pig-monkey.com - slicehosthttps://pig-monkey.com/2012-12-22T00:00:00-08:00Back to Dreamhost2009-05-22T00:00:00-07:002012-09-15T00:00:00-07:00Pig Monkeytag:pig-monkey.com,2009-05-22:/2009/05/back-to-dreamhost/<p>I&rsquo;ve moved this domain back to Dreamhost. It&rsquo;s been <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">a good run with Slicehost</a>. I still think that they are the superior host (I&rsquo;ve already noticed a slowness with Dreamhost compared to Slicehost) and I greatly prefer the freedom and control of a VPS over shared hosting …</p><p>I&rsquo;ve moved this domain back to Dreamhost. It&rsquo;s been <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">a good run with Slicehost</a>. I still think that they are the superior host (I&rsquo;ve already noticed a slowness with Dreamhost compared to Slicehost) and I greatly prefer the freedom and control of a VPS over shared hosting, but Dreamhost is cheaper and I need to cut down expenses. In the future I may move back to Slicehost again.</p> <p>If anybody finds anything broken due to the move, let me know.</p>Thoughts on SSH Security2008-10-03T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2008-10-03:/2008/10/thoughts-on-ssh-security/<p><a href="http://www.openssh.com/">OpenSSH</a> has a history of security. Only rarely are holes found in the actual program. It&rsquo;s much more likely that a system will be compromised through poor configuration of the SSH daemon. Ideally, an SSH config would allow only protocol 2 connections, allow only specified users to connect (and …</p><p><a href="http://www.openssh.com/">OpenSSH</a> has a history of security. Only rarely are holes found in the actual program. It&rsquo;s much more likely that a system will be compromised through poor configuration of the SSH daemon. Ideally, an SSH config would allow only protocol 2 connections, allow only specified users to connect (and certainly not root), disable X11 forwarding, disable password authentication (forcing ssh keys instead), and allowing connections only from specified IPs. These config options would look like this:</p> <div class="highlight"><pre><span></span><code>Protocol 2 PermitRootLogin no AllowUsers demo X11Forwarding no PasswordAuthentication no </code></pre></div> <p>Allowing connections from only specified IP addresses would be accomplished by adding something like the following to <code>/etc/hosts.deny</code>:</p> <div class="highlight"><pre><span></span><code><span class="n">sshd</span><span class="o">:</span><span class="w"> </span><span class="n">ALL</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">Deny</span><span class="w"> </span><span class="n">all</span><span class="w"> </span><span class="n">by</span><span class="w"> </span><span class="k">default</span><span class="w"></span> <span class="n">sshd</span><span class="o">:</span><span class="w"> </span><span class="mf">192.168</span><span class="o">.</span><span class="mf">1.0</span><span class="o">/</span><span class="mf">255.255</span><span class="o">.</span><span class="mf">255.0</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">Allow</span><span class="w"> </span><span class="k">this</span><span class="w"> </span><span class="n">subnet</span><span class="w"></span> <span class="n">sshd</span><span class="o">:</span><span class="w"> </span><span class="mf">4.2</span><span class="o">.</span><span class="mf">2.1</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">Allow</span><span class="w"> </span><span class="k">this</span><span class="w"> </span><span class="n">IP</span><span class="w"></span> </code></pre></div> <p>(You could also accomplish this with iptables, but I think editing the above file is simpler.)</p> <p>But the last two options &ndash; disabling password auth and allowing only certain IP addresses &ndash; limits mobility. I constantly login to my <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">slice</a> from multiple IPs, and I also need to login during travel when I may or may not have my key on me.</p> <p>The main thing these two options protect against is a brute force attack. By allowing password logins from any IP, we give the attacker the ability to exploit the weakest part of SSH. This is where <a href="http://denyhosts.sourceforge.net/">DenyHosts</a> comes in.</p> <p>DenyHosts is a python script which attempts to recognize and block brute force attacks. It has many attractive <a href="http://denyhosts.sourceforge.net/features.html">features</a> and is included in the default Ubuntu repositories.</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install denyhosts </code></pre></div></td></tr></table></div> <p>The config file is located at <code>/etc/denyhosts.conf</code>. It is very simply and readable. I recommend reading through it, but most of the default options are acceptable. If any changes are made, the daemon must be restarted:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/denyhosts restart </code></pre></div></td></tr></table></div> <h2>Default Ports</h2> <p>Many people also advocating changing SSH&rsquo;s default port to something other than 22 (more specifically, something over 1024, which won&rsquo;t be scanned by default by <a href="http://nmap.org/">nmap</a>). The argument in support of this is that many automated attack scripts look for SSH only on port 22. By changing the port, you save yourself the headache of dealing with script kiddies. Opponents to changing the port would argue that the annoyance of having to specify the port number whenever using <code>ssh</code> or <code>scp</code> outweighs the minute security benefits. It&rsquo;s a heated argument. I lean toward leaving SSH on the default port.