Let’s begin by installing squid:

sudo apt-get install squid

To use squid, we just need to configure our web browser with the good proxy. By default squid listen on port 3128 and works without any modification in the configuration needed.

Moreover, we can add some optimizations to adapt the server to our needs. The configuration file is in /etc/squid/squid.conf.

The important parameters are the followings :

• http_port 3128 (it’s the default working port of a proxy server, you can change it here)
• cache_effective_user nobody nobody (user to assign a user or a groud to the proxy server)
• visible_hostname cache.knowledgeplaza.lan (it’s the name returned by the proxy when it’s reached from outside)
• cache_mem 20 MB (this is the allocated memory to the server).
• cache_dir /cache 3200 16 256 (here you can indicate the folder you want to use to save the cache)
• cache_access_log /var/log/squid/access.log (save the requests log)
• cache_log /var/log/squid/cache.log (save the cache log)
• cache_store_log none (save the events that happened on the server)

You can also specify the access control on the proxy : http_access allow all (to allow everyone to use this server)

To test the proxy, set the environment http_proxy to the good value :

export http_proxy=http://127.0.0.1:6681

After that, just try to download a big image on the internet :

wget http://image_url

Try it a second time, with the same request. Normally it will be a lot faster than the first time.

Finalize

To activate the proxy server on each startup of the server, add into the bash preferences /etc/bash.bashrc the next line :

export http_proxy=http://127.0.0.1:8081

More references :

• http://doc.ubuntu-fr.org/squid
• http://stargate.ac-nancy-metz.fr/li…
• http://doc.ubuntu-fr.org/serveur

PostgreSQL is a server which allow to connect to several databases. By defaut the only user who can connect to database is “postgres”. All the administration operations are done with this user (like ‘root’ on unix systems). At the end of the installation the postgres user don’t have a password. This user is blocked and that’s better like that. So now we are going to use this user:

$ sudo -s -u postgres
Password:

When logged as postgres just type :

psql

You are now in the postgresql shel as admin.

After that we can create a Postgresql user. The best way is to create the same users as the users of the virtual machine. But this is not mandatory.

First create a new user with the same login as you :

postgres=# CREATE USER <user_name>;

By default the fresh created user has no rights. Give him the possibility to create databases:

postgres=# ALTER ROLE <user_name> WITH CREATEDB;

Now let’s create a database for the user. For example we can make a database with the same name than the user. So the connection to the database will be automatic.

CREATE DATABASE <user_name>;

Give a password to the user so he can connect to the database:

ALTER USER <user_name> WITH ENCRYPTED PASSWORD 'user_password' ;

You can now quit and try to log to postgresql with you own login:

postgres=# q
postgres@ubuntu:~$ exit
user_name@ubuntu:~$ psql

Now the shell looks like this :

user_name=>

Note the difference between # and > : you are not as super-user yet

More info :

• http://doc.ubuntu-fr.org/postgresql
• http://docs.postgresqlfr.org/8.3/

The base configuration of BIND is saved into the file /etc/bind/named.conf

In this file we define several zones. Each zone matches to an IP range or a domain name. The two zones we are interested in here are 10.0.2.* and knowledgeplaza.lan.

We define those two zones to have the name resolution in the two directions. Indeed, we want to obtain the IP from the domain name and also the domain-name from the IP address.

So let’s add the following code to the /etc/bind/named.conf file :

zone "knowledgeplaza.lan" { 
    type master; 
    file "/etc/bind/db.knowledgeplaza.lan"; 
}; 

First we define the name of the zone with the keyword (in our case : “knowledgeplaza.lan”). We indicate that this is the master DNS. Finaly we specify in which file is writed the configuration of this zone. Usually the name of those files begins with “db” followed by the zone name.

Let’s define also the IP range for the inverse resolution. For this we use the same parameters but the IP range is writed switched and followed by .in-addr.arpa. Here you have an example :

zone "2.0.10.in-addr.arpa" { 
    type master; 
    file "/etc/bind/db.10.0.2"; 
};

Now it’s okay for the general configuration. Let’s create and specify the configuration for those zones.

The zones files :

As you know, we have on file for each zone. A zone file always begin with a SOA entry, this entry is composed as follow (here the file /etc/bind/db.knowledgeplaza.lan) :

$TTL    604800 
@       IN      SOA     ns.knowledgeplaza.lan. hostmaster.knowledgeplaza.lan. ( 
                          1         ; Serial 
                     604800         ; Refresh 
                      86400         ; Retry 
                    2419200         ; Expire 
                     604800 )       ; Negative Cache TTL 
; 
@       IN      NS      ns.knowledgeplaza.lan. 
@       IN      MX      10      ns.knowledgeplaza.lan. 
@       IN      A       127.0.0.1 
kp              IN      A       10.0.2.15 
kp-sandbox      IN      CNAME   kp.knowledgeplaza.lan. 
proxy           IN      CNAME   kp.knowledgeplaza.lan. 
mail            IN      CNAME   kp.knowledgeplaza.lan. 

