| commit | author | age | ||
| 4cb0eb | 1 | Installation |
| T | 2 | ----------- |
| 3 | ||
| 9ba456 | 4 | # It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during |
| A | 5 | # setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse |
| 6 | # you can use whatever you prefer. You should be root for doing all of this. | |
| 4cb0eb | 7 | |
| 9ba456 | 8 | |
| A | 9 | # Check we have Fully Qualified Domain Name |
| 10 | ||
| 11 | /bin/hostname | |
| 12 | ||
| 13 | # it should return something like "ispconfig.example.com" | |
| f79001 | 14 | # if not, then we assign a hostname (for example ispconfig): |
| fdf891 | 15 | |
| F | 16 | echo ispconfig.example.com > /etc/hostname |
| 17 | ||
| 18 | vi /etc/hosts | |
| 4c9967 | 19 | |
| f79001 | 20 | # and add lines similar but appropriate: |
| 9ba456 | 21 | |
| fdf891 | 22 | 127.0.0.1 localhost.localdomain localhost |
| F | 23 | 192.168.0.100 ispconfig.example.com ispconfig |
| 24 | ||
| 4cb0eb | 25 | |
| T | 26 | |
| 9ba456 | 27 | # Some optional choices |
| A | 28 | |
| 29 | opt0.1) Optionally install SSH-server to get remote shell | |
| 30 | ||
| 31 | apt-get install ssh openssh-server | |
| 32 | ||
| f79001 | 33 | opt0.2) Optionally if you are not running in virtual machine you can set server clocksync via NTP. Virtual quests get this from the host. |
| 9ba456 | 34 | |
| A | 35 | apt-get install ntp ntpdate |
| 36 | ||
| 37 | ||
| 38 | ||
| f79001 | 39 | # Next is the real deal |
| 9ba456 | 40 | |
| 610bc7 | 41 | 1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): |
| 9ba456 | 42 | |
| 76dcb7 | 43 | apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils |
| 9ba456 | 44 | |
| A | 45 | # Answer the questions from the package manager as follows. |
| 4cb0eb | 46 | |
| T | 47 | Create directories for web-based administration ? <-- No |
| 48 | General type of configuration? <-- Internet site | |
| 49 | Mail name? <-- server1.mydomain.tld | |
| 50 | SSL certificate required <-- Ok | |
| 51 | ||
| 4c9967 | 52 | # ...use your own domain name of course ;) |
| 4cb0eb | 53 | |
| 9ba456 | 54 | |
| A | 55 | |
| 56 | # Edit the file /etc/mysql/my.cnf | |
| d4c9b3 | 57 | |
| T | 58 | vi /etc/mysql/my.cnf |
| 59 | ||
| 9ba456 | 60 | # and comment out the line |
| d4c9b3 | 61 | |
| T | 62 | bind-address = 127.0.0.1 |
| 63 | ||
| 9ba456 | 64 | # then restart mysql |
| d4c9b3 | 65 | |
| T | 66 | /etc/init.d/mysql restart |
| 67 | ||
| 4cb0eb | 68 | 2) Install Amavisd-new, Spamassassin and Clamav (1 line!): |
| T | 69 | |
| ba66cd | 70 | apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl |
| 4cb0eb | 71 | |
| T | 72 | |
| 73 | ||
| f79001 | 74 | 3) Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!): |
| 4cb0eb | 75 | |
| 2ce158 | 76 | apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick |
| 9ba456 | 77 | |
| A | 78 | |
| f79001 | 79 | # When phpMyAdmin is asking weather to configure itself automatically, select "Apache2" |
| 9ba456 | 80 | |
| A | 81 | # Then run the following to enable the Apache modules suexec, rewrite and ssl: |
| 82 | ||
| dab853 | 83 | a2enmod suexec rewrite ssl actions include |
| 9ba456 | 84 | |
| 4c9967 | 85 | # Secure phpMyAdmin by deleting setuppassword-file |
| A | 86 | # and removing/commenting Setup Authorization from apache.conf |
| 87 | ||
| 88 | rm /etc/phpmyadmin/htpasswd.setup | |
| 89 | ||
| 90 | vi /etc/phpmyadmin/apache.conf | |
| 91 | ||
| 92 | # delete/comment following lines (between the ----- lines): | |
| 93 | ------------------------------------------------------ | |
| 94 | # Authorize for setup | |
| 95 | <Files setup.php> | |
| 96 | # For Apache 1.3 and 2.0 | |
| 97 | <IfModule mod_auth.c> | |
| 98 | AuthType Basic | |
| 99 | AuthName "phpMyAdmin Setup" | |
| 100 | AuthUserFile /etc/phpmyadmin/htpasswd.setup | |
| 101 | </IfModule> | |
| 102 | # For Apache 2.2 | |
| 103 | <IfModule mod_authn_file.c> | |
| 104 | AuthType Basic | |
| 105 | AuthName "phpMyAdmin Setup" | |
| 106 | AuthUserFile /etc/phpmyadmin/htpasswd.setup | |
| 107 | </IfModule> | |
| 108 | Require valid-user | |
| 109 | </Files> | |
| 110 | ------------------------------------------------------ | |
| 111 | ||
| 112 | # restart apache before continuing | |
| 9ba456 | 113 | |
| 4c9967 | 114 | /etc/init.d/apache2 restart |
| A | 115 | |
| 4cb0eb | 116 | |
| T | 117 | 4) Install pure-ftpd and quota |
| 118 | ||
| 119 | apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool | |
| 120 | ||
| 2ce158 | 121 | # Edit the file /etc/default/pure-ftpd-common to change the start mode from "inetd" to "standalone" |
| T | 122 | and set VIRTUALCHROOT=true |
| af8f1b | 123 | |
| T | 124 | vi /etc/default/pure-ftpd-common |
| 125 | ||
| 9ba456 | 126 | # Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp. |
| A | 127 | # To do this, comment line starting like "ftp stream tcp" by adding "#"-sign in front of the line. |
| 3845f1 | 128 | |
| T | 129 | vi /etc/inetd.conf |
| 4fe973 | 130 | |
| 9ba456 | 131 | # Then execute: |
| af8f1b | 132 | |
| T | 133 | /etc/init.d/openbsd-inetd restart |
| 9ba456 | 134 | |
| af8f1b | 135 | |
| 4cb0eb | 136 | |
| T | 137 | 5) Install mydns |
| 138 | ||
| 777da7 | 139 | apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev |
| 4cb0eb | 140 | |
| 777da7 | 141 | cd /tmp |
| 2ce158 | 142 | wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz |
| T | 143 | tar xvfz mydns-1.2.8.25.tar.gz |
| 777da7 | 144 | cd mydns-1.2.8 |
| T | 145 | ./configure |
| 146 | make | |
| 147 | make install | |
| d4c9b3 | 148 | |
| 4c9967 | 149 | # Now create the start / stop script for mydns: |
| 4cb0eb | 150 | |
| 777da7 | 151 | vi /etc/init.d/mydns |
| T | 152 | |
| 4c9967 | 153 | # and enter the following lines (between the ----- lines): |
| 777da7 | 154 | |
| T | 155 | ------------------------------------------------------ |
| 156 | #! /bin/sh | |
| 157 | # | |
| 158 | # mydns Start the MyDNS server | |
| 159 | # | |
| 160 | # Author: Philipp Kern <phil@philkern.de>. | |
| 161 | # Based upon skeleton 1.9.4 by Miquel van Smoorenburg | |
| 162 | # <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>. | |
| 163 | # | |
| 164 | ||
| 165 | set -e | |
| 166 | ||
| 167 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
| 168 | DAEMON=/usr/local/sbin/mydns | |
| 169 | NAME=mydns | |
| 170 | DESC="DNS server" | |
| 171 | ||
| 172 | SCRIPTNAME=/etc/init.d/$NAME | |
| 173 | ||
| 174 | # Gracefully exit if the package has been removed. | |
| 175 | test -x $DAEMON || exit 0 | |
| 176 | ||
| 177 | case "$1" in | |
| 178 | start) | |
| 179 | echo -n "Starting $DESC: $NAME" | |
| 180 | start-stop-daemon --start --quiet \ | |
| 181 | --exec $DAEMON -- -b | |
| 182 | echo "." | |
| 183 | ;; | |
| 184 | stop) | |
| 185 | echo -n "Stopping $DESC: $NAME" | |
| 186 | start-stop-daemon --stop --oknodo --quiet \ | |
| 187 | --exec $DAEMON | |
| 188 | echo "." | |
| 189 | ;; | |
| 190 | reload|force-reload) | |
| 191 | echo -n "Reloading $DESC configuration..." | |
| 192 | start-stop-daemon --stop --signal HUP --quiet \ | |
| 193 | --exec $DAEMON | |
| 194 | echo "done." | |
| 195 | ;; | |
| 196 | restart) | |
| 197 | echo -n "Restarting $DESC: $NAME" | |
| 198 | start-stop-daemon --stop --quiet --oknodo \ | |
| 199 | --exec $DAEMON | |
| 200 | sleep 1 | |
| 201 | start-stop-daemon --start --quiet \ | |
| 202 | --exec $DAEMON -- -b | |
| 203 | echo "." | |
| 204 | ;; | |
| 205 | *) | |
| 206 | echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 | |
| 207 | exit 1 | |
| 208 | ;; | |
| 209 | esac | |
| 210 | ||
| 211 | exit 0 | |
| 212 | --------------------------------------------------------------------------- | |
| 213 | ||
| 4c9967 | 214 | # now execute: |
| 777da7 | 215 | |
| T | 216 | chmod +x /etc/init.d/mydns |
| 217 | update-rc.d mydns defaults | |
| 4cb0eb | 218 | |
| T | 219 | 6) Install vlogger and webalizer |
| 220 | ||
| 221 | apt-get install vlogger webalizer | |
| 222 | ||
| 476a60 | 223 | 7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users) |
| 4cb0eb | 224 | |
| 476a60 | 225 | apt-get install build-essential autoconf automake1.9 libtool flex bison |
| V | 226 | cd /tmp |
| 227 | wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz | |
| 228 | tar xvfz jailkit-2.5.tar.gz | |
| 229 | cd jailkit-2.5 | |
| 230 | ./configure | |
| 231 | make | |
| 232 | make install | |
| 2ce158 | 233 | cd .. |
| 476a60 | 234 | rm -rf jailkit-2.5* |
| V | 235 | |
| 236 | 8) Install fail2ban (optional but recomended, because the monitor tries to show the log) | |
| 237 | More info at: http://www.howtoforge.com/fail2ban_debian_etch | |
| 238 | ||
| 239 | apt-get install fail2ban | |
| 240 | ||
| 241 | 9) Install ISPConfig 3 | |
| 4cb0eb | 242 | |
| 4c9967 | 243 | # There are two possile scenarios, but not both: |
| 476a60 | 244 | 9.1) Install the latest released version |
| V | 245 | 9.2) Install directly from SVN |
| 4cb0eb | 246 | |
| 476a60 | 247 | 9.1) Installation of last version from tar.gz |
| 4cb0eb | 248 | |
| T | 249 | cd /tmp |
| 2ce158 | 250 | wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.9-rc2.tar.gz |
| T | 251 | tar xvfz ISPConfig-3.0.0.9-rc2.tar.gz |
| 3fac98 | 252 | cd ispconfig3_install/install/ |
| 4cb0eb | 253 | |
| 476a60 | 254 | 9.2) Installation from SVN |
| 4cb0eb | 255 | |
| T | 256 | apt-get install subversion |
| 257 | cd /tmp | |
| 258 | svn export svn://svn.ispconfig.org/ispconfig3/trunk/ | |
| 259 | cd trunk/install | |
| 260 | ||
| 261 | ||
| 476a60 | 262 | 9.1+9.2) Now proceed with the ISPConfig installation. |
| 4cb0eb | 263 | |
| 4c9967 | 264 | # Now start the installation process by executing: |
| 4cb0eb | 265 | |
| T | 266 | php -q install.php |
| 267 | ||
| 4c9967 | 268 | # The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): |
| 4cb0eb | 269 | |
| T | 270 | http://192.168.0.100:8080/ |
| 271 | ||
| 4c9967 | 272 | # the default login is: |
| 4cb0eb | 273 | |
| T | 274 | user: admin |
| 275 | password: admin | |
| 276 | ||
| 4c9967 | 277 | # In case you get a permission denied error from apache, please restart the apache webserver process. |
| ba66cd | 278 | |
| 9ba456 | 279 | |
| A | 280 | |
| 281 | ---------------------------------------------------------------------------------------------------------- | |
| 3845f1 | 282 | Optional: |
| T | 283 | |
| 490039 | 284 | Install a webbased Email Client |
| 3845f1 | 285 | |
| T | 286 | apt-get install squirrelmail |
| 287 | ln -s /usr/share/squirrelmail/ /var/www/webmail | |
| 288 | ||
| 289 | Access squirrelmail: | |
| 290 | ||
| 291 | http://192.168.0.100/webmail | |
| 292 | ||
| 293 | ||
| 294 | To configure squirrelmail, run: | |
| 295 | ||
| 296 | /usr/sbin/squirrelmail-configure | |
| 297 | ||
| ba66cd | 298 | ---------------------------------------------------------------------------------------------------------- |
| T | 299 | |
| 300 | Hints: | |
| 301 | ||
| 302 | debian 4.0 under openvz: | |
| 303 | ||
| 8a6a58 | 304 | VPSID=101 |
| ba66cd | 305 | for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE |
| T | 306 | do |
| 307 | vzctl set $VPSID --capability ${CAP}:on --save | |
| 308 | done | |
| 46bf55 | 309 | |
| T | 310 | ---------------------------------------------------------------------------------------------------------- |
| 311 | ||
| 14716c | 312 | |
| f79001 | 313 | Optional recommended packages: |
| 14716c | 314 | |
| F | 315 | denyhosts - a utility to help sys admins thwart ssh crackers |
| 316 | rsync - fast remote file copy program (for backup) | |