</p>An Ubuntu VPS on Slicehost: Basic Setup2008-06-10T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2008-06-10:/2008/06/an-ubuntu-vps-on-slicehost-basic-setup/<p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part One of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p> <p>Slicehost has an <a href="http://articles.slicehost.com/">excellent article repository</a>, containing guides on a …</p><p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part One of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p> <p>Slicehost has an <a href="http://articles.slicehost.com/">excellent article repository</a>, containing guides on a number of subjects. After building a fresh Slice, you should first follow <a href="http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1">Part 1</a> and <a href="http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-2">Part 2</a> of Slicehost&rsquo;s basic setup articles.</p> <p>I use slightly different coloring in my bash prompt, so, rather than what Slicehost suggests in their article, I add the following to <code>~/.bashrc</code>:</p> <!--more--> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="nb">export</span> <span class="nv">PS1</span><span class="o">=</span><span class="s1">&#39;\[\033[0;32m\]\u@\[\033[0;35m\]\h\[\033[0;33m\] \w\[\033[00m\]: &#39;</span> </code></pre></div></td></tr></table></div> <p>This is a good time to protect SSH by installing <a href="http://denyhosts.sourceforge.net/">DenyHosts</a>, which I discuss <a href="http://pig-monkey.com/2008/10/03/thoughts-on-ssh-security/">here</a>:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install denyhosts </code></pre></div></td></tr></table></div> <p>Ubuntu&rsquo;s default text editor is nano, which I abhor. Real men use vim. Ubuntu comes with a slimmed down version of vim, but you&rsquo;ll probably want the full version:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install vim </code></pre></div></td></tr></table></div> <p>To change the global default editor variable, execute the following and select the editor of your choice:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo update-alternatives --config editor </code></pre></div></td></tr></table></div> <p>This is also a perfect time to install <a href="http://www.gnu.org/software/screen/">GNU Screen</a>.</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install screen </code></pre></div></td></tr></table></div> <p>If you&rsquo;re not familiar with Screen, <a href="http://www.redhatmagazine.com/2007/09/27/a-guide-to-gnu-screen/">Red Hat Magazine has a nice little introduction</a></p> <p>My .screenrc looks like this:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span> <span class="normal"> 2</span> <span class="normal"> 3</span> <span class="normal"> 4</span> <span class="normal"> 5</span> <span class="normal"> 6</span> <span class="normal"> 7</span> <span class="normal"> 8</span> <span class="normal"> 9</span> <span class="normal">10</span> <span class="normal">11</span> <span class="normal">12</span> <span class="normal">13</span> <span class="normal">14</span> <span class="normal">15</span> <span class="normal">16</span> <span class="normal">17</span> <span class="normal">18</span> <span class="normal">19</span> <span class="normal">20</span> <span class="normal">21</span> <span class="normal">22</span> <span class="normal">23</span> <span class="normal">24</span> <span class="normal">25</span> <span class="normal">26</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="c1"># Print a pretty line at the bottom of the screen</span> hardstatus alwayslastline hardstatus string <span class="s1">&#39;%{= kG}[ %{G}%H %{g}][%= %{=kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{Y}%Y-%m-%d %{W}%c %{g}]&#39;</span> <span class="c1"># Nobody likes startup messages</span> startup_message off <span class="c1"># Turn visual bell on and set the message to display for only a fraction of a second</span> vbell on vbellwait .3 <span class="c1"># Set default shell title to blank</span> shelltitle <span class="s1">&#39;&#39;</span> <span class="c1"># Gimme my scrollback!</span> defscrollback <span class="m">5000</span> <span class="c1"># Change command character to backtick</span> escape <span class="sb">``</span> <span class="c1"># Stop programs (like vim) from leaving their contents</span> <span class="c1"># in the window after they exit</span> altscreen on <span class="c1"># Default screens</span> screen -t shell <span class="m">0</span> </code></pre></div></td></tr></table></div> <p>I prefer to have my bash profile setup to connect me to Screen as soon as I login. If there are no running sessions, it will create one. If there is a current session, it will disconnect the session from wherever it is connected and connect it to my login. When I disconnect from screen, it automatically logs me out. To achieve this, I add the following to <code>~/.bashrc</code>:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span> <span class="normal">2</span> <span class="normal">3</span> <span class="normal">4</span> <span class="normal">5</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="c1"># If possible, reattach to an existing session and detach that session</span> <span class="c1"># elsewhere. If not possible, create a new session.