Configuration Internet and Web Site
“However beautiful the strategy, you should occasionally look at the results.” - Sir Winston Churchill
Internet Configuration
Description
This section details the internet setup needed so that the web site and email can function on on the internet, both on your internal network and externally. Normally there is a router which is directly connected to the internet. The email server is then just one device on the internal network behind the router.
To be able to identify the email server it needs a fixed internal IP address on the internal network.
Normally all internal network IP addresses are allocated by the router. This is done using Dynamic Host Configuration Protocol (DHCP). Most devices are just given temporary IP addresses from an internal pool (in my case 192.168.0.0 to 192.168.0.99). Some devices are given a reserved IP from the unique hardware or physical MAC (Media Access Control) address of the device. You need to tell the router to reserve a specific IP address when it comes across a certain MAC address trying to connect.
This is needed as the configuration on the web/email server needs to define its IP address and normally this needs to be fixed so it can be located so you need to use the MAC address and give it to the router to define the fixed address. This is called Static DHCP assignment and is described below.
The configuration is similar to the diagram below.
Finding Raspberry pi MAC address
Use the ifconfig command in command mode. It lists all the network connections with lots of information about them.
Etho is the ethernet connection and wlano is the wireless connection. The value after ether is the 12 digit MAC address (something like be:27:eb:4f:15:95). Use this MAC address to configure the Router.
Static DHCP assignment
The Dynamic Host Configuration Protocol is a network management protocol used on Internet Protocol networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture. Static DHCP allocates a fixed IP address to a device every time it requests an IP Address.
If it is the router which allocates the IP addresses then it will need updating to allocate a static IP to the Web/Email server. Unfortunately each router is different and you will have to refer to the instructions and google for your specific device. It involves going into the configuration looking for Static DHCP assignment and entering the MAC address of the server and choosing a fixed IP.
Once it has been done you can check it by restarting your Raspberry pi server and using ifconfig to verify the chosen fixed IP address has been set.
Once this is successful then you can set up the VNC and Putty connections as the IP address is now fixed. With the VNC/Putty connection you can remove the screen, keyboard and mouse and have it as just a network attached device as when accessing it from a PC with VNC the mouse and keyboard of the PC are used.
Router port forwarding
If your server is behind a router as in the figure above you will need port forwarding. Port forwarding, also known as port management, allows remote servers and devices on the internet to be able to access devices that are on a private network. This means external people will be able to access the web and email on the server. If you are not using port forwarding, only devices on that private internal network can have access to each other or your network.
Again it is your router controlling the port forwarding. Unfortunately each router is different and you will have to refer to the instructions and google for your specific device. It involves going into the configuration looking for Port forwarding and setting the ports needs to forward to your new server IP address
The initial port forwarding that needs to be set up is web/email ports 25,110. 465, 995, 993 and 80 to send to IP address of the server, in my case 192.168.0.110
Port 25 Default SMTP port
Port 80 is the port number assigned to commonly used internet communication protocol, Hypertext Transfer Protocol (HTTP) for web access.
Port 110 Default port for POP3
Port 465 common for outgoing mail SMTP or secure SMTP (use is not recommended now) but it is still being used so has to be forwarded.
Port 993 is the secure port for IMAP and it works over TLS/SSL encryption.
Port 995 is used by the POP3S protocol and encrypts the connection between the email client and mail server. Email clients usually don't use the name POP3S, but if you use port 995 then your login credentials are transmitted securely.
Fixed or Variable External IP Address
As discussed previously it is much better ro have a fixed external IP address so it is only one address that the world and setups need to know. Most providers have this option, although some will charge extra for it. For my provider it is a no charge option.
If you do no have a fixed IP address you can try a service such as NOIP - Dynamic DNS which allows you to run the web site with a variable IP address.
Domain Configuration
Once you have a domain name you need to connect it to your server so that the Internet knows that your domain name takes you to your server.
This is done with a series of DNS (Domain Name System) records. These point your domain name at your fixed external IP address.
DNS Configuration
The setup of DNS records is usually provided by the supplier of your domain but you can host the DNS records elsewhere. Me I hosted them with Google who provided the domain.
Note the example.com in blue needs replacing with your domain name
There are different records for different purposes.
A records to link your domain to your fixed IPV4 address.
MX records are Mail eXchange records. They indicate how mail sent and arriving for your domain should be routed with SMTP. It is used to allow redundancy in email servers as you can have the same host name pointing to different names such as mail1. example.com and mail2. example.com. They could be different servers in different locations. In the case that one location fails emails can still be received.
In our case we just have the one server.
TXT records are a type of DNS record in text format, which contain information about your domain. TXT records also have information that helps external network servers and services handle outgoing email from your domain and protect the security of device. DNS TXT records are used to verify domain ownership, ensure email security, and prevent spam and phishing.
In my case the only TXT records set up are SPF records sender policy framework. This is used in email security to list all the servers authorized to send emails for your domain. It is explained later when we cover security in detail.
The records are set up in the Manage DNS records of your domain provider and access to each is slightly different but the field are the same.
