Install a real boinc server on ubuntu (breezy badger)

This howto will try to explain step by step how to install a boinc server on ubuntu.

Install Ubuntu

1. Get the ubuntu distribution and tip a CD, you can get the CD on http://www.ubuntu.com/download/. When the installation runs, write server (it will install only the minimum for the installation).
   
2. When you start Ubuntu you have some editors: nano pico, ... If you want to use a new one:
   

   sudo apt-get install emacs21
   

3. Now we set where the server will download packages, With your editor, edit the file /etc/apt/sources.list. You have to be logged as root to edit this file. In the file, comment the first line (with a #) and uncomment the lines where it defines the universe repository. Some hints are written on the file. It should be easy to modify.
4. Install ssh. We can the access from an other computer to the system.
   

   sudo apt-get install ssh

5. Now you have a small server that can be accessed from another computer.
   

Installing necessary stuff

In this step, we will install everything that can be used by boinc.

1. First we have to install gcc,g++, automake, autoconf,... These files will be used to compile boinc:
   

   sudo apt-get install gcc g++ automake1.9 autoconf make



2. Now, we install an apache server with mysql, with php and phpmyadmin, and openssl:
   

   sudo apt-get install phpmyadmin apache2 mysql-server
   libmysqlclient12-dev python-mysqldb php4-gd
   libapache2-mod-auth-mysql libssl-dev


You will certainly get an error when you want to add an avatar on the server: unknown function image antialias. Comment the line where it appears and it should be ok.

3. Modify the password of the mysql database. You can do it with phpmyadmin: go on $ip-adress/phpmyadmin and write as login root and without password. Then modify the password.


4. Go on /etc/apache2/apache2.conf and add the line:
   

   DefaultType application/octet-stream

   It will avoid getting all the time a signature verification error.
   


5. 
   Modify /etc/group in sort that apache2 runs as boincadm (or like as you want...). Replace
   

   www-data:x:33:

   with

   www-data:x:33:$admin

   
   
6. Add these two lines to the beginning of the apache start script (called apachectl, usually in /usr/sbin on linux):
   

   
   umask 2
   export umask
   



7. restart apache2:
   

   
   /etc/init.d/apache2 restart
   

   
   
8. We remove the database and put it into an other file, edit the file /etc/mysql/my.cnf and replace the line:
   

   datadir                = /var/lib/mysql
   

   
   with
   

   datadir                = mynewdir
   

   
   

Be sure that the user "mysql" has all access to this directory. Move the databases (they are in /var/lib/mysql):


sudo mv /var/lib/mysql/mydatabase mynewdir/


You have to restart mysql:


/etc/init.d/mysqld restart



9. Install CVS:
   

   sudo apt-get install cvs

Install Boinc

Okay, now let's start.

1. checkout the boinc server:
   

   cvs -d :pserver:anonymous:@alien.ssl.berkeley.edu:/home/cvs/cvsroot checkout -r stable boinc
   

   
   The boinc files will be installed in the boinc directory, you can put this directory where you want, let us just call this directory $boinc.


2. Go into the $boinc directory, and start _autosetup:
   

   ./_autosetup



3. Check that everything is okay and that we are going to install the server only:
   

   ./configure --disable-client 

   Everything should be okay, if you have some errors, you certainly forgot to install one element.
   


4. Compile it:
   

   make 

5. Install boinc:
   

   sudo make install

Create a project

1. First, we create keys... Go into a directory named keys and run:
   

   crypt_prog -genkey 1024 code_sign_private code_sign_public
   crypt_prog -genkey 1024 upload_private  upload_public
   

   It creates two 1024 bits keys
   


2. Then we create the project:
   

   
   tools/make_project
   --project_root <path>
   --db_user <database_user>
   --db_passwd <database_password>
   --key_dir <key_directory>
   --url_base <url_base>
   <short_name> <long_name>
   

   
   From now on the <path> will be called $project. It is within that are all the important files and <short_name> is now $project_name.
   