The first @ symbol is for the zone (here knowledgeplaza.lan). Don’t forget the “.” at the end of the line ! After that we indicate IN which signify that we are in an internet zone. (It’s almost always like that). And at the end of the first line we indicate the DNS server which know the reference network and the email address of the manager of the domaine (here hostmaster@knowledgeplaza.lan. with a “.” instead of an “@”). In our case, the primary DNS of the zone is ns.knowledgeplaza.lan.

After the SOA entry, we specify the nameserver to use to resolve hostnames in the knowledgeplaza.lan domain. So we are using an NS entry for that :

@       IN      NS      ns.knowledgeplaza.lan. 

Because we’ll configure a mail server at the same address we want to indicate to the server that the addresses followed by *@knowledgeplaza.lan are managed by this mail server.

@       IN      MX      10      ns.knowledgeplaza.lan. 

Note : 10 is the priority fixed for this mail server … if you have several servers, this could be an interesting parameter to configure.

The lext line specifies that all the other request on the domain will bring to the localserver :

@       IN      A       127.0.0.1

At last, let’s end the file with the table of translation between hosts and IP :

kp              IN      A       10.0.2.15 
kp-sandbox      IN      CNAME   kp.knowledgeplaza.lan. 
proxy           IN      CNAME   kp.knowledgeplaza.lan. 
mail            IN      CNAME   kp.knowledgeplaza.lan. 

The CNAME entry is used because our server has only one IP and can manage several names. These are a bit like aliases to the same address.

Before using our DNS server we also need to specify the zone for our network IP. The syntax is almost the same as before. The main difference is that we use the keyword PTR instead of A in the translation table.

If the line $ORIGIN 2.0.10.in-addr.arpa. reach an error (see log file /var/log/daemon.log) after reboot of bind, you can delete it, it works.

Here you have the zone file for the network 10.0.2.* :

$TTL 3h 
@       IN      SOA     ns.knowledgeplaza.lan. hostmaster.knowledgeplaza.lan. ( 
                          1         ; Serial 
                     604800         ; Refresh 
                      86400         ; Retry 
                    2419200         ; Expire 
                     604800 )       ; Negative Cache TTL 
; 
@       IN      NS      ns.knowledgeplaza.lan. 
@       IN      MX      10      ns.knowledgeplaza.lan. 

$ORIGIN 2.0.10.in-addr.arpa. 
15      IN      PTR     kp.knowledgeplaza.lan. 

Now our DNS server is correctly configured. We just need to activate it. therefor reload bind :

sudo /etc/init.d/bind9 reload

Now let’s specify to the server to use this DNS. In the file /etc/resolv.conf, add at the first line the IP of your DNS server (here 10.0.2.15). So in our “resolv.conf” we now have :

nameserver 10.0.2.15

Let’s see if it works :

links http://kp.knowledgeplaza.lan

Or with another tool like “nslookup” (you’ll need to install dnsutils):

nslookup kp.knowledgeplaza.lan

This will return you the IP of the virtual machine.

More references :

• http://doc.ubuntu-fr.org/bind9

First let’s begin with the well-known command line :

sudo apt-get install lighttpd

By the way, to test your webserver it’s usefull to have a navigator. But you are using a shell … So I advise you to use “links” which is a terminal-mode navigator :

sudo apt-get install links

Now you can try to load the page of your local webserver :

links http://127.0.0.1

Normally this should work

The showed page is in the file /var/www/index.html. Now what we want to know are the services which are supported on our server. We want to have a dynamic server managing postgresql, PHP and Python. So let’s create an usefull php script :

vim /var/www/phpinfo.php

In this file, write the following code :

[php]
<?php
phpinfo();
?>

Now, if you try to load this file in your web browser you will have a 403 error : “forbidden”. This is because the PHP module is not installed yet. We need to install it :

sudo apt-get install php5-cgi

To activate it, open the file /etc/php5/cgi/php.ini and add this ligne at the very end of the file :

cgi.fix_pathinfo = 1

After that, open the file /etc/lighttpd/lighttpd.conf and add the module “mod_fastcgi” into the loaded modules :

server.modules=(
"mod_access",
"mod_alias",
"mod_accesslog",
"mod_fastcgi",
)

And at the end of the file, add the following lines :

fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php5-cgi",
"socket" => "/tmp/php.socket"
)))

Now let’s restart the server :

sudo /etc/init.d/lighttpd restart

and load the page again :

links http://127.0.0.1/phpinfo.php

Now it should work and you will see all the informations about your webserver configurations. If you want to access to your webserver from your host system, you need to open the port. So add to the qemu start line the parameter : « -redir tcp:5580::80 » so that you can access your webserver with the address : http://127.0.0.1:5580

Note : if I’m using the ports 5500 in this tutorial, it’s because those port are free and you don’t need any root privilege to use them. If you want to use more classical ports on your host system, you’ll need to load qemu as root and to be sure there are no others services working on the same ports.