</span> <span class="k">if</span> <span class="o">[</span> -z <span class="s2">&quot;</span><span class="nv">$STY</span><span class="s2">&quot;</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> <span class="nb">exec</span> screen -dR <span class="k">fi</span> </code></pre></div></td></tr></table></div> <p>I would also recommend following Slicehost&rsquo;s guide to <a href="http://articles.slicehost.com/2007/9/10/scanning-for-rootkits-with-chkrootkit">installing chkrootkit</a> and <a href="http://articles.slicehost.com/2007/9/10/scanning-for-rootkits-with-rkhunter">rkhunter</a>.</p> <p>One more thing: let&rsquo;s set the timezone of the server to whatever is local to you (Slicehost&rsquo;s Ubuntu image defaults to UTC). To do that, run:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo dpkg-reconfigure tzdata </code></pre></div></td></tr></table></div> <p>Next up: <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">install a web server</a>.</p>An Ubuntu VPS on Slicehost: Mail2008-06-10T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2008-06-10:/2008/06/an-ubuntu-vps-on-slicehost-mail/<p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Three of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p> <p>Last week I <a href="http://pig-monkey.com/2008/06/09/google-apps/">moved this domain&rsquo;s email to Google …</a></p><p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Three of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p> <p>Last week I <a href="http://pig-monkey.com/2008/06/09/google-apps/">moved this domain&rsquo;s email to Google Apps</a>. Slicehost has <a href="http://articles.slicehost.com/2007/10/25/creating-mx-records-for-google-apps">a guide to creating MX records for Google Apps</a>. I have a couple other domains with Google Apps, along with a couple domains hosted locally with addresses that simply forward to my primary, Google hosted, email. I also need to send mail from the server. To accomplish all of this, I use <a href="http://www.postfix.org/">Postfix</a>.</p> <!--more--> <p>Installing Postfix is a simple matter. Telnet is used quite a bit for testing, so I install that too:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install postfix telnet mailutils </code></pre></div></td></tr></table></div> <p>The Postfix setup will ask how it should be installed &ndash; we want the &ldquo;Internet Site&rdquo; option &ndash; and then ask you for your fully qualified domain name.</p> <p>Done? Let&rsquo;s make sure Postfix is running:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ telnet localhost <span class="m">25</span> </code></pre></div></td></tr></table></div> <p>If it&rsquo;s working Postfix should return:</p> <div class="highlight"><pre><span></span><code>Trying 127.0.0.1... Connected to localhost. Escape character is &#39;^]&#39;. 220 localhost ESMTP Postfix (Ubuntu) </code></pre></div> <p>Let&rsquo;s send a test message from root to the user account <code>user</code> (replace that with whatever your standard user is):</p> <div class="highlight"><pre><span></span><code><span class="n">ehlo</span><span class="w"> </span><span class="n">localhost</span><span class="w"></span> <span class="n">mail</span><span class="w"> </span><span class="k">from</span><span class="err">:</span><span class="w"> </span><span class="n">root</span><span class="nv">@localhost</span><span class="w"></span> <span class="n">rcpt</span><span class="w"> </span><span class="k">to</span><span class="err">:</span><span class="w"> </span><span class="k">user</span><span class="nv">@localhost</span><span class="w"></span> <span class="k">data</span><span class="w"></span> <span class="nl">Subject</span><span class="p">:</span><span class="w"> </span><span class="n">Test</span><span class="w"></span> <span class="n">Hi</span><span class="p">,</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">thing</span><span class="w"> </span><span class="k">on</span><span class="vm">?</span><span class="w"></span> <span class="p">.</span><span class="w"></span> <span class="n">quit</span><span class="w"></span> </code></pre></div> <p>Now, check your email as <code>user</code> by running <code>mail</code>. See the message? Good.