This is an Ubuntu 9.04 server setup, but could be used on older versions as well and Debian to probably.
There are many ways to setup such a server but this is My way.
I hope You at linuxtuts enjoy this, just Copy and Paste, and you'll be through in no time flat.
And please feel free to start a topic in the Linux section for any and all comments and questions. ( I will add or take away from this as I see fit )

Some of the features of this setup are..
1) Complete LAMP Stack ( apache, php, mysql, perl )
2) phpMyAdmin
3) Clamav
4) memcached And The PHP5 memcache Module
5) SSL-enabled
6) apache modules "suexec rewrite ssl actions include and deflate" enabled
7) vsftpd ( ftp server )
8) Awstats ( with added features )
9) Webmin ( Control Panel )
The Perfect Server Setup Continued, ( part II )
10) Mail Server with Dovecot and Postfix integration
11) TorrentFlux ( Your own SeedBox )
12) Moblock ( "Moblock" is an ipfilter / PeerGuardian 2 for "linux". )
13) Jinzora Media Server ( A powerful web based media streaming server )

Thank You linuxtuts.

NOTE : I use the nano editer. There are two commands you need to know to use this editer.
1) Ctrl+o ---------saves
2) Ctrl+x ---------exits the editer ( close it )
So always Ctrl+o and then Ctrl+x when your finished


And go ahead grab "SecureCRT®" shh client from Here . Its a must have !!! ( for me anyway, Putty and all the rest don't stand a chance with this shh client.


Plus you may want to look Here for some very useful TIPS/And Tricks before you start.

When You install Ubuntu Server when you come to software seletion only choose "openshh-server"



(You can as well enable the root login by running)
Code:
sudo passwd root
Configure The Network

Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.1.19):
Code:
nano /etc/network/interfaces
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto eth0
iface eth0 inet static
        address 192.168.1.19
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 255.255.255.0
        gateway 192.168.1.254
Then edit /etc/hosts.
Code:
nano /etc/hosts
Make it look like this:
Code:
127.0.0.1       localhost.localdomain   localhost
192.168.1.19   mail.b366alive.net    mail

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Now run
Code:
echo mail.b366alive.net > /etc/hostname
/etc/init.d/hostname.sh start
Then restart your network:
Code:
/etc/init.d/networking restart
Afterwards, run
Code:
hostname
hostname -f
Both should show mail.b366alive.net now.
Then run
Code:
aptitude update
to update the apt package database and
Code:
aptitude safe-upgrade
Change The Default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:
Code:
dpkg-reconfigure dash
"Install dash as /bin/sh? <-- No"
.................................................. ..............................

Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it. !!! ( FTW )
We can disable it like this:
Code:
/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils
REBOOT Your machine !!!

Lets install some software "All in one command", Fast quick and easy.

Code:
aptitude -y  install ssh openssh-server ntp ntpdate  mysql-client mysql-server  openssl  rkhunter binutils  clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl quota quotatool vlogger webalizer build-essential autoconf automake1.9 libtool flex bison fail2ban perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl memcached php5-memcache php5-dev subversion apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick libmail-mbox-messageparser-perl libgd-graph-perl spamassassin imagemagick libapache2-mod-suphp libgeo-ipfree-perl  vsftpd python-crypto
You will be asked the following questions:

"New password for the MySQL "root" user: <-- yourrootsqlpassword"
"Repeat password for the MySQL "root" user: <-- yourrootsqlpassword"
"Create directories for web-based administration? <-- No"
"Web server to reconfigure automatically: <-- apache2"
"Configure database for phpmyadmin with dbconfig-common? <-- Yes"
"Password of your database's administrative user: <-- yourrootsqlpassword"
"MySQL application password for phpmyadmin: <-- yourrootsqlpassword"
.................................................. ..............................

Then run the following command to enable the Apache modules suexec, rewrite, ssl, deflate actions, and include:
( You can either do it it like this, but I've found it doesn't always work, so I do it with the second command )
Code:
a2enmod suexec rewrite ssl actions include deflate
Code:
a2enmod rewrite;
a2enmod ssl;
a2enmod actions;
a2enmod include;
a2enmod deflate
Secure phpMyAdmin by deleting the /etc/phpmyadmin/htpasswd.setup file...
Code:
rm -f /etc/phpmyadmin/htpasswd.setup
... and remove or comment out the following section in /etc/phpmyadmin/apache.conf:
Code:
nano /etc/phpmyadmin/apache.conf
Code:
[...]
## Authorize for setup
#<Directory /usr/share/phpmyadmin/setup>
#    <IfModule mod_authn_file.c>
#    AuthType Basic
#    AuthName "phpMyAdmin Setup"
#    AuthUserFile /etc/phpmyadmin/htpasswd.setup
#    </IfModule>
#    Require valid-user
#</Directory>
[...]
Restart Apache afterwards:
Code:
/etc/init.d/apache2 restart
You can access your phpMyAdmin panel by going to
Code:
 http://yourserver.com/phpmyadmin or http://192.168.1.19/phpmyadmin

Use root and your mysql passwd to login.
.................................................. ....................

