Rock Solid Ideal Setup - Need Help

R

rndinit0

Verified User
Joined
Jan 15, 2005
Messages
91
Need Help - Ideal DA Setup Questions

I would like to start fresh, and take an approach that will cause me the least amount of problems in the long run. Im ignoring things "I like" in the interest of the business. End result I need things to just work, and I will do everything I can to provide what is needed. So essentially I want to setup this server to be the "ideal" setup.

In order for me to achieve this, I will need the help of the more experienced admins of this forum, and your help will be greatly appreciated. One criteria to keep in mind is: "Take the most supported approach, when possible". Commercial Licenses for 3rd party software or Operating Systems is not a problem.

Let me start by providing the hardware specs:

Single Processor Dual Core Opteron 1216 - 2.40GHz - 2 x 1MB cache
2 GB DDR2 667
250GB SATA II x 2
5 IP's

1st Question to consider:
User Raid 1, or just partition one drive, and use the 2nd drive as backup, and file storage.

2.) What OS
Red Hat Enterprise Linux - ES 4 (32 bit)
Red Hat Enterprise Linux - ES 4 (64 bit)

Im under the impression that DA is developed on Redhat (not sure which version)

3.) 64bit ?

In the system requirements 64bit is listed, does this mean that 64bit is supported? Is it recommended?

4.) Partition
Am I to follow http://www.directadmin.com/install.html
Or does anyone have a better idea?

5.) Mail
I intend to use dovecot. Any thoughts on this?

6.) 3rd Party Plugins
Installatron possibly Ruby on Rails

7.) LAMP Specs
I need PHP 5 (my customers need this)
Should I run php4 & php5 at the same time?

Do I need apache 2 & Mysql 5 ?

Backup Solutions:
Should I look into http://www.acronis.com/enterprise/products/ATISLin/
Better ideas?

If I have missed anything please let me know.

DirectAdmin Config Issues:

1.) I need an SSL certificate that works for all my clients domains.
If this the case should I put myself the admin and 1st reseller on a dedicated IP, and my clients on a serperate dedicated IP?
a.) If I put myself on a seperate IP that means I would need my own SSL cert right?


2.) If my resellers want to use their private name servers would cname record ns1.reseller.com > ns1.me.com work?
Or should I assign them their own Ips?
 
Last edited:
Hello,

1) It's up to you if you want a raid setup, or a backup drive. Raid can probably handle the most neglect until both drives fail and is probably faster, even in the mirrored setup, but a backup drive is simpler and would give you twice as much space.

2|3) If you go with CentOS, use CentOS 5. If you have the 64-bit hardware, going the 64-bit route for the OS would probably be most powerful.

4) Just a note, that if you use Doveoct (Maildir), it stores emails on /home, so less space would be needed on /var. The current default (vm-pop3d) still stores it on /var. MySQL still uses /var as well. Having the disk broken up into many partitions is good if you have a risk of filling the drive up, as it keeps the other data on other partitions safe. The game is to balance this out so as to not have one full partition that needs more space while all your others are 1% used with mass amounts of space free. In any case, /home and /var should be larger, with /home being significantly bigger.

5) Just as mentioned, mail goes into /home, so size your partitions accordingly.

6) up to you

7) If you want php 5 or php4+php5, the custombuild script can do that, type:
touch /root/.custombuild
before running the setup.sh and the installer will install custombuild (apache2.2, php5) instead of customapache (apache 1.3, php4). You can then proceed to change the options.conf to set it up how you want (see the custombuild section of the forum)

8) MySQL 5 comes with both CentOS 5 32-bit and 64-bit and is probably better anyway. It's faster, more efficient and current.

======

1) All SSL Certificates can be used to transfer encrypted data securely. However, this does not mean that you won't get a warning that the host doesn't match. A certifcate holds the name of the website in it, eg: www.domain.com. If you use your certificate for all domains, only 1 will not have the warning, all other domains will generate warnings in the browsers that the host doesn't match. It's still looks better to buy a certificate with your business name on it, than to use a self-generated one.

If you're using 1 cert for everyone then it doesn't matter. You can put the 1 cert as the "shared server certificate" via the admin account, and everyone will have access to it. Only if you need 1 website to have a cert and you don't want anyone else access would you need an owned IP account.
The shared server certificate can be used for any IP of any type (shared, sever, owned)

2) nameservers are often over complicated. To answer your question, yes they can use their own. No they don't need their own IPs, unless you want to give it t them. On the DA side of things, a namesever is nothing more than an A record such that the ns1 value resolves, just like a subdomain does. Past that, the nameserver is registered at the registrar, domain setup to use it (both DA and registrar), and that's about it.

John
 
Does the DA install script install Perl, or do I have to install perl myself?
 
They're all over these forums, but here, again:
Code: 
exclude=bind-chroot httpd* mysql* php* perl* apache* mod_* MySQL* *ftp* exim* sendmail* php* da_*
Note that some of these are probably not necessary; yum won't attempt to update what it does'nt have in it's installed RPM list.

Jeff
 
Yes they are, I have seen them, but I was curious about your current yum.conf file. Perhaps you have added something, turns out you did. But thanks for your reply =) Appreciated.

here is what I had:
[root@core ~]# rpm -qa |egrep "apache*|httpd*|mod_*|mysql*|da*|ftp*|exim*|sendmail*|php*|named*|clamav*" > remove_me.log
 
Last edited:
I added bind-chroot, but then I removed the RPM so it really doesn't need to be listed. Sendmail probably doesn't have to be in the list, because sendmail RPMs, if installed, are removed during the DA installation. Same for exim, unless you're using a yum-based installation that installs exim by default. I do update named (BIND; the Berkeley Internet Name Daemon), and I've also removed named* because I only have the RPMs I want installed.

I also don't list caching-nameserver because it's not installed on my system.

Jeff
 
Just a little addition, when doing an install myself, I always install:

gcc g++ openssl openssl-devel

using yum or apt-get whenever possible. If you don't, openssl is installed from our servers as a fallback, which are not always for that exact OS. Hence, yum would ensure you've got the latest version and a version that is for your OS.

John
 
You must log in or register to reply here.
Back
Top