As per the site title, this blog is all about Christians and open source software, and how to use OSS in church and Christian organisations. We've discussed introducing and ultimately converting your church to OSS, and asked you what OSS you use in your church.

After blogging about these things, I thought it might be a good idea to write up a How To for those folks who use Linux on a regular basis, and want to set up a central Linux server at their church office.

My server setup at home works pretty well, so I am going to tell you how to make a similar setup.

The Details

  • DHCP for assigning IP addresses to computers on the network
  • DNS for caching of domain names, and serving the local server's internal domain name
  • Samba for filesharing
  • CUPS for a shared printer
  • Arno's IPTables Firewall
  • Apache HTTP server for web based app(s)
  • Jethro PMM for membership management

Preparation

  1. I am most familiar with Ubuntu, so I'll be using Ubuntu Server. The latest LTS is 10.04, so we'll download and use that.
  2. Decide on a network naming convention. Mine is the Muppets, with my server being called kermit.
  3. Decide on an IP address range. I chose 192.168.1.X.
  4. Decide on an IP address for your server's main network interface. I chose 192.168.1.250 (255 is the broadcast address).

Initial Installation

DVD
  1. Pop the CD in, and reboot the server.

  2. Choose the normal server installation at the boot menu.

  3. Walk through the installation. Use the settings that we decided in the preparation phase when you are prompted. Most options here are fairly straightforward and self explanatory. If not, this site should provide some help.

  4. Once you've installed Ubuntu, and you've logged in, run the following commands, they will install the necessary packages for most of what we want:

    $ sudo tasksel install lamp-server$ sudo tasksel install dns-server$ sudo tasksel install openssh-server$ sudo tasksel install print-server$ sudo tasksel install samba-server
    
  5. As part of the LAMP installation, you'll be asked to enter a MySQL root password. Don't forget this password!

  6. Once you've finished with the above commands, install CUPS, DHCP and Arno's iptables Firewall using the command below:

    $ sudo aptitude install cups$ sudo aptitude install dhcp3-server$ sudo aptitude install arno-iptables-firewall
    

Set up Firewall

When you install the firewall software, aptitude should automatically run the dpkg-reconfigure wizard to configure your firewall. You will need to have determined beforehand which network interface is the one on your internal network. I like to try to make eth0 my internal network interface.

  1. The configuration wizard will ask if you want debconf to manage it, select Yes.
  2. When asked for external interfaces, if you are using DSL and PPPoE, set both "eth1" and "ppp+" as your external interfaces. With normal PPP, just set "ppp+".
  3. Enable DHCP on external interfaces (this is so that we get an IP address when we dial up).
  4. The next step you'll be asked for open TCP ports, just leave this blank.
  5. Then you'll be asked for open UDP ports. Once again, leave this blank.
  6. You'll be asked if the external interface should be "pingable" - select Yes.
  7. Then set "eth0" as your internal network interface.
  8. Next you'll be asked about your internal subnet. This is the IP address range we decided on earlier. Enter "192.168.1.0/24"
  9. You'll be asked if you want to enable NAT (masquerading), select Yes.
  10. Then you'll be asked which networks should have access to the external network. Enter "192.168.1.0/24" again.
  11. Lastly you'll be asked to restart the firewal. Select Yes.

At this stage, if you hardcode your IP address in another machine to , you should be able to SSH in to the server.

DHCP server (dynamically assigned IP addresses)

Network Cable

First up, let's configure DHCP so that we can add other machines to the network.

  1. Edit your configuration file by typing in sudo nano /etc/dhcp3/dhcpd.conf

  2. Look through the file, and change the following lines to match your setup:

    # "lan" is the name of my internal network
    # all domain names end in .lan
    option domain-name "lan";
    option domain-name-servers 192.168.1.250;
    option broadcast-address 192.168.1.255;
    
  3. I also changed my lease times. I wanted fairly long leases:

    default-lease-time 1209600; # 14 days
    max-lease-time 2419200; # 28 days
    
  4. Uncomment the following line (remove the #):

    authoritative;
    
  5. Then, scroll to the bottom of the file and add the section specifically for dishing out address to the network computers:

    subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.10 192.168.1.240;
    }
    

    Note: The subnet directive tells the DHCP server the base IP address of the network, and the netmask directive tells it the full range of IP addresses in the network. The range directive tells the server to dish out IP adresses within that subrange.

