Moving to linode

I recently moved hosting for this blog and my wife’s site to a shiny new linode. I did this because I wanted to have control over the versions of PHP, and other server software I ran. I had some issues with email blacklists at my previous host. I chose linode as I’ve heard nothing but good things from friends and my operations folks at work recommended them.

I primarily use the linode server for basic LAMP hosting + email for the aforementioned domains. A few people on Twitter asked me to share how I set things up, so here goes. Most of what I did was follow guides on the linode wiki. The tricky bits I had to cobble together myself, will form the bulk of this post.

I chose to go with an ubuntu server, as I’ve had enough unpleasant experiences with CentOS to not want more. After getting the box provisioned, I followed the securing your server guide to get ssh and firewall rules setup.

Webserver setup

I’ve setup many a webserver and this was going to be no different. First I installed apache, php5, mysql and php5-mysql, and a few other useful extensions like php5-apc. While some people prefer other webservers, I like apache. I know how to configure it in my sleep, I figured getting email setup was going to be hard, so I chose an easy webserver. Finally, with my minimal traffic, webserver choice would be of little consequence.

After getting apache and related packages installed, I removed the apache modules I don’t use, and setup the virtual hosts for both domains. The virtual host for each site is pretty simple:

Show Plain Text
  1. <VirtualHost *:80>
  2.         ServerAdmin mark@mark-story.com
  3.         ServerName mark-story.com
  4.         ServerAlias next.mark-story.com
  5.         ServerAlias www.mark-story.com
  6.  
  7.         DocumentRoot /home/markstory/public_html/mark-story.com/current/webroot
  8.         <Directory />
  9.                 Options FollowSymLinks
  10.                 AllowOverride None
  11.         </Directory>
  12.         <Directory /home/markstory/public_html/mark-story.com/current/webroot>
  13.                 Options FollowSymLinks
  14.                 AllowOverride All
  15.                 Order allow,deny
  16.                 allow from all
  17.         </Directory>
  18.  
  19.         ErrorLog ${APACHE_LOG_DIR}/mark-story.error.log
  20.  
  21.         # Possible values include: debug, info, notice, warn, error, crit,
  22.         # alert, emerg.
  23.         LogLevel warn
  24.  
  25.         CustomLog ${APACHE_LOG_DIR}/mark-story.access.log combined
  26. </VirtualHost>

I decided to keep the few sites I host all within my home directory. This is mostly because I’m lazy and don’t want to manage multiple users. The current/webroot path is a result of using capistrano to do my deploys . I used the next. subdomain to test the new server before I changed DNS. By setting up a matching /etc/hosts file entry I was able to debug/finish the deployment without having to embarass myself publically. This was pretty handy and something I’d recommend.

Setting up email

Geting email setup was considerably harder than the webserver. I attribute this to having never setup email servers before. I decided to use dovecot and postfix as those were recommended in the linode guides. I generally followed this excellent guide . It covers the basic setup for dovecot + postfix, and worked well for me.

In addition to the basics in the guide, I wanted to get a real SSL certificate setup. Jason Diller – a co-worker of mine – recommended using StartSSL. They are a commonly installed root CA and offer free 1 year SSL certificates. After many confusing minutes at StartSSL, I managed to get my certificate files downloaded. Getting them working was a bit of a task though requiring a fair bit of messing around with. My postfix configuration file ended up looking like:

Show Plain Text
  1. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
  2. biff = no
  3.  
  4. # appending .domain is the MUAs job.
  5. append_dot_mydomain = no
  6.  
  7. # enable logging for testing.
  8. smtp_tls_loglevel = 2
  9.  
  10. # SMTP Auth
  11. broken_sasl_auth_clients=yes
  12. smtpd_sasl_auth_enable=yes
  13. smtpd_sasl_type = dovecot
  14. smtpd_sasl_path = private/auth
  15. smtpd_recipient_restrictions =
  16.    permit_mynetworks,
  17.    permit_sasl_authenticated,
  18.    reject_unauth_destination
  19.  
  20. # TLS parameters
  21. smtpd_use_tls=yes
  22. smtpd_tls_cert_file=/etc/ssl/certs/mail.mark-story.com.2013.crt
  23. smtpd_tls_key_file=/etc/ssl/private/mail.mark-story.com.2013.key
  24. smtpd_tls_CAfile=/etc/ssl/startssl/ca-chain.crt
  25. smtp_tls_CAfile=$smtpd_tls_CAfile
  26. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  27. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  28.  
  29. myhostname = mail.mark-story.com
  30. alias_maps = hash:/etc/aliases
  31. alias_database = hash:/etc/aliases
  32. myorigin = /etc/mailname
  33. mydestination = server, localhost.localdomain, localhost
  34. mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  35. mailbox_size_limit = 0
  36. recipient_delimiter = +
  37. inet_interfaces = all
  38.  
  39. # Virtual mail users
  40. virtual_transport=dovecot
  41. virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
  42. virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
  43. virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
  44. virtual_mailbox_base = /home/vmail
  45. virtual_uid_maps = static:5000
  46. virtual_gid_maps = static:5000
  47.  
  48. proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
  49.  
  50. # Prevents addr harvesting
  51. disable_vrfy_command = yes

Getting postfix to work with the StartSSL certificate took a bit of extra work. Because StartSSL certificates need to be chained, I had to make the chain. I used the following make the ca-chain.crt file I used in my postfix config.

Show Plain Text
  1. cat sub.class1.server.ca.crt ca.crt > ca-chain.crt

Once I got postfix setup properly with the SSL certificates, getting dovecot working was quite simple. Since I’m totally new at setting up postfix it took me a couple days to get everything sorted. I was able to test servers by using host file entries for mail.mark-story.com – a subdomain I use to run mail on.

After all that I had functioning mail and webservers setup. The last step was flipping all the DNS records around. Since the switch I’ve not had any problems with the server and things are humming along well. I learned quite a bit about postfix and dovecot in the process.

Comments

I recently switched hosting providers as well (not to linode, but a similar service).

I read quite a few articles about how CentOS (or similar) was the way to go in terms of OS, but after having dependency and supportability nightmares at my previous host, I too decided to use Ubuntu Server. It’s so much nicer!

I know what you mean about mail servers—they can be nightmarish. I ended up using ISPConfig for a “hosting” control panel, and it pretty much configured the mail servers for me. Highly recommended.

Finally, that /etc/hosts trick works wonders for ensuring a smooth transition.

Great article!

Matt H on 6/17/13

I switched to Linode around 6 months ago. I’m running 5 sites, on a Lighttpd/MySQL setup, with a few background processes. I’ve yet had the need to contact them regarding any issues.

I use Google Apps For Domains to handle all my email. Sadly, it’s no longer free, but it’s well worth the money. I remember trying to run my own mail servers (can’t remember what software exactly) and remember wasting hours on it.

Gareth on 12/21/13

Have your say: