| commit | author | age | ||
| 4cb0eb | 1 | Installation |
| T | 2 | ----------- |
| 3 | ||
| 9ba456 | 4 | # It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during |
| A | 5 | # setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse |
| 6 | # you can use whatever you prefer. You should be root for doing all of this. | |
| 4cb0eb | 7 | |
| 9ba456 | 8 | |
| A | 9 | # Check we have Fully Qualified Domain Name |
| 10 | ||
| 11 | /bin/hostname | |
| 12 | ||
| 13 | # it should return something like "ispconfig.example.com" | |
| f79001 | 14 | # if not, then we assign a hostname (for example ispconfig): |
| fdf891 | 15 | |
| F | 16 | echo ispconfig.example.com > /etc/hostname |
| 17 | ||
| 18 | vi /etc/hosts | |
| 4c9967 | 19 | |
| f79001 | 20 | # and add lines similar but appropriate: |
| 9ba456 | 21 | |
| fdf891 | 22 | 127.0.0.1 localhost.localdomain localhost |
| F | 23 | 192.168.0.100 ispconfig.example.com ispconfig |
| 24 | ||
| 4cb0eb | 25 | |
| T | 26 | |
| 9ba456 | 27 | # Some optional choices |
| A | 28 | |
| 29 | opt0.1) Optionally install SSH-server to get remote shell | |
| 30 | ||
| 31 | apt-get install ssh openssh-server | |
| 32 | ||
| f79001 | 33 | opt0.2) Optionally if you are not running in virtual machine you can set server clocksync via NTP. Virtual quests get this from the host. |
| 9ba456 | 34 | |
| A | 35 | apt-get install ntp ntpdate |
| 36 | ||
| 37 | ||
| 38 | ||
| f79001 | 39 | # Next is the real deal |
| 9ba456 | 40 | |
| 610bc7 | 41 | 1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): |
| 9ba456 | 42 | |
| 76dcb7 | 43 | apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils |
| 9ba456 | 44 | |
| A | 45 | # Answer the questions from the package manager as follows. |
| 4cb0eb | 46 | |
| T | 47 | Create directories for web-based administration ? <-- No |
| 48 | General type of configuration? <-- Internet site | |
| 49 | Mail name? <-- server1.mydomain.tld | |
| 50 | SSL certificate required <-- Ok | |
| 51 | ||
| 4c9967 | 52 | # ...use your own domain name of course ;) |
| 4cb0eb | 53 | |
| 9ba456 | 54 | |
| A | 55 | |
| 56 | # Edit the file /etc/mysql/my.cnf | |
| d4c9b3 | 57 | |
| T | 58 | vi /etc/mysql/my.cnf |
| 59 | ||
| 9ba456 | 60 | # and comment out the line |
| d4c9b3 | 61 | |
| T | 62 | bind-address = 127.0.0.1 |
| 63 | ||
| 9ba456 | 64 | # then restart mysql |
| d4c9b3 | 65 | |
| T | 66 | /etc/init.d/mysql restart |
| 67 | ||
| 9ba456 | 68 | # Set the mysql database password: |
| f79001 | 69 | # Again use your own domain name... |
| d4c9b3 | 70 | |
| T | 71 | mysqladmin -u root password yourrootsqlpassword |
| 72 | mysqladmin -h ispconfig.local -u root password yourrootsqlpassword | |
| 9ba456 | 73 | |
| d4c9b3 | 74 | |
| T | 75 | |
| 4cb0eb | 76 | 2) Install Amavisd-new, Spamassassin and Clamav (1 line!): |
| T | 77 | |
| ba66cd | 78 | apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl |
| 4cb0eb | 79 | |
| T | 80 | |
| 81 | ||
| f79001 | 82 | 3) Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!): |
| 4cb0eb | 83 | |
| b5f091 | 84 | apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt |
| 9ba456 | 85 | |
| A | 86 | |
| f79001 | 87 | # When phpMyAdmin is asking weather to configure itself automatically, select "Apache2" |
| 9ba456 | 88 | |
| A | 89 | # Then run the following to enable the Apache modules suexec, rewrite and ssl: |
| 90 | ||
| 9e356a | 91 | a2enmod suexec rewrite ssl actions |
| 9ba456 | 92 | |
| 4c9967 | 93 | # Secure phpMyAdmin by deleting setuppassword-file |
| A | 94 | # and removing/commenting Setup Authorization from apache.conf |
| 95 | ||
| 96 | rm /etc/phpmyadmin/htpasswd.setup | |
| 97 | ||
| 98 | vi /etc/phpmyadmin/apache.conf | |
| 99 | ||
| 100 | # delete/comment following lines (between the ----- lines): | |
| 101 | ------------------------------------------------------ | |
| 102 | # Authorize for setup | |
| 103 | <Files setup.php> | |
| 104 | # For Apache 1.3 and 2.0 | |
| 105 | <IfModule mod_auth.c> | |