</p> <p>Open <code>/etc/postfix/main.cf</code> to make sure that Postfix knows what domains it&rsquo;s receiving mail for. To do this, edit the <code>mydestination</code> variable to include all the proper domains. For me, the name of my server looks like server.mydomain.com. I want Postfix to accept mail for that domain, but not for mydomain.com (since that&rsquo;s being handled by Google Apps), so mine looks like:</p> <div class="highlight"><pre><span></span><code>mydestination = server.mydomain.com, localhost.mydomain.com , localhost </code></pre></div> <p>Restart Postfix if you made any changes:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/postfix restart </code></pre></div></td></tr></table></div> <p>Right. Now let&rsquo;s send another test. Notice this time we&rsquo;re using full domain names, instead of localhost:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span> <span class="normal"> 2</span> <span class="normal"> 3</span> <span class="normal"> 4</span> <span class="normal"> 5</span> <span class="normal"> 6</span> <span class="normal"> 7</span> <span class="normal"> 8</span> <span class="normal"> 9</span> <span class="normal">10</span></pre></div></td><td class="code"><div><pre><span></span><code>$ telnet server.mydomain.com <span class="m">25</span> ehlo server.mydomain.com mail from: root@server.mydomain.com rcpt to: user@server.mydomain.com data Subject: domains! woot... I think this works. . quit </code></pre></div></td></tr></table></div> <p>Working? Good.</p> <p>Let&rsquo;s test from the outside. The first step is to open up the correct ports in the firewall. Assuming you have iptables configured in the way the <a href="http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-1">Slicehost article suggests</a>, open up your <code>/etc/iptables.test.rules</code> and add the following:</p> <div class="highlight"><pre><span></span><code># Allow mail server connections -A INPUT -p tcp -m state --state NEW --dport 25 -j ACCEPT </code></pre></div> <p>Now let&rsquo;s apply the rules:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo iptables-restore &lt; /etc/iptables.test.rules </code></pre></div></td></tr></table></div> <p>Make sure everything looks dandy:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo iptables -L </code></pre></div></td></tr></table></div> <p>If it meets your fancy, save the rules:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span> <span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo -i $ iptables-save &gt; /etc/iptables.up.rules </code></pre></div></td></tr></table></div> <p>And now, from your local computer, let&rsquo;s test it out.</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span> <span class="normal"> 2</span> <span class="normal"> 3</span> <span class="normal"> 4</span> <span class="normal"> 5</span> <span class="normal"> 6</span> <span class="normal"> 7</span> <span class="normal"> 8</span> <span class="normal"> 9</span> <span class="normal">10</span></pre></div></td><td class="code"><div><pre><span></span><code>$ telnet server.mydomain.com <span class="m">25</span> ehlo server.mydomain.com mail from: root@server.mydomain.com rcpt to: user@server.mydomain.com data Subject: remote connection <span class="nb">test</span> Hello, you. . quit </code></pre></div></td></tr></table></div> <p>Now check your mail on the mail server as before. Once again, everything should be working.</p> <p>Now we need to setup a virtual domain. Remember, I don&rsquo;t want any virtual users. I only want aliases at a virtual domain to forward to my primary email address. That makes this relatively simple. (Be very, very happy. You should have seen this guide before, when I was still hosting virtual domains with virtual users!) Open up <code>/etc/postfix/main.cf</code> and add the following:</p> <div class="highlight"><pre><span></span><code>virtual_alias_domains = myvirtualdomain.com virtual_alias_maps = hash:/etc/postfix/virtual </code></pre></div> <p>Create the <code>/etc/postfix/virtual</code> file referenced above and add the aliases:</p> <div class="highlight"><pre><span></span><code><span class="k">alias</span><span class="nv">@myvirtualdomain</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="k">user</span><span class="nv">@mydomain</span><span class="p">.</span><span class="n">com</span><span class="w"></span> </code></pre></div> <p>Turn it into a database:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span> <span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> /etc/postfix $ sudo postmap virtual </code></pre></div></td></tr></table></div> <p>Restart Postfix:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/postfix restart </code></pre></div></td></tr></table></div> <p>Attempt to send an email to the new alias at the virtual domain:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span> <span class="normal">2</span> <span class="normal">3</span> <span class="normal">4</span> <span class="normal">5</span> <span class="normal">6</span> <span class="normal">7</span> <span class="normal">8</span> <span class="normal">9</span></pre></div></td><td class="code"><div><pre><span></span><code>$ telnet server.mydomain.com <span class="m">25</span> ehlo server.mydomain.com mail from: root@server.mydomain.com rcpt to: alias@myvirtualdomain.com data Subject: virtual domain <span class="nb">test</span> I hope this works! . quit </code></pre></div></td></tr></table></div> <p>The message should now be in your primary email inbox!</p> <p>As long as we&rsquo;re setting up forwards, let&rsquo;s forward system account mail to somewhere where it&rsquo;ll actually get read. To do so, create a <code>~/.forward</code> file with the following contents:</p> <div class="highlight"><pre><span></span><code><span class="k">user</span><span class="nv">@mydomain</span><span class="p">.