both the virtual and non virtual environments Modifications have also been made to the PGP executable provided such that it will only run on FreeBSD VPS Please do not attempt to export this version off of your server It will not operate An alternative to PGP GnuPG is distributed under the terms of the GNU General Public License For more information refer to the PGP GnuPG Web site http www gnupg org GnuPG The GNU Privacy Guard is a tool for secure communication and data storage It can be used to encrypt data and to create digital signatures It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 GnuPG is a complete and free alternative to PGP Because it does not use the patented IDEA algorithm it can be used without any restrictions PostgreSQL Your server supports the current stable release of PostgreSQL an open source relational database system distributed by PostgreSQL Global Development Group under the Berkley Software Distribution BSD license The database system was formerly known as Postgres and Postgres95 If you choose to configure PostgreSQL add the following lines to your shel
13. determine if there are any special delivery conditions for the recipient address Once an email recipient has been checked against the virtusertable for domain based delivery the domain name of the recipient is ignored by Sendmail The username without the domain is then checked against the aliases and finally delivered to the correct local user s mailbox You can configure your server to relay email messages for authorized domains This allows you to use your server as a secondary mail server When an email message arrives with a recipient domain that is listed in the etc mail relay domains file Sendmail attempts to deliver the message to the primary server If the primary server is unable to accept the mail Sendmail holds the messages in a special queue and delivers them to the primary mail server once the primary server is online again This feature is especially useful to companies using exchange servers or who have limited network access to their primary mail server While there are many possible reasons to filter mail a common use is to prevent spam In addition to recipient based email routing you can configure Sendmail to filter or route messages based on other elements of the message The easiest way to do this is with Procmail an easy to configure mail filtering add on For more information see Procmail on page 36 You can also configure Sendmail to filter by using the M4 macro set http www sendmail org m4 intro_m4 htm
14. email privileges The FreeBSD operating system provides a compatible base for operating system level server virtualization a template based UFS2 file system or skel package and copy on write COW file system optimization For information about the full command set provided on your server consult the manual pages or man pages Man pages also provide information about system calls library calls special files as well as file formats and conventions Use the Features of Your Server Following are examples of how to use the features of your server Host an e commerce Web site Support a corporate intranet Build a custom development environment Provide Web based calendaring Provide multimedia applications Host an online game site Manage an email system Create a customer support tracking system Backup important data Host multiple Web sites FreeBSD VPS v3 User s Guide Configure Your Server Important If you are migrating or transferring services to a FreeBSD VPS v3 verify you have a backup local copy of the files which are essential to your Web site For example if you have essential content and graphics Save them in so that they are accessible even when you are unable access to your server Do this prior to following any of the subsequent instructions As you begin to configure your server consider the processing power memory and disk space available on your local system The following are basic network requirement
15. http www proftpd org and is available for free under the terms of the GPL As you configure ProFTPD you must implement only the application features supported by the current release To use FTP to transfer files between your private server and your own local computer system you must have an FTP client or program installed on your local computer system For your private server configure ProFTPD to suit your use of the software The ProFTPD configuration file is located at the following location etc proftpd conf Use an online file editor or transfer the file to your local computer system to make any configuration changes ProFTPD runs as a daemon on your private server The software reads its configuration file each time a process is spawned IMAP By default as a core service your server provides IMAP server processes You can add as many IMAP users as you want to The protocol provides a method of accessing email or other kinds of electronic messages IMAP enables the messages to be stored on a mail server The protocol enables a client email program to access remote messages in a manner that appears to the user to be local For example the Mail user can manipulate email stored on an IMAP server from your personal computer at home your workstation and your notebook computer The protocol enables you to do this without storing the mail on your local computer This way you can access the mail from any location Default Appli
16. ien dcir dicta Si DENE acted S E B Sehsdsdh cunts di a dene lo 44 Go Beyond the Basics with WordPressi sonics enra n ERN oa r A a E EA aeaa aeea CoE Es E Eose 44 The Webalizer ita lo Eeoa aie bite Phan Raion wen A een eats 44 Wed eeen eneen a ala iste Bren cheap laa eal a Ai hahaa aay Si ala Hele h aie ea ones 44 WebTrends ita dedien assign cel eRe aisen leita oe arked wa ent avd ane Sie aa 45 W pols OD ui DRL eas dees asia eR tated ee RIL Biddy salen ate Ri ag 45 Install W polsOiiiiscs54 inet a avanie nei Aided EEE E a ated Bae aia E E ee 45 Use WO dit ae AS shee el NS sd 45 Zend O POMAR 46 Install Zend O plz ii A eee 46 Go Beyond Zend Optimizer Basics cintia eel EE E PEAN ES E EEEa dotes 46 ES E 46 AI sess sesespsodsdeteschacveuscasussuasbecssveeusdsvestyseasyeosdeashesseessssonsdvsesvae sagohoucess sash dedveadysedeseas ede oentapey 46 USC ZO NN 47 Go Beyond th Basics of ZOPE m a ear aa iia add 47 Troubleshoot Your Server 48 General ISSUES E EEEE sehschssstesctudstuscte svausoeds subset esssveesstssyesuocbowsoadesubasteestncedsdespavyasvanse dossseeseedsooenased 48 Failur to Create d Virtual H st narn ta ea korr a a aaea rea re Eora EEr EA Ap eCa Eaa Seana EEE ia en 48 HEA AO OTE REE E T E ER E EEE E A 48 CHECK Los aI E ES E E E EE E EE EE E E E E E EE 48 Check f r Idle Proc sseS cui tl tic 49 Custom Digital Certificate Problems ooo pt 49 Table of Contents iv FreeBSD VPS v3 User s Guide Introduction Use the instructi
17. if you make a mistake you don t lose your Private Key Create a directory on your server and store a copy of both your Private Key and the Certificate until you are certain that the new certificate is working properly Connect to your server by means of SSH and run the following cd usr local certs openssl rsa in ssl pk out ssl pk The openssl rsa command removes the default encryption on your key and makes it useable by the Apache HTTP server Verify your Private Key has been decrypted or not by looking at the file When your key is generated the first few lines are similar to the following example Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC BCC23A5E16582F3D hfWyPkea3gnVCHCZJ zgQpCHIRZF 7WIYXGYohdbf kJYOETLwXaqjvnNHQlLomwIt After decrypting your key the key changed as in the following example PRE BEGIN RSA PRIVATE KEY MI ICXQIBAAKBgQCot 9aa9R38QevF SWqU718VFxqEDcY4gJ dZ6sBy282 jdgCVcwU q92t05V3amQ0anoSIWx1 09GYm5kJSo3b29Gib2sqLiHZFav bR L5IDFOMwcSTyp O0I90tCK72 rrxM1 Gt8b5saEildmGO4ar9AM2DYYOCFKYR62mMDZ7mRa6wIDAQAB AoGBAJWy 0Cqb1GhvgSeCdZwCK ZFopRKuHcHu jeLtRKZk2rfPisMP1CUEdObJLJY 5ssrnUJzM SBSf5TCN1S133dZg2NRBq 68L1dR 3voEWv2ebPhzic3jw8110xuVoX HbXhM052Bmhp8XWZd3VdkxXyQuTQeh1 7F4R203 9r 9VP 8 8pGnRAkKEA4OxTu4p6gAxF 14JwigFeswdoq 3Ej9KkKGy wM4psGOqUr zWzgKmN R1INpSRWcyohpSOsU8yFcHb bydNYvyY j OWJBAMAHGQENrGx 3XEzcCx3uY8vvlgvcNFou0RKKcoaHyf 8n028AJAE ZAM Th cFcJVYEeb8n54ED4979c gr3ttYkC0D444okVLAJUYsOhL6UKMzpvqEM6
18. specific domain name which must match exactly to avoid an error For example if your certificate is for the domain www my domain name and you type https my domain name into the browser you will get this warning Likewise if your certificate is for my domain name and you enter https www my domain name into your browser you will get the same warning To avoid this warning verify the exact domain name on the certificate when making links to secure pages Following are suggestions to use as you troubleshoot for digital certificate problems e When you make links or include images in pages the URL is an absolute link and includes the protocol domain and path to a file If you include an image in a page using an absolute URL see an error when the page is viewed using a different protocol than the one indicated in the image URL For example include an image as follows http www my domain name images myimage gif When you access this page through secure protocol such as HTTP over SSL HTTPS you will see a warning that the page has encrypted as well as unencrypted content The easiest way to avoid this error is to use relative paths as in the following example images myimage gif e Many older Web browsers only support 40 or 52 bit encryption Because modern SSL certificates use 128 bit encryption older browsers may not be able to view pages securely If many of your customers are likely to be using older browsers you must acquire a s
19. than 30 days prior to the expiration date to avoid any interruptions with your SSL Service The renewal process is different for each vendor and certificate type After you have completed the renewal process the signing authority will issue a new signed certificate Once you have received the renewed certificate replace the original certificate on your server and restart Apache Follow the instructions to install your signed digital certificate to complete this process Default Applications for Your Server 21 FreeBSD VPS v3 User s Guide Install Additional Features There are additional features actively supported by your server Most are offered without additional fees Some such as support multiple IP addresses require you to pay additional fees Many include vinstall and vuninstal1 utilities you can use to more easily install configure and update your server Further server software updates continuously apply the latest stable versions of the features Accrisoft Freedom Accrisoft Freedom also referred to as Accrisoft RBT provides you with a suite of tools to build and manage your Web sites The Accrisoft suite is available as a fee based additional feature for your account Once you purchase the suite and verify the installation refer to Web based information documentation and instructions provided with the purchase of the suite for more information Accrisoft Freedom is developed maintained and distributed by Accrisof
20. to see information about any aspect of the data traffic associated with any other IP addresses The FreeBSD operating system supports a standard UNIX command which enables you to see the status of network interfaces for your server Use the command for diagnostic and configuration tasks For example if you issue ifconfig command without any additional argument all of the currently active interfaces are displayed If you run the command with the additional argument of a all of the interfaces including inactive ones are displayed Beyond the simple display of interfaces the command includes additional arguments which enable you to specify IP addresses for each of the network interfaces If you do specify another address in error the remedy is to log into your server as root and use the ifconfig command to specify a correct provisioned IP addresses For more details about the ifconfig command refer to the FreeBSD operating system Man Pages CPX Control Panel and Multiple IP Addresses MySQL You can configure Multiple IP Address settings with the assistance of the command line interface your server offers The ability to utilize the CPX Control Panel to configure multiple IP address features is coming soon Your server supports the current stable release of MySQL an open source database server and tool distributed under the terms of the GPL To use the MySQL client connect to your server by means of SSH and run the following command
21. your server as a core service Your server supports Perl http www perl org the widely used open source cross platform programming language distributed with most UNIX systems As you configure Perl you must implement only the application features supported by the current stable production release The performance of the CPX Control Panel is dependent upon support for Perl Modules POP 3 Server By default your server supports the Post Office Protocol version three POP3 to enable access and retrieval of email stored remotely on your server The POP3 mail client enables you do download email from your server to a local computer system Other protocols such as IMAP leave the email on the server rather than downloading it to the local computer system When you configure email settings each program may be different However most email programs require some of the same basic information as follows e Email address This is often listed as POP account or IMAP Account return address or reply address and some programs may request this more than once In every case however this is simply your username at your host domain such as username example com e Username Also often called POP ID or Account Name this is your username e Password This is the password associated with your username Some programs do not ask for the password until you check your mail e Incoming mail server This phrase or a similar one ref
22. 1gW8 C490sPnXTQoOy21030yarYppxsyTEAbvacDkV61S4zrNK5GqlvzkUCOF45 OGVR7k92mPZZBSvsu5K1HTEKZ1N7Dpjdw0 2LZ TaB epnARlyN5FUFRA6PZ Npm fUDtbRr93ViTBdhocfECQOODfxT3bUN3vJUeWQie0g20037yzb3jMD5M3JA 9z gqh1V Cb 4kQSEWrP 7EdJk4cOHOH ZY jinf77x8v2PbnaKkE5Dc Teman END RSA PRIVATE KEY Edit your www conf httpd conf file to look for your certificate file by adding the following command SSLCertificateFile usr local certs example com pem Once you have added the certificate directive to your www conf httpd conf file issue restart_apache to make Apache start and utilize the new certificate Check to verify the new certificate is working by connecting to the domain your certificate is configured to use by means of HTTPS For example if the domain name were www example com you would type https www example com into your browser s location bar If the page loads without any errors find the lock icon on your browser and click or possibly double click on it This brings up the certificate information or a window that lets Default Applications for Your Server 19 FreeBSD VPS v3 User s Guide you view certificate information Check that the certificate is using the correct domain name and has the correct information If you intend to use your SSL certificate with email as well make links so that the POP and IMAP services are able to find the file as well ln usr local certs example com pem usr local certs imapd p
