Difference between revisions of "Post-Install Configuration"

From MineOS Wiki
Jump to navigation Jump to search
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
A few configurations must occur after the first reboot, and some are not implemented to greatly simplify the setup. These steps, however, are important for the securing of the server.
+
These are a few measures you can take to maintain and secure your server.  Many of these features are already handled automatically (iptables/web ui password), while some require the server to have booted for the first time (MySQL password, hosting websites).
  
== Password changing ==
+
== System management ==
 +
 
 +
* [[Useradd|Adding new users/groups]]
 +
* [[Shutdown|Shutting down and rebooting]]
 +
 
 +
== Passwords ==
  
 
=== MySQL root password ===
 
=== MySQL root password ===
The password is unset by default, and can only be set when the MySQL daemon is running (after first boot). To set the password, use the following command as root:
+
The MySQL password is not set by default (blank), and can only be set when the MySQL daemon is running (upon first boot). Instructions to [[MySQL|secure or disable MySQL]]
 
 
# <tt>ln -s /var/www/tmp/mysql.sock /tmp/mysql.sock</tt>
 
# <tt> mysql_secure_installation</tt>
 
  
 
=== Changing the web-ui password ===
 
=== Changing the web-ui password ===
  
The default admin:password to the web-ui is <tt>admin:minecraft</tt>
+
You can [[Web_interface#Changing_the_web-ui_password|change the web-ui password]] at any time.
If you would like to change this, (either the username and/or password), open up /etc/hiawatha/passwords in your favorite text editor and replace the existing line.  
 
  
Since the password is encrypted, you must first generate it. You can do so with the help of an [http://aspirine.org/htpasswd_en.html online generator].  Fill in the username to whatever you like, set the password and choose CRYPT as the password--it is essential to choose CRYPT.
+
=== Using RSA-key to log into SSH/SFTP ===
  
For example:
+
For additional security, or to employ password-free SSH/SFTP logins, you may opt to generate a public/private [[Rsa-key|RSA-key pair]] for puTTy/SFTP.
  
<tt>nano /etc/hiawatha/passwords</tt>
+
== Other configuration ==
Replace the one existing line with the generated line, such as: will:/ZU9ss0WcLwmE
 
Save and exit. The password will take effect on reboot or on hiawatha restart (<tt>/etc/rc.d/hiawatha restart</tt>).
 
  
Remember, any usernames listed in the passwords file will be accessible, so be sure to remove the existing admin:password line no matter what.
+
=== iptables ===
  
 +
[[iptables]] filters inbound and outbound traffic by a sequence of rules. These rules are to prevent undesired traffic from being responded to, helping defend against DOS attacks and to prevent unauthorized access (such as permitting SSH connections only from an IP address/range).
  
== Other configuration ==
+
=== Crontabs ===
 +
 
 +
Minecraft related cron-jobs can be managed from the web-ui, such as backup, archiving, mapping, as well as [onreboot] restoring and server starting.  For any other tasks, you will need to create a cron script yourself.  For your benefit, [[crontabs|creating crontabs]] has been greatly simplified.
 +
 
 +
=== Hosting a Website ===
  
=== iptables ===
+
The most common web-language on Linux servers is PHP.  With [[Hiawatha]] webserver and PHP, you can easily host forums, image galleries, and countless other website features to your server.  Provided are [[PHP|instructions to enable PHP]] or to configure the [[Hiawatha]] web server.
  
[[iptables]] filters inbound and outbound traffic by a sequence of rules. These rules are to prevent undesired traffic from being responded to, helping defend against DOS attacks and to prevent unauthorized access (such as permitting SSH connections only from an IP address/range).
+
=== Static IP Address ===
  
Typical rules will include inbound connections for SSH (22), Minecraft (25565), HTTP (80), though any setup is possible.
+
To set an unchanging IP for your server, you can set a [[Static IP|Static IP address]].
  
=== cronjobs ===
+
=== Additional packages ===
  
Until it is automated, cronjobs must be created manually. For your benefit, however, the process has been simplified.  The directory <tt>/etc/cron/</tt> exists and has several sub-directories, (hourly, daily, weekly, etc). Instead of having to learn standard crontab syntax, each sub-directory (and its contained files) gets executed at its respective interval.
+
CRUX has an available packaging system, pkg_add, though it is often more illuminating and educational to try the BSD-like [[Ports_system|'Ports']] system. Through this, MineOS CRUX downloads stable source code and compiles the application from source (optimized for i686) then installs the application in a CRUX-friendly location, rather than pre-compiled binaries (which, strictly speaking--are certainly sufficient for all users).
  
For example, if you want backups done on your server daily, you can create a file in the <tt>daily</tt> directory:
+
== Accessing your server ==
  
# touch /etc/cron/daily/backupscript
+
In addition to accessing the server directly through a local keyboard and monitor, servers can be (and are recommended to be) connected remotely via terminal clients:
# chmod +x /etc/cron/daily/backupscript
 
# nano /etc/cron/daily/backupscript
 
  
(backupscript contents)
+
* Terminal Server: [[PuTTY]]
<nowiki>
+
* File-transfer protocols: [[SFTP]]
cd /usr/games/minecraft
 
./mineos_console.py backup myserver
 
</nowiki>
 

Latest revision as of 04:42, 4 February 2013

These are a few measures you can take to maintain and secure your server. Many of these features are already handled automatically (iptables/web ui password), while some require the server to have booted for the first time (MySQL password, hosting websites).

System management

Passwords

MySQL root password

The MySQL password is not set by default (blank), and can only be set when the MySQL daemon is running (upon first boot). Instructions to secure or disable MySQL

Changing the web-ui password

You can change the web-ui password at any time.

Using RSA-key to log into SSH/SFTP

For additional security, or to employ password-free SSH/SFTP logins, you may opt to generate a public/private RSA-key pair for puTTy/SFTP.

Other configuration

iptables

iptables filters inbound and outbound traffic by a sequence of rules. These rules are to prevent undesired traffic from being responded to, helping defend against DOS attacks and to prevent unauthorized access (such as permitting SSH connections only from an IP address/range).

Crontabs

Minecraft related cron-jobs can be managed from the web-ui, such as backup, archiving, mapping, as well as [onreboot] restoring and server starting. For any other tasks, you will need to create a cron script yourself. For your benefit, creating crontabs has been greatly simplified.

Hosting a Website

The most common web-language on Linux servers is PHP. With Hiawatha webserver and PHP, you can easily host forums, image galleries, and countless other website features to your server. Provided are instructions to enable PHP or to configure the Hiawatha web server.

Static IP Address

To set an unchanging IP for your server, you can set a Static IP address.

Additional packages

CRUX has an available packaging system, pkg_add, though it is often more illuminating and educational to try the BSD-like 'Ports' system. Through this, MineOS CRUX downloads stable source code and compiles the application from source (optimized for i686) then installs the application in a CRUX-friendly location, rather than pre-compiled binaries (which, strictly speaking--are certainly sufficient for all users).

Accessing your server

In addition to accessing the server directly through a local keyboard and monitor, servers can be (and are recommended to be) connected remotely via terminal clients:

  • Terminal Server: PuTTY
  • File-transfer protocols: SFTP