UbuntuGuide Part3

From

Revision as of 19:26, 11 May 2012 by Perspectoff (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Ultimate Server Lucid K

Introduction

This walkthrough is for (K)Ubuntu Lucid 10.04 (32-bit or 64-bit) because the BigBlueButton teleconferencing server requires either Lucid 10.04 (32-bit or 64-bit) or Jaunty 9.04 (32-bit only).

The software updater may prompt you to upgrade the distribution to a newer release (e.g. to Maverick 10.10). This is not recommended because BigBlueButton may then stop functioning properly.

All variables that can be (and usually ought to be) changed are noted in italics. Do not attempt to use any italicized variable exactly as written; all of them are fictitious and will not work (especially for web services)! Create your own variable in place of the italicized one.

Furthermore, this website is viewed by over 20,000 users per month. Don't attempt to use any of the example passwords used here (that would be highly insecure). Create your own passwords.

Install the base OS (Ubuntu Server 10.04 Lucid)

  • Install Ubuntu Lucid Server (32-bit or 64-bit) into its own partition. If you followed the Multiple OS Installation scheme, then the Windows OS will be in partition 1 (and possibly 2, if you have a recovery partition), the /boot partition will be in partition 3, and partition 4 will be an extended partition. The extended partition ought to have been divided into a 2 Gb swap logical partition and 2 equally sized logical partitions for Linux (one for a production partition and one as a test/upgrade partition).
  • For installation it is best if the computer is connected to the Internet by a wired ethernet connection.
  • Hostname: Lucid64Server00
  • Partitioning: Manual
  • Choose the partition created for the new Lucid operating system (e.g. /dev/sda6). Use as: Ext4 journaling file system -> Format the partition: yes, format it -> Mount point: / - the root file system -> Done setting up the partition -> Finish partitioning and write changes to disk -> Write changes to disk?: Yes
  • During the Ubuntu Server installation, install the LAMP server and OpenSSH servers and the PostgreSQL database. Record the system administrator ID/password and the MySQL root (superuser) password. Note the partition name and number (e.g. /dev/sda6).
  • Full name for the new user: Lucidadmin00 -> Username for your account: lucidadmin00 -> Choose a password for the new user: lucidword00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
Note: You could also install the LAMP server stack, the OpenSSH server, or the PostgreSQL database at a later time using the menu-driven installation system:
sudo tasksel
  • Encrypt your home directory: No (this is optional, but on this system the primary user's home directory is not used much so there is little need to encrypt it.)
  • HTTP proxy information -- this is used if your organization has a firewall or other gateway to the outside Internet. A network administrator will have the information for this. Most small businesses will not have such a gateway and it can be left blank, in this case.
  • How do you want to install updates...? No automatic updates

This is, of course, user preference. However, updates are sometimes sent out before they are completely tested with all hardware, which can cause problems with very new or very old hardware. Some systems can be brought to a halt by automatic updates, especially updates of the Linux kernel.

For this reason, complete manual control of updates is highly recommended (on production systems). In fact, many users routinely run two parallel systems (a test system and a production system) and install updates on the test system first (in order to make sure all updates work properly) prior to installing the updates on the production system. This practice is extremely important to ensuring stability on critical systems and servers.

  • Choose software to install:
  • LAMP server (ticked) -> OpenSSH server (ticked) -> PostgreSQL database
  • New password for the MySQL "root" user: lucidsql00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Install the GRUB boot loader to the master boot record? No -> Device for boot loader installation: /dev/sda6
Note: this assumes a /boot partition and multiple partitions. Under the general scheme above, the first free partition will usually be /dev/sda6, but if you already have other OSs or other peculiarities, take extra care during this step.
  • This is the trickiest step of the installation. It is important to set up the Master Boot Loader to recognize the new partition. Re-read the Multiple OS Installation tutorial very carefully and completely. In short, the bootloader needs to be copied to the /boot partition (usually /dev/sda3) and customized there so that it chainloads the bootloader installed locally in your new OS partition (e.g. /dev/sda6). Once this is set up correctly, reboot and the menu will allow booting into the new OS.
  • Login for the first time.
Lucid64Server00: lucidadmin00
Password: lucidword00
  • Shorten the boot time:
sudo nano /etc/default/grub
Change the timeout value:
GRUB_TIMEOUT=1
(Note: Save the changes with CTRL-O then CTRL-X.)
Then regenerate the Grub2 configuration file:
 sudo grub-mkconfig --output=/boot/grub/grub.cfg
  • Update the system.
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install build-essential dkms
sudo reboot
  • Older versions of (K)Ubuntu (Jaunty and earlier) also required:
sudo apt-get install linux-headers-$(uname -r)
sudo reboot

Note: This step was also previously required after every kernel upgrade (as is done automatically if you have enabled automatic updates). If graphics aren't working for any reason, try making sure the headers are installed correctly and updating again.

  • Install the password generator for use with the remainder of the installation.
sudo apt-get install pwgen
  • Many users also generate a password for the root superuser at this time:
sudo passwd root

Add a Kubuntu desktop

  • Install a Kubuntu desktop.
sudo apt-get install kubuntu-desktop

Note: The end user can also install the restricted extras:

sudo apt-get install kubuntu-restricted-extras
  • Reboot the system:
sudo reboot
  • Once the Kubuntu desktop has been installed, all commands can then be entered into the command-line terminal Konsole:
Menu -> System -> Konsole
  • Note: Kubuntu Jaunty included an (automatic) kernel upgrade that at some point disabled the Nvidia graphics drivers (on computers with Nvidia graphics). If this happens for your system, the desktop will be unable to start at bootup and only the command-line will be presented. To correct this problem, merely install the linux-headers again:
sudo apt-get install linux-headers-$(uname -r)
sudo reboot
then the Nvidia graphics drivers should install correctly and the desktop will start normally.

Set networking parameters

sudo gedit /etc/network/interfaces
and edit the lines to resemble:
# iface eth0 inet dhcp
#
iface eth0 inet static
address 192.168.0.99
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
and restart networking:
sudo /etc/init.d/networking restart

Enable BIOS power-up

Power failures happen. It is possible to change the BIOS settings so that after a power failure the computer will automatically powerup and restart to the default OS (as set in the bootloader configuration). This is a critical function for servers. At bootup, enter the BIOS menu using whichevever key is appropriate for your computer's BIOS:

[F2], [F1], [F10], or [DEL] -> Power Management Setup -> PowerOn After Pwr-Fail: On -> Save -> Reboot

Install Firefox

  • Install Firefox:
sudo apt-get install firefox
This can also be done from the Kubuntu desktop menu:
Menu -> Internet -> Install Firefox Web Browser
  • Start Firefox and install security add-ons:
Firefox -> Tools -> Add-ons -> Get Add-ons -> NoScript -> Add to Firefox -> Install
Firefox -> Tools -> Add-ons -> Get Add-ons -> AdBlock Plus -> Add to Firefox -> Install
  • Add a menu item/shortcut to this guide (to enable copying and pasting of the remaining commands directly from the guide) and to the customization guide:
  • Kubuntuguide (Ultimate Server Walkthrough) -- firefox http://kubuntuguide.org/Ultimate_Server_Lucid_K
  • Ultimate Server Customization (Kubuntuguide) -- firefox http://kubuntuguide.org/Ubuntu_Server_Lucid_Customization_OV

Obtain an Internet URL

If a static Internet URL is not available, obtain a dynamic DNS URL. (This must be changed for each OS installation, as it is specific to that installation).

  • Create an email account for administrative use with this server, such as at mail.com, mail.google.com, or mail.yahoo.com. (mylucid.userid00@mail.com / mylucidword000 / 1/1/01 / securityquestionanswer)
  • Create a DynDNS account for use with this server, at DynDNS.org. (myluciddnsid / myluciddnsword / mylucid.userid00@mail.com)

In this walkthrough, several URLs are used. It is possible to create all of them at once at this stage:

  • mylucid00.dyndns.org
  • mylucidbbb00.dyndns.org
  • mylucidmoodle00.dyndns.org
  • mylucidwiki00.dyndns.org
  • mylucidweb00.dyndns.org
  • DynDNS allows 5 free URLs. After installation has been completed, I generally remove mylucidweb00.dyndns.org and create mylucidcalendar00.dyndns.org (for use with DAViCal) instead.

Adjust SSH for remote connections

  • If the OpenSSH server was not installed on your server at initial installation, it can be installed now.
sudo tasksel install openssh-server
  • The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
change the listening port:
Port 22199
and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
to
PasswordAuthentication no
  • Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys

so that it resembles:

AuthorizedKeysFile %h/.ssh/authorized_keys
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
  • Install X11VNC:
sudo apt-get install x11vnc
Add an X11VNC Server menu item with the command:
x11vnc --forever
-> Place in system tray (ticked)
  • Create an SSH keypair for automated login:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
  • Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
  • Leave the passphrase empty
  • Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
(In this instance, user = serveruser = lucidadmin00, so the folder /home/lucidadmin00/.ssh ought to already exist).

Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. lucidadmin00):

cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys
  • Create a test connection:
  • Start the X11VNC Server (as above)
  • Connect VNC through the SSH tunnel with the commands:
ssh -l lucidadmin00 -L 5900:127.0.0.1:5900 mylucid00.dyndns.org -p 22199
vinagre vnc://127.0.0.1

or with a single-line command (which can be placed in a Menu item / shortcut):

ssh -f -l lucidadmin00 -L 5900:127.0.0.1:5900 mylucid00.dyndns.org -p 22199 sleep 5; vinagre vnc://127.0.0.1

Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).

Install the BigBlueButton teleconferencing system

DYNDns.com account -> Add Host Services -> ...
  • Change the Apache listening port during BigBlueButton installation.
sudo kate /etc/apache2/ports.conf
Change the port value:
Listen 82
Restart Apache 2:
sudo /etc/init.d/apache2 restart
  • Obtain and install the BigBlueButton teleconferencing server:
wget http://archive.bigbluebutton.org/bigbluebutton.asc 
sudo apt-key add bigbluebutton.asc 
echo "deb http://archive.bigbluebutton.org/lucid bigbluebutton-lucid main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list
sudo apt-get update 
sudo apt-get install asterisk bigbluebutton
During installation, enter the MySQL "root" user password when prompted: lucidsql00
sudo apt-get install bbb-apps-deskshare
  • On the router, forward ports 81, 1935, 9123 to the LAN IP address of the BBB server (e.g. 192.168.0.99).
  • Edit the Nginx webserver configuration file used for BigBlueButton:
sudo nano /etc/nginx/sites-available/bigbluebutton
and change the listening port:
listen 81; 
Repeat for the default Nginx configuration file:
 sudo nano /etc/nginx/sites-available/default
and change the listening port:
listen 81; 
then restart Nginx:
sudo /etc/init.d/nginx restart
  • Configure the other BBB server components to run on port 81. Use the URL (mylucidbbb00.dyndns.org) that was setup at DYNDns.org:
sudo bbb-conf --setip mylucidbbb00.dyndns.org:81
sudo bbb-conf --clean
  • Change the Apache port back to 80:
sudo nano /etc/apache2/ports.conf
Change the port value:
Listen 80
Restart Apache 2:
sudo /etc/init.d/apache2 restart
  • Add a menu item/shortcut to the BBB server:
  • MyLucid BigBlueButton (Teleconferencing) -- firefox http://mylucidbbb00.dyndns.org:81

Install the Firewall

sudo apt-get install firestarter
  • Start Firestarter:
Menu -> Internet -> Firestarter
and allow the incoming (inbound) and outgoing (outbound) ports:
80, 443, 81, 9123, 1935, 22199

Each port must be separately added as a rule for inbound and outbound traffic. For example, to enable port 80:

Firestarter -> Policy -> Editing: Inbound traffic policy -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Anyone -> Add -> Apply Policy

and

Firestarter -> Policy -> Editing: Outbound traffic policy -> Restrictive by default, whitelist traffic -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Firewall host -> Add -> Apply Policy
(Note: It is pointed out to me repeatedly that Firestarter is not being currently updated. However, Firestarter is not the actual firewall. iptables is, and iptables is continually updated as part of the Linux kernel. Firestarter is merely an easy-to-use front-end for editing the iptables rules that has been stable for a long time. Other choices for this task include ufw/gufw (which is markedly more difficult to use, IMO). This is completely an area of user preference. The instructions above for Firestarter are not easily transferable to ufw/gufw.)

Install Moodle

  • Read this Moodle tutorial. Also see this demo site.
  • If the LAMP server stack has not been previously installed, do it now. Make sure the MySQL "root" user password (such as lucidsql00) that is created during this process is recorded for future use.
  • Install:
sudo apt-get install moodle
  • Choose the mysql-server, since it is already installed.
  • Should access to this server be restricted to localhost? No
  • Is your FQDN correct? Yes (don't worry whether it is or isn't -- this can be adjusted later)
  • Should https be required to access this Moodle server? No
  • Should a default database be created for Moodle on localhost? Yes
  • root's MySQL password: lucidsql00
  • Moodle database password: mylucidmoodleword00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Edit the Moodle configuration file:
sudo kate /etc/moodle/config.php
so that the FQDN (in this case the URL) is correctly noted:
$CFG->wwwroot = 'http://mylucid00.dyndns.org/moodle';
  • Finish installation by logging in to the Moodle server at http://localhost/moodle/admin or:
http://mylucid00.dyndns.org/moodle/admin -> Unattended installation? (ticked)
  • Admin user: mylucid00admin
  • Admin password: mylucid00word
  • Admin e-mail: mylucid.userid00@mail.com
  • City: MyTown
  • Site name: My Lucid Moodle 00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Add the BigBlueButton API:
sudo wget http://www.dualcode.com/bigbluebutton/bigbluebutton.zip
sudo unzip bigbluebutton.zip
sudo mkdir /usr/share/moodle/mod/bigbluebutton
sudo cp -r bigbluebutton/mod/bigbluebutton/* /usr/share/moodle/mod/bigbluebutton/
sudo cp -r bigbluebutton/lang/* /usr/share/moodle/lang/
sudo rm bigbluebutton.zip
sudo rm -r bigbluebutton/*
sudo rmdir bigbluebutton
  • Login to the Moodle site (as an administrator) and load the module:
Moodle -> Site Administration -> Notifications (Make sure to click on Notifications)
-> Activities -> Manage Activities -> BigBlueButton -> Settings
-> Input the IP address/URL of your BigBlueButton server (mylucidbbb00.dyndns.org:81). Do not enter the leading http:// .
-> Input the Security Salt from your BigBlueButton server. This is in a file called “bigbluebutton.properties” on the BigBlueButton server. On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo kate /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties

The security salt string can be found:

beans.dynamicConferenceService.securitySalt=your_number_here

Input that long string of numbers and letters to the field in Moodle.

-> Put a star in the Meeting IDs field. That will allow an unlimited number of rooms to be created. You can also put any number here to restrict how many rooms on your BigBlueButton server you want running at any one time. (This can eventually become important for performance reasons.)
  • In the (Course) Weekly Outline:

-> Add an activity... -> BigBlueButton ->

and set the desired passwords for the meeting, etc.

  • Add a menu item / shortcut to the Moodle server:
  • My Lucid Moodle (Teaching site) -- firefox http://mylucid00.dyndns.org/moodle

Install MediaWiki

  • Read this MediaWiki tutorial. Also see this demo site.
  • If the LAMP server stack has not been previously installed, do it now. Make sure the MySQL "root" user password (such as lucidsql00) that is created during this process is recorded for future use.

Two separate wikis are created. One will be for private internal usage and one for a public audience.

