stut-it Martin Stut - Information Technology Tailored to You
By Martin Stut, 2017-02-09
In this post, I’m describing what it takes to set up a website and a few email addresses, if your usual web hosting company won’t do it at a reasonable price. None of these steps are unusual, but it is nice to have them written down in one place, including working examples of the syntax. The target audience are IT technicians, who might end up doing this for several domains.
Usually, at least in the German market, all of this is done by the web hosting company. But recently I had the task to perform this not for a German, but for a Kyrgyz customer. Things do work different there. European hosting companies, if they offer .kg-domains at all, charge 180 to 270 USD per year just for the domain registration, while domain.kg does it for the equivalent of 37 USD per year. So I set out to do it on my own.
For reliability, all Internet domain names are required to be resolved by at least two different name servers. Make sure you have access to both of them. If not, get a small VPS (Virtual Private Server) from a provider like Hetzner or HostEurope. Details of getting a VPS are beyond the scope of this text.
In several places you need to enter numeric IP-Addresses. In this example I’m using ns2.example.net (9.8.7.6) for the primary (authoritative) name server and ns1.example.net (1.2.3.4) for the secondary name server.
Through an appropriate registrar, domain.kg in this case, “buy the domain”. You will need to specify the DNS names and IP addresses of the name servers. In the case I worked with, the customer did this on his own from within Kyrgyzstan.
Example IP-Address: 9.8.7.6
The server selected to become the primary name server is a VPS running Debian 7 Linux.
apt-get install bind9
zone "example.kg" {
type master;
file "/etc/bind/example.kg.hosts";
also-notify { 1.2.3.4; };
};
$ttl 38400
$origin example.kg.
@ SOA ns2.example.net. hostmaster.example.net. (
2017020300
21600
3600
604800
86400 )
@ NS ns2.example.net.
@ NS ns1.example.net.
@ A 9.8.7.6
www A 9.8.7.6
Example IP-Address: 1.2.3.4
apt-get install bind9
zone "example.kg" {
type slave;
file "/var/cache/bind/example.kg.hosts";
masters { 9.8.7.6; };
};
The tool of choice on Linux seems to be zonecheck (man page).
apt-get install zonecheck
zonecheck --ns ns2.example.net\;ns1.example.net example.kg
The backslash before the semicolon is important to avoid the shell misinterpreting the semicolon as and of command.Assuming apache2 is already installed.
adduser example
cd /home/example
mkdir public_html
chown example.www-data public_html
chmod 755 public_html
mkdir logs
chown example.www-data public_html
chmod 775 logs
This enables the webmaster to SFTP (FTP over SSH) into the web server and upload content. No FTP server software needed if you can SSH into the web server.
Create a dummy index.html web page and upload it to /home/example/public_html by FileZilla or equivalent, using the SFTP (FTP over SSH) protocol.
apt-get install apache2
/etc/apache2/sites-available
, copy 000-default.conf
to example.conf
and edit to suit your needs. Important directives include: ServerName www.example.kg
ServerAdmin webmaster@example.kg
DocumentRoot /home/example/public_html
<Directory /home/example/public_html/ >
Require all granted
</Directory>
ErrorLog /home/example/logs/error.log
CustomLog /home/example/logs/access.log combined
a2ensite example
Wait until the DNS entry has publicly spread.
Follow the instructions on https://certbot.eff.org/#debianjessie-apache
This creates and enables a new site example-le-ssl.conf in the Apache configuration.
Yes, letsencrypt is really that easy, if you are using a supported OS/web server pair.
This is the hardest part. I consider it out of reach of a less-than-full-time administrator to manage an SMTP server with reasonable spam filtering.
Options include:
In this case we decided to go with df.eu, as about a dozen mailboxes were needed.
DF’s hosting package turned out to be all we need, so I changed all the DNS records to point to df’s servers, let the customer change the domain’s DNS server to DF’s - and considered doing the steps described here as an exercise that won’t go into long term production.