</span><span class="n">com</span><span class="w"></span> </code></pre></div> <p>Let&rsquo;s also create a <code>/root/.forward</code>, so that roots mail gets forwarded to my local account (where it is then forwarded to my primary email). Root&rsquo;s forward would simply read:</p> <div class="highlight"><pre><span></span><code>user </code></pre></div> <p>Next up: <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">install Wordpress with rewrites</a>. (Previously, we did a <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">basic setup</a> and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">installed a web server</a>.)</p>An Ubuntu VPS on Slicehost: Web Server2008-06-10T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2008-06-10:/2008/06/an-ubuntu-vps-on-slicehost-web-server/<p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Two of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p> <p>Now we&rsquo;ve got a properly configured, but idle, box. Let …</p><p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Two of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p> <p>Now we&rsquo;ve got a properly configured, but idle, box. Let&rsquo;s do something with it.</p> <p><a href="http://nginx.net/">Nginx</a> is a small, lightweight web server that&rsquo;s all the rage on some small corners of the Net. <a href="http://www.apache.org/">Apache</a> is extremely overkill for a small personal web server like this and, since we&rsquo;re limited to 256MB of RAM on this VPS, it quickly becomes a resource hog. <a href="http://www.lighttpd.net/">Lighttpd</a> is another small, lightweight web server, but I&rsquo;m a fan of Nginx. Try it out.</p> <!--more--> <p>First, we need to install the web server. Nginx is now in Ubuntu&rsquo;s repositories:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install nginx </code></pre></div></td></tr></table></div> <p>That&rsquo;s all it takes in Hardy, but if you really want a guide for it, <a href="http://articles.slicehost.com/2008/5/13/ubuntu-hardy-installing-nginx-via-aptitude">Slicehost has you covered</a>.</p> <p>Slicehost has a few more useful guides to Nginx, including introductions to the config layout and how to get started with vhosts:</p> <ul> <li><a href="http://articles.slicehost.com/2008/5/15/ubuntu-hardy-nginx-configuration">Nginx configuration</a></li> <li><a href="http://articles.slicehost.com/2008/5/16/ubuntu-hardy-nginx-virtual-hosts">Nginx Virtual Hosts</a></li> <li><a href="http://articles.slicehost.com/2008/5/16/ubuntu-hardy-nginx-virtual-host-settings">Nginx virtual host settings</a></li> </ul> <p>Next up, we&rsquo;ll need to install MySQL and PHP, and get them working with Nginx.</p> <p>Slicehost has a guide for <a href="http://articles.slicehost.com/2007/11/23/ubuntu-gutsy-mysql-and-ror">installing MySQL and Ruby on Rails</a>, which also includes suggestions on optimizing MySQL. I follow the MySQL part of the guide, stopping at &ldquo;Ruby on Rails install&rdquo;.</p> <p>Now MySQL is working, lets install PHP:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install php5-common php5-cgi php5-mysql php5-cli </code></pre></div></td></tr></table></div> <p>To get PHP as FastCGI working with Nginx, we first have to spawn the fcgi process. There are a few different ways to do that. Personally, I use the <code>spawn-fcgi</code> app from <a href="http://www.lighttpd.net/">lighttpd</a>. To use it, we&rsquo;ll compile and make lighttpd, but <strong>not</strong> install it. We&rsquo;re only after one binary.</p> <p>Lighttpd has a few extra requirements, so let&rsquo;s install those:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install libpcre3-dev libbz2-dev </code></pre></div></td></tr></table></div> <p>Now, download the source and compile lighttpd. Then copy the <code>spawn-fcgi</code> binary to <code>/usr/bin/</code>:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span> <span class="normal">2</span> <span class="normal">3</span> <span class="normal">4</span> <span class="normal">5</span> <span class="normal">6</span></pre></div></td><td class="code"><div><pre><span></span><code>$ wget http://www.lighttpd.net/download/lighttpd-1.4.19.tar.gz $ tar xvzf lighttpd-1.4.19.tar.gz $ <span class="nb">cd</span> lighttpd-1.4.19 $ ./configure $ make $ sudo cp src/spawn-fcgi /usr/bin/spawn-fcgi </code></pre></div></td></tr></table></div> <p>Then, create a script to launch spawn-fci (I call it <code>/usr/bin/php5-fastcgi</code>):</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span> <span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="ch">#!/bin/sh</span> /usr/bin/spawn-fcgi -a <span class="m">127</span>.0.0.1 -p <span class="m">9000</span> -u www-data -C <span class="m">2</span> -f /usr/bin/php5-cgi </code></pre></div></td></tr></table></div> <p>The script tells spawn-fcgi to launch a fastcgi process, listening on 127.0.01:9000, owned by the web user, with only 2 child processes. You may want more child processes, but I&rsquo;ve found 2 to be optimal.