3. We have to configure apache2 in sort that it displays the website: copy the file $project/$project_name.httpd.conf in /etc/apaches/sites-available. symlink (the ln command)it in sites-enabled and restart apache:
   

   
   /etc/init.d/apache2 restart
   

   
   

Set the security

Theorically everything is fine, there remains one thing: remove access to ops for not authenticated users: We will do it with htaccess:

1. Create the directory $project usernames


2. Change the rights on it:
   

   
   chmod 711 usernames
   

   
   


3. Go in the directory and create a new user that will have access to the ops web page:
   

   
   htpasswd -c .htpasswd <your_name>
   

   
   


4. 
   It will create a file .htpasswd. You can remove entry within, or add new ones with
   

   
   htpasswd .htpasswd <your_name>
   

   
   without the "-c"
   


5. 
   In the same directory, create a file named ".htaccess". Deny access from the web: create a new file and write within:
   

   
   AuthGroupFile /dev/null
   AuthName "DO NOT think to access this file"
   AuthType Basic
   
   deny from all
   

   
   


6. Go in $project/html/ops and create a file .htaccess, We will give access only to people who are in the .htpasswd:
   



AuthName "administration access"
AuthUserFile PATH_TO_.HTPASSWD
AuthGroupFile /dev/null
AuthType Basic

<limit GET POST>
require valid-user
</Limit>



7. Now you are able to go to the main page without password. But if you want to go into the ops page, you have to give a password


8. You can now remove the protection in $project/html/ops/cancel_wu_action.php look of the string:
   

   
   if (1) {
   echo "
   WARNING! Make sure the html/ops directory is password-protected,
   then edit html/ops/cancel_wu_action.php by hand to remove this message.
   ";
   exit();
   }
   

   
   Invert the condition. You are now able to cancel workunits


9. We will now deny access to most of the ports:
   

   
   sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
   sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
   sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
   sudo iptables -A INPUT -j DROP
   

   
   In that case, only ssh,http and ssl are accessible from the outside and you can get some message from port 25.
   

Tuning your boinc server

This step will explain some hints to modify the look of the server and some other useless things:

1. Go into the file $project/html/project/project.inc. This file contains the constants used in the server: the url, the project name, ... Modify it.


2. you can see in the file that you can define the css file, the file is in $project/html/user/ . You should modify it to have the same colors as your site.
3. You have to change rights to different directories: $project/html/user_profile/images has to be apache read/write accesible.
4. The owner of $project/upload has to be apache
   

Setting the forum

Now, we will set the forum and the message boards.

1. Simply edit the file $project/html/ops/create_forums.php, and then run it into your server.
2. Install php-cli: It is the php command-line:
   

   
   sudo apt-get install php-cli
   

   
   


3. Edit the file /etc/php/php-cli/php.ini and uncomment the lines:
   

   
   ;extension=mysql.so
   ;extensio=gd.so
   

4. You can add all the extensions you need...
   


5. Edit $project/html/ops/update_profile_pages.php and $project/html/ops/update_uotd.php. In the first line: replace with the path to the php executable:
   

   
   #!/usr/local/bin/php
   

   
   becomes
   

   
   #!/usr/bin/php
   

   
   


6. 
   Now, create a small script:
   

   
   #!/bin/sh
   cd $project/html/ops;
   ./update_profile_pages.php
   ./update_uotd.php
   

   
   

Try to run the script to be sure it is running: You should have some warning...

7. 
   Create a cron job: Create a file and write within:
   

   
   5,10,15,20,25,30,35,40,45,50,55 * * * * $project/update.sh



8. You have to create some images in the directory $project/html/user/img/:head_20.png rate_negative.png unread_post.png and rate_positive.png

Create the project

Now, we will add a new application on the server. go into $project directory:

1. Copy the file $boinc/tools/project.xml into $project/project.xml


2. Modify the file, you add your application.


3. inform the server that some elements have been modified:
   

   
   bin/xadd
   

   
   


4. From now on, we will consider that $app is the application name, $version is the version number of your application and $platform the target platform.


5. Create a directory $app in $project/apps. Then a directory called $project/apps/$app/$app_$version_$platform


6. Put your executable and all the files in the new directory


7. Sign every file:
   

   
   crypt_prog -sign executable key > signature_file
   

   
   the signature_file should have the same name as the executable with an extension .sig.
   


8. Do the same for every other files that have to be sent.


9. Update Boinc:
   

   
   bin/update_versions
   



10. From now on, it depends on the generator, validator, assimilator you decide to use.