  6. Save and close the file by pressing Ctrl+X (to exit), Y (to say yes to save the file) and Enter (to confirm the file name).

  7. Now restart the DHCP server by typing sudo /etc/init.d/dhcpd restart.

Now that you have DHCP enabled you should be able to connect any machine to the network and it should automatically pick up an IP address. If you haven't already, this is a good point to switch over to SSH if it's easier for you. None of my servers have their own keyboards or screens, so logging in to them via SSH makes my life a lot easier.

DNS server (provides a local caching domain name server)

We'll be running a DNS server locally for two reasons. Firstly, we will be putting a church membership program on the server, and secondly it provides domain name caching. To get your DNS server up and running, do the following:

  1. Edit the "local" conf file: sudo nano /etc/bind/named.conf.local.

  2. Add the following lines to that file, which will define our domain names for the virtual hosting:

    zone "lan" {
        type master;
        file "/etc/bind/zones/lan.zone";
    };
    zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/zones/1.168.192.in-addr.arpa.zone";
    };
    
  3. Save and close the file.

  4. Edit the options file: sudo nano /etc/bind/named.conf.options.

  5. Uncomment the "forward" lines, and replace the address there with the IP address of an upstream DNS server or two. The easiest way to get that is to connect to the internet, and then take the top IP address from your resolv.conf file:

    forwarders {
        x.x.x.x; # replace with your upstream DNS server
        x.x.x.x;
    };
    
  6. Now we need to create our zone files. Type sudo mkdir /etc/bind/zones.

  7. Create and edit the forward zone file. Type sudo vi /etc/bind/zones/lan.zoneand then write this in it:

    ;
    ; BIND data file for "lan" network
    ;
    $TTL 604800
    @    IN    SOA    lan. root.server.lan. (
        101     ; Serial
        604800     ; Refresh
        86400     ; Retry
        2419200     ; Expire
        604800     ; Negative Cache TTL
        )
    ;
    IN    NS    ns
    ;
    ; These two lines below point ns.lan and server.lan to the server
    ns    IN    A    192.168.1.250
    server    IN    A    192.168.1.250
    
  8. Create and edit the reverse zone file. Type sudo vi /etc/bind/zones/1.168.192.in-addr.arpa.zoneand then write this in it:

    ;
    ; BIND reverse data file for "lan" network
    ;
    $TTL 604800
    @    IN    SOA    lan. root.server.lan. (
        102     ; Serial
        604800     ; Refresh
        86400     ; Retry
        2419200     ; Expire
        604800     ; Negative Cache TTL
        )
    ;
    ; The two lines below provide a reverse lookup (IP address to domain name)
    IN    NS    ns
    250    IN    PTR    server
    
  9. Now restart bind by typing sudo /etc/init.d/bind9 restart.

If your server is already connected to the Internet, setting the server's IP address in your computer's /etc/resolv.conf file should make all requests to the Internet resolve properly. This doesn't mean you can surf (we need to set up forwarding first), but if you use the ping command, then the domain name itself should respond with an IP address.

Apache Web Site Hosting

Web Site

Now we want to set up the Apache web server so that we can serve a web application or two from the server.

  1. Create a directory for all the virtual hosts: sudo mkdir /home/www-data

  2. Set the owner and the group to the web server user: sudo chown www-data:www-data /home/www-data

  3. Now edit the Apache main configuration file: sudo nano /etc/apache2/apache2.conf

  4. Scroll down to the bottom of the file and add the following lines above the line that includes the virtual host files:

    # Name of the server
    ServerName server.lan
    # NameVirtualHost
    NameVirtualHost *
    
  5. Edit your default server configuration file: sudo nano /etc/apache2/sites-available/default

  6. Remove the line at the top of the file that says NameVirtualHost

Later on we'll install an open source church membership management system on the server, and do some more setting up of Apache, but this is all we need for now.