If You want to use "Quota" for your users you'll have to edit the /etc/fstab file ..( Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /): )
Code:
nano /etc/fstab
Here's mine
Code:
# /etc/fstab: static file system information.
#
# Use 'vol_id --uuid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# / was on /dev/mapper/VolGroup00-LogVol00 during installation
UUID=4c5883d6-2529-4858-87e8-34f83df86c3c /               ext4    relatime,errors=remount-ro,usrquota,grpquota 0       1
# /boot was on /dev/sda1 during installation
UUID=fd8f5097-c4e3-4ba1-8f42-70f127f57768 /boot           ext3    relatime        0       2
# swap was on /dev/mapper/VolGroup00-LogVol01 during installation
UUID=67f232eb-243d-424e-880c-9667845c0667 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
Code:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
Code:
quotacheck -avugm
quotaon -avug
.................................................. ............

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
Code:
nano /etc/mysql/my.cnf
Code:
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]
Then we restart MySQL:
Code:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
Code:
netstat -tap | grep mysql
The output should look like this:

root@mail:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 8474/mysqld
root@mail:~#
.................................................. ..............................

Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows
Code:
wget http://olivier.sessink.nl/jailkit/jailkit-2.7.tar.gz
tar xvfz jailkit-2.7.tar.gz
cd jailkit-2.7
./configure
make
make install
cd ..
rm -rf jailkit-2.7*
.................................................. ...............

OK, We already installed memcached And The PHP5 memcache Module. So lets test our settings.
Check PHP5's Current State...
To do this, we create the file info.php in our document root /var/www:
Code:
nano /var/www/info.php
Copy and paste this...
Code:
<?php
phpinfo();
?>
Afterwards, we call that file in a browser:
Code:
 http://192.168.1.19/info.php

As you see, we have PHP 5.2.0 installed...
Memcached should already be running. You can check that by typing
Code:
netstat -tap | grep memcached
Should look something like this...
server1:~# netstat -tap | grep memcached
tcp 0 0 localhost.localdo:11211 *:* LISTEN 3092/memcached
server1:~#

Now lets test memcache in our browser...
Code:
nano /var/www/memcachetest.php
Copy and Paste this...
Code:
<?php

$memcache = new Memcache;
$memcache->connect('localhost', 11211) or die ("Could not connect");

$version = $memcache->getVersion();
echo "Server's version: ".$version."<br/>\n";

$tmp_object = new stdClass;
$tmp_object->str_attr = 'test';
$tmp_object->int_attr = 123;

$memcache->set('key', $tmp_object, false, 10) or die ("Failed to save data at the server");
echo "Store data in the cache (data will expire in 10 seconds)<br/>\n";

$get_result = $memcache->get('key');
echo "Data from the cache:<br/>\n";

var_dump($get_result);

?>
Then I call that file in a browser
Code:
 http://192.168.1.19/memcachetest.php

.................................................. ..............................

Configureing Awstats...
Code:
nano /etc/apache2/awstats.conf
Copy and Paste this...
Code:
Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon/ "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
ScriptAlias /awstats/ /usr/lib/cgi-bin/
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Now that we define all the basic setting that will let us access the stats directly over http, we need to inform apache2 about this. Edit /etc/apache2/apache2.conf :
Code:
nano /etc/apache2/apache2.conf
and add the following line at the end of the file:
Code:
Include /etc/apache2/awstats.conf
Now, reload apache2:
Code:
/etc/init.d/apache2 reload
Ok, now you can give a first shot to
Code:
 http://www.mysite.org/awstats/awstats.pl
but you will get the following error:
Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats.

That basically means that we need to configure awstats.
Getting back to work...
On install, awstats provides a default configuration file named /etc/awstats/awstats.conf. Copy this file to /etc/awstats/awstats.www.mysite.org.conf mysite.org is an example, USE your own domain name )

Code:
cp /etc/awstats/awstats.conf /etc/awstats/awstats.www.mysite.org.conf
and edit the files: /etc/awstats/awstats.conf and /etc/awstats/awstats.www.mysite.org.conf by changing these parameters to look like this...
Code:
nano  /etc/awstats/awstats.conf
And
Code:
nano  /etc/awstats/awstats.www.mysite.org.conf
Code:
LogFile="/var/log/apache2/access.log"
SiteDomain="mysite.org"
AllowToUpdateStatsFromBrowser=1
Update your statistics with cron