23. AP accounts email accounts OpenSSH OpenSSH provides connectivity tools that encrypt all traffic including passwords to eliminate eavesdropping connection hijacking and other attacks OpenSSH also supports secure tunneling capabilities and several authentication methods and supports commonly used versions of the SSH protocol Perl and Perl provides a cross platform programming language mod_perl POP3 server Your account supports Post Office Protocol version three POP3 and email services for the purpose of handling email Also unlimited POP email accounts accounts are supported by default Python provides a dynamic programming language for your server Ruby provides interpreted scripting language for object oriented Default Applications for Your Server 10 FreeBSD VPS v3 User s Guide programming Sendmail Sendmail with unlimited aliases provides support for the Simple Mail SMTP Server Transfer Protocol SMTP SSL and SSL Privacy and encryption provided by support for the Secure Sockets Layer mail SSL protocol Your account defaults to utilize a shared SSL certificate encryption Unauthorized Your account supports the SSH service under inetd and enables the relay ability to limit the rate of incoming SSH connections to eliminate this protection additional load If you modify your inetd configuration verify your configuration continues to work with the new configuration Apache HTTP Server As
24. AP or more precisely IMAP4 e SMTP provides a standard method to send email messages between servers e POP provides a standard method to retrieve email from a mail server e IMAP provides a standard method of accessing electronic mail or bulletin board messages kept on a shared mail server These standards are maintained and updated as Internet industry standards by the Internet Engineering Task Force http www ietf org Expect http expect nist gov the UNIX automation and testing tool enables your server to interact with other interactive programs according to a script In addition the user can take control and interact directly when desired afterward returning control to the script Your server provides a vinstal1 utility for Expect The tool is maintained and distributed with coordination with Don Libes by the National Institute for Standards and Technology NIST FormMail is a CGI program designed to generate email based on the input from an HTML form Installing FormMail To install the FormMail CGI on your server connect to your server by means of SSH su to root and run the following command vinstall formmail This command installs three files FormMail pl FormMail examples and FormMail readme into your www cgi bin directory The examples and readme files contain various information and examples on using FormMail Install Additional Supported Features 25 FreeBSD VPS v3 User s Guide Set up the scr
25. Additional Supported Features 29 FreeBSD VPS v3 User s Guide terms of secure net name servers you can manage Domain Name Service DNS for domains associated with the additional IP addresses If you are a reseller you can do this from the Reseller Backroom In general the services bind to all IP addresses However Apache and SSL recognize and operate using a specific IP address Overview of Configuring Multiple IP Addresses The following provides an overview checklist of the tasks you must perform in order to utilize support for Multiple IP addresses e Set up DNS for additional IP addresses e Set domains for DNS services e Assign each IP addresses to a virtual host e Install a SSL certificate for a virtual host Managing Multiple IP Addresses Subhosts and Certificates Prior to the introduction of support for multiple IP addresses your server enabled configuration of multiple Web sites and domains in addition to the main domain of the server or hostname The hostname and subhosts were associated with the single base IP address for the account You may have placed the Web content for your hostname in the usr local apache2 htdocs directory You may also have configured a custom hostname during the order process To assist with the process of configuring and testing your server all VPS v3 servers receive a temporary domain name or temp domain which resolves to your VPS v3 server Use this domain if the custom hostname is t
26. FreeBSD VPS v3 User s Guide Second Edition August 2008 FreeBSD VPS v3 User s Guide Table of Contents INtrOductiOn csssssersessrsersessrsersessrsessessrsessessssessessssessessssessasessessesessessesessessessssessesessessesessessasesesessesesesessesesessesessserses 1 How to Use this Document A ad 1 Audience for this Documents 25 east 1 OVIEDO e 1 Shell Prompts in Command ExampleS oooonoccnccnnccnoonconnconoconoconocnnonnnonnnonnnrnn E EE none carro EESE cn neon nen nenn rra EE e 2 Overview of Your Vii indicando 2 Functional Overview of Features cccicsccccccscsecciecesdaccececteseccecvactcsecvecscsndescnesacheieesacvscdsiectaceudaduecucvesendveceetncnecestestesdesteses 2 Services and Features OVErvVie Wiisis cisssvseccesstesesuensvaceesstesvaeceveneunsabepecevancesvsaestacsevetvesaadescucedatadeceessteadseceevadsededevsaesetes 3 Web VIC died 3 Matt Services ii iio 3 FIP Sery eS r a a Ee A E EEEE EE a A EE EA EEE ETER 3 Web Development Toolsia neirinne eegent ra codes E E AEREE E E TE E REE T 4 Be COMMer Cees cis Seeded A TN E AE EN 4 Database nta ce 5 Mied a a r A e E R 5 Statistics and Los Analyzer Packages oil ir E E A E E E AEE 5 FreeBSDisa UNIX Operating System vrenr e e A EEEE AEE EE E E 5 FreeBSD UNIX and Your Server ici E E AETA TE A A a iias 5 Use the Features Of YOU VE id 6 AA possesses toes stooo essor roseis e rs sinesi s stoso s borsos rossoi 7 Connect to Your Server the First TM usina T E chas
27. R1bmt 3b3JrczEVMBMGA1UEAXMMTWF yayBT cGVuY2VyMScwJQYJKoZIhvcNAOKBFhh3ZWJtYXN0ZXJAc3R1bmt 3b3Urcy5 jb20w gZ8wDOY JKoZIhvcNAQEBBOADgYOAMIGJAOGBAKIkMHnII4uNDwgTYSBYdiiOBLTY NOsT Xp 5sG1VX31YhDMoLzWxBbaulx2hEuf31Sfkm65Mrd834nMFVIGf1sGnFCj C1gx0 5DJtV223gnq0fKq7se32r9INOPW3Ff3jD1JC 4zZzry5LRiSPNImCYgq2E1578 h6S6i6auD1nTDDOLAgMBAAGgGDAWBgkqhkiG9w0BCOcxCRMHZ3JvYmxpb jJANBgkq hkiG9w0BAQOFAAOBgQANWO7wudkfkxrrZA41xXbOYexXWLngHtNdzPJ8wWyzOjGof4h jJkpDPV6SIqHESzpmZ1jEqb6fxgeiM4cpWSFGJA1ONFzt Ra8 msrLLBMM zPuHpER OPFCsrIErmaBgnmymGOk DiHvhV LqCkAgjcS2Kpn0cOy8KRyXzUc4k TTw0Uw IS end CERTIFICATE REQUEST In the directory where you ran the openssl command you will also find a new file called privkey pm This is your private key which you will need at a later time The following is an example of a private key BEGIN RSA PRIVATE KEY Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC BCC23A5E16582F3D hfWyPkea3gnVCHCZJ zgQpCHIRZF 7WIYXGYohdbf kJYOETLwXaqjvnNHQlLomwIt CvAzXhq8wnHur6SK21S00ry3aSCvrBezH99miSJvtnTOHV1RIDNvaYQDbe01Z26D hY2Ygha56Z8pvrTTolJfNLOsW4ewdws1wR4kxYDYkpusoe Wed9Wg i6xr9Ym13T le 9bb01PK2D 3gJDhWW aZHiMmLcYJtmWmf0wUMdmlibWYuq0UH1EefiLq3SLKK2 izvYpWDGHxVgtmzupvoc2E6CS3rQ0eRN3009RqhzqdGqP8Xy x11LMuDRULPY54Kp 3a4gazCXdlxctK70XX5TdhiMsFEb5L1wA8CsnKE69nzs8MOLiz6mj tAhGB6KVKB4 dod3Wn6z20cus21SY5LxFkfq6JZrAsqSZzFzETN9n2Fbel2pTp3IRWx70 WBT1rM uIMgUSKszpvgzg0Tf 2Kxfw6YW15SEpEGA8PeiGrM1NeT2TFtgiQBROdAy7TOxgB1I LOW2r5 1347Zga
28. SD VPS v3 Release Notes e FreeBSD VPS v3 New Feature Supplement e FreeBSD VPS v3 Technical Overview access limited There are also Web site resources such as a documentation library and Frequently Asked Questions FAQ The documentation library is updated to include information about new features introduced to your server Shell Prompts in Command Examples Command line examples included in this document assume you use C shell csh or TENEX C shell tcsh Wherever a command is able to be issued by a user this document provides a dollar sign prompt When a command is meant to be issued as root this document provides a hash mark When you follow the instructions in this document type the double quotes or single quotes as displayed The root path typically includes bin abin usr bin or usr sbin directories The instructions using commands from these directories show the commands in these directories without absolute path names Instructions which use commands in other directories show the absolute paths in examples Overview of Your Server FreeBSD VPS v3 is the third major release of custom proprietary VPS technology Your server provides access to system administration services and technical support In addition you can configure and customize VPS exactly as you wish Your server provides resources for high Internet traffic levels and VPS is well suited for applications which use extensive Random Access Memory RAM For
29. a core service your server supports the Apache HTTP Server version 2 x The open source software is distributed by the Apache Software Foundation http www apache org under the terms of the Apache License Apache HTTP Server maintains ongoing compliance with the HTTP standard which provides an application level protocol for distributed collaborative hypermedia information systems Autoresponder Note The information included in this document applies only if you have not installed the CPX Control Panel Web interface If you have installed the Web interface refer to the release notes and users guides for CPX Control Panel Automatic responses to electronic email also referred to as autoresponder and autoreply are part of the core services of your account and installed by default on your server The autoresponder provides an email alias which executes a program that automatically replies to any email sent to it You can configure the email address to automatic reply with any message in the specified text such as an FAQ some marketing information or a product list To configure an autoresponder create and store an appropriate reply message named autoreply in the user s home directory You can use an online file editor such as Pico vi and Emacs Or you can transfer the file from your local system in order to add the alias If you transfer the file be sure to download and upload the autorep1y file in ASCII mode For exa
30. aar ai ee iison 20 Move a Certificate O A NeW OOE e e aa E E aas 20 Renew Custom digital certificates ar aaar prices 21 Install Additional FeatureS omoomommsmmmsmmmmmmm 22 ACCTISOME Da Oia AEE ol a 22 Apache DSO Mod leS ariete NN 22 ASpel orinni E AAE E A A Eeh Ea aa Er ss teausacesasnss sssdosonpncessieiteass 22 ClaMA Vocal ira dias 22 Table of Contents li FreeBSD VPS v3 User s Guide CPX Control Panel oscila dre ter die dactilar 23 Email List Package ii A Ainas 24 Dada Mali ar ease aie adas da A od eo 24 MajordOm seis EE EE EE eii das decai Locus td taba Erie dre da ii 25 Maliante ata as Tei dune As IE la 25 Emall Sevi a A ii Biss io eer 25 EXpeChiunsiiin austral deleted doce ceba dorada dans E E E EE E dct budvuebe gaat dedysen AE 25 Eor Malliuai ii e bo 25 Installing FommMalliiiincoio rs lia 25 Using FormoMalla o eisai ie a ed A RIE 26 BrOmtP age in it 27 HTTP Anal ZE oi A is 27 iManager Web based Server Utility o oonccnonicnncnicnoonnonocanonnnnonannncnnonononocnnrononannncn nono none cnn nn no nan non nn non n oran conan none onnn none 27 Vd A IA a Ne 28 MajorCool Web Interface Maintenance Tool ec ceesesscesscseseeceseeeeesecseesccneeseceecseesecsaeceessecaeesesneeeeesaeeeeeeesaeseeaeeas 28 Metal A tra 28 Multiple IP AddresS iii 28 How Multiple IP Addresses Work with Other Features ooooonnccnonnnnoccnnnononononannnonnonncnncn nono nono nn cnn on cra cnn rn non rnnraninrnnns 28 Overview of the New Mult
31. active Web content The software is developed maintained and distributed by Adobe http www adobe com shockwave download download cgi You Install Additional Supported Features 38 FreeBSD VPS v3 User s Guide can include Flash multimedia presentations on your Web sites You can use Flash content to add high impact graphics animation and interactivity to your Web pages You may need to add the following MIME types to your www conf mime types file application x shockwave flash swf cab application futuresplash spl After making changes to the mime types file you must restart your Web server In order to embed your filename swf Flash content in a Web page you must include at least the following HTML code lt OBJECT WIDTH 550 HEIGHT 400 gt lt PARAM NAME MOVIE VALUE filename swf gt lt EMBED SRC filename swf gt lt EMBED gt lt OBJECT gt The OBJECT tags are for Microsoft browsers and the EMBED tags are for Mozilla browsers Substitute the filename of your Flash content for filename swf SquirrelMail Swish e TCL Your server supports SquirrelMail for Web mail processes The open source software is distributed by the SquirrelMail Project Team http www squirrelmail org under the terms of the GPL Your server supports Simple Web Indexing System for Humans Enhanced Swish e an open source system which enables you to index Web page
32. ade before you began this process Refer to the WordPress Web site and documentation for further information regarding maintenance administration and troubleshooting Go Beyond the Basics with WordPress Following are links to Web sites you can use to learn more about WordPress software blogging and other related services These Web sites inform you about concerns in the Internet development community regarding how these applications interact with each other In addition many of the Web sites provide opportunities for you to subscribe to topical email lists and RSS Web feeds e MySQL Developer Zone http dev mysql com e PHP Group http www php net e WordPress Open Source Software Wiki http codex wordpress org Main_ Page e WordPress Open Source Software homepage http wordpress org The Webalizer Webmin Your server supports The Webalizer http Webalizer domainunion de The Web server log file analysis program distributed under the terms of the GNU General Public License as published by the Free Software Foundation Manual pages are installed on your server when you install The Webalizer Use the following man command to access them man Webalizer Your server supports Webmin http www webmin com a UNIX Web based interface for system administration There is a custom installation utility vinstall webmin to assist you as you install the interface Webmin is available from the FreeBSD Po
33. all utility e Creates HTML based graphical reports of Web server traffic e Provides multi language reporting e E commerce log reporting e Provides the ability to track up to 100 Web sites or profiles Note Development and documentation for Urchin 3 is no longer available If you are currently running Urchin 3 consider upgrading to Urchin 5 Install Urchin Connect to your server by means of SSH su to root and run the following command vinstall urchin5 At the end of the vinstal1 utility your Urchin 5 installation should be fully licensed with a permanent license and ready to configure Be sure to note the URL of the Urchin administration interface as well as the Username and Password of the administrative user You will need them to configure Urchin 5 Install Additional Supported Features 40 FreeBSD VPS v3 User s Guide It is important to note that the main difference between your server s installation and standard Urchin 5 is that your server s runs on the main Apache Web server rather than on a stand alone Web server used by Urchin exclusively This difference means that some administrative tasks might require minor changes to the usr local apache conf httpd conf configuration file and a restart of the Apache daemons Additionally some sections of the README file install txt file and the documentation may not be applicable to your Urchin 5 installation Configure Urchin To configure Urchin you will n