| 106 | AuthType Basic | |
| 107 | AuthName "phpMyAdmin Setup" | |
| 108 | AuthUserFile /etc/phpmyadmin/htpasswd.setup | |
| 109 | </IfModule> | |
| 110 | # For Apache 2.2 | |
| 111 | <IfModule mod_authn_file.c> | |
| 112 | AuthType Basic | |
| 113 | AuthName "phpMyAdmin Setup" | |
| 114 | AuthUserFile /etc/phpmyadmin/htpasswd.setup | |
| 115 | </IfModule> | |
| 116 | Require valid-user | |
| 117 | </Files> | |
| 118 | ------------------------------------------------------ | |
| 119 | ||
| 120 | ||
| f79001 | 121 | opt3.1) Optionally install some image manipulation capabilities to make advanced web designers happy |
| 9ba456 | 122 | |
| A | 123 | apt-get install php5-imagick imagemagick |
| 124 | ||
| 4c9967 | 125 | # restart apache before continuing |
| 9ba456 | 126 | |
| 4c9967 | 127 | /etc/init.d/apache2 restart |
| A | 128 | |
| 4cb0eb | 129 | |
| T | 130 | 4) Install pure-ftpd and quota |
| 131 | ||
| 132 | apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool | |
| 133 | ||
| 9ba456 | 134 | # Edit the file /etc/default/pure-ftpd-common to change the start mode from "inetd" to "standalone". |
| af8f1b | 135 | |
| T | 136 | vi /etc/default/pure-ftpd-common |
| 137 | ||
| 9ba456 | 138 | # Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp. |
| A | 139 | # To do this, comment line starting like "ftp stream tcp" by adding "#"-sign in front of the line. |
| 3845f1 | 140 | |
| T | 141 | vi /etc/inetd.conf |
| 4fe973 | 142 | |
| 9ba456 | 143 | # Then execute: |
| af8f1b | 144 | |
| T | 145 | /etc/init.d/openbsd-inetd restart |
| 9ba456 | 146 | |
| af8f1b | 147 | |
| 4cb0eb | 148 | |
| T | 149 | 5) Install mydns |
| 150 | ||
| 777da7 | 151 | apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev |
| 4cb0eb | 152 | |
| 777da7 | 153 | cd /tmp |
| 76dcb7 | 154 | wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.15.tar.gz |
| A | 155 | tar xvfz mydns-1.2.8.15.tar.gz |
| 777da7 | 156 | cd mydns-1.2.8 |
| T | 157 | ./configure |
| 158 | make | |
| 159 | make install | |
| d4c9b3 | 160 | |
| 4c9967 | 161 | # Now create the start / stop script for mydns: |
| 4cb0eb | 162 | |
| 777da7 | 163 | vi /etc/init.d/mydns |
| T | 164 | |
| 4c9967 | 165 | # and enter the following lines (between the ----- lines): |
| 777da7 | 166 | |
| T | 167 | ------------------------------------------------------ |
| 168 | #! /bin/sh | |
| 169 | # | |
| 170 | # mydns Start the MyDNS server | |
| 171 | # | |
| 172 | # Author: Philipp Kern <phil@philkern.de>. | |
| 173 | # Based upon skeleton 1.9.4 by Miquel van Smoorenburg | |
| 174 | # <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>. | |
| 175 | # | |
| 176 | ||
| 177 | set -e | |
| 178 | ||
| 179 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
| 180 | DAEMON=/usr/local/sbin/mydns | |
| 181 | NAME=mydns | |
| 182 | DESC="DNS server" | |
| 183 | ||
| 184 | SCRIPTNAME=/etc/init.d/$NAME | |
| 185 | ||
| 186 | # Gracefully exit if the package has been removed. | |
| 187 | test -x $DAEMON || exit 0 | |
| 188 | ||
| 189 | case "$1" in | |
| 190 | start) | |
| 191 | echo -n "Starting $DESC: $NAME" | |
| 192 | start-stop-daemon --start --quiet \ | |
| 193 | --exec $DAEMON -- -b | |
| 194 | echo "." | |
| 195 | ;; | |
| 196 | stop) | |
| 197 | echo -n "Stopping $DESC: $NAME" | |
| 198 | start-stop-daemon --stop --oknodo --quiet \ | |
| 199 | --exec $DAEMON | |
| 200 | echo "." | |
| 201 | ;; | |
| 202 | reload|force-reload) | |
| 203 | echo -n "Reloading $DESC configuration..." | |
| 204 | start-stop-daemon --stop --signal HUP --quiet \ | |
| 205 | --exec $DAEMON | |
| 206 | echo "done." | |
| 207 | ;; | |
| 208 | restart) | |
| 209 | echo -n "Restarting $DESC: $NAME" | |
| 210 | start-stop-daemon --stop --quiet --oknodo \ | |
| 211 | --exec $DAEMON | |
| 212 | sleep 1 | |
| 213 | start-stop-daemon --start --quiet \ | |
| 214 | --exec $DAEMON -- -b | |
| 215 | echo "." | |
| 216 | ;; | |
| 217 | *) | |
| 218 | echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 | |
