Difference between revisions of "Post-Install Configuration"

From MineOS Wiki
Jump to navigation Jump to search
Line 1: Line 1:
 
A few configurations must occur after the first reboot, and some are not implemented to greatly simplify the setup. These steps, however, are important for the securing of the server.
 
A few configurations must occur after the first reboot, and some are not implemented to greatly simplify the setup. These steps, however, are important for the securing of the server.
  
== Password changing ==
+
== System management ==
 +
 
 +
* [[Useradd|Adding new users/groups]]
 +
* [[Shutdown|Shutting down and rebooting]]
 +
 
 +
== Passwords ==
  
 
=== MySQL root password ===
 
=== MySQL root password ===
The password is unset by default, and can only be set when the MySQL daemon is running (after first boot). To set the password, use the following command as root:
+
The MySQL password is not set by default (blank), and can only be set when the MySQL daemon is running (upon first boot). Instructions to [[MySQL|secure or disable MySQL]]
 
 
# <tt>ln -s /var/www/tmp/mysql.sock /tmp/mysql.sock</tt>
 
# <tt> mysql_secure_installation</tt>
 
  
 
=== Changing the web-ui password ===
 
=== Changing the web-ui password ===
  
 
The default admin:password to the web-ui is <tt>admin:minecraft</tt>
 
The default admin:password to the web-ui is <tt>admin:minecraft</tt>
If you would like to change this, (either the username and/or password), open up /etc/hiawatha/passwords in your favorite text editor and replace the existing line.
+
Since this is common among all installs, it is advised to [[web interface|change the web-ui password]] immediately.
 
 
Since the password is encrypted, you must first generate it. You can do so with the help of an [http://aspirine.org/htpasswd_en.html online htpasswd generator].  Fill in the username to whatever you like, set the password and choose CRYPT as the password--it is essential to choose CRYPT.
 
 
 
For example:
 
 
 
<tt>nano /etc/hiawatha/passwords</tt>
 
 
 
Replace the one existing line with the generated line, such as: <tt>will:/ZU9ss0WcLwmE</tt>
 
Save and exit. The password will take effect on reboot or on hiawatha restart (<tt>/etc/rc.d/hiawatha restart</tt>).
 
 
 
Remember, any usernames listed in the passwords file will be accessible, so be sure to remove the existing admin:password line no matter what.
 
  
 
=== Using RSA-key to log into SSH/SFTP ===
 
=== Using RSA-key to log into SSH/SFTP ===

Revision as of 04:10, 20 August 2011

A few configurations must occur after the first reboot, and some are not implemented to greatly simplify the setup. These steps, however, are important for the securing of the server.

System management

Passwords

MySQL root password

The MySQL password is not set by default (blank), and can only be set when the MySQL daemon is running (upon first boot). Instructions to secure or disable MySQL

Changing the web-ui password

The default admin:password to the web-ui is admin:minecraft Since this is common among all installs, it is advised to change the web-ui password immediately.

Using RSA-key to log into SSH/SFTP

For additional security, or to employ password-free SSH/SFTP logins, you can generate a public/private RSA-key pair

Other configuration

iptables

iptables filters inbound and outbound traffic by a sequence of rules. These rules are to prevent undesired traffic from being responded to, helping defend against DOS attacks and to prevent unauthorized access (such as permitting SSH connections only from an IP address/range).

The default rules include inbound connections for SSH (22), Minecraft (25565), HTTP (80), and HTTPS (443) though it is fully customizable.

Crontabs

Minecraft related cron-jobs can be managed from the web-ui, such as backup, archiving, mapping, as well as [onreboot] restoring and server starting. For any other tanks, you will need to create a cron script yourself. For your benefit, however, the process has been greatly simplified. The directory /etc/cron/ has several sub-directories, (hourly, daily, weekly, etc). Instead of having to learn standard crontab syntax, each sub-directory (and its contained files) gets executed at its respective interval.

For example, if you want to gzip your server log every week, you can create a script as 'root':

  1. touch /etc/cron/weekly/gzipserverlog
  2. chmod +x /etc/cron/daily/gzipserverlog
  3. nano /etc/cron/daily/gzipserverlog

(backupscript contents)

cd /usr/games/minecraft
./mineos_console.py log_archive servername

Remember, these crontabs are usable for any purpose, not just Minecraft maintenance!

Hosting a Website

The most common web-language on Linux servers is PHP. With Hiawatha webserver and PHP, you can easily host forums, image galleries, and countless other website features to your server. Provided are instructions to enable PHP.