34. and other types of files A Swish e development community http swish e org distributes the system under the terms of the GPL Swish e provides you with a number of powerful indexing tools that you can modify and use however you want Refer to the Swish e Readme file for details of what is possible with Swish e and how to do what you want To install Swish e connect to your server by means of SSH su to root and run the following command vinstall swish e This will install a number of files on your server First the swish e program itself which will be installed to the usr local bin directory In addition you will have access to several example configuration files in your usr local share examples swish e directory and the documentation for Swish e in your usr local share doc swish e directory TCL http sourceforge net projects tcl is an embeddable command programming language for interactive tools As a scripting language Tcl is similar to other UNIX shell languages such as the Bourne Shell sh the C Shell csh the Korn Shell ksh and Perl Your server provides a custom installation utility vinstall tc1 to assist you with the installation of the programming languages Install Additional Supported Features 39 FreeBSD VPS v3 User s Guide Time Zone Custom Installation Utility Tomcat TWIG A custom installation utility to interactively set the time zone is supported by your server This enables you t
35. artment if applicable e Your Domain Name Determine the exact domain name you want to use to access your Web site securely e Contact Email Address The contact email address that you want to have the signing authority use when corresponding with you e Extra Information This information can include a challenge password which some signing authorities use to allow you access to your certificate and which they require when interacting with them You can also enter additional company information Connect to your server by means of SSH and run the following command mkdir usr local certs cd usr local certs openssl req new You are prompted to provide the information you gathered earlier Common name refers to the domain name that you want to use when you access your site using SSL For example domain com www domain com cname domain com or domain com The domain must be used exactly as it appears in the certificate When you have entered all the data your CSR is shown It is a good idea to save the CSR by copying and pasting it exactly as it appears on the screen with line breaks and no extra lines before or after into a file on your local computer You will need it when you are ordering your SSL certificate from a signing authority s Web site The following is an example of a CSR Sa BEGIN CERTIFICATE REQUEST MIIB23 CCAUMCAQAwWgYExCzAJBgGNVBAYTA1VTMOOwCwYDVOQIEWRVdGFoMO4wDAYD VOOHEwWVOcm92bzETMBEGA1UEChMKU3
36. ause SSH provides complete shell capability over a secure channel it is the useful tool for managing your server While SSH is preferable to Telnet most operating systems include a Telnet client Your shell login also includes a built in Telnet client program Once you have located an SSH client connecting to your server requires you to specify a remote host Your remote host is your server so you would specify your domain name your temporary domain if applicable or your IP address At some point you are prompted for your login name and login password Use the login name and login password when you ordered your server After the login process is successful you will have gained access to your server and can now issue commands at the command prompt Follow these steps to access your server by means of SSH 1 Log into your server by means of SSH For example Connect to a server named example example net by issuing the address as follows ssh root example example net 2 Once you have accessed the server show existing accounts by issuing the following command vlist a 3 Use an Internet browser to access Web sites provisioned on the account as follows http example example net or http ip address Creating and Editing User Accounts Your server enables you to create new users by manually editing the files that contain user information To make the task easier your server supports commands which guide you through the process
37. cations for Your Server 12 FreeBSD VPS v3 User s Guide e Email address This is often listed as IMAP Account return address or reply address and some programs may request this more than once In every case however this is simply your username at your host domain such as username example com e Username Also often called IMAP ID or Account Name this is your username e Password This is the password associated with your username Some programs do not ask for the password until you check your mail e Incoming mail server This phrase or a similar one refers to the domain name where your mail is stored Your mail is stored on your server enter your host domain name For more information about IMAP refer to the IMAP Connection http www imap org OpenSSH OpenSSH software is installed by default as a core service which provides SSH connectivity tools The software gives your server an alternative to Telnet rlogin and FTP Other connectivity tools can transmit passwords across the Internet unencrypted OpenSSH encrypts all traffic including your passwords The software reduces the possibility of successful eavesdropping and connection hijacking OpenSSH supports all SSH protocol versions OpenSSH http www openssh com is developed by and distributed under the terms of the OpenBSD Project http www openbsd org Securing Root Access by Means of SSH Note Verify you have an alternate method for connec
38. e a Virtual Host The vaddhost utility is an interactive command line program that automates the process of configuring virtual sub hosts After launching vaddhost it will ask you several questions about the configuration of your virtual sub host and provide you with default responses As you answer each question vaddhost will display the Virtual Host definition with each new piece of information Once you have responded to all questions vaddhost will create necessary directories add the virtual host entry to your main Web server configuration file www conf httpd conf and create a backup of your old www conf httpd conf file in your www conf directory Remove these backup files at your discretion Note If you replaced the default www conf httpd conf and it does not already have the NameVirtualHost directive you will need to add it before adding any virtual sub hosts To run the vaddhost command connect to your server by means of SSH and follow these steps 1 Run the vaddhost command 2 Specify one or more domain names for each virtual sub host definition Typically Virtual Host Names will at the very least include www SUBHOST DOMAIN NAME and SUBHOST DOMAIN NAME 3 Enter the administrative email address for the virtual sub host This identifies the person responsible for the virtual sub host Web site If the email address you specify is an email user account run the vadduser command to add the email account separately C
39. eed to go to the URL listed at the end of the vinstal1 utility You will also need the listed login and password The URL will be similar to the following example https example com 9878 Login and follow the prompts Click on the help icon for assistance with individual configuration screens Note The vinsta11 utility configures Urchin 5 to listen on Web port 9878 This port may be blocked by firewalls See instructions below to change the port Vinstall Utilities Library The vinstal1 utilities library enables you to add supported software packages utilities database programs and other software to your server The library provides a custom FreeBSD VPS command line tool A root user can use the library from the shell on your server To begin using library connect to your server by means of SSH su to root and run the following command vinstall If you know the name of the package you want to install you can install it directly by indicating the name of the package vinstall package_name If you do not indicate a package name the vinsta11 utility enters an interactive mode which prompts you for more information as in the following example Select an option view list of programs install enter install mode module_name view information about program_name quitexit vinstall program gt You can view the available programs available to install using the library enter a question mark at the prompt Or you can ru
40. em In usr local certs example com pem usr local certs ipop3d pem Move your Custom SSL Certificate If you are moving your secure Web site from one server to another there are a few specific concerns to be aware of in order for the certificate to work on the new server Change Operating Systems Digital certificates work differently with different operating systems and Web Server software Because of this a certificate generated for a Windows2000 server running the IIS Web server does not work on a FreeBSD UNIX server running Apache Likewise a FreeBSD UNIX server running Netscape Web Server can not use a certificate designed to operate on a FreeBSD UNIX server running Apache If your current certificate is not compatible with your new server obtain a certificate for the new operating system and Web server Most certificate authorities will issue a transfer certificate at a lesser cost than obtaining a new certificate The signing authority provides you with instructions on how to install a transfer certificate Move a Certificate to a New Server If your current certificate is compatible with the server you are moving your secure Web site to you do not need a new certificate Simply move your certificate to the new server and ensure that it works 1 Connect to your server by means of SSH and run the following command mkdir usr local certs cd usr local certs 2 Using FTP or another method copy the certificate and
41. emporarily inaccessible or does not yet resolve to your server Other domains or sites hosted by your server are called subhosts This section explains adding removing and configuring subhosts with the additional consideration of multiple IP addresses Because a standard default VPS v3 server supports just one IP address you can only associate one SSL certificate with the standard SSL port 443 for the Web server You can however configure your Web server to use the Apache Listen directive to monitor other ports for SSL requests and associate other certificates with these different ports Doing this requires you to indicate the port number in the Universal Resource Locator URL With the addition of support for multiple IP addresses this non standard type of configuration is no longer necessary for those who purchase the use of additional IP addresses New and Updated Command line Utilities The assistance provided by the vaddhost command line utility continues with the addition of prompts to enable you to associate a subhost with the base IP address or another IP address associated with your account A command line utility vaddcert is added to enable you to install certificates for different domains which can now utilize different IP addresses Note To execute the vaddhost and vaddcert commands or to edit to the httpd conf file as instructed in the following sections you must verify you are the root user You can become the root user b
42. erification 1 Type vaddhost and press Enter Instructions and information for vaddhost will display during this step and throughout the vaddhost process 2 Type the domain for the subhost such as example com any secondary domains such as www example com or store example com and any other domains used for this subhost pressing Enter after each The first domain entered will be the ServerName or main domain for the subhost Additional variations will be aliases that point to the main domain Or press Enter without any text after providing all variations to move to the next step The system displays the list of domains and variations for verification 3 Type the username of the administrative user for the subhost and press Enter This user should be the owner of the Web site files and folders otherwise the Web server will not be able to load the site 4 Verify the information and type y and press Enter to continue Or type n and press Enter to input the username again 5 Type the IP address with which you wish to associate the subhost and press Enter Press Enter prior to typing an IP address to see a list of available IP addresses 6 If the listings of domains canonical variations and IP addresses are correct type y and press Enter Or type n and press Enter to input the information again Administrative Email and Document Root settings After you have added a subhost continue the configuration and specify admin
43. ers to the domain name where your mail is stored Your mail is stored on your server enter your Host domain name Compare POP to other protocols which are also supported by your server For example see IMAP on page 12 Python Programming Language Default Applications for Your Server 14 FreeBSD VPS v3 User s Guide Python is a programming language comparable to Tcl and Perl The FreeBSD UNIX operating system supports the current production or stable version of Python The software is distributed for free by Python Software Foundation http www python org psf under the terms of the Python license Although the software is pre installed on your server as you configure Python you must implement only the application features supported by the current production release There are custom installation utilities for Python vinstall python vinstall python 2 Ruby Scripting Language Ruby http www ruby lang org en is an open source interpreted scripting language primarily developed on the FreeBSD UNIX operating system It is available for free under the terms of the GPL Your server supports the current stable release As you configure Ruby you must implement only the application features supported by the current stable production release Embed Ruby Code Your server supports the eRuby implementation as an add on feature The implementation enables you to embed a Ruby code to a HTML file To install eRuby connect to