  • Create an additional URLs (Add Host) at DynDNS.com: mylucidwiki00.dyndns.org.
  • Install MediaWiki:
sudo apt-get install mediawiki
sudo a2enmod rewrite
  • Create a folder for each subsite (in this example named private and public.
sudo mkdir /etc/mediawiki/private
sudo mkdir /etc/mediawiki/public
  • Create an upload folder for images in each subwiki folder:
sudo mkdir /etc/mediawiki/private/images
sudo mkdir /etc/mediawiki/public/images
  • Copy a 135x135 image that you wish to use as a wiki logo (in the upper left corner) into the /etc/mediawiki/subwiki/images folder for each subwiki, naming it WikiLogo.png there. For example:
sudo cp ~/Pictures/mybestpic135.png /etc/mediawiki/public/images/WikiLogo.png
sudo cp ~/Pictures/mysecondbestpic135.png /etc/mediawiki/private/images/WikiLogo.png
  • The images folders should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.
sudo chown root:www-data /etc/mediawiki/private/images
sudo chown root:www-data /etc/mediawiki/public/images
sudo chmod 774 /etc/mediawiki/private/images
sudo chmod 774 /etc/mediawiki/public/images
  • Edit the config file so it recognizes MediaWiki:
sudo nano /etc/mediawiki/apache.conf

Uncomment (remove the #) the line:

Alias /mediawiki /var/lib/mediawiki
  • Restart apache2:
sudo /etc/init.d/apache2 restart
  • Run/install MediaWiki from the web browser by logging into:
firefox http://localhost/mediawiki
  • Wiki name: My Lucid Wiki (Private)
  • Contact e-mail: mylucid.userid00@mail.com
  • Admin username: mylucid00admin -> Password: mylucid00word
  • Object caching: No caching
  • E-mail features (all): disabled
  • Database config: MySQL -> Database host: localhost -> Database name: mylucid00wikipriv -> DB username: mylucid00priv -> DB password: mylucid00privword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: lucidsql00 -> Database table prefix: mylucid00prv_
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/private
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_mylucid00private_install.php
  • Repeat the MediaWiki installation from the web browser by again logging into:
firefox http://localhost/mediawiki
  • Wiki name: My Lucid Wiki (Public)
  • Contact e-mail: mylucid.userid00@mail.com
  • Admin username: mylucid00admin -> Password: mylucid00word
  • Object caching: No caching
  • E-mail features (all): disabled
  • Database config: MySQL -> Database host: localhost -> Database name: mylucid00wikipub -> DB username: mylucid00pub -> DB password: mylucid00pubword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: lucidsql00 -> Database table prefix: mylucid00pub_
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/public
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_mylucid00public_install.php
  • The LocalSettings.php configuration file for each wiki must be edited. See this tutorial. There are many security settings that must be changed before going live, or the site will certainly be hacked.
Edit your configuration variables:
sudo kate /etc/mediawiki/private/LocalSettings.php
sudo kate /etc/mediawiki/public/LocalSettings.php
Make sure the following lines are included in the LocalSettings.php file, replacing similar lines that already exist in the file and substituting private or public where appropriate:
# If PHP's memory limit is very low, some operations may fail.
ini_set( 'memory_limit', '96M' );
#
#$wgScriptPath             = "/mediawiki";
$wgScriptPath              = "/private";
$wgLogo                    = "$wgScriptPath/images/WikiLogo.png";
#
$wgUploadDirectory         = $_SERVER['DOCUMENT_ROOT'].'/private/images';
$wgUploadPath              = "$wgScriptPath/images";
#
#Database administrative user/password
$wgDBadminuser             = $wgDBuser;
$wgDBadminpassword         = $wgDBpassword;
#
#These are set for initial maximum security. They can be changed later.
#
#User restrictions
#Account creation by anonymous users
$wgGroupPermissions['*']['createaccount']       = false;
#Account creation by registered users
$wgGroupPermissions['user']['createaccount']    = false;
#Account creation by sysops
$wgGroupPermissions['sysop']['createaccount']   = true;
#
#Anonymous user permissions
$wgGroupPermissions['*']['edit']                = false;
$wgGroupPermissions['*']['createpage']          = false;
$wgGroupPermissions['*']['createtalk']          = false;
#
#Uploads rules
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
#$wgEnableUploads                               = false;
$wgEnableUploads                                = true;
#Only allow restricted uploads
$wgCheckFileExtensions                          = true;
$wgStrictFileExtensions                         = true;
$wgFileExtensions          = array('png', 'gif', 'jpg'); 
#Permissions for uploads
#Not for Anonymous
$wgGroupPermissions['*']['upload']              = false;
$wgGroupPermissions['*']['reupload']            = false;
$wgGroupPermissions['*']['reupload-shared']     = false;
#Uploads (but not re-uploads) for Users
$wgGroupPermissions['user']['upload']           = true;
$wgGroupPermissions['user']['reupload']         = false;
$wgGroupPermissions['user']['reupload-shared']  = false;
#Sysops
$wgGroupPermissions['sysop']['upload']          = true;
$wgGroupPermissions['sysop']['reupload']        = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
#
#For ReCaptcha -- this requires installing the Recaptcha extension
#
#require_once( "$IP/extensions/recaptcha/ReCaptcha.php" );
# Sign up for these at http://recaptcha.net/api/getkey
#$recaptcha_public_key = ' xyxyxyxyxyxyxyxyx ';
#$recaptcha_private_key = ' ababababababababa ';
#
#The clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily.
#
require("includes/GlobalFunctions.php");
$wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day
In addition, a private wiki page should only be able to be read by registered users, so add these lines to LocalSettings.php for any private subwiki:
#This example will disable viewing of all pages not listed in $wgWhitelistRead, then re-enable for registered users only:
$wgGroupPermissions['*']['read']    = false;
# The following line is not actually necessary, since it's in the defaults. Setting
# '*' to false doesn't disable rights for groups that have the right separately set
# to true!
$wgGroupPermissions['user']['read'] = true;
  • Make symbolic links from the Apache2 folder to the subwiki folders:
sudo mkdir /var/www/Wikis
sudo ln -s /etc/mediawiki/private /var/www/Wikis/private
sudo ln -s /etc/mediawiki/public /var/www/Wikis/public
  • Link the files from your installation directory to each subwiki folder:
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/private/.
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/public/.
  • Create and edit an Apache2 configuration file (e.g. /etc/apache2/sites-available/wikivirtualhost):
sudo kate /etc/apache2/sites-available/wikivirtualhost
so that the lines are similar to:
<VirtualHost *:80>
UseCanonicalName off
#
DocumentRoot /var/www/Wikis
DirectoryIndex index.php index.html
#
ServerName mylucidwiki00.dyndns.org
ServerAlias *.mylucidwiki00.dyndns.org
# 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]
#
<Directory /var/www/Wikis>
Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
#AllowOverride None
Order allow,deny
allow from all
</Directory>
# 
</VirtualHost>
Pay attention to the rewrite rule:
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]

This is a complex rule that means that as long as the REQUEST_URI (which is the part after the server name, i.e. http://mylucidwiki00.dyndns.org/REQUEST_URI) does not match private or public (the symbol ! means not), then use public as the default directory.

  • Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/wikivirtualhost /etc/apache2/sites-enabled
  • Restart Apache:
sudo /etc/init.d/apache2 restart
  • The two sites will be available:
http://mylucidwiki00.dyndns.org or http://mylucidwiki00.dyndns.org/public
and
http://mylucidwiki00.dyndns.org/private
  • Add menu items / shortcuts to the Wiki(s):
  • My Lucid Wiki (Public) (MediaWiki) -- firefox http://mylucidwiki00.dyndns.org

and

  • My Lucid Wiki (Private) (MediaWiki) -- firefox http://mylucidwiki00.dyndns.org/private

Import Kubuntuguide into your local wiki

  • Read this tutorial on importing Kubuntuguide into the local wiki.
  • Examine the list of wiki pages available at Kubuntuguide:
Kubuntuguide.org -> Toolbox: Special Pages -> All pages

Many of these pages will not be necessary for your private copy. Copy only the names of the wiki pages files you wish to export. The recommended list is below.

  • Export the desired pages from Kubuntuguide as an XML export:
Kubuntuguide.org wiki -> Toolbox: Special Pages -> Export pages

(Note: This list of (English-language) wiki pages was accurate for the recent Lucid version. You may want to check all pages to see if something you want is missing from this list.)

All
Boot from a Live CD
Multiple OS Installation
Multiple OS Installation Jaunty
Lucid Multiple OS Installation
Manipulating Partitions
Virtualbox in Windows
Android emulation
Dolphin file manager
Screencasts
Netflix
Video Conversion
Video ripping tips‎
Streamripper
EBook Conversion
Transparent Image Backgrounds
Email with PGP
Tor
Anonymous email
Malware
Kwooty
Mail Server setup
Wink 64bit
Remastersys
Dynamic IP servers
FTP tips
KTorrent
Using SSH to Port Forward
Limit the user accounts that can connect through OpenSSH remotely
OpenVPN server Jaunty
OpenVPN server Karmic
WebDAV
Ia32libs
Ultimate Server Jaunty
Ultimate Server Jaunty K
Ultimate Server Jaunty with OpenVistA EHR
Ultimate Server Jaunty K with OpenVistA EHR
Ultimate Server Jaunty Customization
Ultimate Server Jaunty Customization OV
Ultimate Server Lucid K
Ultimate Server Lucid K with OpenVistA EHR
Ultimate Server Lucid Customization
Ultimate Server Lucid Customization OV
Apache2 reverse proxies
MediaWiki tips
Mediawiki site building tips
Collections tips
PdfBook tips
Drupal6 tips
Drupal site building tips
Installing Drupal on a shared webhost
Old Drupal6 tips
Moodle tips
Fortune
DAViCal tips
DAViCal current version
BigBlueButton
WebHuddle tips
OpenVistA EHR‎
WorldVistA tips
Ubuntu-Med FAQ
Skulltag tips
MFC-7820N
Upgrades
Kubuntuguide XML exports
Kubuntuguide page lists
Malicious commands to avoid
DefaultApplications
Main Page
Kubuntuguide
Template:K All/Introduction
Template:Kubuntuguide core wikipages
Template:Kubuntuguide Language wikipages
Template:Kubuntuguide Hardy wikipages
Template:Kubuntuguide Hardycore wikipages
Template:Kubuntuguide HardyLanguages
Template:Kubuntuguide Jaunty wikipages
Template:Kubuntuguide Jauntycore wikipages
Template:Kubuntuguide JauntyLanguages
Template:Kubuntuguide Karmic wikipages
Template:Kubuntuguide Karmiccore wikipages
Template:Kubuntuguide KarmicLanguages
Template:Kubuntuguide Lucid wikipages
Template:Kubuntuguide Lucidcore wikipages
Template:Kubuntuguide LucidLanguages
Template:Kubuntuguide Maverick wikipages
Template:Kubuntuguide Maverickcore wikipages
Template:Kubuntuguide MaverickLanguages
Template:Kubuntuguide Natty wikipages
Template:Kubuntuguide Nattycore wikipages
Template:Kubuntuguide NattyLanguages
Template:Kubuntuguide Oneiric wikipages
Template:Kubuntuguide Oneiriccore wikipages
Template:Kubuntuguide OneiricLanguages
Template:Kubuntuguide Precise wikipages
Template:Kubuntuguide Precisecore wikipages
Template:Kubuntuguide PreciseLanguages
Template:Ultimate Server Jaunty Core
Template:USJ Customize Core
Template:USJ Customize NewUser
Template:USJ Customize OV
Template:USJ Adjust SSH‎
Template:USJ New SSH Users‎
Template:USJ networking‎
Template:Ultimate Server Lucid Core
Template:USL Customize Core
Template:USL Customize NewUser
Template:USL Customize OV
Template:USL Adjust SSH‎
Template:USL New SSH Users‎
Template:USL networking‎
Template:OpenVistA EHR‎
Template:OpenVistA Server functions‎
Template:Android emulation
Template:WorldVistA
Template:Licenses
Template:Drupal BBB
Template:Moodle installation
Template:PartitionDesign
Template:WindowsPartitions
Template:Streamripper
Template:Dolphin file manager
Template:KTorrent
Template:Netflix
Template:Ia32libs
Template:Tor
Template:Anonymous email
Template:Malware
Template:K RegisterHeader
VirtualServers
Lucid
Template:K Lucid/Administration
Template:K Lucid/Introduction
Template:K Lucid/General
Template:K Lucid/OtherVersions
Template:K Lucid/OtherResources
Template:K Lucid/Installation
Template:K Lucid/Repositories
Template:K Lucid/Packages
Template:K Lucid/DesktopAddons
Template:K Lucid/Requests
Template:Lucid/Virtualization
Template:K Lucid/EdutainmentIntro
Template:Lucid/Edutainment
Template:Lucid/Games
Template:K Lucid/Internet
Template:Lucid/Videoconferencing
Template:K Lucid/Privacy
Template:K Lucid/ProprietaryExtras
Template:K Lucid/Troubleshooting
Template:K Lucid/Graphics
Template:Lucid/Screencapture
Template:Lucid/Video
Template:Lucid/Audio
Template:Lucid/AudioVideoConversion
Template:K Lucid/CD DVD
Template:K Lucid/Music
Template:Lucid/MediaCenters
Template:Lucid/HomeAutomation
Template:Lucid/Office
Template:Lucid/Financial
Template:Lucid/Groupware
Template:Lucid/Wiki
Template:Lucid/WebPublishing
Template:K Lucid/Maps
Template:Lucid/Development
Template:Lucid/Science
Template:Lucid/MiscApps
Template:K Lucid/Utilities 
Template:Lucid/Backup
Template:Lucid/Hardware
Template:Lucid/Networking
Template:Lucid/NetworkAdmin
Template:Lucid/Servers
-> Include only the current revision, not the full history (ticked) -> Offer to save as a file: (ticked) -> Export -> Save file
-> Kubuntuguide-xxxxx.xml
  • Import the Kubuntuguide XML export file into the local wiki:
Local wiki -> log in -> Username: wikiadmin -> Password: wikiadminpassword -> Log in
-> Special Pages -> Page Tools -> Import pages -> Browse -> Kubuntuguide-xxxxx.xml -> Open -> Upload file
  • Edit the Main Page of the wiki and add a link to the online Kubuntuguide as well as the imported copy:
*[[Lucid|Kubuntuguide Lucid (local copy for editing)]]
*[http://kubuntuguide.org/Lucid Kubuntuguide Lucid (online)]

The idea is to edit the locally stored Kubuntuguide as you customize your system. It can also serve as a template and an example of how to use the MediaWiki wiki.

