Website Stack Setup on VirtualBox

January 3rd, 2017

A New Stack

In the name of learning, it was decided that I would host this website on a server where I had root access and could perform most of the management myself (on the software side at least). The purpose being to gain a better knowledge of server admin as well as learning various technologies (such as NGINX).

There are four main services that I want to be able to serve on this test VM, those four being:

  • Web pages (NGINX)
  • Private Git Repositories (GitLab)
  • VPN (OpenVPN)
  • Private Email Server (Postfix, Dovecot)

I also want the software to be configured in order to be as secure as possible, since this will eventually be replicated onto a public facing server. I also wanted to see what specs would work the best for the required setup.

Pre Setup

For the test VM, I am using VirtualBox version 5.0.121.

Since the server is going to be linux based, I chose Ubuntu Server version 16.04.1 (64 bit).

The VM has:

  • 2GB of RAM
  • 24GB of storage

I left all the options on the default setting during installation.

Basic Software

With a fresh install of Ubuntu Server on a VM, it was time to set up the basics.

First off, I installed OpenSSH since on the actual server SSH would be the only link to the machine.

To install the server on the machine:

{% prism bash host="local" user="jordan" %} sudo apt-get install openssh-server {% endprism %}

In the ssh config file I added:

MaxAuthTries 3

I then restarted the SSH service:

{% prism bash host="local" user="jordan" %} service ssh restart {% endprism %}

SSH Keys

Best practises for SSH dictates that key-based authentication is the best route to go so in order to set up OpenSSH for that I first:

{% prism bash host="local" user="jordan" %} mkdir .ssh chmod 700 .ssh cd .ssh {% endprism %}

Then I generated a public-private key pair using RSA then appended it to the authorized keys file:

{% prism bash host="local" user="jordan" %} ssh-keygen -t rsa cat id_rsa.pub >> authorized_keys {% endprism %}

Then I ensured the following configrations was set in /etc/ssh/sshd_config

{% prism ini %} RSAAuthentication yes PubkeyAuthentication yes ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no {% endprism %}

Then I restarted the service.

Next I retrieved the RSA Private key and transferred it to my desktop. Since I couldn't simply copy and paste the key, I first had to install Guest Additions on the server and enable bi-directional clipboard so that I could copy & paste the key.

SSH From Windows

My main development machine is a Windows desktop computer. Since Windows sadly does not have a SSH client pre-installed, I downloaded Cmder which comes with a SSH client.

Building NGINX From Source

In order to have the latest version of NGINX, I am compiling mine straight from a source release.

Following the instructions of NGINX's website, I downloaded the nessacary dependencies:

PCRE

{% prism bash host="local" user="jordan" %} wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz tar -zxf pcre-8.40.tar.gz cd pcre-8.40 ./configure make sudo make install {% endprism %}

ZLib

{% prism bash host="local" user="jordan" %} wget http://zlib.net/zlib-1.2.11.tar.gz tar -zxf zlib.1.2.11.tar.gz cd zlib.1.2.11 ./configure make sudo make install {% endprism %}

OpenSSL

{% prism bash host="local" user="jordan" %} wget http://www.openssl.org/source/openssl-1.0.2f.tar.gz tar -zxf openssl-1.0.2f.tar.gz cd openssl-1.0.2f ./config sudo make sudo make install {% endprism %}

NGINX Source

Next I downloaded the latest source with:

{% prism bash host="local" user="jordan" %} wget http://nginx.org/download/nginx-1.11.9.tar.gz tar -zxf nginx-1.11.9.tar.gz cd nginx-1.11.9 {% endprism %}

Building NGINX

{% prism bash host="local" user="jordan" %} ./configure --with-http_ssl_module --with-openssl=/home/jordan/openssl-1.0.2f make sudo make install {% endprism %}

Running and Configuring NGINX

To start NGINX:

{% prism bash host="local" user="jordan" %} sudo nginx {% endprism %}

Next its time to setup the configuration files for NGINX. For my install they are found in /usr/local/nginx/conf/.

[TODO]

Setting up GitLab

For installing GitLab, I followed the instructions on the download page:

{% prism bash host="local" user="jordan" %} sudo apt-get install curl openssh-server ca-certificates postfix curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash sudo apt-get install gitlab-ce sudo gitlab-ctl reconfigure {% endprism %}


  1. I have since updated my VirtualBox distribution as my version hated Linux