44. erver includes support for the following other features which are also compatible with assigning multiple IP addresses e Apache Hypertext Transfer Protocol HTTP Secure Server Install Additional Supported Features 28 FreeBSD VPS v3 User s Guide Dedicated Secure Socket Layer SSL Certificates Shared SSL Certificates Multiple SSL Certificates on a standard port Secure FTP Post Office Protocol POP over SSL POP email encryption Internet Message Access Protocol IMAP email encryption Sendmail mail transfer agent MTA Overview of the New Multiple IP Address Feature With the introduction of this new feature you can assign additional IP addresses for your FreeBSD VPS v3 server There is a monthly fee to associate each IP address with your account and the addresses are available individually without any kind of bundling required Following are the additional number of IP addresses for each plan Note You cannot assign additional IP addresses to your FreeBSD VPS v3 Starter plan VPS v3 Basic You can now assign 4 additional IP addresses to your FreeBSD VPS v3 Basic plan This is in addition to the base IP address for a maximum of 5 IP addresses VPS v3 Pro You can now assign 9 additional IP addresses to your FreeBSD VPS v3 Pro plan This is in addition to the base IP address for a maximum of 10 IP addresses VPS v3 Pro Plus You can now assign 19 additional IP addresses to your FreeBSD VPS v3 Pro Plus plan T
45. eted either on a system level or just for specific users This is not suggested as messages and possible false positives would be permanently thrown away e Delete Spam and forward non spam to another address specifies that the tagged messages are deleted before forwarding untagged messages to a remote email account You can configure SpamAssassin to keep a log of activity Logs can be useful in tracking down problems and errors but like any other log file your SpamAssassin logs must be cleared out occasionally to prevent them from using up all your disk space You can run the cron command to archive or empty your spam log files There are a number of sources of documentation for SpamAssassin You can access the manual pages issuing the following commands man spamassassin man Mail SpamAssassin Conf Locate further information about the SpamAssassin filtering engine at the SpamAssassin Project Web site http spamassassin apache org Savelogs Savelogs provide a complete Web server log rotation program Savelogs can rename archive compress delete and provide a newsyslog type of log rotation You can specify options on the command line or in a configuration file Besides archiving single logs savelogs can search your Web server configuration file to automatically rotate logs defined there Shockwave Shockwave Flash provides support for multimedia playback on your server The Shockwave Player enables you to view inter
46. example your server provides the benefits of dedicated speed and performance levels A traffic intensive site would benefit from a dedicated database server One of the most useful advantages of your server is that it offers you the ability to control access while exercising complete control over all the Web sites you host on your server By following suggested guidelines you can create as many accounts as you require for both Post Office Protocol version three POP3 and File Transfer Protocol FTP without any additional costs Also using your server as a Web server you can immediately trouble shoot and solve end user concerns Functional Overview of Features Introduction There are several FreeBSD VPS v3 plans available with different disk space allocations available All of the plan levels do not charge additional fees for data transfers and offer unlimited user accounts mailboxes and virtual hosts Your server utilizes Intel hardware The following list provides you with a functional overview of the features of your server e Utilize and control root access to your server e Configure multiple shell accounts e Host unlimited email accounts e Add multiple IP addresses e Securely support multiple Web sites e Utilize to the FreeBSD Ports Collection of applications FreeBSD VPS v3 User s Guide e Install and configure the applications of your choice e Monitor and ensure your server s stability e Utilize CPX Control Panel Web in
47. facXLzpDBHnQ0rn 0tZijzleeolwcgVwCOKzloufEAN1ZTJLbG6 E TS Default Applications for Your Server 17 FreeBSD VPS v3 User s Guide WYJuFt fopM5swyoUYK3JgT582ziAeu4 jcPdrNHCxqcInkNG ib3dHdy8yccWRehD VnSX2hr1iMDd2cpFFT177Bc2 neNyUieqiHkrTIOZIcD9IOBSxFd0 P 9OxLWEMCDWHt N5UK1n29 TFgm aX3jZN3jSIES5DS TIBGTy2fPWtnefQ0aFk23ppV5VOypmZ3xcwWt2f Eek jh1vEiQChKULOCXFAaxL61HvBRge3iJwJ niOBuGpYnjdC800IA ss END RSA PRIVATE KEY Custom Digital Certificate The Default Certificate is a generic way to provide secure access to your server However if you want to use your own domain name to provide secure access to your server get a custom digital certificate This not only provides secure access to your Virtual Server but provides an additional level of customer confidence by using your own domain name in the secure area of your site Obtain a Signed Digital Certificate Once you have created a CSR decide what signing authority and digital certificate to use There are a large number of different signing authorities Each one offers several different types of digital certificated that have different capabilities and options associated with it It is very important you select the certificate that best suits your needs Because most signing authorities also sign additional types of certificates and products verify that you are obtaining an SSL digital certificate There are a number of signing authorities each
48. ffered with guidance from various Internet Engineering Task Force IETF documentation as well as the regional registries The guidelines are subject to change in the future For example ordering systems for additional IP addresses will be updated to ease the burden of disclosing and demonstrating your requirement to use an IP address All future updates to the policies and procedures will be based upon the following guidelines e Conservation The objective distribution of globally unique IP address space according to the operational needs of customers No stockpiling designed to maximize the utilization of IP address space is acceptable e Registration ARIN requires information on which entity is using an IP address This information includes your name company name if a business postal address email address IP address and telephone number e Routability The distribution of globally unique IP address space in a hierarchical manner which permits scalability in the internet routing table Configure Provisioned IP Addresses Only Caution When configuring your subhosts and certificates do not specify different IP addresses than the ones associated with your server If you do your subhosts and certificates will not function This is true of any IP addresses even those you might see displayed as unused IP addresses for the subnet of your server Your server will not function with any other IP addresses and you will not be able
49. his is in addition to the base IP address for a maximum of 20 IP addresses Potential Uses for Multiple IP Addresses Use the Multiple IP address feature to specify more than one unique SSL certificate This enables groups of customers to utilize the features offered by your server without visibility or compromise to other groups of customers Following are some examples of groups which might require access to the same server but also require the separate distinct authentication of unique SSL certificates Internal employees including administrators who require access to an organization s intranet features External clients vendors and contractors who require access to an organization s intranet or other Web content and features The public which requires unfettered access to some portions of your organization s Web site but not to others Customers who require access to retail e commerce features Sales representatives who require access to wholesale e commerce features Managers who require access to e commerce or other statistics Customers who are located in regions where a unique pricing or taxation structures apply Customers you wish to offer products under several distinct brands How Your Server Utilizes Multiple IP Addresses Once you configure your server to utilize multiple IP addresses you can utilize a link from the account information interface For accounts which utilize domains managed under the Install
50. hould select CRYPT the standard UNIX encryption method 4 Domain restrictions enable you to configure specific domains with permission to access Zope Add any domain names you want to allow access to your Zope server 5 Verify you include the one you are connecting from Note You can change the domain access restrictions later if you wish to add or remove any domains from the list Use Zope Once Zope you install on your server you can access the Web based administration section by going to the following URL http YOUR DOMAIN NAME zope manage When you are prompted use admin for the user name and the administrative password you previously configured during the install Note Zope runs on a different port than your Web server If you are unable to access Zope using the zope path try connecting directly to the port http YOUR DOMAIN NAME 8080 manage Go Beyond the Basics of Zope There is a large community of Zope users and extensive information provided by them for Zope users administrators and developers For more refer to the following Web sites e Zope Community http www zope org e Zope Developers Guide http www zope org Documentation ZDG e Zope Documentation http www zope org Documentation Install Additional Supported Features 47 FreeBSD VPS v3 User s Guide Troubleshoot Your Server This section describes how to troubleshoot general issues as well specific problems you encoun
51. icateKeyFile usr local apache2 conf ssl2 key 4 If the information is correct press y to continue Press y to restart Apache now A Syntax OK message is displayed Going Beyond the Basics You may configure a subhost further by editing the VirtualHost entries for the subhost in the usr local apache2 conf httpd conf file Execute the restart_apache command from the command line after editing the file to restart the Web server and make the changes effective In addition refer to the customer documentation for information about using the full range of features for your server Your Responsible Use of IP Addresses Note FreeBSD VPS v3 supports IP version four IP v4 and is available in the San Jose California and Sterling Virginia datacenters located in the United States Install Additional Supported Features 32 FreeBSD VPS v3 User s Guide All IP addresses are on loan from a Regional Internet Registry RIR The number of the IP addresses on loan can vary and is solely based on the requirements you demonstrate and document at the time you request them Your name and justification for utilizing each IP address may be disclosed to certain registries including but not limited to the American Registry of Internet Numbers ARIN For more information refer to the ARIN Web site http www arin net index shtml The ARIN Web site includes a Search WHOIS feature The guidelines regarding your responsible use of IP addresses are o
52. iple IP Address Feature ce ccesesesscssesecesecseesecseesccneeeecsaeceessecaeeseenaseeesaecaseeseteereees 29 Potential Uses for Multiple IP Addresses ierit eie iora ea Era EEEo EEE E ERORE Eep A r Era EE Rii serii es 29 How Your Server Utilizes Multiple IP Addresses scsccessccssecseesecseeeeceseeecesecaeesecnessecsasecesaecaseeeaesseeeeenereeeaees 29 Overview of Configuring Multiple IP Addresses cecscsssscssseccssecseesecseeseceaeeecsaeceessecaeeseeecsesaceesnesaceesaesaeneaees 30 Managing Multiple IP Addresses Subhosts and Certificates oooonconcnonnnnnnnnonconononononononnonncnncnnono nono no non nono rn nc ncnnnone 30 New and Updated Command line Utilities ee eesecssssecseeeeceseeecssecseesecnevsecsaseecsaecaeesesaecaeesecsessecsaeeeesaeeateeteees 30 Addng A SUDMOS tyes seduces o A A ated dors Meese acest eta ors 30 Administrative Email and Document Root settings sce ceesesesscsseeecesecseesecseesecnaesecsaeceeesecseeseenaeaeeseecaseesateetetes 31 Log and eai bin Cta litis 31 Assigning a New SSL Certificates ose ooss cotese ss pause sepvessy iii EE EIA E EE testi 32 Going Beyond the BaslES hom capeeesb e feet epidee eee tii 32 Your Responsible Use of IP Addresses nuar oeiee eea R eaea ai ie eap ae aprii i i ee 32 Configure Provisioned IP Addresses Only e sessesesssesessesessrsesesesrerssesesesrertersersesestereetnsesereseseeesresstesssereseresesesese 33 CPX Control Panel and Multiple IP Addresses oooncnn
53. ipt to use your account information Open the file FormMail p1 file and modify the following lines in the user configuration section e Find the referers line and replace the information inside the parentheses with your own server s domain name s and IP address You can leave the localhost value e Inthe allow_mail_to line remove the original email addresses and put either the domain or a full email address for every account that should be allowed to receive email messages from this form For security reasons unless you have a large number of email accounts at a single domain it is better to list the full address for each recipient Once you have modified these two fields save the file Using FormMail Create a form that you would like the contents mailed to some address The form should include the following field at the very least e recipient specifies who mail is sent to Other optional fields can also be used to enhance the operation of FormMail for you site for example e subject specify the subject included in email sent back to you e email allow the user to specify a return email address e realname allow the user to input their real name redirect URL of page to redirect to instead of echoing form input e required list of field names that are required input comma delimited Several other fields are supported See the FormMail readme file for a complete presentation of the supported fields
54. istrative email as well as document root or Web directory settings Follow these steps from the command line 1 Type the email address of the subhost administrator and press Enter 2 Verify the information and type y and press Enter to continue If the information is incorrect type n and press Enter to input the address correctly 3 Type the path for the subhost Web directory or document root on the server The vaddhost command simplifies this step and provides a recommended path for you You can press Enter without typing a path to select this default and create a subhosted directory in the home directory of the user specified in the previous step 4 Verify the information type y and press Enter to continue If the information is incorrect type n and press Enter to input the path correctly Log and cgi bin Settings Install Additional Supported Features 31 FreeBSD VPS v3 User s Guide After you have configured administrative email and document root settings specify log and Common Gateway Interface Binaries cgi bin settings Follow these steps from the command line 1 2 Select an option for the subhost transfer log and press Enter Verify the information type y and press Enter to continue Or type n and press Enter to choose the transfer log configuration again 3 Select an option for the subhost error log and press Enter Verify the information type y and press Enter to continue Or type n and press E