</p> <p>Give the script permissions:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo chmod +x /usr/bin/php5-fastcgi </code></pre></div></td></tr></table></div> <p>I then link the script filename to a version-neutral, err, version:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo ln -s /usr/bin/php5-fastcgi /usr/bin/php-fastcgi </code></pre></div></td></tr></table></div> <p>Now we need an init script to start the process at boot. I use <a href="http://www.howtoforge.com/nginx_php5_fast_cgi_xcache_ubuntu7.04">this one from HowToForge</a>, named <code>/etc/init.d/fastcgi</code>:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span> <span class="normal"> 2</span> <span class="normal"> 3</span> <span class="normal"> 4</span> <span class="normal"> 5</span> <span class="normal"> 6</span> <span class="normal"> 7</span> <span class="normal"> 8</span> <span class="normal"> 9</span> <span class="normal">10</span> <span class="normal">11</span> <span class="normal">12</span> <span class="normal">13</span> <span class="normal">14</span> <span class="normal">15</span> <span class="normal">16</span> <span class="normal">17</span> <span class="normal">18</span> <span class="normal">19</span> <span class="normal">20</span> <span class="normal">21</span> <span class="normal">22</span> <span class="normal">23</span> <span class="normal">24</span> <span class="normal">25</span> <span class="normal">26</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="ch">#!/bin/bash</span> <span class="nv">PHP_SCRIPT</span><span class="o">=</span>/usr/bin/php-fastcgi <span class="nv">RETVAL</span><span class="o">=</span><span class="m">0</span> <span class="k">case</span> <span class="s2">&quot;</span><span class="nv">$1</span><span class="s2">&quot;</span> <span class="k">in</span> start<span class="o">)</span> <span class="nb">echo</span> <span class="s2">&quot;Starting fastcgi&quot;</span> <span class="nv">$PHP_SCRIPT</span> <span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span> <span class="p">;;</span> stop<span class="o">)</span> <span class="nb">echo</span> <span class="s2">&quot;Stopping fastcgi&quot;</span> killall -9 php5-cgi <span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span> <span class="p">;;</span> restart<span class="o">)</span> <span class="nb">echo</span> <span class="s2">&quot;Restarting fastcgi&quot;</span> killall -9 php5-cgi <span class="nv">$PHP_SCRIPT</span> <span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span> <span class="p">;;</span> *<span class="o">)</span> <span class="nb">echo</span> <span class="s2">&quot;Usage: php-fastcgi {start|stop|restart}&quot;</span> <span class="nb">exit</span> <span class="m">1</span> <span class="p">;;</span> <span class="k">esac</span> <span class="nb">exit</span> <span class="nv">$RETVAL</span> </code></pre></div></td></tr></table></div> <p>Give it permissions:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo chmod <span class="m">755</span> /etc/init.d/fastcgi </code></pre></div></td></tr></table></div> <p>Start it:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/fastcgi start </code></pre></div></td></tr></table></div> <p>Have it start at boot:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo update-rc.d fastcgi defaults </code></pre></div></td></tr></table></div> <p>Alright, now that PHP is running how we want it to, let&rsquo;s tell Nginx to talk to it. To do that, add the following to your vhost server block in <code>/etc/nginx/sites-available/mydomain.com</code>, making sure to change the <code>SCRIPT_FILENAME</code> variable to match your directory structure:</p> <div class="highlight"><pre><span></span><code><span class="nt">location</span><span class="w"> </span><span class="o">~</span><span class="w"> </span><span class="err">\</span><span class="p">.</span><span class="nc">php</span><span class="o">$</span><span class="w"> </span><span class="p">{</span><span class="w"></span> <span class="w"> </span><span class="err">fastcgi_pass</span><span class="w"> </span><span class="err">127.0.0.1:9000</span><span class="p">;</span><span class="w"></span> <span class="w"> </span><span class="err">fastcgi_index</span><span class="w"> </span><span class="err">index.php</span><span class="p">;</span><span class="w"></span> <span class="w"> </span><span class="err">fastcgi_param</span><span class="w"> </span><span class="err">SCRIPT_FILENAME</span><span class="w"> </span><span class="err">/home/user/public_html/mydomain.com/public$fastcgi_script_name</span><span class="p">;</span><span class="w"></span> <span class="w"> </span><span class="err">include</span><span class="w"> </span><span class="err">/etc/nginx/fastcgi.conf</span><span class="p">;</span><span class="w"></span> <span class="p">}</span><span class="w"></span> </code></pre></div> <p>Now let&rsquo;s create that <code>/etc/nginx/fastcgi.conf</code> file that&rsquo;s being included above. As per the <a href="http://wiki.codemongers.com/NginxFcgiExample">Nginx wiki article</a>, mine looks like this:</p> <div class="highlight"><pre><span></span><code>fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; </code></pre></div> <p>Then restart Nginx:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/nginx restart </code></pre></div></td></tr></table></div> <p>Let&rsquo;s create a file named <code>test.php</code> in your domain&rsquo;s public root to see if everything is working. Inside, do something like printing <a href="http://us2.php.net/phpinfo">phpinfo</a>.