Ubuntu 12.04 has the default firewall ufw enabled, but I rather use iptables. And everytime I reboot the system, I run a script to enable the firewall rules again. But I just found out I don’t need to, there’s a tool for that. Of course.
sudo apt-get install iptables-persistent
That asks you to save the current IPv4 and IPv6 rules and creates a service that is started at boot time so it reads the created files.
Voila.
I’ve moved and internet is alive again. Another IP address, so I updated my DNS records. The server should be reachable soon as the DNS-update propagates.
My mail is now running on the server again, not the Synology. The Synology does a good job, but the spamfilters are not what I like them to be. It marks mail as spam by adding “**SPAM**” to the subject line and listing how much spampoints the message got. Not what I want. I want an unaltered mailmessage in my spambox, or no message at all. I used to have that with Postfix/Postgrey/Amavis/Spamassassin.
I installed iRedMail, basically an installer layer over the standard Linux mailcomponents. Installing is done in about 2 minutes, switching of greylisting took me more time to figure out how…. Thanks people, for such a great product.
To have some directories on my server protected by more than a simple username and password, I wanted to use SSL and client certificates. I could easily restrict the directories to my local network IP-addresses, but when I’m “outside” that would present a problem. Hence the solution with client certificates.
As I blogged earlier, I requested a real server certificate from the people at Xolphin. Nice people, low prices, fast service. But…..you cannot create/sign client certificates with such a certificate. You need the real certificate installed on the server, and you need to create a certificate that has been created/signed by you as a fake Certificate Authority. The Fake CA has to be known to Apache and to your browser. Next the client certificate (created/signed by the Fake CA) must be imported into your browser, and of course the directories you want to protect need to be in the SSL-configuration of Apache.
Now that I know how it works, it is simple, but most guides on the internet either follow the Fake CA principle (so you don’t need to buy a real certificate) or they only use a real certificate. Spending money to have your SSL-certificate-supplier do the job for you is another thing. But this works. And for € 10 (excluding VAT) per year I now have a real server certificate, and I can further protect my server with my own certificates.
Just received my SSL certificate in the mail. Fast service from Xolphin, thanks! I will install them later.
The Synology works great. Mailserver, WordPress and Gallery work as they should. But compared to the (outdated) server, this thing is SLOW. Uploading three pictures to the gallery takes about 15 minutes. Adding posts, or administering this weblog makes me wait for the pages to change. So, yeah, the Synology can run “normal” PHP applications, but its CPU and its very low memory make it inadequate to call it a server replacement. Which, of course, it isn’t in the first place.
I will be constructing a new server in time, one that can match the old one in speed (2x3GHz CPU/4GByte memory), but will be easier on the electricity bill. For now the choice is between an AMD A-series (FM1-socket) and the lower end Intel CPUs (i3 something). Any advice will be appreciated. The Intels seem to consume a considerable amount less power when idling, but they are twice the price of the AMD and have lousy graphics.
Since the weblog now runs on the Synology, I decided to switch of the server until I need something of the disks it has. A normal shutdown, and then….
–{ SILENCE }–
I love the Synology.
I bought a Synology DS212j to be the replacement of the server. Great machine for very little money, but the transition is not as smooth as I hoped. My mail (domain switchbl8.nl) now runs via the Synology, not via this server anymore. Next is this blog, then the gallery. And the rest is just for fun, so to hell with it 😉
The reboots are still there. Sometimes the system is up for less then a minute, sometimes for more than 2 days. I now disconnected the SATA drives, so that means some stuff (e.g. my gallery) on the server is not available since that resides on the SATA drive. If the system stays up now, it means the extra SATA controller is broken. I hope so, since that’s an easy and cheap replacement.
Keeping my fingers crossed, but I replaced the SCSI controller (Tekram) in the server by one I had in my old-stuff-stash, an Adaptec 2940W. Yep, old. I had to enable “Load BIOS” on the card, but after that the system booted like I never changed a thing. For now the system seems stable, it’s running Ubuntu’s daily.find now. Heavy disk access would previously reboot the system, but so far so good.