55. ity for installation re installation and upgrades of the spell checker Aspell upgrades are included in Server Software Distributions and upgrades do not usually require your intervention For more information refer to the Aspell Man Pages Your server supports Clam Antivirus or ClamAV a free open source virus scanner distributed by the ClamAV Team http www clamav net under the terms of the GPL Your server provides a vinstal1 utility for the virus scanner vinstall clamav Install Additional Supported Features 22 FreeBSD VPS v3 User s Guide Note Do not use ClamAV to replace antivirus software on your local computer system ClamAV is designed to supplement such programs and provide additional safeguards It does not provide the antivirus capabilities such as protection from Web based or TCP IP based attacks Only a local antivirus program installed to your computer system provides sufficient protection If you do not have Procmail installed on your server the ClamAV installation script will install it and configure it as your local delivery agent LDA If you already have Procmail installed and have your own recipes in use check your etc procmailrc file to see that the ClamAV configurations are in the proper order When ClamAV is installed a table of utilities configured to operate in the background at regular intervals or crontab is added to the system to update your virus database twice daily using the ClamAV Freshclam
56. l SSL Your server supports the privacy and encryption provided by the Secure Sockets Layer SSL protocol You can also change operating system and maintain SSL support move a certificate to a new server and renew a custom digital certificate Create a Signing Request and Private Key To obtain a signed Digital Certificate you must create a Certificate Signing Request CSR At the same time your CSR is created you will also generate a Private Key The CSR is used by the signing authority to create a signed digital certificate which works with your Private Key to provide secure access to your Web site There is some necessary information that you gather before generating the CSR and Private Key The following information is required as part of the CSR and must be entered exactly as you want them to appear in your certificate Default Applications for Your Server 16 FreeBSD VPS v3 User s Guide e PEM Passphrase This is a security phrase which like a password ensures that only you can use your digital certificate Be sure to use a phrase which you can easily remember but which is not easily guessed Enter the passphrase in the future to install your signed certificate e Company Location Know the country province or state and city where you want the certificate to display as your company location e Company Contact Information This includes the complete company or organization name and the organizational unit or dep
57. l startup file according to which shell your server is running Note To find out which shell your server is running run the following command echo SHELL e bin csh If you are using bin csh or one of its variants then add the following lines to the cshrc file on your server setenv PGDATA usr local pgsql data setenv PGLIB usr local pgsql lib set path usr local pgsql bin path e bin sh bin bash If you are using the Bourne shell bin sh or bin bash then add the following lines to the profile file on your server PATH SPATH usr local pgsql bin PGDATA usr local pgsql data PGLIB usr local pgsql lib export PGDATA PGLIB The tool for managing PostgreSQL is the psql client To start psql run the following command psql The psql client starts and then you can to run SQL related commands and for help Note Look for the following error Connection to database null failed FATAL POsetdb Unable to determine a Postgres username To resolve this run the following command o vpwd_mkdb etc passwd This program will read your password file at etc passwd and create a Berkeley DB format file PostgreSQL uses this new file to look up user names and account information Multi Language Abilities in PostgreSQL PostgreSQL enables for a number of languages by enabling specific character sets in the databases When you create a database in PostgreSQL you can use the E flag to enable support for a
58. mail accounts manage logs and specify catchall email rules e Mail Management This module provides the management of email to add or delete email aliases edit account settings or even configure broadcast lists e Profile and Preferences Customize your settings to your personal preferences Change your password shell and the date time display for your server Note Due to the high number of possible account configurations or modifications there is no guarantee that CPX Control Panel will perform reliably on previously configured accounts CPX Control Panel is designed and tested for new server configurations and a small number of existing configurations A CPX Control Panel vinsta11 utility makes the following changes to your server e Upgrade of Perl e Installation of mod_perl and mod_rewrite e Installation of the CPX Control Panel handler for mod_perl Install Additional Supported Features 23 FreeBSD VPS v3 User s Guide e Installation of ClamAV SpamAssassin and Procmail configured as the Sendmail local delivery agent e Modification existing ClamAV and SpamAssassin installations e Install savelogs or upgrade if previously installed e Initiation of the CPX Control Panel daemon vsapd e Creation of virtusertable entries for existing mail users as well as addition of default catchalls for all domains as found in etc mail local host names Follow these steps to install CPX Control Panel on your serve
59. mple you might establish a user named information and create an automated reply for the email address associated with that user information O example com Thanks for requesting information about Example products and services One of our capable representatives will be in contact with you within 24 hours In the meantime do not hesitate to refer to the frequently asked questions on the http www example com fag Web page After you have created and stored the message for a user add information to the etc aliases file This creates an automated reply for information example com as in the following example info you example com usr local bin autoreply f info reply a inion Your server provides a vnewaliases command which updates the etc aliases db file as in the following example vnewaliases When your server receives email at info example com your server sends an automated reply containing the message you stored in the autorep1y file In the previous example email sent to info example com will also be sent to you example com Without the Default Applications for Your Server 11 FreeBSD VPS v3 User s Guide you O example com the mail from the customer would not be sent to you example com and you would then need to assure that you or someone you assign check the email address informationO example com In the previous example two optional arguments are added to the information included in the etc alia
60. n the following command vinstall 1 You can install a program by entering install mode Type insta11 at the prompt and you will enter install mode You can then enter the package name at the next prompt and vinstall utility begins installing the package Typing the name of a program in the list will bring up a short dialog about what the program is You can leave install mode without installing anything To do this type quit at the prompt and you will return to the standard shell prompt Install Additional Supported Features 41 FreeBSD VPS v3 User s Guide Removing Software Packages Most packages that can be installed using a vinsta11 utility can be removed using vuninstall utility The vuninstal1 utility follows the same format as the vinstall utility Software Packages Included in the Vinstall Utilities Library The following table provides you with information regarding the software packages which are included with the vinsta11 utilities library Note Refer to updates provided on the Web and other electronic communications regarding additions and modifications to the library Software Package Install vinstal1 Yes Apache HTTP Server 1 3 2 0 Aspell or GNU Aspell Yes ClamAntiVirus Yes Expect Yes Metamail Yes MIVA Empresa Merchant and upgrades Yes MySQL 4 5 MySQL check Namazu Open WebMail Sendmail Yes sendmail rbls sendmailcert Swish e Tcl timezone Yes Yes
61. ncnnncnocnnonnconoconocononononononnnonnnnncnnn cono co nono non nn cone cn nero nccn coca ninos 33 MIS Olevia sical A A ta 33 Namazi sino a eE cds EEES EE E AEE EEEE E E S E EE ERE 34 Opa WM a a EG ASS LR ee 34 PB MO Se E EE A Da E 34 phpMyA ib 34 PGP GnUGP ee t ea aerea o e EE TE e E a eed 34 PostereS QD eea pi da EEA EES E de ia 35 Multi Language Abilities in PostgreSQL ee cessssssecseesscssesecesecesesecseesecnaesecsaeceesecseesecnasscsaeaecaesesaecesseeaseeeeeeerenee 35 PO Mt ao 36 SUMMA A A ee ma aes 36 SpaMA SSA Mii ta 36 O NN 38 SHOCK WAVE lts 38 SquirrelMaliiiiii nai hag oa gected gine igiens hpeeeyen tie tears 39 MIS Eu dida 39 Elia A ee 39 Time Zone Custom Installation Uthity coria 40 A vesesSsasies vashsasveblieiaaes eas e eE EE A EEE EEEE E a AEE SEE E E E EE EE SEEE Es 40 TWIGS scion cna aia niin oi lo pls sb 40 Urchin IGoogle Aalto nia pnb att EA 40 Urchin Web Los Analyzer Feature Soini oe na orillas pa 40 Install Wrehin idilio lite 40 Configure Urchins talon isla dor 41 Vinstall Utilities Library tica isis 41 Table of Contents iii FreeBSD VPS v3 User s Guide Removing Software Packages tt ii e ici Aenea dees ias 42 Software Packages Included in the Vinstall Utilities Library eee eceeeeceseeeeesecseesecceseesecneeeecsaeeeseeceaeeeeeeeas 42 E RN 43 Available Features cinco its tea iio a Bishi oe II iia leia 43 Before yo Install WordPress Savia dia ide dad li ade daa EEE 44 G t Started strei oinera t
62. nd troubleshoot your server When applicable the document describes these tasks by instructing you to use product specific commands and operations However not all features of your server use product specific commands and operations In those cases this document describes the details of how the features function and refers you to the correct resources provided by the FreeBSD operating system or the provider of software package provider Audience for this Document This document provides information useful to FreeBSD VPS v3 account administrators located in but not limited to any of the following types of organizations e Hosting service provider HSP e Application service provider ASP e Independent software vendor ISV e Value added reseller VAR e Small sized business e Medium sized businesses The instructions describe tasks assuming you have moderate knowledge and familiarity with UNIX the FreeBSD operating system as well as some broad knowledge of Internet and Web hosting technologies Overview of this Document This document provides you with the information you need to configure FreeBSD VPS v3 and also to install additional software packages as well as providing troubleshooting guidelines Introduction 1 FreeBSD VPS v3 User s Guide This document is a companion to other print ready customer documentation which is included at no cost as a feature of your server e FreeBSD VPS v3 Getting Started Guide e FreeB
63. nistration utility enables people to add themselves to one of the lists You can also select Administration to manage lists and users or to change the administrator password Install Additional Supported Features 24 Majordomo Mailman FreeBSD VPS v3 User s Guide Note Majordomo is best configured by administrators with advanced skills who carefully research the software capabilities before installing the feature Majordomo is community supported software you use to automate the management of Internet email lists The software is written in Perl and is compatible with the current stable version of the language Correct operations of the software on your server are dependent upon the versions of Majordomo Perl operating system software as well as the email software such as Sendmail and the versions you are operating Great Circle Associates http www greatcircle com majordomo distributes the free software but offers no technical support Your server supports Mailman free software distributed under the GNU General Public License Mailman is written in the Python programming language the versions of the software and the programming language must both be stable current versions installed on your server Email Service Expect FormMail As a core service your server supports mail services by means of the Simple Mail Transfer Protocol SMTP Post Office Protocol POP or POP3 and Internet Message Access Protocol IM
64. nter to choose the error log configuration again Select an option for the subhost cgi bin and press Enter This will enable the subhost to execute scripts and programs Verify the information and type y and press Enter to continue Or type n and press Enter to choose the cgi bin configuration again The system will display the virtualHost entry to be added to the httpd conf file for confirmation Type y and press Enter to add the entry to the httpd conf file Or type n and press Enter to halt the vaddhost process If you typed y to accept the entry type y and press Enter to restart the Web server and complete the subhost addition Assigning a New SSL Certificate This release offers a new command line utility vaddcert which enables you to assign a new SSL certificate to a host Follow these steps to use vaddcert to assign a new SSL certificate 1 Select the host to which the new SSL certificate will be assigned If the host is not listed check the Apache configuration to verify that another SSL certificate is not previously assigned to the IP address and port Also verify that the host s SSLEngine directive is set to on Enter the file path of the SSL certificate file to be installed 3 Enter the file path of the SSL certificate key file to be installed The following lines will be added to Apache configuration for ServerName xample securesites net SSLCertificateFile usr local apache2 conf ssl2 crt SSLCertif
65. o set the time zone based on a major city in the desired time zone To take advantage of this update connect to your server through SSH and execute the following command from the prompt vinstall timezone Java Servlets and JSPs are made available on your server by means Tomcat a software package distributed by the Apache Jakarta Project http jakarta apache org Tomcat is an implementation of the Java Servlet and JavaServer Pages specifications Note Java applications consume significant CPU and memory resources and may not be appropriate for use on your server Your server provides support for The Web Interface Gateway TWIG http www informationgateway org a Web based intranet groupware tool and application framework It is implemented using PHP an HTML embedded scripting language and the MySQL database application There is a custom installation utility for TWIG vinstall twig for the tool Urchin 5 Google Analytics Urchin http www google com support urchin45 is provided as Web analytics software which analyzes traffic for one or more Web sites and provides accurate and easy to understand reports The software is developed maintained and distributed by Google Analytics http www google com analytics Urchin 5 Web Log Analyzer Features The features of Urchin are continuously updated The following provides a list of features provided by Urchin 5 e Installs directly on your server with a vinst