| 219 | exit 1 | |
| 220 | ;; | |
| 221 | esac | |
| 222 | ||
| 223 | exit 0 | |
| 224 | --------------------------------------------------------------------------- | |
| 225 | ||
| 4c9967 | 226 | # now execute: |
| 777da7 | 227 | |
| T | 228 | chmod +x /etc/init.d/mydns |
| 229 | update-rc.d mydns defaults | |
| 4cb0eb | 230 | |
| T | 231 | 6) Install vlogger and webalizer |
| 232 | ||
| 233 | apt-get install vlogger webalizer | |
| 234 | ||
| 235 | ||
| 236 | 7) Install ISPConfig 3 | |
| 237 | ||
| 4c9967 | 238 | # There are two possile scenarios, but not both: |
| 369a38 | 239 | 7.1) Install the latest released version |
| 4fe973 | 240 | 7.2) Install directly from SVN |
| 4cb0eb | 241 | |
| 6627a9 | 242 | 7.1) Installation of last version from tar.gz |
| 4cb0eb | 243 | |
| T | 244 | cd /tmp |
| bf50bc | 245 | wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz |
| T | 246 | tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz |
| 3fac98 | 247 | cd ispconfig3_install/install/ |
| 4cb0eb | 248 | |
| 4fe973 | 249 | 7.2) Installation from SVN |
| 4cb0eb | 250 | |
| T | 251 | apt-get install subversion |
| 252 | cd /tmp | |
| 253 | svn export svn://svn.ispconfig.org/ispconfig3/trunk/ | |
| 254 | cd trunk/install | |
| 255 | ||
| 256 | ||
| 4fe973 | 257 | 7.1+7.2) Now proceed with the ISPConfig installation. |
| 4cb0eb | 258 | |
| 4c9967 | 259 | # Now start the installation process by executing: |
| 4cb0eb | 260 | |
| T | 261 | php -q install.php |
| 262 | ||
| 4c9967 | 263 | # The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): |
| 4cb0eb | 264 | |
| T | 265 | http://192.168.0.100:8080/ |
| 266 | ||
| 4c9967 | 267 | # the default login is: |
| 4cb0eb | 268 | |
| T | 269 | user: admin |
| 270 | password: admin | |
| 271 | ||
| 4c9967 | 272 | # In case you get a permission denied error from apache, please restart the apache webserver process. |
| ba66cd | 273 | |
| 9ba456 | 274 | |
| A | 275 | |
| 276 | ---------------------------------------------------------------------------------------------------------- | |
| 3845f1 | 277 | Optional: |
| T | 278 | |
| 490039 | 279 | Install a webbased Email Client |
| 3845f1 | 280 | |
| T | 281 | apt-get install squirrelmail |
| 282 | ln -s /usr/share/squirrelmail/ /var/www/webmail | |
| 283 | ||
| 284 | Access squirrelmail: | |
| 285 | ||
| 286 | http://192.168.0.100/webmail | |
| 287 | ||
| 288 | ||
| 289 | To configure squirrelmail, run: | |
| 290 | ||
| 291 | /usr/sbin/squirrelmail-configure | |
| 292 | ||
| ba66cd | 293 | ---------------------------------------------------------------------------------------------------------- |
| T | 294 | |
| 295 | Hints: | |
| 296 | ||
| 297 | debian 4.0 under openvz: | |
| 298 | ||
| 8a6a58 | 299 | VPSID=101 |
| ba66cd | 300 | for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE |
| T | 301 | do |
| 302 | vzctl set $VPSID --capability ${CAP}:on --save | |
| 303 | done | |
| 46bf55 | 304 | |
| T | 305 | ---------------------------------------------------------------------------------------------------------- |
| 306 | ||
| 307 | Installing Jailkit: | |
| 308 | ||
| 309 | apt-get install build-essential autoconf automake1.9 libtool flex bison | |
| 310 | cd /tmp | |
| 311 | wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz | |
| 312 | tar xvfz jailkit-2.5.tar.gz | |
| 313 | cd jailkit-2.5 | |
| 314 | ./configure | |
| 315 | make | |
| 316 | make install | |
| 317 | rm -rf jailkit-2.5* | |
| 9ba456 | 318 | ---------------------------------------------------------------------------------------------------------- |
| 14716c | 319 | |
| f79001 | 320 | Optional recommended packages: |
| 14716c | 321 | |
| F | 322 | denyhosts - a utility to help sys admins thwart ssh crackers |
| f79001 | 323 | fail2ban - Like denyhosts but updates firewall rules to reject/drop the IP address and supports many more apps |
| 14716c | 324 | rsync - fast remote file copy program (for backup) |
