Debian Linux Installation Notes

This page contains some notes for installing a Debian Linux system, web server, Java and Tomcat from the perspective of one who is familiar with RedHat Linux.

Contents:

1. Initial setup

We started with a minimal Debian system install, (created with dbootstrap, using only "essential" components, with the addition of sshd). Compared with RedHat, the initial system is very bare, so there is more to do to bring it up to the level of a working server platform. Although the installed debian system includes the iptables firewall software, no rules are preconfigured - Debian cognoscenti point out that this is because there are no services that need to be protected.

dist-upgrade -y -o APT::Get::Show-Upgraded=true }}}

NAME=tomcat5 DESC="Tomcat 5 servlet engine" CATALINA_HOME=/usr/share/$NAME DAEMON=$CATALINA_HOME/bin/catalina.sh DEFAULT=/etc/default/$NAME TOMCAT5_USER=tomcat5 CATALINA_BASE=/var/lib/tomcat5 }}}

2. Configuring/stopping/starting daemon services

For Debian, use these commands:

3. Firewall Config

To summarize the problem: debian has about fifteen ways to build a firewall and at least four ways to make sure it comes up after a restart, most of those combinations support both iptables and ipchains firewall syntax. In a recent upgrade, the default was removed, forcing deployers to research and make their own choice. I eventually asked for help on an IRC channel and the issue was explained to me and the comment was passed that:

The solution I selected was the one that involved the smallest changes to the current system:

I'm beginning to see how the red hat approach is sometimes better.

4. SSHblack install

(See also: InstallingSshblack)

The script for auto-starting SSHblack looks like this:

It may be appropriate to include some logic to recreate the iptables configuration for SSH blacklisting, alomng these lines:

# (On Redhat Linux, running the system security level script causes additional # IPtables entries to be removed, so this code reinstates the sshblack entries if iptables -L INPUT | grep BLACKLIST >/dev/null then

else

fi }}}

5. Forwarding LogWatch and root email

With Postfix mail transport installed:

postmaster: root root: admin.foo@oucs.ox.ac.uk admin.bar@oucs.ox.ac.uk }}}

nail ? mail root Subject?: test <test content> ^D ? q }}}

6. Installing and configure an Shibboleth SP

(See also: ShibbolethInstallNotes, section 2.6)

openssl req -new -key sakai-vre-demo2.key -out sakai-vre-demo2.csr }}}

7. Configuring JK connector

The JK connector software is installed through the usual Debian apt-get mechanism. JK may be part of Apache, or a separate module - at the time of writing this, I don't recall. To enable and configure the connector:

  1. Load the module. Link file /etc/apache2/mods-enabled/jk.load to /etc/apache2/mods-available/jk.load:

    • {{{ln -s /etc/apache2/mods-available/jk.load /etc/apache2/mods-enabled/jk.load

}}}

  1. Configure the module. Create file /etc/apache2/mods-enabled/jk.conf thus:

    • {{{# Configure JK connector for use with Tomcat

# See also jk.load

JkWorkersFile "/etc/apache2/conf.d/workers.properties" JkLogFile "/var/log/apache2/mod_jk.log"

# JkLogLevel emerg JkLogLevel debug

JkMount /shibboleth-idp/* ajp13w JkMount /jsp-examples/* ajp13w

# End. }}}

  1. Configure the connections. Create file /etc/apache2/conf.d/workers.properties:

    • {{{# The workers that jk should create and work with

# worker.list=wlb,jkstatus,ajp13w

# # Defining a worker named ajp13w and of type ajp13 # Note that the name and the type do not have to match. # worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009

# # Defining a load balancer # worker.wlb.type=lb worker.wlb.balance_workers=ajp13w

# # Define status worker # worker.jkstatus.type=status }}}

8. Other niggles

Forcing reload of apache 2.0 web server.... }}}

9. References

  1. http://www.crazysquirrel.com/computing/debian/java.jspx - installing Java on Debian

  2. http://chrismetcalf.net/blog/archives/2005/05/19/mini-howto-installing-java-on-debian-unstable/ - another way

  3. http://wiki.debian.org/JavaPackage - instructions from the Debian community


-- GrahamKlyne 2006-07-27 13:56:19

Creative Commons License
The content of this wiki is licensed under the Creative Commons Attribution-ShareAlike 2.0 England & Wales Licence.

OSS Watch is funded by the Joint Information Systems Committee (JISC) and is situated within the Research Technologies Service (RTS) of the University of Oxford.