66. ocmailrc file in the users home directory Windows File Sharing enables you to map a Windows network drive to your server home directory across the Internet Once you have mapped the Windows network drive to your server you can drag and drop files to and from your server as if it were a local drive The Windows File Sharing feature for server is made possible by Samba http us4 samba org samba a Server Message Block SMB client and server for UNIX Your server provides a custom installation utility vinstall samba SpamAssassin Your server supports SpamAssasin http spamassassin apache org a free open source email filter distributed under the terms of the Apache Software license SpamAssassin applies a number of tests to an incoming message and each test returns a score If enough tests return a combined score that is high enough The default setting is five Install Additional Supported Features 36 FreeBSD VPS v3 User s Guide 5 Once a message has been tagged there are a number of possible actions that can be taken with the message Both tagging and actions can be handled either as a system wide or as a user specific filter e System wide Filters apply SpamAssassin tests to every email message that arrives on your server regardless of the intended recipient This avoids accidentally losing the occasional legitimate message that has spam like characteristics Install Additional Supported Features 37 FreeBSD VPS v3
67. og file iManager Web based Server Utility Comparable to the CPX Control Panel iManager is a Web based server utility which enables you to manage many of the common tasks involved in server administration In addition to basic user and subhost configuration tools it includes an IMAP style email manager and an easy to use file manager Your server provides a vinstal1 utility for iManager Install Additional Supported Features 27 Java FreeBSD VPS v3 User s Guide Java technology created and distributed by Sun Microsystems offers many benefits to Internet and application programmers A set of vinstal1 utilities includes the following Java applications e Java SE Development Kit JDK e Java Runtime Environment JRE e Java Sun Developer Kit SDK Note Many Java applications consume significant CPU and memory resources and may not be appropriate for use on a VPS Java applications on a VPS should be restricted for use only on Web sites with a low expected workload In addition some larger Java applications may not be suitable for use on a VPS even with low workloads You must conduct sufficient performance testing of your Java application on a FreeBSD VPS account before you rely on it for critical business needs You must build contingency plans in case your Java application does not perform as expected alternative solutions may include e Extensive optimization of the Java application e Moving the Java application to a dedica
68. onfigure Your Server 9 FreeBSD VPS v3 User s Guide Default Applications for Your Server The operating system of your server supports the FreeBSD Ports and Packages http www freebsd org ports In addition your server includes default applications The following table describes the applications which are installed by default in the configuration of your server In addition the table provides an overview of the usage of the application Application Usage Apache DSO Apache DSO modules are dynamic stored objects which are written to modules comply with the Apache API specification and can be loaded into the Apache Web Server Apache modules can be loaded in one the following ways The modules are dynamically loaded in the Web server configuration file Apache Web Apache HTTP or Web Server and Web Server Modules provided by Server the Apache Hypertext Transfer Protocol HTTP Server Autoresponder Autoresponder provides an email alias which executes a program that support automatically replies to any email sent to the specified address FTP server ProFTPD provides anonymous configuration and support for FTPS and users FTP SSL which includes Transport Layer Security TLS protocols such as anonymous FTP and FTP server processes Your account supports unlimited FTP users IMAP server Your account uses University of Washington IMAP UW IMAP and email software By default your account also supports unlimited POP IM
69. ons included in this document and apply your previous system administration experience to configure your of a FreeBSD Virtual Private Server version three FreeBSD VPS v3 administer all features of your server and troubleshoot common concerns By using this document conduct these tasks at your own pace on your own and without extensive technical support This introduction provides you with descriptions of how to use this document the audience it is intended to reach and the product s features In addition to this introduction this document includes the following sections e Configure Your Server on page 7 e Default Applications for Your Server on page 10 e Install Additional Features on page 22 e Troubleshoot Your Server on page 48 How to Use this Document Note Some additional late breaking information regarding installation administration and troubleshooting tasks are included in release notes and FreeBSD VPS v3 support related Web content such as frequently asked questions FAQ Always verify you have acquired the latest information available prior to installing administering or troubleshooting your server This Second Edition document is updated to reflect the latest plan name nomenclature Otherwise the content remains as published in April of 2007 for the First Edition This document provides you with an overview of your server This document describes the details of how to install maintain a
70. ontent management package The package is designed and developed using Python and uses a Web based interface to enable you to quickly and easily develop a content management solution to suit your content management needs Zope is developed maintained and distributed by the Zope Community http www zope org under the terms of the Zope Public License ZPL and with support as well as funding from the Zope Corporation Install Zope To install Zope SSH or telnet to your server and run the following custom installation utility vinstall zope The Zope installation starts by checking for and installing if they don t already exist some packages that are required for Zope to function These include Python and ZMySQLda which Install Additional Supported Features 46 FreeBSD VPS v3 User s Guide allows Zope to work with a MySQL database You will then be guided through some basic configuration step as follows 1 For the administrative password enter a memorable password When you type the password you will not see the cursor move After you enter the password once you will need to confirm it by entering it again 2 When the system asks if you want to configure an emergency access user select Yes Create the emergency user with a username and password you will be able to remember you will need to use the emergency user to fix your admin user if you ever get locked out 3 When prompted to select the encryption format you s
71. oubleshoot Your Server 49 FreeBSD VPS v3 User s Guide indicate it was uploaded the file in a binary format M you must upload the file again using ASCII format e Verify that the certificate and private key match For example if you have multiple accounts which utilize SSL verify you are using the private key which was generated at the same time as the CSR for the domain of the account you are configuring e Verify if you ordered a certificate that is correct for your server For example if you are transferring your certificate from a previous account verify that the previous account uses Apache with SSL as the Web server software e Verify your certificate or key are complete Check that the certificate or key is complete that the beginning and ending lines of the key or certificate are present Both the certificate and private key begin and end with specific as in the following example BEGIN RSA PRIVATE KEY Troubleshoot Your Server 50
72. pecial low encryption certificate Several current browsers are available free of charge Encourage any users having problems with your SSL certificate to upgrade to a current browser e When you install a custom signed digital certificate there are a number of possible mistakes or errors that can cause problems In most cases the Apache HTTP server will not start up when one of these errors occurs If your site will not load in a browser check if there are any HTTPS processes running on your server Connect to your server by means of SSH and run the following command top Restart Apache and try loading the page again even if there are HTTPS processes running If restarting the Apache does not cause HTTPS processes to start on your server it is possible your custom certificate is not installed properly e Verify the account s private key is not decrypted View the file if the key file includes the following lines the key is still encrypted Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC BCC23A5E16582F3D To decrypt your server s private key run the following command from the SSH command prompt openssl rsa in etc ssl pk out etc ssl pk When prompted type the PEM Passphrase after which the key is decrypted e Verify you uploaded the certificate using an ASCII format Check if your certificate was uploaded properly by reviewing it in a text editor If each line includes character which Tr
73. program For more documentation of ClamAV consult the clamscan clamd freshclam and clamav conf manual pages Find documentation on the ClamAV Web site http www clamav net CPX Control Panel Comparable to iManager the CPX Control Panel provides an intuitive Web interface to administer your server The interface enables you to perform user and domain management tasks It also provides a Web based email interface and mail management modules and empowers virtual sub hosting on your server It enables you to create domain administrators with user management control This enables each sub host and its respective end users the ability to configure and control their own accounts CPX Control Panel includes the following modules e File Management This module enables you to navigate through directories view and edit text files download and upload files create or delete files and directories rename or move files and directories and view and edit permissions e Webmail An email management interface to read store and compose email manage folders apply spam filters store contact information and manage automated replies Autoreply e User Management The user management module enables you to add or delete users manage domain admin accounts and view the status of user accounts e Domain Management Manage your domains easily with the ability to add or delete sub hosts specify limits on the number of users and e
74. r 1 Connect to your server by means of SSH and issue this command vinstall cpx 2 Access CPX Control Panel by going to the following URL https YOUR DOMAIN NAME ControlPanel You control whether virtual users are enabled to use the Webmail and Profile Preferences features of CPX Control Panel Add new users by using the CPX Control Panel or by command line issuing the following command vadduser cpx Email List Package Automate the management of Internet email lists on your server by installing and utilizing Dada Mail Majordomo or Mailman Dada Mail Your server supports the Dada Mail Web based email list management system http mojo skazat com as an add on feature There is a vinstal1 utility to assist with the installation re installation or upgrade of the management system Note Dada Mail was formerly known as Mojomail To install Dada Mail connect to your server by means of SSH su to root and run the following command vinstall dada During the installation you are prompted to enter an administrator password which you use when accessing the administration utility You are also prompted to enter the domain name to use for the mailing lists Access the list administration utility accessing the following URL http example com cgi dada mail cgi When you log in to the administration utility for the first time you are prompted to create a new mailing list After you have created a list accessing the admi
75. r Web server and creates a comprehensive summary report from the information found there HTTP analyze has been optimized to process large log files as fast as possible HTTP Analyze is available from the FreeBSD Ports Collection in ports www http analyze directory Connect to your server by means of SSH su to root and run the following command cd ports www http analyze make install clean HTTP Analyze is installed into the usr local bin directory of your server Run HTTP Analyze using a configuration file or with options from the command line The following is an example of how you could do this http analyz vm S YOUR DOMAIN NAME o www htdocs http analyze www logs access_log The directory specified in the output path o must exist After running the command above you will find several pages of your server s Web statistics at the URL http example com http analyze Here is an explanation of the command line arguments used above and several others you may find useful Check the Man Page for HTTP analyze for full usage information h print the help list d generate short statistics default m generate full statistics includes d i verbose mode comment ongoing processing o outdir name of the directory for HTML output files S srvname set server name default system name The final command line argument used in the previous example is the path and filename of the Web server access l
76. rases must be 10 characters or more in length and unique from your root password Default Applications for Your Server 13 FreeBSD VPS v3 User s Guide Two files will result the private key and the public key The following are the default values for OpenSSH and the FreeBSD UNIX operating system id_dsa private key id_dsa pub public key After you have created a private public key pair you must secure the private key on the client Secure the private key from outside access and place it where the SSH client program can access it depending on which client is being used For FreeBSD UNIX the default location for the private key follows SHOME ssh id_dsa Cut and paste the contents of the public key file into your server s authorized_keys file Verify that the key is on a single line Line breaks inside the key prevent it from being recognized The authorized_keys file can contain multiple keys one key per line Also verify etc ssh sshd_config includes a PermitRoot Login set as follows the default PermitRootLogin without password If the PermitRoot Login line is not set as in the previous example login as the root user and edit the line After you have edited the line restart SSHD Take great care regarding who has access to your private key and whose key is stored on your server Any key in the root ssh authorized_keys provides access to your root login account Perl By default Perl is pre installed on
