Configuring a cloud-based secure multi-domain web and e-mail server

Standard
Share

Provisioning the cloud server

See Linode’s Getting Started Guide for reference.

I prefer to use the CentOS linux distribution, and opted for the latest available (released July, 2014). This newest version of CentOS employs a few different technologies compared to previous versions, such as the use of firewall-cmd over iptables.

After creating your Linode account, log in to your Linode Manager and click the “Add a node” link. The next step is to select a plan. The plan represents the virtual hardware powering your server. You can always change plans at a later time, with minimal downtime. I suggest starting with a Linode 2048 plan. It’s $20/month, and is easily handling the load of three CMS-based websites and mail services for two domains.

I originally started with the Linode 1024 plan, but quickly upgraded after running into memory issues. If I could have just increased the amount of RAM, I would have, as the services my server provides otherwise were handled quite adequately by the Linode 1024 plan.

After selecting your plan, select your location. This represents the location of the data center that will host your server. Choose a location that is geographically near your target audience. I chose Atlanta, GA. Click the “Add this node” button.

You’ll be returned to your Linode Manager, and should see your new linode currently being created. The Linode Manager will provide updates throughout the process.

When your server has completed it’s initialization, you’ll be able to connect to it via SSH – either with a client such as SSH, PuTTY, or the Linode Manager Remote Access tab.

I waited a few minutes while the Linode Manager reported that my server was being created, then hit the refresh button. The server status changed to “Brand New”. Click the “Dashboard” link in the Options column next to your brand new linode. Under Dashboard/Options, click the “Deploy a Linux Distribution” link.

In the Deploy a Linux Distribution section, select “CentOS 7” as the distribution. Leave the Deployment Disk Size and Swap Disk as the default values, and enter a password for the root user.

DO NOT LOSE THIS PASSWORD. WITHOUT THIS PASSWORD, YOU WILL HAVE TO RE-DEPLOY A DISTRIBUTION, STARTING FROM STEP 1

Obviously, I’d suggest using a strong password, including numbers, letters, upper- and lower-case letters, and punctuation marks.

DO NOT USE “PASSWORD”, “PWD”, “1234”, OR ANY OTHER RIDICULOUSLY EASY PASSWORD.

Why, you may ask? Because your server will be under CONSTANT attack from attempted hackers trying to take control. But don’t fret – we’re going to lock this box tight. We just need to ensure that we have enough time to make the necessary configurations before one of the hackers has successfully connected as a root user through an easily-guessed password. Got it? Good. Now go make a STRONG password, then click the Deploy button.

You’ll be returned to the Linode Manager, Note the activity in the Host Job Queue. You’ll see your disks and file system being created. It doesn’t take much time at all, so if you really want to see it happen, look quickly! Once enabled, click the “Boot” button in the Dashboard section. Note the “System Boot” activity in the Host Job Queue. Once this activity is complete, click the “Remote Access” tab.

Here you’ll see your server’s public IP (both IPv4 and IPv6). You can use your SSH client of choice to connect to your server. We’ll use the client provided in the Linode Manager.

Under “Console Access”, click the “Launch Lish Ajax Console” link. You should see a console window requesting a username. Enter “root” and press Enter. Enter your root password (the STRONG password!) and press Enter.

Now that we’re logged in as root, we need to perform a few initial tasks. First, let’s set our hostname. I’m using “mail” as my hostname in this example.

[root@localhost ~]# echo "HOSTNAME-mail" >> /etc/sysconfig/network
[root@localhost ~]# hostnamectl set-hostname mail

Next, edit your /etc/hosts file and add your server’s IP and domain. This domain is not necessarily related to any websites or domains the server may ultimately host. I’m using example.com in this example. You’ll want to be able to create a DNS A record that points to your server at mail.example.com.

[root@localhost ~]# nano /etc/hosts

and add the line:

173.230.128.223 mail.example.com mail

And since Linode provides us with IPv6 addressing, we’ll also need to add an identical entry, replacing the IPv4 address with the server’s IPv6 address:

2600:3c02::f03c:91ff:fe56:ad65 mail.example.com mail

Next, we’ll set the timezone with the timedatectl command.

[root@localhost ~]# timedatectl list-timezones

Use arrow keys up/down to locate your desired time zone. Once found, press CTRL+C to exit the list. I’m in the eastern United States, so I’ll use New York. Enter the following command to set the timezone:

[root@localhost ~]# timedatectl set-timezone America/New_York

Replace “America/New_York” with the appropriate text for your desired timezone. Check the updated timezone by entering the “date” command:

[root@localhost ~]# date

Now we’ll need to install all the patches available for our operating system. We use the “yum” command to achieve this:

[root@localhost ~]# yum update

I was informed that the updates and all required dependencies will result in a 30 MB download. Press the “Y” key to confirm this transaction. The download and update process didn’t seem to take but a minute or so.

On to securing your server!

2 thoughts on “Configuring a cloud-based secure multi-domain web and e-mail server

    • Awesome! To be perfectly honest, i went with postfix because it’s been the default I’ve seen installed with Virtualmin. Why did you choose to go with exim?

Leave a Reply

Your email address will not be published. Required fields are marked *