Sign in to follow this  
Evil Steve

Installing OpenBSD

Recommended Posts

So I'm a complete linux and BSD newbie. I've used Red Hat 8 and 9 for a total of about 6 months, most of that time was spent not using it because I was afraid of it. After talking to ravuya, I've decided to go for OpenBSD. This is for my server, which is mainly for running Apache+PHP, MySQL, SVN and my MMORPG server if I ever get it into a working state. I'll also be storing all my MP3s and videos on it, and using it as a file server. I have 2 IDE drives, one 60GB and one 250GB, and I'll be going for the AMD64 version when I get around to upgrading the hardware (that'll be done pre-install). OpenBSD can have all the space, I don't need it for anything else (No dual boot or anything like that). I'll want /home to be pretty huge (I'll probably aim to get it using all of the 250GB drive) The point in this post is, is there anything I should be aware of? With RedHat, I spent days trying to get the iptables set up (There's probably a couple of topics by me floating around this forum from a year or two ago), but I won't be needing them at all this time. With RedHat, I was using my server as a gateway, but I have a router now. Are there any common problems I should look out for, or anything else? Any suggestions on what partition sizes I should go for? My htdocs folder is currently 1.1GB, and my MySQL folder is currently 90MB, although both could get a fair bit larger. Cheers, Steve

Share this post


Link to post
Share on other sites
If you're really unfamilliar with it, I suggest you pick something else that OpenBSD. Don't get me wrong, it's a great OS, but not very kind to newbies. Maybe you'll fare better with a Suse server (great stuff) or something. I've been using Suse 9.2 at work as a server and I like it a lot. At home I have Ubuntu (as desktop, never used it as a server, rumored to be good but not great as a server) and Debian testing (same as OpenBSD. Great if you know you're way around *nix but not newb friendly and it's all commandline based on the server side).

Share this post


Link to post
Share on other sites
If you have a router, but want your server to serve your web pages to the world, is the router using port forwarding or DMZ to get the server visible to the world? Or do you have multiple static IP addresses?

Anyway, when you ask yourself "what partition sizes should I use" then you probably want to go with some logical disk management solution where you slice your disk into large chunks (128 MB chunks or something), and re-allocate them as necessar as disks grow.

I don't know the specifics about OpenBSD, but I've used LVM with Linux (a homegrown system that started out as some boot version of Mandrake) for a few years now (serving photos and MP3s over Samba, as well as my mail and web server), and it's worked fine. I additionally put it on RAID-1 using the built-in "md" RAID driver. I run ReiserFS on all the partitions. Boy was I happy I had RAID-1 when one of the drives actually died, and I could just get a replacement and keep trucking ;-) All in all, it's been extremely solid.

So, if you really want OpenBSD, go for it, but if you want security and reliability, you can do it on Linux, too.

Share this post


Link to post
Share on other sites
Quote:
Original post by hplus0603
So, if you really want OpenBSD, go for it, but if you want security and reliability, you can do it on Linux, too.


slackware makes a great server and is a bit easier to set up than obsd.

Share this post


Link to post
Share on other sites
If you want to learn about jailing go with openBSD, if you have no interest in that maybe some other *nix distro would do. But OpenBSD is great for learning a lot of security practices as it's set up with jails by default.

Share this post


Link to post
Share on other sites
I've been using OpenBSD for many years, and have done countless installs. Contrary to what most people will tell you (read "most Linux users will tell you"), OpenBSD installs are pretty easy. The OpenBSD installer is... spartan, but it does what it's supposed to. It won't pop up cartoon dogs if you do something wrong, so you have to know where you're headed.

First, READ READ READ. Read the OpenBSD installation FAQ, have it handy when you install. It will expect you to know certain things. Remember, OpenBSD is for competent people, there's no handholding. The same goes for asking questions in the OpenBSD community. Prepare to be flamed nearly to death if the answer is RTFM.

Be aware of the differences between "partition" and "slice", and how they may seem backwards. Plan your partitions ahead of time (looks like you're already doing that), so there are no surprises.

Remember that there are no binary updates to OpenBSD, you're expected to sync with the stable source tree and rebuild the system. This is not a problem, but it's certainly not "apt-get update; apt-get upgrade". Learn how to rebuild the system before you need to.

Buy a CD set! If you've been reading the news sites, they're having a financial crisis. Do your part if you use OpenBSD, or if you use OpenSSH (that's probably many, many people here, why aren't you donating?). Or buy a poster if you'd rather download. Or just donate.