  • Edit the local copy of Kubuntuguide to hide irrelevant links. In MediaWiki, use the <!---> and <---> tags to comment out instructions or text that should not be displayed. Example:
Kubuntuguide Lucid (local copy for editing) -> edit ->
 <!--->{{LucidLynxLanguageBar|languages=Languages:|InProgress=In progress:}}<--->

Install Drupal6

  • Read this Drupal6 tutorial. Also see this demo site.
  • If the LAMP server stack has not been previously installed, do it now. Make sure the MySQL "root" user password (such as lucidsql00) that is created during this process is recorded for future use.
  • Create two additional URLs (Add Hosts) at DynDNS.com: mylucid00.dyndns.org and mylucidweb00.dyndns.org
  • Install Drupal6 and the first website (mylucid00.dyndns.org).
sudo apt-get install drupal6
Configure database for drupal6 with dbconfig-common? Yes
Database type to be used by Drupal6: mysql
Password of your database's administrative user: lucidsql00
MySQL application password for drupal6: mylucid00drupalword
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy the /etc/drupal/6/sites/default folder to the first subsite (in this example named mylucid00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/mylucid00.dyndns.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/mylucid00.dyndns.org/files
sudo mkdir /etc/drupal/6/sites/mylucid00.dyndns.org/files
sudo chown root:www-data /etc/drupal/6/sites/mylucid00.dyndns.org/files
sudo chmod 774 /etc/drupal/6/sites/mylucid00.dyndns.org/files
  • Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/mylucid00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mybestpic110.png /etc/drupal/6/sites/mylucid00.dyndns.org/files/WebLogo.png
  • The permissions of the settings.php and dbconfig.php files must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/mylucid00.dyndns.org/settings.php
sudo chmod 777 /etc/drupal/6/sites/mylucid00.dyndns.org/dbconfig.php
  • Create a virtual host file for the new sites:
sudo kate /etc/apache2/sites-available/drupal6virtualhost

Add the lines:

#
# Virtual hosting configuration for Drupal6
#
#
<VirtualHost *:80>
ServerAdmin mylucid.userid00@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName mylucid00.dyndns.org
ServerAlias *.mylucid00.dyndns.org mylucid00.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
#
<VirtualHost *:80>
ServerAdmin mylucid.userid00@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName mylucidweb00.dyndns.org
ServerAlias *.mylucidweb00.dyndns.org mylucidweb00.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
  • Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/drupal6virtualhost /etc/apache2/sites-enabled
  • Restart Apache:
sudo /etc/init.d/apache2 restart
  • Install the first website through the web browser:
firefox http://mylucid00.dyndns.org/install.php
Site Name: My Lucid 00
Site e-mail address: mylucid.userid00@mail.com
Administrator Account Username: mylucid00admin -> Password: mylucid00word
Clean URLs: Enabled
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/mylucid00.dyndns.org/settings.php
sudo chown root:www-data /etc/drupal/6/sites/mylucid00.dyndns.org/dbconfig.php
sudo chmod 740 /etc/drupal/6/sites/mylucid00.dyndns.org/dbconfig.php
  • While still logged in as an administrator, update the database:
http://mylucid00.dyndns.org/update.php
  • Now you will re-install a new database for each planned subsite.:
sudo dpkg-reconfigure drupal6
  • Re-install database for drupal6? Yes
  • Database type to be used by drupal6: mysql
  • Connection method for MySQL database of drupal6: unix socket
  • Name of your database's administrative user: root
  • Password of your database's administrative user: lucidsql00
  • username for drupal6: drupal6b
  • database name for drupal6: drupal6b
  • Copy the /etc/drupal/6/sites/default folder to the second subsite (in this example named mylucidweb00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/mylucidweb00.dyndns.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
sudo mkdir /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
sudo chown root:www-data /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
sudo chmod 774 /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
  • Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/mylucidweb00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mysecondbestpic110.png /etc/drupal/6/sites/mylucidweb00.dyndns.org/files/WebLogo.png
  • The permissions of the settings.php and dbconfig.php must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/mylucidweb00.dyndns.org/settings.php
sudo chmod 777 /etc/drupal/6/sites/mylucidweb00.dyndns.org/dbconfig.php
  • Install the second website through the web browser:
firefox http://mylucidweb00.dyndns.org/install.php
Site Name: My Lucid Web 00
Site e-mail address: mylucid.userid00@mail.com
Administrator Account Username: mylucid00admin -> Password: mylucid00word
Clean URLs: Enabled
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/mylucidweb00.dyndns.org/settings.php
sudo chown root:www-data /etc/drupal/6/sites/mylucidweb00.dyndns.org/dbconfig.php
sudo chmod 740 /etc/drupal/6/sites/mylucidweb00.dyndns.org/dbconfig.php
  • While still logged in as an administrator, update the database:
http://mylucidweb00.dyndns.org/update.php
  • This process can be repeated if desired (if enough URLs are available).
  • The two websites will be available from the web:
http://mylucid00.dyndns.org
and
http://mylucidweb00.dyndns.org
  • Set up the cron task for each site:
sudo crontab -e

And add the lines (with the nano editor, or the one you prefer):

45 * 18 * * /usr/bin/wget -O - -q -t 1 http://mylucid00.dyndns.org/cron.php
45 * 19 * * /usr/bin/wget -O - -q -t 1 http://mylucidweb00.dyndns.org/cron.php
this will run the scripts separately, at 45 minutes after the 1800 hour and the 1900 hour every day (each site at a different hour).
  • After all sites are installed, create an /etc/drupal/6/sites/all folder in which to store shared modules and themes. Copy the folders:
sudo mkdir /etc/drupal/6/sites/all
sudo mkdir /etc/drupal/6/sites/all/modules
sudo mdkir /etc/drupal/6/sites/all/themes
and (optionally) make a directory for shared files:
sudo mkdir /etc/drupal/6/sites/all/files
sudo chmod 777 /etc/drupal/6/sites/all/files
then update each website again (while logged in as the administrator for each website).
http://mylucid00.dyndns.org/update.php
http://mylucidweb00.dyndns.org/update.php
  • Change theme and add WebLogo:
Drupal -> Administer -> Themes -> Garland -> configure -> color set: Ash -> Logo image settings -> Use the default logo: (unticked)
-> Path to custom logo: sites/mylucid00.dyndns.org/files/WebLogo.png
  • Add Ubercart online store.
  • Install PayPal cURL-php library pre-requisite (see this link for more info):
sudo apt-get install php5-curl
sudo /etc/init.d/apache2 restart
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/bbb-6.x-1.x-dev.tar.gz
sudo tar zxvf bbb-6.x-1.x-dev.tar.gz
sudo rm bbb-6.x-1.x-dev.tar.gz
Note: Enable permissions for added modules update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Big Blue Button -> select the Big Blue Button module functions you intend to use

then update:

http://mylucid00.dyndns.org/update.php
  • Test the BigBlueButton settings:
Drupal -> Site administration -> Site configuration -> BigBlueButton Conferencing
-> Base URL: http://mylucidbbb00.dyndns.org:81/bigbluebutton/
-> Change the Security Salt (found in a file called “bigbluebutton.properties” on the BigBlueButton server). On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo kate /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
Copy the security salt number found in the setting:
beans.dynamicConferenceService.securitySalt=your_security_salt_number_here
-> Save configuration -> Test connection
  • Create a new content type named Teleconference:
Drupal -> Administer -> Content management -> Content types -> Add content type

-> Name: Teleconference -> Type: teleconference -> Big Blue Button settings -> Treat this node type as conference: (ticked) -> Show links to join / start a meeting beneath the node: (ticked) -> Display meeting status on node: (ticked) -> Save content type

  • Create a new node of content type Teleconference:

Drupal -> Create content -> Teleconference -> Conference settings -> ...

  • Add a Welcome page and a link to public wiki
Drupal -> Create Content -> Page -> Welcome -> ... -> Promoted to front page (ticked) -> Save
Drupal -> Administer -> Site building -> Menus -> Primary links -> Add item -> Path: http://mylucidwiki00.dyndns.org/public -> Menu link title: My Lucid Wiki -> Weight: 10 -> Save
  • Add menu items / shortcuts to the Drupal Website(s):
  • My Lucid Website (Public) (Drupal) -- firefox http://mylucid00.dyndns.org
and
  • My Lucid Website (Private) (Drupal) -- firefox http://mylucidweb00.dyndns.org
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/token-6.x-1.12.tar.gz
sudo tar zxvf token-6.x-1.12.tar.gz
sudo rm token-6.x-1.12.tar.gz
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/ubercart-6.x-2.0.tar.gz
sudo tar zxvf ubercart-6.x-2.0.tar.gz
sudo rm ubercart-6.x-2.0.tar.gz
Note: You must Enable permissions for added modules update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Ubercart -> select the Ubercart module functions you intend to use

then update:

http://mylucid00.dyndns.org/update.php
Drupal -> Administer -> Store administration
  • Further customize each website by installing the modules as detailed here.

Install ddclient

sudo apt-get install ddclient
Dynamic DNS service provider: www.dyndns.com
DynDNS fully qualified domain names: mylucid00.dyndns.org, mylucidweb00.dyndns.org, mylucidwiki00.dyndns.org, mylucidbbb00.dyndns.org, mylucidmoodle00.dyndns.org
Username for dynamic DNS service: myluciddnsid -> Password: myluciddnsword
Network interface (eth0, wlan0, etc.) used for dynamic DNS service: eth0
  • Edit the ddclient configuration file:
sudo kate /etc/ddclient.conf
so that it resembles:
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
#
daemon=3600
ssl=yes
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
pid=/var/run/ddclient.pid
protocol=dyndns2
#use=if, if=eth0
server=members.dyndns.org
login=myluciddnsid
password=' myluciddnsword '
# mylucid00.dyndns.org,mylucidweb00.dyndns.org,mylucidwiki00.dyndns.org,mylucidbbb00.dyndns.org,mylucidmoodle00.dyndns.org
mylucid00.dyndns.org,mylucidcalendar00.dyndns.org,mylucidwiki00.dyndns.org,mylucidbbb00.dyndns.org,mylucidmoodle00.dyndns.org
Note: There are companies on the Internet other than DynDNS.com that provide Dynamic DNS services as well (but several of them are very unreliable, in my experience). DynDNS.com is one of the oldest and most stable. I have found it convenient to forward my URLs (that I already had at other DNS providers) to the DynDNS URLs created in this walkthrough. However, if your original DNS provider supports reliable Dynamic DNS services, you may be able to get it to work with ddclient as well. See the instructions in the tutorial.

Add menu items for websites

Add a menu item for each website:

  • My Lucid 00 (Drupal6 Website) -- firefox http://mylucid00.dyndns.org
  • My Lucid 00 Web (Drupal6 Website) -- firefox http://mylucidweb00.dyndns.org
  • My Lucid 00 BBB (BigBlueButton Teleconferencing) -- firefox http://mylucidbbb00.dyndns.org:81
  • My Lucid 00 Wiki (Public) -- firefox http://mylucidwiki00.dyndns.org
  • My Lucid 00 Wiki (Private) -- firefox http://mylucidwiki00.dyndns.org/private
  • My Lucid 00 Moodle (Teaching site) -- firefox http://mylucidmoodle00.dyndns.org

Add Audacious audio player

  • This is an optional component. I use this to stream music from Shoutcast Internet Radio to the office stereo system by plugging the computer output jack into the office stereo input jack. Install:
sudo apt-get install audacious audacious-plugins
  • Change the Audacious audio to ALSA (unless you are willing to configure PulseAudio) and use the classic skin:
Audacious -> Preferences -> Audio -> Current audio plugin: ALSA Output Plugin
-> Appearance -> Classic -> Close
  • Using the Menu Editor, create a menu item to Shoutcast Internet Radio with the command:
firefox http://classic.shoutcast.com
  • Start Shoutcast Internet Radio and click on a radio station. When prompted for the file association, choose Audacious:
"You have chose to open shoutcast-playlist.pls which is a: PLS file. What should Firefox want do with this file?" -> Open with ... -> Browse -> File system... -> usr -> bin -> audacious -> Open -> Do this automatically for files like this from now on: (ticked) -> OK

Install DAViCal group calendar server

If a full groupware server (Kolab, eGroupware, or Zimbra) is to be installed, there is no need for DaviCal. As a standalone group calendar server, though, it can't be beat.

Allow Reverse proxies

If you have one LAN router that forwards all port 80 traffic to a single server yet you have multiple physical servers on the LAN (each using their own set of URLs), then the primary server (to which all port 80 traffic is sent) will have to act as a reverse proxy for the other servers. This is accomplished through Apache2 reverse proxies. See this tutorial.

Adding new SSH users

  • On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as mylucidguestpassword):
sudo useradd -m mylucid00guest
sudo passwd mylucid00guest
sudo mkdir /home/mylucid00guest/.ssh
sudo chmod 777 /home/mylucid00guest/.ssh
  • Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
to
PasswordAuthentication yes
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

From the new Linux user's client computer:

ssh-keygen
scp -P 22199 ~/.ssh/id_rsa.pub mylucid00guest@mylucid00.dyndns.org:~/.ssh/id_rsa.pub
When prompted, of course, the guest password, mylucidguestpassword, should be entered.
  • Back on the server (logged in as the administrator lucidadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config

Change the line:

PasswordAuthentication yes
to
PasswordAuthentication no
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

It is then usually best (for security reasons) to now change the guest password to something completely different:

sudo passwd mylucid00guest
  • Copy the new id_rsa.pub key to the mylucid00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/mylucid00guest/.ssh/id_rsa.pub /home/lucidadmin00/.ssh/id_rsaguest.pub
sudo chown -R lucidadmin00 /home/lucidadmin00
cd ~/.ssh
cat authorized_keys id_rsaguest.pub >> authorized_keys

Note: this new /home/lucidadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.

  • If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.

Add security scanners

  • Don't believe the hype about Linux being free from viruses, trojans, and rootkits. They happen (although less common than in other operating systems). The biggest risk comes from installing software from repositories other than official Ubuntu repositories. Be careful. Here are some recommended security utilities:
  • KlamAV is the KDE/Kubuntu frontend for ClamAV anti-virus suite. Install:
sudo apt-get install klamav
Run:
Menu -> System -> KlamAV Anti-Virus Manager
  • Rkhunter is a rootkit hunter. Install and run:
sudo apt-get install rkhunter
sudo rkhunter
  • Chkrootkit is another rootkit hunter. Install and run:
sudo apt-get install chkrootkit
sudo ./chkrootkit

Changing passwords and other customization

More Ultimate Servers

Additional servers can be added to the preceding framework, of course. Here are some examples:

Ultimate Server Lucid Customization

These instructions ought to be followed for every installation method of the Ultimate Server Lucid, except when installing using the step-by-step walkthrough. When completed, a reasonably secure installation will have been achieved. The steps are meant to be done in order, because some later steps are dependent on earlier steps. These steps should take about 30 minutes to perform.

Enable BIOS power-up

  • Change the computer's BIOS settings so that after a power failure the computer will automatically powerup and restart to the default OS. (This is important for servers.) At bootup, enter the BIOS menu using whichevever key is appropriate for your computer's BIOS:
[F2], [F1], [F10], or [DEL] -> Power Management Setup -> PowerOn After Pwr-Fail: On -> Save -> Reboot

Set networking parameters

  • Set the static IP address for your server. If your computer already has a static LAN IP address assigned on your network, use it. Otherwise choose a static LAN IP address that (preferably) is not part of the DHCP address range used by your router (or DHCP server). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.)
sudo kate /etc/network/interfaces
and edit the lines to resemble:
# iface eth0 inet dhcp
#
iface eth0 inet static
address 192.168.0.99
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
and restart networking:
sudo /etc/init.d/networking restart

Obtain an Internet URL

  • Email:
Email address: mylucid.userid00@mail.com Password: mylucidword000 DOB: 1/1/01 Favorite question: securityquestionanswer
How to change:
Mail.com -> Sign in (email address/password) -> Settings -> Accounts -> Change your Mail.com password -> Password: click here to change password
Note: These are examples only. You must obtain your own account and password to use with the system. You can use a pre-established email account or create a new one at Mail.com, Gmail, or Yahoo Mail.
  • Dynamic DNS:
ID: myluciddnsid Password: myluciddnsword Email: mylucid.userid00@mail.com
How to change:
DynDNS.com -> Log in (Username/Password) -> Account Settings: Change Password
Note: These are examples only. You must obtain your own account and password to use with the system. While several Dynamic DNS services are available and can be used, the walkthrough instructions refer to DynDNS.com. Decide on a naming scheme for your set of servers. The installation walkthrough uses mylucid00.dyndns.org, mylucidbbb00.dyndns.org, mylucidmoodle00.dyndns.org, mylucidwiki00.dyndns.org, mylucidcalendar00.dyndns.org, and mylucidweb00.dyndns.org, but (obviously) these cannot be used for your system and you must choose a new naming scheme.
DynDNS.com allows the creation five free domain name URLs, so choose your naming scheme carefully and then create/activate the 5 URLs for your system at DynDNS.com. For example:
clarkkent.dyndns.org, clarkkentbbb.dyndns.org, clarkkentmoodle.dyndns.org, clarkkentwiki.dyndns.org, clarkkentcalendar.dyndns.org, and clarkkentweb.dyndns.org.