</p> <p>Go to http://mydomain.com/test.php. See it? Good. If you get &ldquo;no input file specified&rdquo; or somesuch, you broke something.</p> <p>If you create an index.php, and delete any index.html or index.htm you might have, you&rsquo;ll notice Nginx throws a 403 Forbidden error. To fix that, find the line in your vhost config (<code>/etc/nginx/sites-available/mydomain.com</code>) under the <code>location /</code> block that reads <code>index index.html;</code> and change it to <code>index index.php index.html;</code>. Then restart Nginx.</p> <p>If you want SSL with your Nginx, Slicehost has <a href="http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx">a guide for generating the certificate</a> and <a href="http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-nginx-ssl-and-vhosts">another guide for installing it</a>.</p> <p>You&rsquo;ll want to install OpenSSL first:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install openssl </code></pre></div></td></tr></table></div> <p>There is one bug in the second guide. In the first server module listening on port 443, which forwards www.domain1.com to domain1.com, the rewrite rule specifies the http protocol. So, in effect, what that rule does is forward you from a secure domain to unsecure: https://www.domain1.com to http://domain1.com. We want it to forward to a secure domain. Simply change the rewrite rule like thus:</p> <div class="highlight"><pre><span></span><code><span class="nt">rewrite</span><span class="w"> </span><span class="o">^/(.*)</span><span class="w"> </span><span class="nt">https</span><span class="o">://</span><span class="nt">domain1</span><span class="p">.</span><span class="nc">com</span><span class="w"> </span><span class="nt">permanent</span><span class="o">;</span><span class="w"></span> </code></pre></div> <p>Next up: <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">install a mail server</a>. (Previously, we did a <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">basic setup</a>.)</p>An Ubuntu VPS on Slicehost: Wordpress2008-06-10T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2008-06-10:/2008/06/an-ubuntu-vps-on-slicehost-wordpress/<p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Four of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>.</em></p> <p>I prefer to install <a href="http://wordpress.org/">Wordpress</a> via Subversion, which makes updating …</p><p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I&rsquo;ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Four of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>.</em></p> <p>I prefer to install <a href="http://wordpress.org/">Wordpress</a> via Subversion, which makes updating easier. We&rsquo;ll have to install Subversion on the server first:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install subversion </code></pre></div></td></tr></table></div> <!--more--> <p>After that, <a href="http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion#New_Install_2">the Wordpress Codex has a guide to the rest of the install</a>.</p> <p>Nothing further is needed, unless you want fancy rewrites. In that case, we&rsquo;ll have to make a change to your Nginx vhost config at <code>/etc/nginx/sites-available/mydomain.com</code>. Add the following to your server block under <code>location / {</code>:</p> <div class="highlight"><pre><span></span><code>#<span class="w"> </span><span class="nv">wordpress</span><span class="w"> </span><span class="nv">fancy</span><span class="w"> </span><span class="nv">rewrites</span><span class="w"></span> <span class="k">if</span><span class="w"> </span><span class="ss">(</span><span class="o">-</span><span class="nv">f</span><span class="w"> </span>$<span class="nv">request_filename</span><span class="ss">)</span><span class="w"> </span>{<span class="w"></span> <span class="w"> </span><span class="k">break</span><span class="c1">;</span><span class="w"></span> <span class="w"> </span>}<span class="w"></span> <span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="ss">(</span><span class="o">-</span><span class="nv">d</span><span class="w"> </span>$<span class="nv">request_filename</span><span class="ss">)</span><span class="w"> </span>{<span class="w"></span> <span class="w"> </span><span class="k">break</span><span class="c1">;</span><span class="w"></span> <span class="w"> </span>}<span class="w"></span> <span class="w"> </span><span class="nv">rewrite</span><span class="w"> </span><span class="o">^</span><span class="ss">(</span>.<span class="o">+</span><span class="ss">)</span>$<span class="w"> </span><span class="o">/</span><span class="nv">index</span>.<span class="nv">php</span>?