As for the packet filtering, OpenBSD has the pf packet filter. It's extremely easy to use, powerful (not as lets-do-everything powerful as iptables, but has all the features you'll need), and you should probably be using it, even though you're not setting up a router.

Pick up a copy of Absolute OpenBSD from No Starch Press. It's written for an older version of OpenBSD, but OpenBSD development moves slowly, so 95% of everything in there probably still applies. And it's just a good book.

Do a dry run. Either in VMWare (if you have it), or on a real machine. Install it, run it, check it out. Make it do some things you'll want it to. Don't wait until crunch-time to find out you misunderstood something in the docs.

Hmm.. tons of things come to mind. OpenBSD is very good software, but this certainly isn't RedHat. You're expected to know what you're doing. But you're in luck, OpenBSD documentation is the best, and it's extremely well-maintained (a bug in the docs is treated with the same severity as a bug in the software).

If you need specific help, you can contact me directly. My email and google talk address is jonah.rowley@gmail.com.

Share this post


Link to post
Share on other sites
Thanks for all the help, I've decided to go with OpenBSD anyway, I'm installing it on a spare machine at the moment, so we'll see how it gets on.

Thanks again,
Steve

Share this post


Link to post
Share on other sites
Good luck!

And remember, do read the effing manual before you go ask questions on the OpenBSD forums/lists. You *will* get flamed if you don't.

Share this post


Link to post
Share on other sites
Quote:
Original post by hplus0603
If you have a router, but want your server to serve your web pages to the world, is the router using port forwarding or DMZ to get the server visible to the world? Or do you have multiple static IP addresses?
Multiple static IP addresses. I should perhaps play with the firewall anyway, but it's not a huge concern.

Quote:
Original post by hplus0603
Anyway, when you ask yourself "what partition sizes should I use" then you probably want to go with some logical disk management solution where you slice your disk into large chunks (128 MB chunks or something), and re-allocate them as necessar as disks grow.

I don't quite understand this. You mean I can just "append" disk space to any mount point? Or if I had, say 1GB allocated for /usr, I could allocate 5GB from my 8GB of free space, and mount that as /usr instead? Would that leave me with 4GB then, or is the initial 1GB only availiable in a 1GB chunk (I.e fragmented sort of)?

Assuming I allocate all the space as supposed to leaving chunks, do these values seem reasonable:

/ 500MB
/tmp 500MB
/var 5GB
/usr 10GB
/home 32GB
swap 2GB

That allocates 50GB in total, and I'll allocate the rest when the OS is installed. I won't be using /var/www, it'll be in /home/steve/www or something. I'll also probably mount /home/steve/mp3 and /home/steve/media or whatever as seperate mount points, so I can decide what drive to chuck them on.

Or is this a really bad idea? [smile]

Share this post


Link to post
Share on other sites
In my rather unenlightened experience, it's usually a good idea to keep www/ directories out of your home if possible, and just run your httpserver as a 'nobody' account in something like /home/nobody/www (unless your account will be a rather unprivileged one). Although it's mainly a security measure (ie. it can't use '..' by accident to access your home directory if somebody somehow finds a bug within your BSD system, or some such attack), it also helps, because I've found one's home directory tends to get very cluttered with your www/ in it, or, at least, mine does when I decide to do a quick fix by copying the original up into my home and fixing an error.

As for the media... everyone has their personal preferences. Mine's actually in /usr/local/share/music, because I think it could get annoying to umount/ built a script to filter out media directories whenever I need to backup $HOME.

Share this post


Link to post
Share on other sites
Quote:
Original post by crusadingknight
In my rather unenlightened experience, it's usually a good idea to keep www/ directories out of your home if possible, and just run your httpserver as a 'nobody' account in something like /home/nobody/www (unless your account will be a rather unprivileged one). Although it's mainly a security measure (ie. it can't use '..' by accident to access your home directory if somebody somehow finds a bug within your BSD system, or some such attack), it also helps, because I've found one's home directory tends to get very cluttered with your www/ in it, or, at least, mine does when I decide to do a quick fix by copying the original up into my home and fixing an error.


On OpenBSD, httpd runs unprived, in a chroot, with some serious protection from buffer overflows and such. Many of the buffer overflow protection mechanism you see implemented now in Linux or Windows were invented by OpenBSD developers, or first implemented and deployed by OpenBSD developers. Also, http docs are usually stored in /var on OpenBSD.

Share this post


Link to post
Share on other sites
Sign in to follow this