Other references :

• http://doc.ubuntu-fr.org/lighttpd
• http://www.lighttpd.net/
• http://www.ubuntugeek.com/lighttpd-webserver-setup-with-php5-and-mysql-support.html

To launch your new virtual machine you can execute the following command :

qemu -hda jeOS_Linux/jeOS_Linux.img -net user -net nic -redir tcp:5522::22 -redir tcp:5525::25 -redir tcp:5514::143

If you chose the same installation as me, here are the ports that are already opened and which you can map on you local host (ports are client/host):

• ssh : 22/6622
• smtp : 25/6625
• dns : 53/6653
• imap : 143/6614
• ssl-imap : 993/6699

We are doing like this to access to the virtual server by ssh and use the several advantages of your own shell. Indeed the virtual machine is not so easy to use if you have only the configured shell because it’s impossible to do any copy/paste or to access easily to the bash history. That’s why I recommend you to follow this way. Now you will have access to your virtual server on the 6622 port. So to connect to it, just type : : ssh user@127.0.0.1 -p 6622

We are now in the ssh shell with your new virtual server and ready to use for the next configurations.

First of all we need to download the ISO file of the install-CD. The install CD we need is the Ubuntu-server-edition on which the jeOS incorporated.

When it’s done we can begin the installation. We will first create the virtual disk on which we will create the virtual machine. To create this file, just type:

qemu-img create -f qcow2 ubuntu-image-disque.img 10G

Once done, we can boot qemu by specifying where is the disk image and where is the install ISO of ubuntu-server :

qemu -hda image-ubuntu-server.iso -cdrom ubuntu-i386.iso -m 192 -boot d

More info about this command on “man qemu”.

Note: to allow too much or too less memory will cause stability problems and slowness. That’s why it could be interesting that the server have a lot of memory.

The installation of Ubuntu will start. Look the boot message, configure your language and your keyboard preferences. After that you need also to chose jeOS by pressing the F4 key and selecting the virtual machine installation mode.

The installation will load and you will have to answer to the classical questions. When you arrive at the partitioning questions, simply choose the assisted partitioning.

After formating, it will install the base system … you have some time to wait.

After that you will be asked for the user-name.

when it ask for configuring an external proxy, you don’t need to configure anything. Let it blank (unless you really need to configure a proxy to access to the external network).

Now you have to select the packages you want to install. Choose the “basic ubuntu server”, “dns server”, “mail server”, “openssh server”, and “postgresql server”.

Since you selected “mail server” on the previous prompt you will now be asked for the configuration of postfix. Just chose “internet site”.

For the following question, don’t worry if you don’t know what you have to answer, we will configure this later.

The end of the installation is near. Normally the installation will detect your network configuration and will reboot. The reboot will fail and you need to kill it by yourself with a CTRL-c signal.

After that you can run your new virtual machine by executing :

qemu -hda ubuntu-image-dique.img

More info on :

• http://http://doc.ubuntu-fr.org/qem…
• http://http://bellard.org/qemu/user…

jeOS

Ubuntu is an easy-to-use linux distribution and the jeOS declination of this distribution is providing a small and light OS optimized for virtualisation. So this is perfectly what we need for our purpose.

• Ubuntu Server Edition jsOS
• Just Enough Operating System

Qemu

Concerning the virtualisation, there are multiple possibilities. Here we chose to use Qemu which is a free and opensource software and which is running on several architectures like windows, OS X and Linux. It will be easier to use and to configure on several machine with this software.

• Qemu official website
• Qemu wikipédia

Lighttpd

Lighttpd is a light webserver and easy to use. In our case we don’t need a heavy installation like Apache, so lighttpd seems to us the best choice.

• Lighttpd fly light (official website)
• Lighttpd wikipédia
• Lighttpd (Documentation Ubuntu)

bind9

There is not a lot of hesitation concerning the DNS server. bind9 is the most used and is very powerfull.

• DNS, BIND, Nameserver, DHCP, LDAP and directory server
• Bind wikipédia
• Bind (Documentation Ubuntu)

Squid

Concerning the proxy-server is it also quite easy to chose Squid because it is the most used and the most easy to configure.

• Squid : Optimising Web Delivery
• Squid wikipédia

Postfix et courier-imap

There are a lot of ways to configure a mail server. Postfix is widely used and courier-imap is very simple and easy to configure so this is the best choice.

• Postfix (official website)
• Postfix documentation en français
• Postfix wikipédia
• Courier-imap (official website)
• Courier-imap Documentation

In this tutorial we will see how we can create a virtual machine with a server used for several purposes. This was made in a very precise situation : At the Online conference we will have a very low connexion to the internet but to keep enough performance for making demo we need to optimize the network architecture to make it work fast for the clients.

So, to optimize those results and make it work faster, the chosen solution is to have a virtual machine turning on the local server and providing as much as services it can :

• A proxy-server : to not have to reload pages which were already loaded
• A http-server : which contains knowledgeplaza
• A DNS-server : to simulate a normal internet connexion with a domain name
• A ssh-server : to configure and administrate the virtual machine
• A mail-server (IMAP and SMTP) : for managing emails in the local network

Here you can find the schema with the structure of our network.

Note : this system is not optimize for network security