A record set up
There are 3 fields
domain name
fixed IPv4 address (Note if you wish to use IPv6 address then you will need an AAAA record)
TTL – Time to Live in Seconds. Mine are set to one hour 3600. This controls how long each record is valid and — as a result — how long it takes for record updates to reach your end users. If the record is cached in another DNS server then if it is older than the TTL value it is refreshed from the source before the next use.
for domain example.com this is
www. example.com, example.com, *. example.com, mail.exmple.com, imap. example.com, pop3. example.com, smtp. example.com.
wwww. example.com 123.345.456.567 3600
example.com 123.345.456.567 3600
mail. example.com 123.345.456.567 3600
imap. example.com 123.345.456.567 3600
pop3. example.com 123.345.456.567 3600
smtp. example.com 123.345.456.567 3600
*. example.com 123.345.456.567 3600
MX Record setup
There are 4 fields
Host Name – the variant of the domain name
Name of the destination domain name for the email
e.g. mail1. example.com
Priority Number – The lower the number the higher the priority. A sender of email will try to send to the location with the highest priority and if it is not available will send it to the next highest priority.
TTL – Time to Live in Seconds. Mine are set to one hour 3600. This controls how long each record is valid and — as a result — how long it takes for record updates to reach your end users. If the record is cached in another DNS server then if it is older than the TTL value it is refreshed from the source before the next use.
example.com mail. example.com 30 3600
mail. example.com mail. example.com 20 3600
smtp. example.com mail. example.com 10 3600
Configuration of Apache Web site software
For the Apache configuration see PiMyLifeUp - How to Setup a Raspberry Pi Apache Web Server
Apache can support several sites on the same server.
The normal place to store the default web site is /var/www, called document root.
If you are adding a web site it is normal to do it under var/www.
For example if your web site is www.example.com then you can use
var/www/example to store the web site example.com.
You can then simply copy your own web site to this directory and use it.
You will also have to set up
/etc/apache2/sites-available/example.com.conf
(remember to use your own web site name.)
First copy the 000-default.conf i.e.
sudo nano /etc/apache2/sites-available/example.com.conf
The changes you will need to make are:
change
DocumentRoot /var/www
change to
DocumentRoot /var/www/example
or whatever you have chosen as site name.
It is normal to use Servername as your site name so you will need to add or change it to something like
ServerName example.com
You will need to add any alias’ you want it to be recognised as for example something like
ServerAlias www.example.com
These changes have to be before the line
</VirtualHost>
Once the configuration file is updated then it must be moved to /etc/apache2/sites-enabled using the command similar to below
sudo a2ensite example.com
Then restart apache to get it recognized.
sudo systemctl restart apache2
If configuration is successful then normally typing in your site name to a web browser should bring up the web site.
If it does not appear then start looking at the errors from your web browser and the apache error log /var/log/apache2/error.log
If you need to change the .conf file to correct it then before you can enable it again you will need to disable it first with a command of the format
sudo a2dissite example.com
Note we have only so far configured the web site for http (Hypertext Transfer Protocol) which is not secure. To get https (HTTP with encryption and verification) we will need to add SSL certificates covered later.
mysql configuration
If you are using mysql on your web site then you will need to configure it as below. If not you can skip this step. You can use mysql to record information for your web site, for example visitor information, any data or information you need to store and share.
For mysql configuration assistance please see
PiMyLifeUp - Setup a Raspberry Pi MYSQL Database
After the installation above follow the instructions in the link above with the command below
sudo mysql_secure_installation
After this with phpmyadmin you should be able to gain access with browser with the server IP address and /phpmyadmin for example with command into a browser of the form
192.168.0.99/phpmyadmin
You should see the login screen and can login with the root password set up in the steps above. If it does not work you need to look at the error logs such as
/var/log/apache2/error.log
the access log
/var/log/apache2/access.log
You can also look at the raspberry pi system logs with journalctl. See the following links for information.
DigitalOcean - How To Use Journalctl to View and Manipulate Systemd Logs
loggly - Using journalctl
Once you have a functioning mysql then the next steps are to set up the databases and tables that you require and then any users used by your web site and set up the permissions needed. Most of this is easier to do through phpmyadmin.
Database and table set up
Databases can easily be set up manually in phpadmin. Go to home and click on new and follow the instructions.
Tables needed can also be set up manually. If you have a test system with the tables already created then you can use the export and import facilities to set them up on the new server. Normally they are exported as a series of sql commands to a text file and then imported. This has the added advantage that you can export and import data as well, not just the table structures. You will make mistakes to start with but the error messages are usually clear enough for you to fix your mistakes yourself.
User set up and access
Normally you have a user set up in the web site to access mysql. This user will require setting up and giving access to the tables which the web site accesses and updates. This can be done in phpmyadmin from Home, User Accounts, New. Generally it is self explanatory and if you get it wrong you will not be able to update or access the tables and it will be reported in the various logs such as apache error log.
Once the above is complete you should have a functioning web site in HTTP with any needed sql tables being accessed and updated. So for example similar to www.example.com should function.