<span class="nv">q</span><span class="o">=</span><span class="mh">$1</span><span class="w"> </span><span class="nv">last</span><span class="c1">;</span><span class="w"></span> </code></pre></div> <p>While we&rsquo;re here, I usually tell Nginx to cache static files by adding the following right above the<code>location / {</code> block:</p> <div class="highlight"><pre><span></span><code>#<span class="w"> </span><span class="nv">serve</span><span class="w"> </span><span class="nv">static</span><span class="w"> </span><span class="nv">files</span><span class="w"> </span><span class="nv">directly</span><span class="w"></span> <span class="nv">location</span><span class="w"> </span><span class="o">~*</span><span class="w"> </span><span class="o">^</span>.<span class="o">+</span>\.<span class="ss">(</span><span class="nv">jpg</span><span class="o">|</span><span class="nv">jpeg</span><span class="o">|</span><span class="nv">gif</span><span class="o">|</span><span class="nv">png</span><span class="o">|</span><span class="nv">ico</span><span class="o">|</span><span class="nv">zip</span><span class="o">|</span><span class="nv">tgz</span><span class="o">|</span><span class="nv">gz</span><span class="o">|</span><span class="nv">rar</span><span class="o">|</span><span class="nv">bz2</span><span class="o">|</span><span class="nv">doc</span><span class="o">|</span><span class="nv">xls</span><span class="o">|</span><span class="nv">exe</span><span class="o">|</span><span class="nv">pdf</span><span class="o">|</span><span class="nv">ppt</span><span class="o">|</span><span class="nv">txt</span><span class="o">|</span><span class="nv">tar</span><span class="o">|</span><span class="nv">mid</span><span class="o">|</span><span class="nv">midi</span><span class="o">|</span><span class="nv">wav</span><span class="o">|</span><span class="nv">bmp</span><span class="o">|</span><span class="nv">rtf</span><span class="o">|</span><span class="nv">css</span><span class="ss">)</span>$<span class="w"> </span>{<span class="w"></span> <span class="w"> </span><span class="nv">root</span><span class="w"> </span><span class="o">/</span><span class="nv">home</span><span class="o">/</span><span class="nv">user</span><span class="o">/</span><span class="nv">public_html</span><span class="o">/</span><span class="nv">mydomain</span>.<span class="nv">com</span><span class="o">/</span><span class="nv">public</span><span class="c1">;</span><span class="w"></span> <span class="w"> </span><span class="nv">expires</span><span class="w"> </span><span class="mi">7</span><span class="nv">d</span><span class="c1">;</span><span class="w"></span> <span class="w"> </span><span class="k">break</span><span class="c1">;</span><span class="w"></span> }<span class="w"></span> </code></pre></div> <p>That&rsquo;ll go in the https server section, too. Now, enable rewrites in your Wordpress config. I use the following &ldquo;custom&rdquo; structure:</p> <div class="highlight"><pre><span></span><code>/%year%/%monthnum%/%day%/%postname%/ </code></pre></div> <p>Then, restart Nginx:</p> <div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/nginx restart </code></pre></div></td></tr></table></div> <p>And there you have it! You know have a working, new web server and mail server.</p> <p>(Previously, we did a <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">basic setup</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">installed a web server</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">installed a mail server</a>.)</p>A Move to Slicehost2008-06-09T00:00:00-07:002012-09-15T00:00:00-07:00Pig Monkeytag:pig-monkey.com,2008-06-09:/2008/06/a-move-to-slicehost/<p>Yesterday I moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>.</p> <p><a href="http://blog.gordaen.com/">Ian</a> first told me about Slicehost when we were both looking to move away from Dreamhost last November. Initially, we both intended to find another shared host, but that proved far too difficult &ndash; it seems most hosting companies have something against shared …</p><p>Yesterday I moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>.</p> <p><a href="http://blog.gordaen.com/">Ian</a> first told me about Slicehost when we were both looking to move away from Dreamhost last November. Initially, we both intended to find another shared host, but that proved far too difficult &ndash; it seems most hosting companies have something against shared hosting with decent limits and ssh access (that last part is the kicker).</p> <p>I signed up with Slicehost at the end of last year and tinkered around with it for a month or so, experimenting with setting up the server in different ways. Eventually, I found an Ubuntu-Nginx-PHP-MySQL-Postfix-Dovecot setup that I enjoyed, and one which I was comfortable administering. In the beginning of the year, I moved a couple of my domains over to the Slice. It&rsquo;s been a great experience. I&rsquo;m not sure why it took me 6 months to finally move this domain &ndash; my primary one &ndash; over. Running a VPS is deceivingly simple* and well worth the effort. If you&rsquo;re currently running on a shared host and have some basic competency in a UNIX environment, I&rsquo;d recommend giving it a shot.</p> <p>In a bit I&rsquo;ll post a series of guides, compiled from my notes, on how I setup the server.</p> <ul> <li>It&rsquo;s deceivingly simple if you&rsquo;re not running a full mail server with virtual users running around everywhere. That part was a pain. Hence, the <a href="http://pig-monkey.com/2008/06/09/google-apps/">move to Google</a>.</li> </ul>