77. rts Collection Install Additional Supported Features 44 FreeBSD VPS v3 User s Guide WebTrends Wpoison WebTrends provides a Web Log Analyzer that will provides valuable information about your Web site and the users that access it Reports generated by WebTrends Log Analyzer include statistical information as well as colorful graphs that show usage trends market share and much more WebTrends Log Analyzer will help you determine e Interest level in specific services you offer e Local national and international activity e Specific organizations to which your services appeal e How users are referred to your Web site e Activity at your site during any time period Note WebTrends Log Analyzer is a third party application In order to use WebTrends Log Analyzer you must purchase a license from WebTrends WebTrends Log Analyzer works very well with your server and is compatible with log files created by the Apache Web Server as well as many other Web servers Reports can be generated as HTML files that can be viewed by any browser on your own computer or remotely from anywhere on the Internet with any browser You can also create the reports in Microsoft Word Excel text and comma delimited formats Wpoison is a Common Gateway Interface CGI program which you can use to reduce the quantity of bulk junk email or spam Wpoison combats spam by thwarting the efforts of spammers who scan Web pages looking for target email addresse
78. s Your server records all errors and system messages in log files If you or your users are having problems on the account first check the quota then check the log files If the problems concern email check the var log maillog file Problems with the Web site are recorded in the www logs error_log file Use the tail command to watch error messages as they are added to log files Note what is being added to the log files as the user duplicates the error Follow these steps to use the tail command 1 Connect to your server using SSH 2 At the command prompt type tail f var log maillog If necessary substitute the messages directory with www logs error_log access_log or the ssl_error_log files 3 Have the user duplicate the error while you are running the tail command Troubleshoot Your Server 48 FreeBSD VPS v3 User s Guide Check for Idle Processes If you are receiving errors use the top command to check the length of time a current process has been running If the process is idle or has been running an unusually lengthy period of time the process could be suspended and causing problems For example an FTP process can hang if you improperly disconnect from your server Use the kill command to shut down a suspended process Custom Digital Certificate Problems There are a number of warnings or errors that can come up when accessing Web pages by means of SSL Your SSL digital certificate is configured to use a very
79. s for operating your server e Local Area Network LAN e Internet connection e Valid IP addresses e JP addresses are open for access from the outside if you do not apply a firewall Connect to Your Server the First Time Important Always carefully protect root access to your server as well as the passwords you assign to root administrative and user accounts When you ordered your server you provided a username and password for your administrative user account This account is the one you will use to connect to your server to perform administrative tasks Your administrative user is the primary user for managing your account The administrative user enjoys email and FTP permissions as well as the ability to manage virtual user accounts The administrative user manages FTP Web and email configurations The administrative user is a member of the wheel group which means that the administrative user can use the su command to become the root user When you connect to your server to perform administrative tasks always connect using a secure protocol such as Secure Shell SSH SFTP or Secure Copy SCP Avoid connecting to your server directly as the root user and never use an insecure protocol when doing so A successful login places you in the user s home directory Only the user s files and directories are accessible here To access the main server directories you will need to change your current directory to the server director
80. s which they subsequently bombard with spam Install Wpoison To install Wpoison connect to your server by means of SSH and verify you are signed into the server as root su to root and run the following command vinstall wpoison Then add the mod_rewite Apache Module to your Web server by including the following line in your Web server configuration file www conf httpd conf LoadModule rewrite_modul modules mod_rewrite so Use Wpoison In order to capture In order to properly implement a site inoculation you will want to use a combination of empty lt a href gt tags on your home page and throughout your Web site similar to this lt a href traps index html gt lt a gt Add lines similar to the following to your Web server configuration file RewriteEngine On RewriteCond HTTP_USER_AGENT ExtractorPro RewriteRule spammers index html L RewriteCond HTTP_USER_AGENT EmailSiphon RewriteRule spammers index html L RewriteCond HTTP_USER_AGENT eCatch RewriteRule spammers index html L Install Additional Supported Features 45 FreeBSD VPS v3 User s Guide To prevent legitimate Web robots such as Webcrawler http www Webcrawler com info wbcrwl from indexing the Wpoison generated pages create an entry in your robots txt file or create the file in your www htdocs directory if it does not already exist to disallow the spammers directory as in the following
81. ses file Following is a full list of the available options e The m option specifies a different message file for example autoreply m etc mymessage Be sure you use the full path to the user s home directory e The f option allows you to change who the autoreply message will be from in the previous example the From field the customer gets will read info replyQ example com Note When creating an autoreply make sure to make the From address different than the autoreply recipient name This prevents your autoreply from getting caught in an autoreply loop with another autoresponder e The a option specifies a user that an autoreply can reply for The user specified should be the same as the user configured for the autoreply for example info a info e The h option can be added to an autoreply to turn off X info headers For more information refer to Recommendations for Automatic Responses to Electronic Mail published as an Internet Engineering Task Force Request for Comment http www fags org rfcs rfc3834 html FTP FTP enables you to copy files from one computer to another As a core service your private server supports ProFTPD with the Transport Layer Security TLS protocol as well as anonymous configuration for unlimited users The software is installed by default as a core service your server provides Your server s FTP services are secure and configurable The software is distributed by the ProFTPD Project
82. sk which represents the password As a security measure passwords Configure Your Server 8 FreeBSD VPS v3 User s Guide are not actually stored in the etc passwd file so you see an asterisk instead Next are two numbers the User ID number and the Group ID number These are used by the account to track file access and ownership rights After the numbers the real name or a description of the user account followed by the user s home directory and finally the shell they are allowed to use User passwords are stored in a hash format in the spwd db master passwd file This file is similar to the passwd file although there are a few extra fields that the system uses Additional user information is stored in files such as etc group and quota user Administrators can view users and user quota information with the vlistuser command It displays a list of all the user accounts excluding the system users Configure Virtual Sub Hosts Virtual sub hosting is one of the most powerful features of your server and the Apache HTTP Server This feature enables you to support multiple domain names that each resolve to their own unique subdirectories on a single Account You can host examplel com and example2 com on the same account each with its own domain name and unique site content Provide each virtual sub host customer their own unique FTP login with access to their own subdirectory and email addresses using their own domain name Creat
83. specific character set initdb E SET Install Additional Supported Features 35 Procmail Samba FreeBSD VPS v3 User s Guide The following list provides the available character sets and the character set name to use to enable support for it e ALT Windows CP866 e EUC JP Japan EUC e EUC CN China EUC e EUC KR Korea EUC e EUC TW Taiwan EUC e MULE_INTERVAL Mule internal code e LATINI ISO 8859 1 LATIN2 ISO 8859 2 LATIN3 ISO 8859 3 LATIN4 ISO 8859 4 LATINS ISO 8859 5 Latin alphabets one through five for Western Europe Eastern Europe Turkey Northern and Western Europe Cyrillic character sets e SQL_ASCT ASCII e UNICODE Unicode or UTF 8 e WIN Windows CP1251 To remove PostgreSQL connect to your server by means of SSH and run the following command o vuninstall pgsql Edit your etc rc file removing the line that contains postmaster Run the ps command as follows ps X Determine the process ID of the PostgreSQL daemon and use kill to stop the PostgreSQL daemon kill PROCESS ID Your server supports Procmail http www procmail org a free open source mail delivery agent MDA distributed under the terms of the GPL You can configure Procmail to call email filter programs such as SpamAssassin You can customize the behavior of Procmail by creating a procmailrc file The file must be located in your usr local etc directory or a user can have a pr
84. start You must add start and stop to the command as in the following examples make restart stop make restart start Default Applications for Your Server 15 FreeBSD VPS v3 User s Guide A check_sendmail tool displays the status of the two Sendmail daemons and the SASL authentication saslauthd daemon For more information on the SASL authentication daemon refer to the FreeBSD UNIX Man Pages by issuing the following command man saslauthd A check_sendmail tool restarts any of these daemons if they are not running To run the check_sendmail tool run the following command check_sendmail You can also use the cron program scheduler to specify that the check_sendmail tool runs to at regular intervals Following is an example of an entry for a crontab file 30 usr local sbin check_sendmail The previous example indicates that the server runs the command usr local sbin check_sendmail every thirty minutes When an email message arrives to be processed by your server Sendmail checks the incoming domain and determines if it is either a local domain or an authorized relay domain In addition to your server s hostname or primary domain you can have any number of local domains on your server In order to be considered local you must have the domain listed in the etc mail local host names file on your server Once a domain is determined to be local Sendmail checks your server s virtusertable and then the aliases to
85. stributed by PostgreSQL Global Development Group under the Berkley Software Distribution BSD license For more see PostgreSQL on page 35 e Oracle Gateways Your server supports Oracle Open Gateways previously called SQL Connect You can use the product set to access data from non Oracle databases and file systems The product set is developed maintained and distributed by Oracle http www oracle com technology products gateways index html Multimedia Shockwave Flash provides support for multimedia playback on your server The Shockwave Player enables you to view interactive Web content For more see Shockwave on page 38 Statistics and Log Analyzer Packages The following add on statistics and log analyzer packages are supported by your server e WebTrends Your server supports WebTrends http www webtrends com provides a Web Log Analyzer that will gather and report valuable information about your Web site and the users that access it e Webmin Your server supports Webmin http www webmin com a Web based interface for system administration for UNIX There is a custom installation utility vinstall webmin to assist you as you install the interface Webmin is available from the FreeBSD Ports Collection e Urchin The software provides Web analytics and analyzes traffic for one or more Web sites and provides accurate easy to understand reports FreeBSD is a UNIX Operating System FreeBSD VPS
86. t Corporation http www accrisoft com its partners and resellers Apache DSO Modules Aspell ClamAV Apache Dynamic Server Object DSO modules are code segments that are written to comply with the Apache API specification and can be loaded into the Apache Web Server Apache modules can be loaded in the following ways e Statically loaded in the compiled httpd daemon e Dynamically loaded in the Web server configuration file This modular design for adding Web server features gives Web administrators tremendous power and flexibility A wide variety of Apache modules have been created supporting all kinds of exciting Web server features Web server speed and efficiency is improved when using Apache modules since your Web server can internally process instruction sets rather than relying on external applications Dynamic module support is one of the key features of the Apache Web Server The ability to dynamically load modules is known as DSO support DSO allows you to extend the features and capabilities of Apache by adding the specific module you need when you need it without recompiling the Web server binary Note If you try to load all the modules at the same time you will probably get a resource error Simply load the modules you need one at a time Aspell http aspell net is an open source command line spell checker It can either be used as a library or as an independent spell checker Your server provides a vinsta11 util