In /etc/crontab add
Code:
nano  /etc/crontab
Code:
# update every 10 min
*/10 * * * * root /usr/lib/cgi-bin/awstats.pl -config=toto.com -update > /dev/null
Thats basically it, but if your smart you will carry on with me to improve country and city location information in your web analytics reports... ( FTW I know who and WHERE you are !!! )
Code:
cd  /tmp
Then lets get the packages..
Code:
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz
The do this
Code:
if [ ! -d /usr/local/share/GeoIP ]; then
     mkdir /usr/local/share/GeoIP
fi
Then....
Code:
mv GeoIP.dat.gz /usr/local/share/GeoIP/
gunzip /usr/local/share/GeoIP/GeoIP.dat.gz

mv GeoLiteCity.dat.gz /usr/local/share/GeoIP/
gunzip /usr/local/share/GeoIP/GeoLiteCity.dat.gz

 
mv GeoIPASNum.dat.gz /usr/local/share/GeoIP/
gunzip /usr/local/share/GeoIP/GeoIPASNum.dat.gz

mv GeoIPv6.dat.gz /usr/local/share/GeoIP/
gunzip /usr/local/share/GeoIP/GeoIPv6.dat.gz
Then we...
Code:
wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.6.tar.gz
tar -xvzf GeoIP-1.4.6.tar.gz 
 cd ./GeoIP-1.4.6
./configure
make
make check
sudo make install
Now lets install some Perl modules...
Run...
Code:
perl -MCPAN -e shell
Then lets upgrade CPAN
Code:
install CPAN
Code:
install Net::IP
Code:
install Net::DNS
Exit by...
Code:
quit
Now lets edit our " /etc/awstats/awstats.conf and /etc/awstats/awstats.www.mysite.org.conf " files again...By adding these lines to the "PLUGINS" section....
Code:
LoadPlugin="tooltips"
LoadPlugin="geoip GEOIP_STANDARD /usr/local/share/GeoIP/GeoIP.dat"
LoadPlugin="geoip_city_maxmind GEOIP_STANDARD /usr/local/share/GeoIP/GeoLiteCity.dat"
LoadPlugin="geoip_org_maxmind GEOIP_STANDARD /usr/local/share/GeoIP/GeoIPASNum.dat"
LoadPlugin="hostinfo"
Thats it people, go update awstats in your browser and see the difference.....
Go to awstats in your browser
Code:
 http://yourdomain.com/awstats/awstats.pl or http://192.168.1.19/awstats/awstats.pl

.................................................. ..............................

Configureing vsftpd..
These are some of your options here

ftpd_banner: Prints a welcome message when someone connects to the server.
listen: If enabled, vsftpd will run in standalone mode.
xferlog_enable: If enabled, a log file will store detailed uploads and downloads.
connect_from_port_20: This option controls whether PORT style data connections use port 20 on the server machine.
hide_ids: If enabled, all user and group info will be listed as "ftp".
max_client: Sets the maximum number of clients allowed to be connected. Only works in standalone mode.
max_per_ip: Sets the maximum number of clients allowed to be connected from the same IP address. Also, only works in standalone mode.
anon_root: Sets the directory which vsftpd will try to change into when an anonymous user logs in.
anonymous_enable: Enables or disables anonymous access. Use with caution.
anon_upload_enable: If enabled, anonymous users will be permitted to upload files.
anon_mkdir_write_enable: If enabled, anonymous users will be permitted to create new folders. However, for this option to work, your server needs to have the option anonymous upload enabled and the ftp *NIX user must write permissions on the parent directory.

Code:
nano /etc/vsftpd.conf
Add the following line (uncomment line) to the vsftpd configuration file:
Code:
local_enable=YES
Above config directive will allow local users to log in via ftp
If you would like to allow users to upload file, add the following to the file:
[code]write_enable=YES[/code]
For security you may restrict local users to their home directories. Add the following to the file:
Code:
chroot_local_user=YES
Save and close the file.
Restart vsftpd
Code:
/etc/init.d/vsftpd restart
login to your ftp server with
Code:
ftp://yourdomain.com or ftp://192.168.1.19

.................................................. ..............................

Install and Configureing Webmin, I like it better than cPanel myself...

Install and update Webmin via APT, edit the /etc/apt/sources.list file on your system and add the line : ( This is for ubuntu )
Code:
nano /etc/apt/sources.list
Code:
deb http://download.webmin.com/download/repository sarge contrib
You should also fetch and install my GPG key with which the repository is signed, with the commands :
Code:
cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
You will now be able to install with the commands :
Code:
apt-get update
apt-get -y install webmin
Now you can go to
Code:
 https://yoursite.com:10000 or https://192.168.1.19:10000
to access your server. ( Login with root and your passwd )

( Please note the cpu usage on My server ) Damn that boys good !!!

There are all kinds of modules for Webmin, but we are only going to install a couple... ( You install what you feel is nessary )
The two we are going to install are "vsftpd" and "wbmclamav"...
Look on the left side of Webmin and go to
1) Webmin
2) Webmin Configuration
In the "Webmin Configuration" section choose...
3) Webmin Modules
check " Third party module from" and hit the button at the end...
4) Search for wbmclamav
then hit install module. ( when you first run " wbmclamav", you will be required to backup your configuration.)
5) Repeat the proccess for the "vsftpd" module.
DONE !!! Now you have a GUI to scan all your files set it to run on a scedule etc.. ( What-ever you want )
You have complete control over every aspect of you server now through "Webmin"...

Continued Here
Enjoy.........

Peace.....................linuxtuts