Configure ddclient

  • Edit the ddclient configuration file (mandatory). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.):
sudo kate /etc/ddclient.conf
so that it resembles:
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
#
daemon=3600
ssl=yes
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
pid=/var/run/ddclient.pid
protocol=dyndns2
#use=if, if=eth0
server=members.dyndns.org
login=clarkkent
password=' kryptonite '
# clarkkent.dyndns.org,clarkkentbbb.dyndns.org,clarkkentmoodle.dyndns.org,clarkkentwiki.dyndns.org,clarkkentweb.dyndns.org
clarkkent.dyndns.org,clarkkentbbb.dyndns.org,clarkkentmoodle.dyndns.org,clarkkentwiki.dyndns.org,clarkkentcalendar.dyndns.org
Clearly you must use your own login ID and password (created during signup at DynDNS.com), and replace the server URL names with the ones that match your naming scheme (and which you activated at DynDNS.com).

Change important passwords

  • System:
ID: lucidadmin00 Password: lucidword00
How to change (mandatory):
sudo passwd lucidadmin00
  • System guest:
ID: mylucid00guest Password: mylucidguestpassword
How to change (mandatory):
sudo passwd mylucid00guest
  • MySQL
ID: root Password: lucidsql00
How to change (recommended):
mysqladmin -u root --password=lucidsql00 password newrootsqlpw
If you have lost the MySQL root user password entirely, then see this solution.

Customize BigBlueButton

  • Customize BigBlueButton:

If your chosen URL for the BigBlueButton is clarkkentbbb.dyndns.org, for example, then

sudo bbb-conf --setip clarkkentbbb.dyndns.org:81
sudo bbb-conf --clean
  • Although optional, I highly recommend creating a new security salt (UUID) for BigBlueButton. See these instructions.
  • Edit the menu item/shortcut to the BBB server:
Clark Kent's BigBlueButton (Teleconferencing) -- firefox http://clarkkentbbb.dyndns.org:81
  • Make sure your router forwards ports 81, 9123, and 1935 to your server's LAN IP address.

Customize Moodle

  • Customize Moodle:
  • Edit the Apache2 virtual host configuration file for the Moodle Server (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/sites-available/moodlevirtualhost
so that the contents resemble:
<VirtualHost *:80>
ServerAdmin clarkkent@mail.com
#
DocumentRoot /usr/share/moodle/
ServerName clarkkentmoodle.dyndns.org
ServerAlias www.clarkkentmoodle.dyndns.org clarkkentmoodle.dyndns.org
#RewriteEngine On
#RewriteOptions inherit
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
  • Edit the Moodle configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/moodle/config.php
so that the FQDN (in this case the URL) is correctly noted:
$CFG->wwwroot = 'http://clarkkentmoodle.dyndns.org/moodle';
  • Login to the server (http://clarkkentmoodle.dyndns.org) and change the primary admin password (and create a new user/password if desired):
ID: mylucid00admin Password: mylucid00word
How to change (mandatory):
Moodle -> Login (using ID/Password) -> Site Administration: Accounts: Browse List of Users
-> MyLucid Admin -> Change password
  • Edit the menu item/shortcut to the Moodle server:
Clark Kent's Moodle (Online Teaching) -- firefox http://clarkkentmoodle.dyndns.org

Customize MediaWiki

  • Customize MediaWiki:
  • Edit the Apache2 configuration file (e.g. /etc/apache2/sites-available/wikivirtualhost). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.):
sudo kate /etc/apache2/sites-available/wikivirtualhost
so that the lines are similar to:
<VirtualHost *:80>
UseCanonicalName off
#
DocumentRoot /var/www/Wikis
DirectoryIndex index.php index.html
#
ServerName clarkkentwiki.dyndns.org
ServerAlias *.clarkkentwiki.dyndns.org
# 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]
#
<Directory /var/www/Wikis>
Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
#AllowOverride None
Order allow,deny
allow from all
</Directory>
# 
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
Change the password for each wiki individually by logging in separately (http://clarkkent.dyndns.org/public and http://clarkkent.dyndns.org/private). The ID and password are initially the same for both wikis (but this obviously can be changed).
ID: mylucid00admin Password: mylucid00word
How to change (mandatory for each wiki):
MediaWiki -> Login (using ID/Password) -> my preferences -> Change password
  • Edit the menu items / shortcuts to the Wiki(s):
  • Clark Kent's Wiki (Public) (MediaWiki) -- firefox http://clarkkentwiki.dyndns.org
and
  • Clark Kent's Wiki (Private) (MediaWiki) -- firefox http://clarkkentwiki.dyndns.org/private

Customize Drupal

  • Customize the Drupal6 website(s):
  • Rename the website folders to correspond to your chosen URL naming scheme. For example:
sudo mv /etc/drupal/6/sites/mylucid00.dyndns.org /etc/drupal/6/sites/clarkkent.dyndns.org
sudo mv /etc/drupal/6/sites/mylucidweb00.dyndns.org /etc/drupal/6/sites/clarkkentweb.dyndns.org
  • Edit the virtual host file for the new sites (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/sites-available/drupal6virtualhost
so that it resembles:
#
# Virtual hosting configuration for Drupal6
#
#
<VirtualHost *:80>
ServerAdmin clarkkent@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName clarkkent.dyndns.org
ServerAlias *.clarkkent.dyndns.org clarkkent.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
#
<VirtualHost *:80>
ServerAdmin clarkkent@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName clarkkentweb.dyndns.org
ServerAlias *.clarkkentweb.dyndns.org clarkkentweb.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
  • Edit the cron task so that it reflects the new URLs correctly:
sudo crontab -e

And edit the lines (with the nano editor, or the one you prefer) so that they resemble:

45 * 18 * * /usr/bin/wget -O - -q -t 1 http://clarkkent.dyndns.org/cron.php
45 * 19 * * /usr/bin/wget -O - -q -t 1 http://clarkkentweb.dyndns.org/cron.php
  • Login to each website individually (http://clarkkent.dyndns.org and http://clarkkentweb.dyndns.org) and adjust the admin user password and the Theme settings. (Until you adjust the Theme settings, the graphics will not display properly).
ID: mylucid00admin Password: mylucid00word
How to change (mandatory):
Drupal6 -> Login (using ID/Password) -> My account -> Edit -> Password
change the Theme settings:
Drupal6 -> Administer -> Site building -> Themes -> Garland: configure -> Path to custom logo: sites/clarkkent.dyndns.org/WebLogo.png
(Use clarkkentweb.dyndns.org when customizing the other website, obviously.)
update the websites:
http://clarkkent.dyndns.org/update.php
http://clarkkentweb.dyndns.org/update.php

Note: DynDNS only allows 5 free URLs. If you have activated clarkkentcalendar.dyndns.org as the 5th URL, you will not be able to connect through the web to clarkkentweb.dyndns.org. However, it is possible to deactivate a URL on DynDNS, create/activate a new URL, go through the customization steps using the activated URL, then deactivate that URL (if is no longer desired) and reactivate the (previously deactivated) desired one(s).

  • Edit the menu items / shortcuts to the Drupal Website(s):
  • Clark Kent's Website (Public) (Drupal) -- firefox http://clarkkent.dyndns.org
and
  • Clark Kent's Website (Private) (Drupal) -- firefox http://clarkkentweb.dyndns.org

Customize DAViCal

  • Customize the DAViCal Group Calendar:
  • Rename the configuration file to correspond to your chosen URL naming scheme. For example:
sudo mv /etc/davical/mylucidcalendar00.dyndns.org-conf.php /etc/davical/clarkkentcalendar.dyndns.org-conf.php
  • Edit the virtualhost config file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/sites-available/mydavicalsite
so that these lines resemble:
#
# Virtual Host def for Debian package DAViCal
<VirtualHost *:80>
 DocumentRoot /usr/share/davical/htdocs
 DirectoryIndex index.php index.html
 ServerName clarkkentcalendar.dyndns.org
 ServerAlias calendar.clarkkent.dyndns.org
 Alias /images/ /usr/share/davical/htdocs/images/
 <Directory /usr/share/davical/htdocs/>
     AllowOverride None
     Order allow,deny
     Allow from all
 </Directory>
 php_value include_path /usr/share/awl/inc
 php_value magic_quotes_gpc 0
 php_value register_globals 0
 php_value open_basedir 1
 php_value error_reporting "E_ALL & ~E_NOTICE"
 php_value default_charset "utf-8"
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
  • Login to the calendar server (http://clarkkentcalendar.dyndns.org) and change the admin password.
ID: mylucid00admin Password: mylucid00word
How to change (mandatory):
DAViCal Admin webpage -> login (User Name/Password) -> User Functions: List Users
-> mylucid00admin -> Confirm password: (enter new password) -> Apply changes

Adjust SSH for remote connections

  • Adjust SSH for remote connections
The usual default SSH port is 22, but in the Ultimate Server this has been changed to port 22199. You can change it again, if you choose. Make sure your router forwards traffic for the chosen port to your computer's LAN IP address (as set above). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.)
sudo kate /etc/ssh/sshd_config
change the listening port:
Port 22199
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
  • Remove the insecure SSH files distributed with the system and generate new ones:
sudo rm /home/lucidadmin00/.ssh/*
ssh-keygen
Accept the default location for the key file ( /home/lucidadmin00/.ssh/id_rsa ).
  • Leave the passphrase empty
cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys

Adding new SSH users

  • Add a new user and change the password for that user (optional):
sudo useradd -m myownuserID
sudo passwd myownuserpw
Login using the new user ID to complete the installation.
  • Create an SSH keypair for automated login by the new user:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
  • Accept the default location for the key file ( /home/myownuserID/.ssh/id_rsa ).
  • Leave the passphrase empty
Make sure that a file named authorized_keys (with write privileges) is in the /home/myownuserID/.ssh folder. If not, create such a file (using the "touch" command to create an empty file) after logging into the server as myownuserID:
cd ~/.ssh
touch authorized_keys
Alternatively, you can copy the original authorized_keys file from the /etc/lucidadmin00/.ssh folder (as long as it has been revised and is not the original insecure authorized_keys file distributed with the system). This is useful if you wish to keep both the lucidadmin00 and myownuserID users.
sudo cp /home/lucidadmin00/.ssh/authorized_keys /home/myownuserID/.ssh/authorized_keys
sudo chown -R myownuserID /home/myownuserID
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys

Inactivate old users

  • Inactivate old users (this is easiest from the GUI desktop once installation has been completed):
Menu -> System -> KUser User Manager -> highlight userID -> Account disabled (ticked)
If you merely wish to exclude a user from appearing on the Login screen:
Menu -> System -> System Settings -> Advanced -> Login Manager -> Users -> tick the users to exclude from the Login screen

Change hostname (optional)

  • Hostname: Lucid64Server00
  • Discover the current hostname and the Fully Qualified Domain Name:
hostname
hostname --fqdn
  • I don't recommend changing the hostname, but it can be changed by editing the /etc/hostname file and the /etc/hosts file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu)
sudo kate /etc/hostname
sudo kate /etc/hosts

It is not necessary for security reasons to change your hostname, and it is not recommended especially if you have already been using the system for a while (as the hostname can be used in several configuration files other than the two noted).

Ultimate Server Lucid K with OpenVistA EHR

Introduction

This walkthrough is for (K)Ubuntu Lucid 10.04 (32-bit or 64-bit) because the BigBlueButton teleconferencing server requires either Lucid 10.04 (32-bit or 64-bit) or Jaunty 9.04 (32-bit only).

The software updater may prompt you to upgrade the distribution to a newer release (e.g. to Maverick 10.10). This is not recommended because BigBlueButton may then stop functioning properly.

All variables that can be (and usually ought to be) changed are noted in italics. Do not attempt to use any italicized variable exactly as written; all of them are fictitious and will not work (especially for web services)! Create your own variable in place of the italicized one.

Furthermore, this website is viewed by over 20,000 users per month. Don't attempt to use any of the example passwords used here (that would be highly insecure). Create your own passwords.

Install the base OS (Ubuntu Server 10.04 Lucid)

  • Install Ubuntu Lucid Server (32-bit or 64-bit) into its own partition. If you followed the Multiple OS Installation scheme, then the Windows OS will be in partition 1 (and possibly 2, if you have a recovery partition), the /boot partition will be in partition 3, and partition 4 will be an extended partition. The extended partition ought to have been divided into a 2 Gb swap logical partition and 2 equally sized logical partitions for Linux (one for a production partition and one as a test/upgrade partition).
  • For installation it is best if the computer is connected to the Internet by a wired ethernet connection.
  • Hostname: Lucid64Server00
  • Partitioning: Manual
  • Choose the partition created for the new Lucid operating system (e.g. /dev/sda6). Use as: Ext4 journaling file system -> Format the partition: yes, format it -> Mount point: / - the root file system -> Done setting up the partition -> Finish partitioning and write changes to disk -> Write changes to disk?: Yes
  • During the Ubuntu Server installation, install the LAMP server and OpenSSH servers and the PostgreSQL database. Record the system administrator ID/password and the MySQL root (superuser) password. Note the partition name and number (e.g. /dev/sda6).
  • Full name for the new user: Lucidadmin00 -> Username for your account: lucidadmin00 -> Choose a password for the new user: lucidword00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
Note: You could also install the LAMP server stack, the OpenSSH server, or the PostgreSQL database at a later time using the menu-driven installation system:
sudo tasksel
  • Encrypt your home directory: No (this is optional, but on this system the primary user's home directory is not used much so there is little need to encrypt it.)
  • HTTP proxy information -- this is used if your organization has a firewall or other gateway to the outside Internet. A network administrator will have the information for this. Most small businesses will not have such a gateway and it can be left blank, in this case.
  • How do you want to install updates...? No automatic updates

This is, of course, user preference. However, updates are sometimes sent out before they are completely tested with all hardware, which can cause problems with very new or very old hardware. Some systems can be brought to a halt by automatic updates, especially updates of the Linux kernel.

For this reason, complete manual control of updates is highly recommended (on production systems). In fact, many users routinely run two parallel systems (a test system and a production system) and install updates on the test system first (in order to make sure all updates work properly) prior to installing the updates on the production system. This practice is extremely important to ensuring stability on critical systems and servers.

