Setting up your own development server in Debian

In this series of articles, we will be setting up a new development environment under Debian 7.5. This will include a base server operating system, GUI Desktop Environment, Network Time Server, DNS server, Mail server, Database server and Web server. We will also be hosting our own Version Control System with integration into a Project Management and Issue and Time Tracking solution. We will also require our own Certificate Authority to request and sign digital certificates to use on our internal network and web server.

Operating System and Desktop Environment

As stated above, we will be making use of Debian 7.5 for our server operating system and either log in remotely to a shell over SSH or directly via a Desktop Environment.

Our Desktop Environment will be LXDE, due to the fact that it is designed to work well with computers on the lower end of the performance spectrum – in my case, I am running my Debian server on a Pentium IV 1.7GHz with 512MB of RAM and 2 drives of 40GB and 160GB each – the latter being used as my data drive and the former to host the operating system. We’ll also be installing Gnome and KDE as well, which are both very common Desktop Environments.

Network Time

For us to be able to broadcast Coordinated Universal Time on our internal network, we will be using NTP.

DNS Server

For us to be able to host domains on our internal network, we will be using Bind.

Mail Server

For us to be able to send and receive email messages on our internal network, we will be using Exim 4 with ClamAV, SpamAssassin and Greylistd enabled.

Data storage

For us to be able to provide data storage for our applications, we will be making use of

  • Relational databases;
  • In-memory object caching; and
  • NoSQL databases.

Relational database

MySQL Server 5.5 will provide our relational database back-end and we will be administering it through a web front-end making use of phpMyAdmin.

Object-caching

Memcached will provide our object-caching back-end and we will be administering it through a web front-end making use of phpMemcachedAdmin.

NoSQL database

MongoDB will provide our NoSQL database back-end and we will be administering it through a web front-end making use of RockMongo.

Web Server

The web front-ends will be hosted on Apache 2.2, with virtual hosts configured for each specific web front-end and SSL certificates securing the communication between the web front-ends and clients.

Java Application Server

Tomcat will provide our Java Application Server functionality.

Zend Framework

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Apigility provides the functionality to implement a WebAPI on top of the Zend Framework.

Version Control System

For us to provide our own version control system, we will be using Subversion and Mercurial and also enable access to it over the HTTPS protocol.

Project Management and Issue and Time Tracking

For us to provide our project management solution, we will be using Redmine and configure access to both Subversion and Mercurial as well as enable access to it over the HTTPS protocol.


The articles will be published in the order below and as these become available, I will update the list with the appropriate links.

At the end of this series, we will have a comprehensive development server for internal use. A note on this, we are setting up the server behind an existing firewall making use of the 192.168.100.x range of IP addresses.

And winter strikes…

The past week I’ve been based in Johannesburg and was greeted with sunny weather during the day, yet rather chilly at night. And last night the cold finally struck us and we ended up with a negative temperature (in Celsius) this morning – and apparently at 10am it is around 1C still! I will also do some exploring around the Vaaldam over the weekend, so hope to post a photo or two soon as well!

But I need to get back to my Code-First database, so expect some photos and a possible article on it soon too!

Installing Redmine on Debian 7.5

Redmine is a flexible project management web application with issue and time tracking ability. The development server caters for the hosting of the project management system and also allows for access to it over the HTTPS protocol.

Installing Redmine

To install Redmine, we execute the following command in a “root” shell.

apt-get install redmine redmine-mysql

When we are prompted to configure the Redmine database making use of dbconfig-common, we select yes.

Setting up the Redmine database

When prompted to select the database type to be used, select the mysql option. Next, enter the password for the “root” database user of the MySQL database server. Finally, enter a password for the “redmine_default” database user.

