Master node environment setup - johnkeates/PufferPanel GitHub Wiki

On your master server, where you will be using the admin cp, follow the steps below to get started with the requirements for the environment:

1. Install all dependencies

When installing the dependencies, the default options will most definitely work. Some questions (like setting passwords) require you to input something. Remember what you use, you might need it later.

sudo apt-get install \
git libapache2-mod-php5 mysql-server phpmyadmin unzip zip \
php5-mcrypt php5-curl php5-cli php5-dev php-pear \
libssh2-1 libssh2-php libssh2-1-dev denyhosts postfix pwgen

This installs everything you need to run most PHP 5.4.x webapps, with MySQL, Postfix for email support and phpmyadmin for database administration.

Additionally, it sets you up with some developer tools (for example: to install php5-ssh2 from pecl if the version from the repos is too old). It also installs DenyHosts which uses TCPWrappers's /etc/hosts.deny to blacklist brute forcing hostst on the fly so SSH break-ins are a a lot harder.

When you install MySQL, you are required to setup a root password, choose one you can remember and is safe and strong so your installation doesn't get cracked easily. When you are asked for the MySQL administrator password to setup PHPMyAdmin, you must use the MySQL root password, but when asked for the PHPMyAdmin Application password, enter nothing and let the system create a random one, since you won't need it. When asked to automatically set it up for apache2 or lighttped or nginx, select apache2 (press space to select, enter to confirm)

After the whole setup is done, you must update MySQL's configuration:

First, secure your installation, execute:

sudo mysql_secure_installation

When asked to set a new root password, don't do it if you set one during installation. When asked to delete anonymus accounts, test databases etc, answer yes or 'Y' as you won't need them and they make your installation insecure. You want all of that stuff gone.

Next, set the MySQL server to be reachable for external servers, since your nodes will need to connect to the server to store and read information. Execute:

sudo nano /etc/mysql/my.cnf

Find the string bind-address and change it to:

bind-address = 0.0.0.0

make sure there is no hash mark (#) at the beginning of that line. Save and close the file by entering Control+X, Y, Enter. You might need to restart MySQL afterwards. If so, execute sudo invoke-rc.d mysql restart.

You will be able to enter PHPMyAdmin on your server's domain name like: http://master1.domain.tld/phpmyadmin and you can use the MySQL Root or Administrator user (the name is: root) and the password you set during installation or during the mysql_secure_installation command. You don't need to do anything in there right now, but verify you can access it before you continue.

2. Setup a vhost:

I use a vhost-specific location: /var/www-vhosts/, so to make a vhosts for your master node:

Replace master1.domain.tld with your actual master FQDN, and do so in any examples from here!

sudo mkdir -p /var/www-vhosts/master1.domain.tld

Create directories for the log files:

sudo mkdir /var/log/apache2/master1.domain.tld

Create a vhost configuration file and set the basic settings:

sudo nano /etc/apache2/sites-available/master1.domain.tld

This opens nano with the vhost config file in the proper location. Enter the following configuration to get started:

<VirtualHost *:80>
    DocumentRoot /var/www-vhosts/master1.domain.tld
    ServerName master1.domain.tld
ServerAlias www.master1.domain.tld

    <Directory "/var/www-vhosts/master1.domain.tld">
            allow from all
            Options -Indexes
    </Directory>

    ErrorLog /var/log/apache2/master1.domain.tld/error.log
    LogLevel notice
    TransferLog /var/log/apache2/master1.domain.tld/access.log
    UseCanonicalName on
</VirtualHost>

Save and exit with: Ctrl-X and press Y to accept the save and enter to close nano. To activate the vhost execute:

sudo a2ensite master1.domain.tld

To automatically rotate the server logs, create a logrotate file:

sudo nano /etc/logrotate.d/apache2-master1.domain.tld

and use these settings for a default log rotation scheme:

/var/log/apache2/master1.domain.tld/*.log {
    weekly
    missingok
    rotate 52
    compress
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
        /etc/init.d/apache2 reload > /dev/null
    endscript
}

Again, Ctrl+X to save, Y to confirm, enter to close.

Set the correct permissions on everything to make your environment reasonably secure:

sudo chgrp -R www-data /var/www-vhosts/master1.domain.tld
sudo chgrp -R www-data /var/log/apache2/master1.domain.tld
sudo chmod -R 775 /var/www-vhosts/master1.domain.tld
sudo chmod -R 775 /var/log/apache2/master1.domain.tld

Turn on Apache2's rewrite support and restart to make it effective:

sudo a2enmod rewrite
sudo invoke-rc.d apache2 restart

###3. Setup modpack storage

Create the directories and set the correct permissions for the modpack storage:

sudo mkdir /srv/modpacks
sudo chown -R www-data:www-data /srv/modpacks
sudo chmod 0775 /srv/modpacks

At this point you have the following:

  • A vhost capable of running a PufferPanel Master Node with all dependencies
  • Automatic log rotation
  • Tools for later upgrades
  • Tools for setting up databases and database credentials
  • Mail capabilities using a robust MTA
  • Reasonably secured ghost environment

This concludes the master node environment setup.

Continue with the master node PufferPanel installation: PufferPanel Master node setup

Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️