  • Choose software to install:
  • LAMP server (ticked) -> OpenSSH server (ticked) -> PostgreSQL database
  • New password for the MySQL "root" user: lucidsql00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Install the GRUB boot loader to the master boot record? No -> Device for boot loader installation: /dev/sda6
Note: this assumes a /boot partition and multiple partitions. Under the general scheme above, the first free partition will usually be /dev/sda6, but if you already have other OSs or other peculiarities, take extra care during this step.
  • This is the trickiest step of the installation. It is important to set up the Master Boot Loader to recognize the new partition. Re-read the Multiple OS Installation tutorial very carefully and completely. In short, the bootloader needs to be copied to the /boot partition (usually /dev/sda3) and customized there so that it chainloads the bootloader installed locally in your new OS partition (e.g. /dev/sda6). Once this is set up correctly, reboot and the menu will allow booting into the new OS.
  • Login for the first time.
Lucid64Server00: lucidadmin00
Password: lucidword00
  • Shorten the boot time:
sudo nano /etc/default/grub
Change the timeout value:
GRUB_TIMEOUT=1
(Note: Save the changes with CTRL-O then CTRL-X.)
Then regenerate the Grub2 configuration file:
 sudo grub-mkconfig --output=/boot/grub/grub.cfg
  • Update the system.
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install build-essential dkms
sudo reboot
  • Older versions of (K)Ubuntu (Jaunty and earlier) also required:
sudo apt-get install linux-headers-$(uname -r)
sudo reboot

Note: This step was also previously required after every kernel upgrade (as is done automatically if you have enabled automatic updates). If graphics aren't working for any reason, try making sure the headers are installed correctly and updating again.

  • Install the password generator for use with the remainder of the installation.
sudo apt-get install pwgen
  • Many users also generate a password for the root superuser at this time:
sudo passwd root

Add a Kubuntu desktop

  • Install a Kubuntu desktop.
sudo apt-get install kubuntu-desktop

Note: The end user can also install the restricted extras:

sudo apt-get install kubuntu-restricted-extras
  • Reboot the system:
sudo reboot
  • Once the Kubuntu desktop has been installed, all commands can then be entered into the command-line terminal Konsole:
Menu -> System -> Konsole
  • Note: Kubuntu Jaunty included an (automatic) kernel upgrade that at some point disabled the Nvidia graphics drivers (on computers with Nvidia graphics). If this happens for your system, the desktop will be unable to start at bootup and only the command-line will be presented. To correct this problem, merely install the linux-headers again:
sudo apt-get install linux-headers-$(uname -r)
sudo reboot
then the Nvidia graphics drivers should install correctly and the desktop will start normally.

Set networking parameters

sudo gedit /etc/network/interfaces
and edit the lines to resemble:
# iface eth0 inet dhcp
#
iface eth0 inet static
address 192.168.0.99
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
and restart networking:
sudo /etc/init.d/networking restart

Enable BIOS power-up

Power failures happen. It is possible to change the BIOS settings so that after a power failure the computer will automatically powerup and restart to the default OS (as set in the bootloader configuration). This is a critical function for servers. At bootup, enter the BIOS menu using whichevever key is appropriate for your computer's BIOS:

[F2], [F1], [F10], or [DEL] -> Power Management Setup -> PowerOn After Pwr-Fail: On -> Save -> Reboot

Install Firefox

  • Install Firefox:
sudo apt-get install firefox
This can also be done from the Kubuntu desktop menu:
Menu -> Internet -> Install Firefox Web Browser
  • Start Firefox and install security add-ons:
Firefox -> Tools -> Add-ons -> Get Add-ons -> NoScript -> Add to Firefox -> Install
Firefox -> Tools -> Add-ons -> Get Add-ons -> AdBlock Plus -> Add to Firefox -> Install
  • Add a menu item/shortcut to this guide (to enable copying and pasting of the remaining commands directly from the guide) and to the customization guide:
  • Kubuntuguide (Ultimate Server Walkthrough) -- firefox http://kubuntuguide.org/Ultimate_Server_Lucid_K
  • Ultimate Server Customization (Kubuntuguide) -- firefox http://kubuntuguide.org/Ubuntu_Server_Lucid_Customization_OV

Obtain an Internet URL

If a static Internet URL is not available, obtain a dynamic DNS URL. (This must be changed for each OS installation, as it is specific to that installation).

  • Create an email account for administrative use with this server, such as at mail.com, mail.google.com, or mail.yahoo.com. (mylucid.userid00@mail.com / mylucidword000 / 1/1/01 / securityquestionanswer)
  • Create a DynDNS account for use with this server, at DynDNS.org. (myluciddnsid / myluciddnsword / mylucid.userid00@mail.com)

In this walkthrough, several URLs are used. It is possible to create all of them at once at this stage:

  • mylucid00.dyndns.org
  • mylucidbbb00.dyndns.org
  • mylucidmoodle00.dyndns.org
  • mylucidwiki00.dyndns.org
  • mylucidweb00.dyndns.org
  • DynDNS allows 5 free URLs. After installation has been completed, I generally remove mylucidweb00.dyndns.org and create mylucidcalendar00.dyndns.org (for use with DAViCal) instead.

Adjust SSH for remote connections

  • If the OpenSSH server was not installed on your server at initial installation, it can be installed now.
sudo tasksel install openssh-server
  • The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
change the listening port:
Port 22199
and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
to
PasswordAuthentication no
  • Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys

so that it resembles:

AuthorizedKeysFile %h/.ssh/authorized_keys
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
  • Install X11VNC:
sudo apt-get install x11vnc
Add an X11VNC Server menu item with the command:
x11vnc --forever
-> Place in system tray (ticked)
  • Create an SSH keypair for automated login:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
  • Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
  • Leave the passphrase empty
  • Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
(In this instance, user = serveruser = lucidadmin00, so the folder /home/lucidadmin00/.ssh ought to already exist).

Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. lucidadmin00):

cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys
  • Create a test connection:
  • Start the X11VNC Server (as above)
  • Connect VNC through the SSH tunnel with the commands:
ssh -l lucidadmin00 -L 5900:127.0.0.1:5900 mylucid00.dyndns.org -p 22199
vinagre vnc://127.0.0.1

or with a single-line command (which can be placed in a Menu item / shortcut):

ssh -f -l lucidadmin00 -L 5900:127.0.0.1:5900 mylucid00.dyndns.org -p 22199 sleep 5; vinagre vnc://127.0.0.1

Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).

Install the BigBlueButton teleconferencing system

DYNDns.com account -> Add Host Services -> ...
  • Change the Apache listening port during BigBlueButton installation.
sudo kate /etc/apache2/ports.conf
Change the port value:
Listen 82
Restart Apache 2:
sudo /etc/init.d/apache2 restart
  • Obtain and install the BigBlueButton teleconferencing server:
wget http://archive.bigbluebutton.org/bigbluebutton.asc 
sudo apt-key add bigbluebutton.asc 
echo "deb http://archive.bigbluebutton.org/lucid bigbluebutton-lucid main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list
sudo apt-get update 
sudo apt-get install asterisk bigbluebutton
During installation, enter the MySQL "root" user password when prompted: lucidsql00
sudo apt-get install bbb-apps-deskshare
  • On the router, forward ports 81, 1935, 9123 to the LAN IP address of the BBB server (e.g. 192.168.0.99).
  • Edit the Nginx webserver configuration file used for BigBlueButton:
sudo nano /etc/nginx/sites-available/bigbluebutton
and change the listening port:
listen 81; 
Repeat for the default Nginx configuration file:
 sudo nano /etc/nginx/sites-available/default
and change the listening port:
listen 81; 
then restart Nginx:
sudo /etc/init.d/nginx restart
  • Configure the other BBB server components to run on port 81. Use the URL (mylucidbbb00.dyndns.org) that was setup at DYNDns.org:
sudo bbb-conf --setip mylucidbbb00.dyndns.org:81
sudo bbb-conf --clean
  • Change the Apache port back to 80:
sudo nano /etc/apache2/ports.conf
Change the port value:
Listen 80
Restart Apache 2:
sudo /etc/init.d/apache2 restart
  • Add a menu item/shortcut to the BBB server:
  • MyLucid BigBlueButton (Teleconferencing) -- firefox http://mylucidbbb00.dyndns.org:81

Install the Firewall

sudo apt-get install firestarter
  • Start Firestarter:
Menu -> Internet -> Firestarter
and allow the incoming (inbound) and outgoing (outbound) ports:
80, 443, 81, 9123, 1935, 22199

Each port must be separately added as a rule for inbound and outbound traffic. For example, to enable port 80:

Firestarter -> Policy -> Editing: Inbound traffic policy -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Anyone -> Add -> Apply Policy

and

Firestarter -> Policy -> Editing: Outbound traffic policy -> Restrictive by default, whitelist traffic -> Allow service (right click on white box) -> Add rule -> Port: 80 -> When the source is: Firewall host -> Add -> Apply Policy
(Note: It is pointed out to me repeatedly that Firestarter is not being currently updated. However, Firestarter is not the actual firewall. iptables is, and iptables is continually updated as part of the Linux kernel. Firestarter is merely an easy-to-use front-end for editing the iptables rules that has been stable for a long time. Other choices for this task include ufw/gufw (which is markedly more difficult to use, IMO). This is completely an area of user preference. The instructions above for Firestarter are not easily transferable to ufw/gufw.)

Install Moodle

  • Read this Moodle tutorial. Also see this demo site.
  • If the LAMP server stack has not been previously installed, do it now. Make sure the MySQL "root" user password (such as lucidsql00) that is created during this process is recorded for future use.
  • Install:
sudo apt-get install moodle
  • Choose the mysql-server, since it is already installed.
  • Should access to this server be restricted to localhost? No
  • Is your FQDN correct? Yes (don't worry whether it is or isn't -- this can be adjusted later)
  • Should https be required to access this Moodle server? No
  • Should a default database be created for Moodle on localhost? Yes
  • root's MySQL password: lucidsql00
  • Moodle database password: mylucidmoodleword00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Edit the Moodle configuration file:
sudo kate /etc/moodle/config.php
so that the FQDN (in this case the URL) is correctly noted:
$CFG->wwwroot = 'http://mylucid00.dyndns.org/moodle';
  • Finish installation by logging in to the Moodle server at http://localhost/moodle/admin or:
http://mylucid00.dyndns.org/moodle/admin -> Unattended installation? (ticked)
  • Admin user: mylucid00admin
  • Admin password: mylucid00word
  • Admin e-mail: mylucid.userid00@mail.com
  • City: MyTown
  • Site name: My Lucid Moodle 00
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Add the BigBlueButton API:
sudo wget http://www.dualcode.com/bigbluebutton/bigbluebutton.zip
sudo unzip bigbluebutton.zip
sudo mkdir /usr/share/moodle/mod/bigbluebutton
sudo cp -r bigbluebutton/mod/bigbluebutton/* /usr/share/moodle/mod/bigbluebutton/
sudo cp -r bigbluebutton/lang/* /usr/share/moodle/lang/
sudo rm bigbluebutton.zip
sudo rm -r bigbluebutton/*
sudo rmdir bigbluebutton
  • Login to the Moodle site (as an administrator) and load the module:
Moodle -> Site Administration -> Notifications (Make sure to click on Notifications)
-> Activities -> Manage Activities -> BigBlueButton -> Settings
-> Input the IP address/URL of your BigBlueButton server (mylucidbbb00.dyndns.org:81). Do not enter the leading http:// .
-> Input the Security Salt from your BigBlueButton server. This is in a file called “bigbluebutton.properties” on the BigBlueButton server. On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo kate /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties

The security salt string can be found:

beans.dynamicConferenceService.securitySalt=your_number_here

Input that long string of numbers and letters to the field in Moodle.

-> Put a star in the Meeting IDs field. That will allow an unlimited number of rooms to be created. You can also put any number here to restrict how many rooms on your BigBlueButton server you want running at any one time. (This can eventually become important for performance reasons.)
  • In the (Course) Weekly Outline:

-> Add an activity... -> BigBlueButton ->

and set the desired passwords for the meeting, etc.

  • Add a menu item / shortcut to the Moodle server:
  • My Lucid Moodle (Teaching site) -- firefox http://mylucid00.dyndns.org/moodle

Install MediaWiki

  • Read this MediaWiki tutorial. Also see this demo site.
  • If the LAMP server stack has not been previously installed, do it now. Make sure the MySQL "root" user password (such as lucidsql00) that is created during this process is recorded for future use.

Two separate wikis are created. One will be for private internal usage and one for a public audience.

  • Create an additional URLs (Add Host) at DynDNS.com: mylucidwiki00.dyndns.org.
  • Install MediaWiki:
sudo apt-get install mediawiki
sudo a2enmod rewrite
  • Create a folder for each subsite (in this example named private and public.
sudo mkdir /etc/mediawiki/private
sudo mkdir /etc/mediawiki/public
  • Create an upload folder for images in each subwiki folder:
sudo mkdir /etc/mediawiki/private/images
sudo mkdir /etc/mediawiki/public/images
  • Copy a 135x135 image that you wish to use as a wiki logo (in the upper left corner) into the /etc/mediawiki/subwiki/images folder for each subwiki, naming it WikiLogo.png there. For example:
sudo cp ~/Pictures/mybestpic135.png /etc/mediawiki/public/images/WikiLogo.png
sudo cp ~/Pictures/mysecondbestpic135.png /etc/mediawiki/private/images/WikiLogo.png
  • The images folders should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.
sudo chown root:www-data /etc/mediawiki/private/images
sudo chown root:www-data /etc/mediawiki/public/images
sudo chmod 774 /etc/mediawiki/private/images
sudo chmod 774 /etc/mediawiki/public/images
  • Edit the config file so it recognizes MediaWiki:
sudo nano /etc/mediawiki/apache.conf

Uncomment (remove the #) the line:

Alias /mediawiki /var/lib/mediawiki
  • Restart apache2:
sudo /etc/init.d/apache2 restart
  • Run/install MediaWiki from the web browser by logging into:
firefox http://localhost/mediawiki
  • Wiki name: My Lucid Wiki (Private)
  • Contact e-mail: mylucid.userid00@mail.com
  • Admin username: mylucid00admin -> Password: mylucid00word
  • Object caching: No caching
  • E-mail features (all): disabled
  • Database config: MySQL -> Database host: localhost -> Database name: mylucid00wikipriv -> DB username: mylucid00priv -> DB password: mylucid00privword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: lucidsql00 -> Database table prefix: mylucid00prv_
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/private
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_mylucid00private_install.php
  • Repeat the MediaWiki installation from the web browser by again logging into:
firefox http://localhost/mediawiki
  • Wiki name: My Lucid Wiki (Public)
  • Contact e-mail: mylucid.userid00@mail.com
  • Admin username: mylucid00admin -> Password: mylucid00word
  • Object caching: No caching
  • E-mail features (all): disabled
  • Database config: MySQL -> Database host: localhost -> Database name: mylucid00wikipub -> DB username: mylucid00pub -> DB password: mylucid00pubword -> Superuser account: Use superuser account (ticked) -> Superuser name: root -> Superuser password: lucidsql00 -> Database table prefix: mylucid00pub_
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy your local settings configuration file to /etc/mediawiki (and make a backup of the original):
sudo cp /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/public
sudo mv /var/lib/mediawiki/config/LocalSettings.php /var/lib/mediawiki/config/LocalSettings_mylucid00public_install.php
  • The LocalSettings.php configuration file for each wiki must be edited. See this tutorial. There are many security settings that must be changed before going live, or the site will certainly be hacked.
Edit your configuration variables:
sudo kate /etc/mediawiki/private/LocalSettings.php
sudo kate /etc/mediawiki/public/LocalSettings.php
Make sure the following lines are included in the LocalSettings.php file, replacing similar lines that already exist in the file and substituting private or public where appropriate:
# If PHP's memory limit is very low, some operations may fail.
ini_set( 'memory_limit', '96M' );
#
#$wgScriptPath             = "/mediawiki";
$wgScriptPath              = "/private";
$wgLogo                    = "$wgScriptPath/images/WikiLogo.png";
#
$wgUploadDirectory         = $_SERVER['DOCUMENT_ROOT'].'/private/images';
$wgUploadPath              = "$wgScriptPath/images";
#
#Database administrative user/password
$wgDBadminuser             = $wgDBuser;
$wgDBadminpassword         = $wgDBpassword;
#
#These are set for initial maximum security. They can be changed later.
#
#User restrictions
#Account creation by anonymous users
$wgGroupPermissions['*']['createaccount']       = false;
#Account creation by registered users
$wgGroupPermissions['user']['createaccount']    = false;
#Account creation by sysops
$wgGroupPermissions['sysop']['createaccount']   = true;
#
#Anonymous user permissions
$wgGroupPermissions['*']['edit']                = false;
$wgGroupPermissions['*']['createpage']          = false;
$wgGroupPermissions['*']['createtalk']          = false;
#
#Uploads rules
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
#$wgEnableUploads                               = false;
$wgEnableUploads                                = true;
#Only allow restricted uploads
$wgCheckFileExtensions                          = true;
$wgStrictFileExtensions                         = true;
$wgFileExtensions          = array('png', 'gif', 'jpg'); 
#Permissions for uploads
#Not for Anonymous
$wgGroupPermissions['*']['upload']              = false;
$wgGroupPermissions['*']['reupload']            = false;
$wgGroupPermissions['*']['reupload-shared']     = false;
#Uploads (but not re-uploads) for Users
$wgGroupPermissions['user']['upload']           = true;
$wgGroupPermissions['user']['reupload']         = false;
$wgGroupPermissions['user']['reupload-shared']  = false;
#Sysops
$wgGroupPermissions['sysop']['upload']          = true;
$wgGroupPermissions['sysop']['reupload']        = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
#
#For ReCaptcha -- this requires installing the Recaptcha extension
#
#require_once( "$IP/extensions/recaptcha/ReCaptcha.php" );
# Sign up for these at http://recaptcha.net/api/getkey
#$recaptcha_public_key = ' xyxyxyxyxyxyxyxyx ';
#$recaptcha_private_key = ' ababababababababa ';
#
#The clears the cache daily, which I use to change rotating content (pictures, fortunes, etc.) daily.
#
require("includes/GlobalFunctions.php");
$wgCacheEpoch = wfTimestamp( TS_MW, time() - 86400 ); # 60*60*24 = 1 day
In addition, a private wiki page should only be able to be read by registered users, so add these lines to LocalSettings.php for any private subwiki:
#This example will disable viewing of all pages not listed in $wgWhitelistRead, then re-enable for registered users only:
$wgGroupPermissions['*']['read']    = false;
# The following line is not actually necessary, since it's in the defaults. Setting
# '*' to false doesn't disable rights for groups that have the right separately set
# to true!
$wgGroupPermissions['user']['read'] = true;
  • Make symbolic links from the Apache2 folder to the subwiki folders:
sudo mkdir /var/www/Wikis
sudo ln -s /etc/mediawiki/private /var/www/Wikis/private
sudo ln -s /etc/mediawiki/public /var/www/Wikis/public
  • Link the files from your installation directory to each subwiki folder:
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/private/.
sudo ln -s /usr/share/mediawiki/* /etc/mediawiki/public/.
  • Create and edit an Apache2 configuration file (e.g. /etc/apache2/sites-available/wikivirtualhost):
sudo kate /etc/apache2/sites-available/wikivirtualhost
so that the lines are similar to:
<VirtualHost *:80>
UseCanonicalName off
#
DocumentRoot /var/www/Wikis
DirectoryIndex index.php index.html
#
ServerName mylucidwiki00.dyndns.org
ServerAlias *.mylucidwiki00.dyndns.org
# 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]
#
<Directory /var/www/Wikis>
Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
#AllowOverride None
Order allow,deny
allow from all
</Directory>
# 
</VirtualHost>
Pay attention to the rewrite rule:
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]

This is a complex rule that means that as long as the REQUEST_URI (which is the part after the server name, i.e. http://mylucidwiki00.dyndns.org/REQUEST_URI) does not match private or public (the symbol ! means not), then use public as the default directory.

  • Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/wikivirtualhost /etc/apache2/sites-enabled
  • Restart Apache:
sudo /etc/init.d/apache2 restart
  • The two sites will be available:
http://mylucidwiki00.dyndns.org or http://mylucidwiki00.dyndns.org/public
and
http://mylucidwiki00.dyndns.org/private
  • Add menu items / shortcuts to the Wiki(s):
  • My Lucid Wiki (Public) (MediaWiki) -- firefox http://mylucidwiki00.dyndns.org

and

  • My Lucid Wiki (Private) (MediaWiki) -- firefox http://mylucidwiki00.dyndns.org/private

Import Kubuntuguide into your local wiki

  • Read this tutorial on importing Kubuntuguide into the local wiki.
  • Examine the list of wiki pages available at Kubuntuguide:
Kubuntuguide.org -> Toolbox: Special Pages -> All pages

Many of these pages will not be necessary for your private copy. Copy only the names of the wiki pages files you wish to export. The recommended list is below.

  • Export the desired pages from Kubuntuguide as an XML export:
Kubuntuguide.org wiki -> Toolbox: Special Pages -> Export pages

(Note: This list of (English-language) wiki pages was accurate for the recent Lucid version. You may want to check all pages to see if something you want is missing from this list.)

All
Boot from a Live CD
Multiple OS Installation
Multiple OS Installation Jaunty
Lucid Multiple OS Installation
Manipulating Partitions
Virtualbox in Windows
Android emulation
Dolphin file manager
Screencasts
Netflix
Video Conversion
Video ripping tips‎
Streamripper
EBook Conversion
Transparent Image Backgrounds
Email with PGP
Tor
Anonymous email
Malware
Kwooty
Mail Server setup
Wink 64bit
Remastersys
Dynamic IP servers
FTP tips
KTorrent
Using SSH to Port Forward
Limit the user accounts that can connect through OpenSSH remotely
OpenVPN server Jaunty
OpenVPN server Karmic
WebDAV
Ia32libs
Ultimate Server Jaunty
Ultimate Server Jaunty K
Ultimate Server Jaunty with OpenVistA EHR
Ultimate Server Jaunty K with OpenVistA EHR
Ultimate Server Jaunty Customization
Ultimate Server Jaunty Customization OV
Ultimate Server Lucid K
Ultimate Server Lucid K with OpenVistA EHR
Ultimate Server Lucid Customization
Ultimate Server Lucid Customization OV
Apache2 reverse proxies
MediaWiki tips
Mediawiki site building tips
Collections tips
PdfBook tips
Drupal6 tips
Drupal site building tips
Installing Drupal on a shared webhost
Old Drupal6 tips
Moodle tips
Fortune
DAViCal tips
DAViCal current version
BigBlueButton
WebHuddle tips
OpenVistA EHR‎
WorldVistA tips
Ubuntu-Med FAQ
Skulltag tips
MFC-7820N
Upgrades
Kubuntuguide XML exports
Kubuntuguide page lists
Malicious commands to avoid
DefaultApplications
Main Page
Kubuntuguide
Template:K All/Introduction
Template:Kubuntuguide core wikipages
Template:Kubuntuguide Language wikipages
Template:Kubuntuguide Hardy wikipages
Template:Kubuntuguide Hardycore wikipages
Template:Kubuntuguide HardyLanguages
Template:Kubuntuguide Jaunty wikipages
Template:Kubuntuguide Jauntycore wikipages
Template:Kubuntuguide JauntyLanguages
Template:Kubuntuguide Karmic wikipages
Template:Kubuntuguide Karmiccore wikipages
Template:Kubuntuguide KarmicLanguages
Template:Kubuntuguide Lucid wikipages
Template:Kubuntuguide Lucidcore wikipages
Template:Kubuntuguide LucidLanguages
Template:Kubuntuguide Maverick wikipages
Template:Kubuntuguide Maverickcore wikipages
Template:Kubuntuguide MaverickLanguages
Template:Kubuntuguide Natty wikipages
Template:Kubuntuguide Nattycore wikipages
Template:Kubuntuguide NattyLanguages
Template:Kubuntuguide Oneiric wikipages
Template:Kubuntuguide Oneiriccore wikipages
Template:Kubuntuguide OneiricLanguages
Template:Kubuntuguide Precise wikipages
Template:Kubuntuguide Precisecore wikipages
Template:Kubuntuguide PreciseLanguages
Template:Ultimate Server Jaunty Core
Template:USJ Customize Core
Template:USJ Customize NewUser
Template:USJ Customize OV
Template:USJ Adjust SSH‎
Template:USJ New SSH Users‎
Template:USJ networking‎
Template:Ultimate Server Lucid Core
Template:USL Customize Core
Template:USL Customize NewUser
Template:USL Customize OV
Template:USL Adjust SSH‎
Template:USL New SSH Users‎
Template:USL networking‎
Template:OpenVistA EHR‎
Template:OpenVistA Server functions‎
Template:Android emulation
Template:WorldVistA
Template:Licenses
Template:Drupal BBB
Template:Moodle installation
Template:PartitionDesign
Template:WindowsPartitions
Template:Streamripper
Template:Dolphin file manager
Template:KTorrent
Template:Netflix
Template:Ia32libs
Template:Tor
Template:Anonymous email
Template:Malware
Template:K RegisterHeader
VirtualServers
Lucid
Template:K Lucid/Administration
Template:K Lucid/Introduction
Template:K Lucid/General
Template:K Lucid/OtherVersions
Template:K Lucid/OtherResources
Template:K Lucid/Installation
Template:K Lucid/Repositories
Template:K Lucid/Packages
Template:K Lucid/DesktopAddons
Template:K Lucid/Requests
Template:Lucid/Virtualization
Template:K Lucid/EdutainmentIntro
Template:Lucid/Edutainment
Template:Lucid/Games
Template:K Lucid/Internet
Template:Lucid/Videoconferencing
Template:K Lucid/Privacy
Template:K Lucid/ProprietaryExtras
Template:K Lucid/Troubleshooting
Template:K Lucid/Graphics
Template:Lucid/Screencapture
Template:Lucid/Video
Template:Lucid/Audio
Template:Lucid/AudioVideoConversion
Template:K Lucid/CD DVD
Template:K Lucid/Music
Template:Lucid/MediaCenters
Template:Lucid/HomeAutomation
Template:Lucid/Office
Template:Lucid/Financial
Template:Lucid/Groupware
Template:Lucid/Wiki
Template:Lucid/WebPublishing
Template:K Lucid/Maps
Template:Lucid/Development
Template:Lucid/Science
Template:Lucid/MiscApps
Template:K Lucid/Utilities 
Template:Lucid/Backup
Template:Lucid/Hardware
Template:Lucid/Networking
Template:Lucid/NetworkAdmin
Template:Lucid/Servers
-> Include only the current revision, not the full history (ticked) -> Offer to save as a file: (ticked) -> Export -> Save file
-> Kubuntuguide-xxxxx.xml
  • Import the Kubuntuguide XML export file into the local wiki:
Local wiki -> log in -> Username: wikiadmin -> Password: wikiadminpassword -> Log in
-> Special Pages -> Page Tools -> Import pages -> Browse -> Kubuntuguide-xxxxx.xml -> Open -> Upload file
  • Edit the Main Page of the wiki and add a link to the online Kubuntuguide as well as the imported copy:
*[[Lucid|Kubuntuguide Lucid (local copy for editing)]]
*[http://kubuntuguide.org/Lucid Kubuntuguide Lucid (online)]

The idea is to edit the locally stored Kubuntuguide as you customize your system. It can also serve as a template and an example of how to use the MediaWiki wiki.

  • Edit the local copy of Kubuntuguide to hide irrelevant links. In MediaWiki, use the <!---> and <---> tags to comment out instructions or text that should not be displayed. Example:
Kubuntuguide Lucid (local copy for editing) -> edit ->
 <!--->{{LucidLynxLanguageBar|languages=Languages:|InProgress=In progress:}}<--->

Install Drupal6

  • Read this Drupal6 tutorial. Also see this demo site.
  • If the LAMP server stack has not been previously installed, do it now. Make sure the MySQL "root" user password (such as lucidsql00) that is created during this process is recorded for future use.
  • Create two additional URLs (Add Hosts) at DynDNS.com: mylucid00.dyndns.org and mylucidweb00.dyndns.org
  • Install Drupal6 and the first website (mylucid00.dyndns.org).
sudo apt-get install drupal6
Configure database for drupal6 with dbconfig-common? Yes
Database type to be used by Drupal6: mysql
Password of your database's administrative user: lucidsql00
MySQL application password for drupal6: mylucid00drupalword
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Copy the /etc/drupal/6/sites/default folder to the first subsite (in this example named mylucid00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/mylucid00.dyndns.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/mylucid00.dyndns.org/files
sudo mkdir /etc/drupal/6/sites/mylucid00.dyndns.org/files
sudo chown root:www-data /etc/drupal/6/sites/mylucid00.dyndns.org/files
sudo chmod 774 /etc/drupal/6/sites/mylucid00.dyndns.org/files
  • Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/mylucid00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mybestpic110.png /etc/drupal/6/sites/mylucid00.dyndns.org/files/WebLogo.png
  • The permissions of the settings.php and dbconfig.php files must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/mylucid00.dyndns.org/settings.php
sudo chmod 777 /etc/drupal/6/sites/mylucid00.dyndns.org/dbconfig.php
  • Create a virtual host file for the new sites:
sudo kate /etc/apache2/sites-available/drupal6virtualhost

Add the lines:

#
# Virtual hosting configuration for Drupal6
#
#
<VirtualHost *:80>
ServerAdmin mylucid.userid00@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName mylucid00.dyndns.org
ServerAlias *.mylucid00.dyndns.org mylucid00.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
#
<VirtualHost *:80>
ServerAdmin mylucid.userid00@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName mylucidweb00.dyndns.org
ServerAlias *.mylucidweb00.dyndns.org mylucidweb00.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
  • Remember that your virtual host configuration file won't be active until you make a symbolic link:
sudo ln -s /etc/apache2/sites-available/drupal6virtualhost /etc/apache2/sites-enabled
  • Restart Apache:
sudo /etc/init.d/apache2 restart
  • Install the first website through the web browser:
firefox http://mylucid00.dyndns.org/install.php
Site Name: My Lucid 00
Site e-mail address: mylucid.userid00@mail.com
Administrator Account Username: mylucid00admin -> Password: mylucid00word
Clean URLs: Enabled
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/mylucid00.dyndns.org/settings.php
sudo chown root:www-data /etc/drupal/6/sites/mylucid00.dyndns.org/dbconfig.php
sudo chmod 740 /etc/drupal/6/sites/mylucid00.dyndns.org/dbconfig.php
  • While still logged in as an administrator, update the database:
http://mylucid00.dyndns.org/update.php
  • Now you will re-install a new database for each planned subsite.:
sudo dpkg-reconfigure drupal6
  • Re-install database for drupal6? Yes
  • Database type to be used by drupal6: mysql
  • Connection method for MySQL database of drupal6: unix socket
  • Name of your database's administrative user: root
  • Password of your database's administrative user: lucidsql00
  • username for drupal6: drupal6b
  • database name for drupal6: drupal6b
  • Copy the /etc/drupal/6/sites/default folder to the second subsite (in this example named mylucidweb00.dyndns.org).
sudo cp -r /etc/drupal/6/sites/default /etc/drupal/6/sites/mylucidweb00.dyndns.org
  • Remove the symbolic link and create a new files folder. The files folder should belong to the group www-data, and the group should have "Can View & Modify Content" permissions.:
sudo rm /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
sudo mkdir /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
sudo chown root:www-data /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
sudo chmod 774 /etc/drupal/6/sites/mylucidweb00.dyndns.org/files
  • Copy a 110x110 image that you wish to use as a logo (in the upper left corner) into the /etc/drupal/6/sites/mylucidweb00.dyndns.org/files folder, naming it WebLogo.png there. For example:
sudo cp ~/Pictures/mysecondbestpic110.png /etc/drupal/6/sites/mylucidweb00.dyndns.org/files/WebLogo.png
  • The permissions of the settings.php and dbconfig.php must be unrestricted during installation:
sudo chmod 777 /etc/drupal/6/sites/mylucidweb00.dyndns.org/settings.php
sudo chmod 777 /etc/drupal/6/sites/mylucidweb00.dyndns.org/dbconfig.php
  • Install the second website through the web browser:
firefox http://mylucidweb00.dyndns.org/install.php
Site Name: My Lucid Web 00
Site e-mail address: mylucid.userid00@mail.com
Administrator Account Username: mylucid00admin -> Password: mylucid00word
Clean URLs: Enabled
(Note: You could also generate a random password and use it here. Just be sure to record it in an accessible location.)
  • Makes sure only administrators can create new accounts initially, or you will have lots of new guest within the first 30 minutes of being live.
Drupal -> Administer -> User management -> User settings -> Only site administrators can create new accounts
  • The permissions of the settings.php and dbconfig.php files must be restricted after installation:
sudo chmod 744 /etc/drupal/6/sites/mylucidweb00.dyndns.org/settings.php
sudo chown root:www-data /etc/drupal/6/sites/mylucidweb00.dyndns.org/dbconfig.php
sudo chmod 740 /etc/drupal/6/sites/mylucidweb00.dyndns.org/dbconfig.php
  • While still logged in as an administrator, update the database:
http://mylucidweb00.dyndns.org/update.php
  • This process can be repeated if desired (if enough URLs are available).
  • The two websites will be available from the web:
http://mylucid00.dyndns.org
and
http://mylucidweb00.dyndns.org
  • Set up the cron task for each site:
sudo crontab -e

And add the lines (with the nano editor, or the one you prefer):

45 * 18 * * /usr/bin/wget -O - -q -t 1 http://mylucid00.dyndns.org/cron.php
45 * 19 * * /usr/bin/wget -O - -q -t 1 http://mylucidweb00.dyndns.org/cron.php
this will run the scripts separately, at 45 minutes after the 1800 hour and the 1900 hour every day (each site at a different hour).
  • After all sites are installed, create an /etc/drupal/6/sites/all folder in which to store shared modules and themes. Copy the folders:
sudo mkdir /etc/drupal/6/sites/all
sudo mkdir /etc/drupal/6/sites/all/modules
sudo mdkir /etc/drupal/6/sites/all/themes
and (optionally) make a directory for shared files:
sudo mkdir /etc/drupal/6/sites/all/files
sudo chmod 777 /etc/drupal/6/sites/all/files
then update each website again (while logged in as the administrator for each website).
http://mylucid00.dyndns.org/update.php
http://mylucidweb00.dyndns.org/update.php
  • Change theme and add WebLogo:
Drupal -> Administer -> Themes -> Garland -> configure -> color set: Ash -> Logo image settings -> Use the default logo: (unticked)
-> Path to custom logo: sites/mylucid00.dyndns.org/files/WebLogo.png
  • Add Ubercart online store.
  • Install PayPal cURL-php library pre-requisite (see this link for more info):
sudo apt-get install php5-curl
sudo /etc/init.d/apache2 restart
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/bbb-6.x-1.x-dev.tar.gz
sudo tar zxvf bbb-6.x-1.x-dev.tar.gz
sudo rm bbb-6.x-1.x-dev.tar.gz
Note: Enable permissions for added modules update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Big Blue Button -> select the Big Blue Button module functions you intend to use

then update:

http://mylucid00.dyndns.org/update.php
  • Test the BigBlueButton settings:
Drupal -> Site administration -> Site configuration -> BigBlueButton Conferencing
-> Base URL: http://mylucidbbb00.dyndns.org:81/bigbluebutton/
-> Change the Security Salt (found in a file called “bigbluebutton.properties” on the BigBlueButton server). On my Ubuntu server I found it at /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties:
sudo kate /var/lib/tomcat6/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
Copy the security salt number found in the setting:
beans.dynamicConferenceService.securitySalt=your_security_salt_number_here
-> Save configuration -> Test connection
  • Create a new content type named Teleconference:
Drupal -> Administer -> Content management -> Content types -> Add content type

-> Name: Teleconference -> Type: teleconference -> Big Blue Button settings -> Treat this node type as conference: (ticked) -> Show links to join / start a meeting beneath the node: (ticked) -> Display meeting status on node: (ticked) -> Save content type

  • Create a new node of content type Teleconference:

Drupal -> Create content -> Teleconference -> Conference settings -> ...

  • Add a Welcome page and a link to public wiki
Drupal -> Create Content -> Page -> Welcome -> ... -> Promoted to front page (ticked) -> Save
Drupal -> Administer -> Site building -> Menus -> Primary links -> Add item -> Path: http://mylucidwiki00.dyndns.org/public -> Menu link title: My Lucid Wiki -> Weight: 10 -> Save
  • Add menu items / shortcuts to the Drupal Website(s):
  • My Lucid Website (Public) (Drupal) -- firefox http://mylucid00.dyndns.org
and
  • My Lucid Website (Private) (Drupal) -- firefox http://mylucidweb00.dyndns.org
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/token-6.x-1.12.tar.gz
sudo tar zxvf token-6.x-1.12.tar.gz
sudo rm token-6.x-1.12.tar.gz
cd /etc/drupal/6/sites/all/modules
sudo wget http://ftp.drupal.org/files/projects/ubercart-6.x-2.0.tar.gz
sudo tar zxvf ubercart-6.x-2.0.tar.gz
sudo rm ubercart-6.x-2.0.tar.gz
Note: You must Enable permissions for added modules update and adjust permissions after module installation.
Drupal -> Administer -> Modules -> Ubercart -> select the Ubercart module functions you intend to use

then update:

http://mylucid00.dyndns.org/update.php
Drupal -> Administer -> Store administration
  • Further customize each website by installing the modules as detailed here.

Install ddclient

sudo apt-get install ddclient
Dynamic DNS service provider: www.dyndns.com
DynDNS fully qualified domain names: mylucid00.dyndns.org, mylucidweb00.dyndns.org, mylucidwiki00.dyndns.org, mylucidbbb00.dyndns.org, mylucidmoodle00.dyndns.org
Username for dynamic DNS service: myluciddnsid -> Password: myluciddnsword
Network interface (eth0, wlan0, etc.) used for dynamic DNS service: eth0
  • Edit the ddclient configuration file:
sudo kate /etc/ddclient.conf
so that it resembles:
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
#
daemon=3600
ssl=yes
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
pid=/var/run/ddclient.pid
protocol=dyndns2
#use=if, if=eth0
server=members.dyndns.org
login=myluciddnsid
password=' myluciddnsword '
# mylucid00.dyndns.org,mylucidweb00.dyndns.org,mylucidwiki00.dyndns.org,mylucidbbb00.dyndns.org,mylucidmoodle00.dyndns.org
mylucid00.dyndns.org,mylucidcalendar00.dyndns.org,mylucidwiki00.dyndns.org,mylucidbbb00.dyndns.org,mylucidmoodle00.dyndns.org
Note: There are companies on the Internet other than DynDNS.com that provide Dynamic DNS services as well (but several of them are very unreliable, in my experience). DynDNS.com is one of the oldest and most stable. I have found it convenient to forward my URLs (that I already had at other DNS providers) to the DynDNS URLs created in this walkthrough. However, if your original DNS provider supports reliable Dynamic DNS services, you may be able to get it to work with ddclient as well. See the instructions in the tutorial.

Add menu items for websites

Add a menu item for each website:

  • My Lucid 00 (Drupal6 Website) -- firefox http://mylucid00.dyndns.org
  • My Lucid 00 Web (Drupal6 Website) -- firefox http://mylucidweb00.dyndns.org
  • My Lucid 00 BBB (BigBlueButton Teleconferencing) -- firefox http://mylucidbbb00.dyndns.org:81
  • My Lucid 00 Wiki (Public) -- firefox http://mylucidwiki00.dyndns.org
  • My Lucid 00 Wiki (Private) -- firefox http://mylucidwiki00.dyndns.org/private
  • My Lucid 00 Moodle (Teaching site) -- firefox http://mylucidmoodle00.dyndns.org

Add Audacious audio player

  • This is an optional component. I use this to stream music from Shoutcast Internet Radio to the office stereo system by plugging the computer output jack into the office stereo input jack. Install:
sudo apt-get install audacious audacious-plugins
  • Change the Audacious audio to ALSA (unless you are willing to configure PulseAudio) and use the classic skin:
Audacious -> Preferences -> Audio -> Current audio plugin: ALSA Output Plugin
-> Appearance -> Classic -> Close
  • Using the Menu Editor, create a menu item to Shoutcast Internet Radio with the command:
firefox http://classic.shoutcast.com
  • Start Shoutcast Internet Radio and click on a radio station. When prompted for the file association, choose Audacious:
"You have chose to open shoutcast-playlist.pls which is a: PLS file. What should Firefox want do with this file?" -> Open with ... -> Browse -> File system... -> usr -> bin -> audacious -> Open -> Do this automatically for files like this from now on: (ticked) -> OK

Install DAViCal group calendar server

If a full groupware server (Kolab, eGroupware, or Zimbra) is to be installed, there is no need for DaviCal. As a standalone group calendar server, though, it can't be beat.

Allow Reverse proxies

If you have one LAN router that forwards all port 80 traffic to a single server yet you have multiple physical servers on the LAN (each using their own set of URLs), then the primary server (to which all port 80 traffic is sent) will have to act as a reverse proxy for the other servers. This is accomplished through Apache2 reverse proxies. See this tutorial.

Adding new SSH users

  • On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as mylucidguestpassword):
sudo useradd -m mylucid00guest
sudo passwd mylucid00guest
sudo mkdir /home/mylucid00guest/.ssh
sudo chmod 777 /home/mylucid00guest/.ssh
  • Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
to
PasswordAuthentication yes
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

From the new Linux user's client computer:

ssh-keygen
scp -P 22199 ~/.ssh/id_rsa.pub mylucid00guest@mylucid00.dyndns.org:~/.ssh/id_rsa.pub
When prompted, of course, the guest password, mylucidguestpassword, should be entered.
  • Back on the server (logged in as the administrator lucidadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config

Change the line:

PasswordAuthentication yes
to
PasswordAuthentication no
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

It is then usually best (for security reasons) to now change the guest password to something completely different:

sudo passwd mylucid00guest
  • Copy the new id_rsa.pub key to the mylucid00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/mylucid00guest/.ssh/id_rsa.pub /home/lucidadmin00/.ssh/id_rsaguest.pub
sudo chown -R lucidadmin00 /home/lucidadmin00
cd ~/.ssh
cat authorized_keys id_rsaguest.pub >> authorized_keys

Note: this new /home/lucidadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.

  • If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.

Add security scanners

  • Don't believe the hype about Linux being free from viruses, trojans, and rootkits. They happen (although less common than in other operating systems). The biggest risk comes from installing software from repositories other than official Ubuntu repositories. Be careful. Here are some recommended security utilities:
  • KlamAV is the KDE/Kubuntu frontend for ClamAV anti-virus suite. Install:
sudo apt-get install klamav
Run:
Menu -> System -> KlamAV Anti-Virus Manager
  • Rkhunter is a rootkit hunter. Install and run:
sudo apt-get install rkhunter
sudo rkhunter
  • Chkrootkit is another rootkit hunter. Install and run:
sudo apt-get install chkrootkit
sudo ./chkrootkit

Install an EHR (Electronic Health Record) system

  • Although these instructions are for OpenVistA EHR, other VistA EHR derivatives can be installed in a somewhat similar fashion.
  • The OpenSSH server was set to listen on port 22199. Make sure the router forwards port 22199 to this computer's LAN IP address. The OpenSSH server will be reached by tunneling to myjaunty00.dyndns.org using port 22199.

Install OpenVistA server

sudo apt-get install xinetd update-inetd whois apache2-suexec
  • Note: The Astronaut installer checks for an open port 9260 and it will not proceed if it is closed. Re-enable the firewall (i.e. ok to close port 9260 again) after installation is complete.
  • A package can be installed directly from the Astronaut VistA repositories (replace lucid with karmic if using Karmic Koala 9.10) by adding the repository:
sudo echo "deb http://software.astronautvista.com/deb lucid main" >> /etc/apt/sources.list.d/lucid-partner.list
sudo apt-get update
then installing the Astronaut version of the OpenVistA server:
sudo apt-get install astronaut-ov-server-beta
Note: During the VistA server installation, you may wish to save (as a text file) the installation notes that are displayed for future reference.
  • Change the passwords for the server login IDs.
sudo passwd text9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd client9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd openvistaEHR
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
  • Create a Menu Item / Shortcut for text 9260:
su text9260
Name this Menu Item: VistA Server Admin (text9260). Make sure to set Advanced -> Run in terminal (ticked).
The password set in the previous step (for text9260) will be required upon logging in.
  • Create a Menu Item / shortcut for VistA Commander:
/opt/openvista/EHR/bin/vista_com.sh
Name this Menu Item: VistA Commander Server Admin. Make sure to set Advanced -> Run in terminal (ticked).

Install OpenVistA-CIS Linux client

sudo apt-get install mono-runtime libmono-corlib2.0-cil libgtk2.0-cil libglade2.0-cil libmono-cairo2.0-cil libmono-winforms2.0-cil libmono-system-runtime2.0-cil
  • Create directories then download and unzip the OpenVistA-CIS binaries into them:
sudo mkdir /etc/openvistacisclient
cd /etc/openvistacisclient
sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-client.zip/download
sudo unzip openvistacis-0.9.96-client.zip

and

sudo mkdir /etc/openvistacisvitals
cd /etc/openvistacisvitals
sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-vitals.zip/download
sudo unzip openvistacis-0.9.96-vitals.zip
  • Create Menu shortcuts:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client (localhost connection)
-> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9260
-> Advanced -> Work path: /etc/openvistacisclient

and

Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals (localhost connection)
-> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9260
-> Advanced -> Work path: /etc/openvistacisvitals

Note: When running from a menu item shortcut, make sure you set the directory as the workpath. I place the menu items in a separate submenu named EHR. Although the OpenVistA-CIS client uses port 9201 by default, the Astronaut OpenVistA server uses port 9260 by default.

Note: If you wish to connect directly through the network (without using an SSH tunnel), merely replace --server=127.0.0.1 with --server=myjaunty00.dyndns.org and make sure the LAN's router forwards port 9260 to the LAN IP address of the server (and make sure that all firewalls allow port 9260 to be open).

  • Use your Access Code / Verify Code as the LoginID / Password ( default at installation for Astronaut systems is sys.admin / vista!123 ). This should be changed at the initial connection, e.g. to vista!456.

Connecting through an SSH tunnel

This method is necessary to connect remote clients to the server through a secure, encrypted tunnel. It is worthwhile to test this connection method by setting it up on the server, as well. Make sure your router is forwarding (to your server) the SSH port you selected (in these examples port 22199).