File sharing with Samba

Normally I would not use Samba, as I don't have any Windows machines around, but I know that most offices won't be in this position, so I'll show you how to set up Samba for file sharing.

  1. Create a "samba" user for file sharing: sudo adduser samba (just fill in whatever you want to as you go through the options).

  2. Add the new user to Samba's list of users: sudo smbpasswd -a samba

  3. Create additional directories for file sharing:

    sudo mkdir /home/samba/documents
    sudo mkdir /home/samba/images
    sudo mkdir /home/samba/misc
    
  4. Change directory ownership for the new directories: sudo chown -R samba:samba /home/samba

  5. Edit the samba configuration file: sudo nano /etc/samba/smb.conf

  6. Change the workgroup to fit your system.

  7. Uncomment unix password sync and set it to yes.

  8. Add the following to the bottom of the file to setup the shares:

    [documents]
    comment = Documents
    writeable = yes
    browseable = yes
    readonly = no
    path = /home/samba/documents
    valid users = samba
    force user = samba
    force group = samba
    
    [images]
    comment = Images
    writeable = yes
    browseable = yes
    readonly = no
    path = /home/samba/images
    valid users = samba
    force user = samba
    force group = samba
    
    [misc]
    comment = Miscellaneous Files
    writeable = yes
    browseable = yes
    readonly = no
    path = /home/samba/misc
    valid users = samba
    force user = samba
    force group = samba
    
  9. Reload Samba: sudo /etc/init.d/samba reload

Now when you connect to the server, use the "samba" user account. In most cases this should be sufficient. I don't know of many churches where advanced file sharing with permissions is necessary. If it is, read a little more on how to set up Samba (there are plenty of tutorials on the Internet) and you should be able to take this basic configuration and expand it to work for you.

Shared Network Printing

Printer

CUPS is a printing server, which allows both local and network printing. We've installed it on the server, now we need to set up CUPS for network administration and then set up our printer.

  1. Edit the CUPS configuration file: sudo nano /etc/cups/cupsd.conf

  2. Look for a section with a set of Listen directives, and add the following:

    Listen 192.168.1.250:631
    
  3. Restart the CUPS server: sudo /etc/init.d/cups restart

  4. Make sure your user is part of the lpadmin group by running the following command: sudo adduser <username> lpadmin

  5. Now you can open a web browser and go to the CUPS admin interface by navigating to https://192.168.1.250:631/

  6. Plug in your printer, and add it using the CUPS admin interface. When asked for a username and password, simply use your SSH login details.

To get Windows computers to connect to the print server, they need to "Connect to a printer on the Internet" and you need to use the full IPP path to the printer, which can be found in the CUPS admin interface.

Installing Jethro Pastoral Ministry Management

From their web site:

Jethro PMM helps church staff track people, families, pastoral tasks, groups, attendance, services, rosters and documents via an easy-to-use web interface.

Let's get Jethro up and running:

  1. Before we install Jethro, we need to install a few dependencies:

    $ sudo aptitude install php-pear
    $ sudo pear install MDB2
    $ sudo pear install MDB2#mysql
    
  2. Next we need to set up a database. We'll do it the oldschool way, via the command line:

    $ mysql -h localhost -u root -p
    Password: <type in your MySQL root password>
    mysql> create database `jethro`;
    mysql> grant all on `jethro`.* TO 'jethro'@'localhost' identified by 'password';
    mysql> \q
    
  3. Now download Jethro from the web site: http://jethro-pmm.sourceforge.net/

  4. Copy the zip file up to your server, and then unzip it into the default web server directory:

    $ scp Downloads/jethro-2.1.1.zip username@server:
    $ unzip jethro-2.1.1.zip
    $ sudo mv jethro-pmm/* /var/www
    
  5. Now let's set up the database details:

    $ sudo cp conf.php.sample.uk conf.php
    $ sudo nano conf.php
    
  6. Once you've done that, visit the site using either the server's IP address, or the server name you gave it earlier. This should take you through the rest of the installation process.

And that is it! Now you should have a central "hub" server, which controls the network, provides file sharing and Internet connectivity, and runs church management software.


Comments

comments powered by Disqus