87. tallation utility vinstall openwebmail Your server supports PHP Hypertext Preprocessor http www php net the widely used general purpose and open source scripting language distributed with most UNIX binaries As you configure PHP you must implement only the application features supported by the current stable production release The custom installation utility for PHP includes prompts for you to include the Zend Optimizer and the Apache Perl Module mod_php phpMyAdmin Your server supports phpMyAdmin a PHP software package which enables you to administer of MySQL over the Web PhpMyAdmin is distributed by the PhpMyAdmin Project http www phpmyadmin net home_page index php under the terms of the GPL You can install and uninstall the software package using custom installation utilities Once the package is installed your server receives automatic updates which do not require your intervention PGP GnuGP For the purposes of signing and encrypting your data communications Pretty Good Privacy PGP and Gnu Privacy Guard GnuPG are both pre installed on your server PGP originally developed by Phil Zimmerman is a high security cryptographic software application for MSDOS UNIX VAX VMS and other computers PGP enables you to exchange files or messages with privacy authentication and convenience Note You must agree to the PGP 5 0 License before installing this version of PGP on your server This version of PGP is for non
88. te 7 ACCESS Your Via 8 Creating nd Editing User ACCOUNS ir rd iii 8 Configure Virtual Sub Hostia a 9 Create a Virtual Host iii se 9 Default Applications for Your Serve l csccscsssssssscssscsssssvsscescsssescssssessssnsscessessescsssnesssssessessessossessnssossessesesees 10 Apache HTTP Seven A ii 11 Autoresponder reinar a a R E AR A A ER E ERR R eE 11 PIB a di iii ica 12 IMAP id diia is Anis bite di a A titi aad ia a ii 12 OpenSS EN 13 Securing Root Access by Means of SSH ce ceesessssecsessscsseeeceseeseesecseesecnaeeccsaecaessecsessecnaescesaeeeesaecaeeaeenaeseeeaeneeas 13 Access Authorized SSH Keynote ido ee dai dls i 13 Perlas oi idad td a da dt ia E 14 AA A OA 14 Python Programming Lan Sua ee avoid ra E E dee EA Laa asa deed tias ede ats tenista 14 Ruby Scripting Languages nina Ai ds As 15 Embed Ruby Codeine ida 15 Sendmail SMTP Servo ta 15 isaac ii 16 Create a Signing Request and Private Key cc eesssssssecsessscsseeecsseeseesecseesecsaeeccsaecasesecaeeseenecsesaeaesaesesaecasseeassetates 16 Custoni Digital Certificate seein nra a ialen n EEEn et ia 18 Obtain a Signed Digital Certificate encon ionroe niii e oriai earan E raS E TAE aE eia iasa 18 Install your Custom Digital Certificate ee eeccssecseseecsseeecssecssesecseesecsaeecsaenaseccsaecaeesecaeeseenaeeeesaecatesesaeeateeteees 19 Move your Custom SSL Certification denle 20 Change Operating Oyster a a ist peeks sau shsbesaetsasdc eA Or E E Oai aea aiian ottia i
89. ted server such as Managed Private Server version three MPS v3 e Implementing an alternative solution to using Java For example if you move away from Java to an optimized C program For further details of FreeBSD VPS plan resource allocations and recommended usage please refer to the FreeBSD VPS 3 0 Technical Overview MajorCool Web Interface Maintenance Tool Metamail MajorCool http tldp org is a web interface maintenance tool for Majordomo There is a custom installation utility vinstall majorcool available for the tool For more see Majordomo on page 25 The Metamail http packages debian org stable mail metamail program reads a mailcap file to determine how to display non text at the local site Every mail reading interface needs to call Metamail whenever non text mail is being viewed unless the mail is of a type that is already understood by the mail reading program There is a custom installation utility vinstall metamail Multiple IP Addresses By default your private server is assigned a single Internet Protocol IP address For some customers a FreeBSD VPS v3 which is configured to utilize a single base IP address provides all they need However you can now assign additional IP addresses And you can now assign additional IP addresses for both new and existing servers How Multiple IP Addresses Work with Other Features In order to provide support for the new multiple IP address feature your s
90. ter as you operate your server This section provides information about troubleshooting the following problems on you account e General Issues on page 48 e Failure to Create a Virtual Host on page 48 e Check Quotas on page 48 e Check Log Files on page 48 e Check for Idle Processes on page 49 e Custom Digital Certificate Problems on page 49 General Issues Always remember where you are located now in your command interface Check it periodically using the pwd hostname ifconfig commands The same command executed inside your server under a different level of access can lead to different results Subscribe to bug tracking lists for FreeBSD UNIX and the additional supported features you install on your server Keep track of new public denial of service attack tools or remote exploits for the software and install them into your server or at the server level Failure to Create a Virtual Host If your attempt to create a new virtual host fails and you see a message indicating that the operating system template is absent or inaccessible verify the location of the template on your system and if necessary re install the template Check Quotas When your server meets quota limits the disk cannot be written to Your server cannot accept email log files or complete installations Your quota has a soft limit which you temporarily exceed and a hard limit which you do not exceed Check Log File
91. terface for simplified account administration Services and Features Overview Introduction The following list provides you with an overview of the services and features of your server e Web Services e Mail Services e FTP Services e SFTP e Web Development Tools e E Commerce e Databases e Multimedia e Statistics and Log Analyzer Packages Web Services Following are the Web services your server provides e SSL Secure Server Support e Complete configuration files e Raw log files e Full cgi bin access e Dynamic module support e Create and manage multiple podcasts Mail Services Following are the mail services your server provides e Unlimited POP mailboxes e Unlimited IMAP mailboxes e Email quota disk space limits e Unlimited email aliases forwarding e Autoresponder support e Mailing list support e Anti spam features e Web Mail FTP Services Your server s support for FTP provides anonymous FTP and unlimited non anonymous FTP accounts It also enables you to set upload quota limits and customize welcome and directory messages For more see FTP on page 12 Note Your server s support for SFTP provides FTP access through SSH Introduction FreeBSD VPS v3 User s Guide Web Development Tools Your server supports the following Web development tools Microsoft FrontPage extensions FrontPage provides tool for Web pages designed and implemented with the Microsoft Web development software http
92. ting to root while testing access using SSH keys The most important security measure you can take for your server to prevent unauthorized access to the root or superuser user As you establish security for your server follow these general guidelines e Use only secure tools such as OpenConnect to access root or administrative user accounts e Apply passwords for root and administrative users which are strong and difficult to surmise Protect the root password in particular as much as possible e Closely monitor root and administrative user accounts e Remove shell access from any user who does not require it e Require that any user who does require shell access always connects securely by means of SSH Access Authorized SSH Keys Remote root shell access may be available over the network by means of SSH but only by using an SSH public private key pair Password logins as root are disallowed Follow these steps to configure this method to create public private key pairs First create a public private key pair by running this command as an ordinary user sssh keygen t dsa The command prompts you for information which you should provide During key creation you are prompted for a passphrase which is used to protect the private key from unauthorized use The guidelines for choosing strong passphrases are the same as those for choosing strong passwords use a mix of upper and lower case letters numbers and symbols Passph
93. v3 utilizes FreeBSD UNIX FreeBSD 6 x a widely implemented UNIX standard Your server also utilizes the UNIX File System 2 UFS2 FreeBSD is a derivative of the Berkley Software Distribution BSD originally developed by the Computer Systems Research Group CSRG at the University of California Berkeley in the United States The operating system is distributed under the terms of the FreeBSD Foundation http www freebsdfoundation org The operating system is based on open standards and is derived from the community supported open source FreeBSD Project The operating system provides support for numerous open source communication database and software applications FreeBSD UNIX and Your Server Introduction As you perform configuration administration and trouble shooting tasks you will be able to apply your previous knowledge of open source software applications to FreeBSD VPS v3 By utilizing root access you can grant access to any port The server supports multiple users and user based applications With access to all of your server s logs administration per service is easy to do Data backups server security and software updates are updated through server software updates which often require no intervention on your part Your server can be Introduction FreeBSD VPS v3 User s Guide remotely rebooted and runs with server monitoring software applications Configure your server to support multiple users with shell Web FTP and or
94. with different methods for verifying your company s authenticity and with different levels of customer awareness and trust The following is a list of a few of the signing authorities e GeoTrust e GlobalSign e VeriSign e Thawte When you have decided which signing authority and SSL Certificate type you want and have created a CSR you are ready to order your signed certificate The ordering process for obtaining a signed digital certificate is different for each vendor and certificate type There are however some things that will remain the same throughout all of them The following is a list of useful tips for ordering your certificate At some point in the ordering process you are asked for a Server Type or the Server Software you are running when this occurs select Apache SSL or Apache with OpenSSL When you are prompted to enter the CSR be sure to paste it exactly as it appeared on the screen when you generated it including the first BEGIN CERTIFICATE and last END CERTIFICATE lines An example of a certificate signing request appears as follows S Sa gt BEGIN CERTIFICATE REQUEST MIIB2 jCCAUMCAQAwgYEXC zZAJBgNVBAY TALVIMQO0wCwYDVOOIEWRVdGF oMO4wDAYD VOOHEwWVOcm92bzETMBEGA1UECHhMKU3R1bmt 3b3JrczEVMBMGA1UEAXMMTWFyayBT CcGVuY2VyMScwJQYJKoZIhvcNAOKBFhh3ZWJtYXN0ZXJAc3R1bmt 3b3Urcy5 jb20w gZ8wDOY JKoZIhvcNAQEBBOADgYOAMIGJAOGBAKIkMHnII4uNDwgTYSBYdiiOBLTY NOsT Xp 5sG1VX31YhDMoLzWxBbaulx2hEuf31Sfkm65Mrd834nMFVIGf1sGnFCj C1gx0
95. y Keep in mind that the user root is the primary administrative user on your server To modify many system files including adding or modifying users you must be root Because root is such an important user with so much power you should be especially careful about selecting a root password and maintaining its security Only after you configure SSH keys are you able to connect directly to your server as the user root Until then any user who belongs to the wheel group such as the Administrative User that was created when your server was provisioned can connect to the server and then use the su command to become root Never use an insecure protocol such as Telnet for administrative tasks If you do any non encrypted data could be sniffed by malicious hackers Because the root user should only be used for administrative purposes root does not have email or Web permissions All users with shell access are able to change user identifications by means of the UNIX substitute user command su This enables authorized users to become the root user without being prompted to provide a password Other users can do so only if they are able to provide a password Configure Your Server 7 FreeBSD VPS v3 User s Guide Access Your Server Shell provides a powerful tool for your server administration tasks You have SSH access to your server Your server benefits from a security hardened environment which ensures that your data is not compromised Bec
96. y typing su at the command line and supplying the root user password Also you can press ctrl c to exit the vaddhost or the vaddcert process at any time This immediately cancels vaddhost and any subhost configuration entered during the vaddhost process is lost Adding a Subhost The hostname or subhost typically consists of the top level domain example com only instead of a canonical name such as www example com Canonical names are usually added as secondary domains or aliases With the assistance of a command line utility you can Install Additional Supported Features 30 FreeBSD VPS v3 User s Guide configure subhosts and canonical variations to comply with the Apache VirtualHost directive The Apache software looks for VirtualHost entries in the following file usr local apache2 conf httpd conf The vaddhost command assists you as you create a subhost configuration VirtualHost tags in your Apache configuration file While the configuration task is presented in three sections you must complete all of the steps to complete the configuration of the subhost which complies with the Apache VirtualHost directive From your server s command line interface follow these steps to begin configuring the subhost After you have completed these steps you will have specified the domain and administrator Note Throughout the following steps the system periodically displays the list of domains canonical variations and IP addresses for v
97. your server by means of SSH su to root and run the following command vinstall eruby Refer to FreeBSD UNIX Man Pages regarding eRuby by typing the following during an SSH session with your server man eruby eRuby is developed maintained and distributed by the Apache Ruby integration project http modruby net under project s terms Sendmail SMTP Server By default the Sendmail SMTP server http Sendmail org is installed as a core service The SMTP server manages FreeBSD VPS email services It processes all incoming and outgoing messages for all user accounts with email permissions In order to check or send email from a remote client such as Outlook or Eudora the user must have POP or IMAP permissions As a daemon the Sendmail program is always running on your server For Sendmail to run correctly there should be two daemons as well as the Simple Authentication and Security Layer authentication daemon referred to as saslauthd running When you make changes to any of the Sendmail configurations you must restart Sendmail to load the new settings To restart Sendmail you must be the root user Connect to your server by means of SSH su to root and run the following command restart_sendmail Note There are several other Sendmail related commands you can use as follows sendmailctl stop sendmailctl start sendmailctl restart You must change to the etc mail directory and run the following command make re
Download Pdf Manuals
Related Search