Moving to linode
I recently moved hosting for this blog and my wife’s site to a shiny new linode. I did this because I wanted to have control over the versions of PHP, and other server software I ran. I had some issues with email blacklists at my previous host. I chose linode as I’ve heard nothing but good things from friends and my operations folks at work recommended them.
I primarily use the linode server for basic LAMP hosting + email for the aforementioned domains. A few people on Twitter asked me to share how I set things up, so here goes. Most of what I did was follow guides on the linode wiki. The tricky bits I had to cobble together myself, will form the bulk of this post.
I chose to go with an ubuntu server, as I’ve had enough unpleasant experiences with CentOS to not want more. After getting the box provisioned, I followed the securing your server guide to get ssh and firewall rules setup.
Webserver setup
I’ve setup many a webserver and this was going to be no different. First I installed apache
, php5
, mysql
and php5-mysql
, and a few other useful extensions like php5-apc
. While some people prefer other webservers, I like apache. I know how to configure it in my sleep, I figured getting email setup was going to be hard, so I chose an easy webserver. Finally, with my minimal traffic, webserver choice would be of little consequence.
After getting apache and related packages installed, I removed the apache modules I don’t use, and setup the virtual hosts for both domains. The virtual host for each site is pretty simple:
- <VirtualHost *:80>
- ServerAdmin mark@mark-story.com
- ServerName mark-story.com
- ServerAlias next.mark-story.com
- ServerAlias www.mark-story.com
- DocumentRoot /home/markstory/public_html/mark-story.com/current/webroot
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
- <Directory /home/markstory/public_html/mark-story.com/current/webroot>
- Options FollowSymLinks
- AllowOverride All
- Order allow,deny
- allow from all
- </Directory>
- ErrorLog ${APACHE_LOG_DIR}/mark-story.error.log
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
- CustomLog ${APACHE_LOG_DIR}/mark-story.access.log combined
- </VirtualHost>
I decided to keep the few sites I host all within my home directory. This is mostly because I’m lazy and don’t want to manage multiple users. The current/webroot
path is a result of using capistrano to do my deploys . I used the next.
subdomain to test the new server before I changed DNS. By setting up a matching /etc/hosts
file entry I was able to debug/finish the deployment without having to embarass myself publically. This was pretty handy and something I’d recommend.
Setting up email
Geting email setup was considerably harder than the webserver. I attribute this to having never setup email servers before. I decided to use dovecot and postfix as those were recommended in the linode guides. I generally followed this excellent guide . It covers the basic setup for dovecot + postfix, and worked well for me.
In addition to the basics in the guide, I wanted to get a real SSL certificate setup. Jason Diller – a co-worker of mine – recommended using StartSSL. They are a commonly installed root CA and offer free 1 year SSL certificates. After many confusing minutes at StartSSL, I managed to get my certificate files downloaded. Getting them working was a bit of a task though requiring a fair bit of messing around with. My postfix configuration file ended up looking like:
- smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
- biff = no
- # appending .domain is the MUAs job.
- append_dot_mydomain = no
- # enable logging for testing.
- smtp_tls_loglevel = 2
- # SMTP Auth
- broken_sasl_auth_clients=yes
- smtpd_sasl_auth_enable=yes
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- smtpd_recipient_restrictions =
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_unauth_destination
- # TLS parameters
- smtpd_use_tls=yes
- smtpd_tls_cert_file=/etc/ssl/certs/mail.mark-story.com.2013.crt
- smtpd_tls_key_file=/etc/ssl/private/mail.mark-story.com.2013.key
- smtpd_tls_CAfile=/etc/ssl/startssl/ca-chain.crt
- smtp_tls_CAfile=$smtpd_tls_CAfile
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- myhostname = mail.mark-story.com
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- myorigin = /etc/mailname
- mydestination = server, localhost.localdomain, localhost
- mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
- # Virtual mail users
- virtual_transport=dovecot
- virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
- virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
- virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
- virtual_mailbox_base = /home/vmail
- virtual_uid_maps = static:5000
- virtual_gid_maps = static:5000
- proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
- # Prevents addr harvesting
- disable_vrfy_command = yes
Getting postfix to work with the StartSSL certificate took a bit of extra work. Because StartSSL certificates need to be chained, I had to make the chain. I used the following make the ca-chain.crt
file I used in my postfix config.
- cat sub.class1.server.ca.crt ca.crt > ca-chain.crt
Once I got postfix setup properly with the SSL certificates, getting dovecot working was quite simple. Since I’m totally new at setting up postfix it took me a couple days to get everything sorted. I was able to test servers by using host file entries for mail.mark-story.com
– a subdomain I use to run mail on.
After all that I had functioning mail and webservers setup. The last step was flipping all the DNS records around. Since the switch I’ve not had any problems with the server and things are humming along well. I learned quite a bit about postfix and dovecot in the process.
I recently switched hosting providers as well (not to linode, but a similar service).
I read quite a few articles about how CentOS (or similar) was the way to go in terms of OS, but after having dependency and supportability nightmares at my previous host, I too decided to use Ubuntu Server. It’s so much nicer!
I know what you mean about mail servers—they can be nightmarish. I ended up using ISPConfig for a “hosting” control panel, and it pretty much configured the mail servers for me. Highly recommended.
Finally, that /etc/hosts trick works wonders for ensuring a smooth transition.
Great article!
Matt H on 6/17/13
I switched to Linode around 6 months ago. I’m running 5 sites, on a Lighttpd/MySQL setup, with a few background processes. I’ve yet had the need to contact them regarding any issues.
I use Google Apps For Domains to handle all my email. Sadly, it’s no longer free, but it’s well worth the money. I remember trying to run my own mail servers (can’t remember what software exactly) and remember wasting hours on it.
Gareth on 12/21/13