Installing Redmine dependencies

To manage the gems dependencies, Redmine uses Bundler, which is installed by executing the following command in a “root” shell.

gem install bundler

Once the installation of Bundler is complete, we can install all the gems required by executing the following command in a “root” shell.

bundle install --without development test

If you receive an error message stating Could not locate Gemfile, ensure that you are in the directory where Redmine is installed; the default for the debian package of Redmine is /usr/share/redmine

Installing the Apache Module

Redmine uses the Passenger Apache Module, which is installed by executing the following command in a “root” shell.

apt-get install libapache2-mod-passenger

Setting up the Redmine virtual host

To use the Redmine application in our virtual host, some permissions and ownership needs to be set on the web application by executing the following command in a “root” shell.

chown -R www-data:www-data /usr/share/redmine/public/

Virtual Host settings

The virtual host will use the IP address 192.168.100.16, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication and authorization is handled inside of the Redmine application.

Virtual Host Configuration

<VirtualHost 192.168.100.16:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.16:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    ErrorDocument 404 /404.html
    ErrorDocument 500 /500.html

    DocumentRoot /usr/share/redmine/public
    <Directory /usr/share/redmine/public>
        RailsBaseURI /
        PassengerResolveSymlinksInDocumentRoot on
        AllowOverride None
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing Mercurial on Debian 7.5

Mercurial is a software versioning and revision control system to maintain current and historical versions of files such as source code, web pages, and documentation. The development server caters for the hosting of the version control system and also allows for access to it over the HTTPS protocol.

Installing Mercurial

To install Mercurial, we execute the following command in a “root” shell.

apt-get install mercurial mercurial-common

Creating the Mercurial repository

To create the container and set the appropriate ownership and permissions for our Mercurial repositories, we execute the following commands in a “root” shell.

mkdir -p /home/hg
chown www-data:www-data /home/hg
chmod 700 /home/hg

Installing the Apache Module

To enable the submission of files to Mercurial over WebDAV, we install the necessary module by executing the following in a “root” shell.

apt-get install libapache2-mod-wsgi

Configuring Apache

To configure Mercurial, we will host it on a secure virtual host on Apache.

Configuring Apache Module

To configure the module, we will be hosting the files hgweb.config and hgweb.cgi in a directory cgi-bin, which is created by executing the following commands in a “root” shell.

mkdir /home/www-data/sitename
mkdir /home/www-data/sitename/cgi-bin
chown -R www-data:www-data /home/www-data/sitename
chmod -R 770 /home/www-data/sitename

Next, we will create the hgweb.config file, which will contain the following.

[web]
style = monoblue
allow_push = *
push_ssl = true
[paths]
/ = /home/hg/*

Next, we will edit the hgweb.cgi file to contain the following, after copying the example file by executing the following command in a “root” shell.

cp /usr/share/doc/mercurial/examples/hgweb.cgi /home/www-data/sitename/cgi-bin/
#!/usr/bin/env python
#
# An example hgweb CGI script, edit as necessary
# See also http://mercurial.selenic.com/wiki/PublishingRepositories

# Path to repo or hgweb config to serve (see 'hg help hgweb')
config = "/home/www-data/sitename/cgi-bin/hgweb.config"

# Uncomment and adjust if Mercurial is not installed system-wide
# (consult "installed modules" path from 'hg debuginstall'):
#import sys; sys.path.insert(0, "/path/to/python/lib")

# Uncomment to send python tracebacks to the browser if an error occurs:
import cgitb; cgitb.enable()

from mercurial import demandimport; demandimport.enable()
from mercurial.hgweb import hgweb, wsgicgi
application = hgweb(config)
wsgicgi.launch(application)

Finally, we will set the necessary ownership and permissions on the hgweb.config and hgweb.cgi by executing the following commands in a “root” shell.

chown -R www-data:www-data /home/www-data/sitename/cgi-bin
chmod 760 hgweb.cgi
chmod 660 hgweb.config

Virtual Host settings

The virtual host will use the IP address 192.168.100.15, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the Mercurial web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.15:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.15:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    Alias /static /usr/share/mercurial/templates/static
    <Directory /usr/share/mercurial/templates/static>
        Options SymLinksIfOwnerMatch
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>


    ScriptAlias / /home/www-data/sitename/cgi-bin/hgweb.cgi
    <Location />
        AuthType Basic
        AuthName "Mercurial Repository"
        AuthUserFile /etc/apache2/security/htpasswd.sitename
        Require valid-user
    </Location>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing Subversion on Debian 7.5

Apache Subversion is a software versioning and revision control system to maintain current and historical versions of files such as source code, web pages, and documentation. The development server caters for the hosting of the version control system and also allows for access to it over the HTTPS protocol.