  • In order to maintain the Astronaut structure, copy the (previously created) SSH authorized_keys file to the .ssh folders for client9260 and text9260 (where serveruser = jauntyadmin00 on this server):
sudo mkdir /home/client9260
sudo mkdir /home/client9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/client9260/.ssh/
sudo chown -R client9260 /home/client9260

and

sudo mkdir /home/text9260
sudo mkdir /home/text9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/text9260/.ssh/
sudo chown -R text9260 /home/text9260
  • Restart the OpenSSH server:
sudo /etc/init.d/ssh restart
ssh -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
  • Create Menu shortcuts for use when connecting through the SSH tunnel:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client
-> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
-> Advanced -> Work path: /etc/openvistacisclient

and

Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals
-> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9201
-> Advanced -> Work path: /etc/openvistacisvitals
  • Create a Menu Item / Shortcut with the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
but with Advanced -> Work path: /etc/openvistacisclient configured in the Menu Item / Shortcut settings. It is not necessary to have the Advanced -> Run in terminal box ticked.
  • It is also possible to use the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono /etc/openvistacisclient/OpenVistaCIS.exe --server=127.0.0.1 --port=9201
  • Create Menu shortcuts for the Text9260 Server Admin client (a text-based SSH tunnel). This will be the method used to logon (in text mode) directly to the OpenVistA Server for administrative functions:
Menu Editor -> New item
-> General -> Name: OpenVistA Server (localhost)
-> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 127.0.0.1 -p 22199
-> Advanced -> Run in terminal: (ticked)

and

Menu Editor -> New item
-> General -> Name: OpenVistA Server (network)
-> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
-> Advanced -> Run in terminal: (ticked)

When logging on, the ACCESS CODE / VERIFY CODE are the same as at the initial logon (sys.admin and vista!123 (or vista!456 if changed as in the above section)). The exit key for the OpenVistA server functions is ^ .

For more info about the OpenVistA Server functions, see here.

Note: While the text9260 SSH tunnel is open, it is also possible to simultaneously run the OpenVistA-CIS Client (using the menu shortcut created above which contains the command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201).

  • To access the OpenVistA Server from a Windows machine, use the Astronaut Clients (and the Windows OpenVistA-CIS clients). See here and here.

Adjust Login Manager IDs

  • The two IDs text9260 and client9260 are meant to act as interfaces to the GT.M (MUMPS) database and not as login IDs for the GUI desktop. In fact, a user that logs into them can alter their settings accidentally. It is therefore better to exclude these two IDs from the Login Manager. It is also not necessary to have the openvistaEHR login ID enabled (although there is no harm in logging into this account).
Menu -> System -> System Settings -> Advanced -> Login Manager -> Users -> Excluded users -> client9260 (ticked) -> text9260 (ticked) -> openvistaEHR (ticked)
The accounts will remain active but will not show up on the Login screen.

Changing passwords and other customization

Other resources

OpenVistA EHR

These instructions are adapted from the Ultimate Server with OpenVistA EHR and are oriented towards that framework. However, the instructions should be applicable (without installing the entire server platform) on all versions of Ubuntu/Kubuntu. Settings listed in italics are meant to be customized for your system. Always use secure unique IDs and passwords.

  • OpenVistA can also be installed using the Medsphere repositories. (Use karmic, jaunty, or maverick repositories instead of lucid if using one of those versions.)
wget -q -O - http://mirrors.medsphere.org/pub/msc-repo-key@medsphere.com | sudo apt-key add -
echo "deb http://mirrors.medsphere.org/pub/apt/ubuntu lucid main" | sudo tee /etc/apt/sources.list.d/openvistaehr.list
sudo apt-get update
sudo apt-get install openvista-utils

Install pre-requisites

  • Although the OpenVistA server can be installed and run on an Ubuntu server without a GUI desktop, I don't recommend it. It is a GUI-based system and it is difficult to troubleshoot it if no GUI desktop is installed. Therefore, make sure you have a ubuntu-desktop (or kubuntu-desktop) installed on your Ubuntu server.
  • Apache2 is required. It can be installed individually (sudo apt-get install apache2) or as part of a LAMP (Linux, Apache2, MySQL, PHP) installation:
sudo apt-get install tasksel
sudo tasksel install lamp-server
sudo apt-get install tasksel
sudo tasksel install openssh-server
  • VistA is made for a 32-bit operating system. If you are using a 64-bit Ubuntu operating system, then also install ia32-libs:
sudo apt-get ia32-libs

Set networking parameters

sudo gedit /etc/network/interfaces
and edit the lines to resemble:
# iface eth0 inet dhcp
#
iface eth0 inet static
address 192.168.0.99
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
and restart networking:
sudo /etc/init.d/networking restart

Adjust SSH for remote connections

  • If the OpenSSH server was not installed on your server at initial installation, it can be installed now.
sudo tasksel install openssh-server
  • The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
change the listening port:
Port 22199
and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
to
PasswordAuthentication no
  • Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys

so that it resembles:

AuthorizedKeysFile %h/.ssh/authorized_keys
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
  • Install X11VNC:
sudo apt-get install x11vnc
Add an X11VNC Server menu item with the command:
x11vnc --forever
-> Place in system tray (ticked)
  • Create an SSH keypair for automated login:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
  • Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
  • Leave the passphrase empty
  • Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
(In this instance, user = serveruser = lucidadmin00, so the folder /home/lucidadmin00/.ssh ought to already exist).

Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. lucidadmin00):

cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys
  • Create a test connection:
  • Start the X11VNC Server (as above)
  • Connect VNC through the SSH tunnel with the commands:
ssh -l lucidadmin00 -L 5900:127.0.0.1:5900 mylucid00.dyndns.org -p 22199
vinagre vnc://127.0.0.1

or with a single-line command (which can be placed in a Menu item / shortcut):

ssh -f -l lucidadmin00 -L 5900:127.0.0.1:5900 mylucid00.dyndns.org -p 22199 sleep 5; vinagre vnc://127.0.0.1

Note: vinagre -- fullscreen vnc://127.0.0.1 will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).

Install an EHR (Electronic Health Record) system

  • Although these instructions are for OpenVistA EHR, other VistA EHR derivatives can be installed in a somewhat similar fashion.
  • The OpenSSH server was set to listen on port 22199. Make sure the router forwards port 22199 to this computer's LAN IP address. The OpenSSH server will be reached by tunneling to myjaunty00.dyndns.org using port 22199.

Install OpenVistA server

sudo apt-get install xinetd update-inetd whois apache2-suexec
  • Note: The Astronaut installer checks for an open port 9260 and it will not proceed if it is closed. Re-enable the firewall (i.e. ok to close port 9260 again) after installation is complete.
  • A package can be installed directly from the Astronaut VistA repositories (replace lucid with karmic if using Karmic Koala 9.10) by adding the repository:
sudo echo "deb http://software.astronautvista.com/deb lucid main" >> /etc/apt/sources.list.d/lucid-partner.list
sudo apt-get update
then installing the Astronaut version of the OpenVistA server:
sudo apt-get install astronaut-ov-server-beta
Note: During the VistA server installation, you may wish to save (as a text file) the installation notes that are displayed for future reference.
  • Change the passwords for the server login IDs.
sudo passwd text9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd client9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd openvistaEHR
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
  • Create a Menu Item / Shortcut for text 9260:
su text9260
Name this Menu Item: VistA Server Admin (text9260). Make sure to set Advanced -> Run in terminal (ticked).
The password set in the previous step (for text9260) will be required upon logging in.
  • Create a Menu Item / shortcut for VistA Commander:
/opt/openvista/EHR/bin/vista_com.sh
Name this Menu Item: VistA Commander Server Admin. Make sure to set Advanced -> Run in terminal (ticked).

Install OpenVistA-CIS Linux client

sudo apt-get install mono-runtime libmono-corlib2.0-cil libgtk2.0-cil libglade2.0-cil libmono-cairo2.0-cil libmono-winforms2.0-cil libmono-system-runtime2.0-cil
  • Create directories then download and unzip the OpenVistA-CIS binaries into them:
sudo mkdir /etc/openvistacisclient
cd /etc/openvistacisclient
sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-client.zip/download
sudo unzip openvistacis-0.9.96-client.zip

and

sudo mkdir /etc/openvistacisvitals
cd /etc/openvistacisvitals
sudo wget http://sourceforge.net/projects/openvista/files/OpenVista%20CIS/1.0%20RC2/openvistacis-0.9.96-vitals.zip/download
sudo unzip openvistacis-0.9.96-vitals.zip
  • Create Menu shortcuts:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client (localhost connection)
-> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9260
-> Advanced -> Work path: /etc/openvistacisclient

and

Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals (localhost connection)
-> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9260
-> Advanced -> Work path: /etc/openvistacisvitals

Note: When running from a menu item shortcut, make sure you set the directory as the workpath. I place the menu items in a separate submenu named EHR. Although the OpenVistA-CIS client uses port 9201 by default, the Astronaut OpenVistA server uses port 9260 by default.

Note: If you wish to connect directly through the network (without using an SSH tunnel), merely replace --server=127.0.0.1 with --server=myjaunty00.dyndns.org and make sure the LAN's router forwards port 9260 to the LAN IP address of the server (and make sure that all firewalls allow port 9260 to be open).

  • Use your Access Code / Verify Code as the LoginID / Password ( default at installation for Astronaut systems is sys.admin / vista!123 ). This should be changed at the initial connection, e.g. to vista!456.

Connecting through an SSH tunnel

This method is necessary to connect remote clients to the server through a secure, encrypted tunnel. It is worthwhile to test this connection method by setting it up on the server, as well. Make sure your router is forwarding (to your server) the SSH port you selected (in these examples port 22199).

  • In order to maintain the Astronaut structure, copy the (previously created) SSH authorized_keys file to the .ssh folders for client9260 and text9260 (where serveruser = jauntyadmin00 on this server):
sudo mkdir /home/client9260
sudo mkdir /home/client9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/client9260/.ssh/
sudo chown -R client9260 /home/client9260

and

sudo mkdir /home/text9260
sudo mkdir /home/text9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/text9260/.ssh/
sudo chown -R text9260 /home/text9260
  • Restart the OpenSSH server:
sudo /etc/init.d/ssh restart
ssh -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
  • Create Menu shortcuts for use when connecting through the SSH tunnel:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client
-> Command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
-> Advanced -> Work path: /etc/openvistacisclient

and

Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals
-> Command: mono OpenVistaVitals.exe --server=127.0.0.1 --port=9201
-> Advanced -> Work path: /etc/openvistacisvitals
  • Create a Menu Item / Shortcut with the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201
but with Advanced -> Work path: /etc/openvistacisclient configured in the Menu Item / Shortcut settings. It is not necessary to have the Advanced -> Run in terminal box ticked.
  • It is also possible to use the command:
ssh -f -l client9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199 sleep 5; mono /etc/openvistacisclient/OpenVistaCIS.exe --server=127.0.0.1 --port=9201
  • Create Menu shortcuts for the Text9260 Server Admin client (a text-based SSH tunnel). This will be the method used to logon (in text mode) directly to the OpenVistA Server for administrative functions:
Menu Editor -> New item
-> General -> Name: OpenVistA Server (localhost)
-> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 127.0.0.1 -p 22199
-> Advanced -> Run in terminal: (ticked)

and

Menu Editor -> New item
-> General -> Name: OpenVistA Server (network)
-> Command: ssh -l text9260 -L 9201:127.0.0.1:9260 myjaunty00.dyndns.org -p 22199
-> Advanced -> Run in terminal: (ticked)

When logging on, the ACCESS CODE / VERIFY CODE are the same as at the initial logon (sys.admin and vista!123 (or vista!456 if changed as in the above section)). The exit key for the OpenVistA server functions is ^ .

For more info about the OpenVistA Server functions, see here.

Note: While the text9260 SSH tunnel is open, it is also possible to simultaneously run the OpenVistA-CIS Client (using the menu shortcut created above which contains the command: mono OpenVistaCIS.exe --server=127.0.0.1 --port=9201).

  • To access the OpenVistA Server from a Windows machine, use the Astronaut Clients (and the Windows OpenVistA-CIS clients). See here and here.

Adjust Login Manager IDs

  • The two IDs text9260 and client9260 are meant to act as interfaces to the GT.M (MUMPS) database and not as login IDs for the GUI desktop. In fact, a user that logs into them can alter their settings accidentally. It is therefore better to exclude these two IDs from the Login Manager. It is also not necessary to have the openvistaEHR login ID enabled (although there is no harm in logging into this account).
Menu -> System -> System Settings -> Advanced -> Login Manager -> Users -> Excluded users -> client9260 (ticked) -> text9260 (ticked) -> openvistaEHR (ticked)
The accounts will remain active but will not show up on the Login screen.

VistA Server functions

The VistA server functions are generally configured from a text interface. The VistA server is very flexible and powerful, and therefore can seem complex to customize and daunting for new users.

Accessing the interface is possible in several ways:

  • While logged on the server (using any login ID) by starting VistA Commander from a command-line interface Terminal:
/opt/openvista/EHR/bin/vista_com.sh
  • Logging in directly to the server using the provided Linux login (openvistaEHR or worldvistaEHR) and opening a (Konsole) Terminal. This loads the VistA Commander interface automatically. (On Astronaut systems, the default initial password is vista!123.)
  • Using the Text Client, VistA Config, or VistA Server Admin (text9260) (with or without SSH) if installed on your system as part of a client package.
  • Using the built-in VistA Server Text Client menu items/shortcuts in the Ubuntu-Med system.

Then see

Adding new SSH users

  • On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as mylucidguestpassword):
sudo useradd -m mylucid00guest
sudo passwd mylucid00guest
sudo mkdir /home/mylucid00guest/.ssh
sudo chmod 777 /home/mylucid00guest/.ssh
  • Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
to
PasswordAuthentication yes
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

From the new Linux user's client computer:

ssh-keygen
scp -P 22199 ~/.ssh/id_rsa.pub mylucid00guest@mylucid00.dyndns.org:~/.ssh/id_rsa.pub
When prompted, of course, the guest password, mylucidguestpassword, should be entered.
  • Back on the server (logged in as the administrator lucidadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config

Change the line:

PasswordAuthentication yes
to
PasswordAuthentication no
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

It is then usually best (for security reasons) to now change the guest password to something completely different:

sudo passwd mylucid00guest
  • Copy the new id_rsa.pub key to the mylucid00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/mylucid00guest/.ssh/id_rsa.pub /home/lucidadmin00/.ssh/id_rsaguest.pub
sudo chown -R lucidadmin00 /home/lucidadmin00
cd ~/.ssh
cat authorized_keys id_rsaguest.pub >> authorized_keys

Note: this new /home/lucidadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.

  • If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.

Other resources

  • Ubuntu-Med FAQ -- a robust server package that includes a pre-configured installation of OpenVistA
  • Astronaut VistA -- maintains the Astronaut installation packages for VistA
  • Medsphere -- the corporate sponsor of OpenVistA
  • Vistapedia -- a wiki for several publicly available versions of VistA
  • VistA -- the Wikipedia article on VistA
  • Ubuntu Doctors Guild's original installation instructions for OpenVistA
  • Kubuntuguide
  • Ubuntuguide
  • Vincent Mazzarella, MD is a surgeon in Northern California, USA. He is a creator of Ubuntu-Med and an editor of Ubuntu Doctors Guild, Ubuntuguide, and Kubuntuguide.

WorldVistA tips

Instructions have been moved:

Personal tools
Sponsor