MyFungus.Net

I finally got around to intalling cricket. Cricket is a very handy extremely flexible front end to RRDTool. It makes it relatively easy to track and graph almost any kind of statistic you want.

So far I am only tracking Apache, MySQL, server load and uptime. I plan to expand this greatly very soon.

Google now has open-federation with all other jabber servers. This could finally be the thing to push jabber into mainstream usage.

Now I gotta install a Jabber server on MyFungus. Very simple install of net-im/jabberd. Almost all defaults worked well. I was hoping to get it to use PAM as my userbase for authentication. Unfortunately the instructions say you have to run jabber as root. That scares the hell out of me. Oh well, I’ll just leave it open for anyone to be able to sign up.

This one is quite simple, since all users main/virtual have UIDs. I am delivering to Maildirs via procmail, so I must use something that can handle them. Enter Courier-IMAP.

I installed the port for mail/courier-imap which by dependancy installs security/courier-authlib-*. Nothing magical so far, in fact, the default courier-imap config works fine, and a tweak to the imapd-ssl config to locate the SSL certs I made is all that is needed.

Now courier-authlib was easy to config, just remove all the modules but authpam.

Now that courier-authlib is installed it can be used for authenticating SMTP using Postfix and SASL. This is cool too. First configure SASL.

/usr/local/lib/sasl2/smtpd.conf
mech_list: plain login
pwcheck_method: authdaemond


And add these to /usr/local/etc/postfix/main.cf

smtpd_tls_auth_only = yes
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes


Apache2! yay!

The only special Apache modules I added were PHP5 and the Subversion stuff.
The base config was very simple, almost all defaults. The special stuff happens in the VirtualHosts. I start off with a NameVirtualHost directive for the IP address my hosts share. Added an empty VirtualHost directive so my default site will really be the default. Now Include the Includes/ directory. So far, so normal.

The fun stuff happens inside. Here is my personal site as an example. This one is slightly different due to the SSL site, and the non-shared IP.

• ServerAlias *.kittypee.com allows me to use a DNS wildcard, and every host on the domain will come to this vhost.
• Rewrite rules that automatically create virtual subdomains. Now subdir.domain.com accesses /docroot/subdir
• Subversion directives are possible to allow users to have their own repositories.

<VirtualHost 66.219.198.20:80>
  ServerName kittypee.com
  ServerAlias www.kittypee.com *.kittypee.com
  DocumentRoot /home/fungus/public_html
  ErrorLog /home/fungus/logs/kittypee.com-error
  CustomLog /home/fungus/logs/kittypee.com-access combined

  RewriteEngine on
  RewriteMap hostname prg:/usr/local/bin/shortname
  RewriteCond %{SERVER_NAME} !^[0-9]
  RewriteCond %{SERVER_NAME} !^www
  RewriteCond %{SERVER_NAME} !^kittypee.com
  RewriteRule ^/(.+) /home/fungus/public_html/${hostname:%{SERVER_NAME}}/$1
</VirtualHost>
<VirtualHost 66.219.198.20:443>
  ServerName kittypee.com
  ServerAlias www.kittypee.com
  DocumentRoot /home/fungus/public_html
  ErrorLog /home/fungus/logs/kittypee.com-error
  CustomLog /home/fungus/logs/kittypee.com-access combined
  SSLEngine on
  SSLCertificateFile /home/fungus/ssl.cert
  SSLCertificateKeyFile /home/fungus/ssl.key
  <Location /svn>
    DAV svn
    SVNParentPath /home/fungus/svn
    AuthType Basic
    AuthName kittypee.com
    AuthUserFile /home/fungus/etc/svn.basic.passwd
    Require valid-user
    AuthzSVNAccessFile /home/fungus/etc/svn-access.conf
  </Location>
</VirtualHost>

Some credit goes to Virtualmin, and the virtual subdomains credit goes to TextDrive

1. I need a few SSL certs for security
2. I don’t have a lot of money
3. I hate self-signed certs

I guess I have to maintain my own CA. FreeBSDDiary has a great article about using SSL certs. Part of it delves into creating your own CA. It was actually a lot easier than I had thought.

So now I created SSL certs for almost every hostname I needed, including one for my personal www.kittypee.com site. I feel much safer.

Unfortunately, the error that pops up everywhere really sucks. But this is another reason having your own CA rocks. I just had to install/trust my CA cert in the browsers I use, and poof no more warnings.

Since virtualmin takes care of most of my virtual hosting stuff, my postfix config started out super simple. I read a few anti-spam tutorials for postfix, combining the aspects I like resulting in this setup. SPF using the bundled SPF policy service, Greylisting with postgrey (mail/postgrey), and miscellaneous other checks.
Postfix initial configuration

I installed Virtualmin from ports. It had installed version 2.50 because 3 wasn’t released yet. I checked their site and noticed that they now offer a Professional paid version. My use of it will not be this paid version as I am using it for more simple things, and I am not making any money anyway.

Virtualmin requires a bit of configuration before using, but work quite well after. I was quite impressed with the idea on how it handles virtual users. Virtual users are giving a real UNIX user account and UID like any other account, but is assigned to the group of the parent account. This method makes it very easy to integrate with many applications like Mail, Web, FTP, etc. Quotas are still manageable via groups. It works well with Postfix, my current MTA of choice.

Perhaps now that version 3 is available I may upgrade, but not very soon.

I actually work as a sysadmin at a local ISP. I am currently trying to work out a better hosting system. I am exploring many ideas. Many of these ideas will be worked out here on my personal hosting platform.

I have always admired Dean Allen, and have been following his work through Textile, Textpattern, and now TextDrive. The TextDrive weblog and knowledge base have a huge amount of detail about their hosting methods. Many of them are really exciting and wonderful. Obviously I have stolen many. Including using Webmin and Virtualmin.