Installing Subversion

To install Subversion, we execute the following command in a “root” shell.

apt-get install subversion subversion-tools

Creating the Subversion repository

To create the container and set the appropriate ownership and permissions for our Subversion repositories, we execute the following commands in a “root” shell.

mkdir -p /home/svn
chown www-data:www-data /home/svn
chmod 700 /home/svn

Installing the Apache Module

To enable the submission of files to Subversion over WebDAV, we install the necessary module by executing the following in a “root” shell.

apt-get install libapache2-svn

Configuring Apache

To configure Subversion, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.15, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the Subversion web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.15:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.15:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    <Location />
        DAV svn
        SVNParentPath /home/svn

        AuthType Basic
        AuthName "Subversion Repository"
        AuthUserFile /etc/apache2/security/htpasswd.sitename
        Require valid-user
    </Location>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing RockMongo on Debian 7.5

To be able to administer a MongoDB Server, a connection needs to be established to it. Several options are available, with the most frequently used being the command-line utilities in a shell. We can also make use of RockMongo, allowing us access to the database server through a web interface.

Downloading RockMongo

To download the latest release of RockMongo, we access it at http://rockmongo.com/downloads.

Installing RockMongo

Once downloaded, we can extract the archive and setup the virtual host to publish the extracted directory.

Configuring RockMongo

To configure RockMongo, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the RockMongo web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /var/www/rockmongo
    <Directory /var/www/rockmongo>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "MongoDB Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing phpMemcachedAdmin on Debian 7.5

To be able to monitor and manage a Memcached server, a connection needs to be established to it. Several options are available, with the most basic being making use of telnet. We can also make use of phpMemcachedAdmin, allowing us to monitor and manage our Memcached server through a web interface.

It provides us with real-time stats for get, set, delete, increment, decrement, evictions, reclaimed and cas commands, as well as server stats (network, items, server version) with googlecharts and server internal configuration.

Downloading phpMemcachedAdmin

To download the latest release of phpMemcachedAdmin, we access it at http://blog.elijaa.org/index.php?pages/phpMemcachedAdmin-Download.

Installing phpMemcachedAdmin

Once downloaded, we can extract the archive and setup the virtual host to publish the extracted directory.

Configuring phpMemcachedAdmin

To configure phpMemcachedAdmin, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the phpMemcachedAdmin web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /var/www/phpmemcachedadmin
    <Directory /var/www/phpmemcachedadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "Memcached Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing phpMyAdmin on Debian 7.5

To be able to administer a MySQL Server, a connection needs to be established to it. Several options are available, with the most frequently used being the command-line utilities in a shell. Another option is to make use of MySQL Workbench. However, this isn’t the preferred solution, since this would require firewall rules to be defined to allow only certain remote connections to our database server. We can also make use of phpMyAdmin, allowing us access to the database server through a web interface.

Installing phpMyAdmin

To install phpMyAdmin, we execute the following command in a “root” shell.

apt-get install phpmyadmin

During the installation, we are prompted whether a web server should be configured and if the database should be configured making use of dbconfig-common.

If we selected to configure apache2, a virtual path /phpmyadmin will be added to the primary web site.

Configuring phpMyAdmin

To configure phpMyAdmin, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the phpMyAdmin web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /usr/share/phpmyadmin
    <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
            php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
            php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "MySQL Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>
    <Directory /usr/share/phpmyadmin/setup>
        Order Deny,Allow
        Deny from All
    </Directory>
    <Directory /usr/share/phpmyadmin/libraries>
        Order Deny,Allow
        Deny from All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload