commit | author | age
|
949e7e
|
1 |
Installation |
T |
2 |
----------- |
|
3 |
|
|
4 |
# It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during |
|
5 |
# setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse |
|
6 |
# you can use whatever you prefer. You should be root for doing all of this. |
|
7 |
|
|
8 |
|
|
9 |
# Check we have Fully Qualified Domain Name |
|
10 |
|
|
11 |
/bin/hostname |
|
12 |
|
|
13 |
# it should return something like "ispconfig.example.com" |
|
14 |
# if not, then we assign a hostname (for example ispconfig): |
|
15 |
|
|
16 |
echo ispconfig.example.com > /etc/hostname |
|
17 |
|
|
18 |
vi /etc/hosts |
|
19 |
|
|
20 |
# and add lines similar but appropriate: |
|
21 |
|
|
22 |
127.0.0.1 localhost.localdomain localhost |
|
23 |
192.168.0.100 ispconfig.example.com ispconfig |
|
24 |
|
|
25 |
|
|
26 |
|
|
27 |
# Some optional choices |
|
28 |
|
|
29 |
opt0.1) Optionally install SSH-server to get remote shell |
|
30 |
|
|
31 |
apt-get install ssh openssh-server |
|
32 |
|
|
33 |
opt0.2) Optionally if you are not running in virtual machine you can set server clocksync via NTP. Virtual quests get this from the host. |
|
34 |
|
|
35 |
apt-get install ntp ntpdate |
|
36 |
|
|
37 |
|
|
38 |
|
|
39 |
# Next is the real deal |
|
40 |
|
|
41 |
1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): |
|
42 |
|
|
43 |
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils |
|
44 |
|
|
45 |
# Answer the questions from the package manager as follows. |
|
46 |
|
|
47 |
Create directories for web-based administration ? <-- No |
|
48 |
General type of configuration? <-- Internet site |
|
49 |
Mail name? <-- server1.mydomain.tld |
|
50 |
SSL certificate required <-- Ok |
|
51 |
|
|
52 |
# ...use your own domain name of course ;) |
|
53 |
|
|
54 |
|
|
55 |
|
|
56 |
# Edit the file /etc/mysql/my.cnf |
|
57 |
|
|
58 |
vi /etc/mysql/my.cnf |
|
59 |
|
|
60 |
# and comment out the line |
|
61 |
|
|
62 |
bind-address = 127.0.0.1 |
|
63 |
|
|
64 |
# then restart mysql |
|
65 |
|
|
66 |
/etc/init.d/mysql restart |
|
67 |
|
|
68 |
2) Install Amavisd-new, Spamassassin and Clamav (1 line!): |
|
69 |
|
|
70 |
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl |
|
71 |
|
|
72 |
|
|
73 |
|
|
74 |
3) Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!): |
|
75 |
|
|
76 |
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby |
|
77 |
|
|
78 |
|
|
79 |
# When phpMyAdmin is asking weather to configure itself automatically, select "Apache2" |
|
80 |
|
|
81 |
# Then run the following to enable the Apache modules suexec, rewrite and ssl: |
|
82 |
|
|
83 |
a2enmod suexec rewrite ssl actions include |
|
84 |
|
|
85 |
# Secure phpMyAdmin by deleting setuppassword-file |
|
86 |
# and removing/commenting Setup Authorization from apache.conf |
|
87 |
|
|
88 |
rm /etc/phpmyadmin/htpasswd.setup |
|
89 |
|
|
90 |
vi /etc/phpmyadmin/apache.conf |
|
91 |
|
|
92 |
# delete/comment following lines (between the ----- lines): |
|
93 |
------------------------------------------------------ |
|
94 |
# Authorize for setup |
|
95 |
<Files setup.php> |
|
96 |
# For Apache 1.3 and 2.0 |
|
97 |
<IfModule mod_auth.c> |
|
98 |
AuthType Basic |
|
99 |
AuthName "phpMyAdmin Setup" |
|
100 |
AuthUserFile /etc/phpmyadmin/htpasswd.setup |
|
101 |
</IfModule> |
|
102 |
# For Apache 2.2 |
|
103 |
<IfModule mod_authn_file.c> |
|
104 |
AuthType Basic |
|
105 |
AuthName "phpMyAdmin Setup" |
|
106 |
AuthUserFile /etc/phpmyadmin/htpasswd.setup |
|
107 |
</IfModule> |
|
108 |
Require valid-user |
|
109 |
</Files> |
|
110 |
------------------------------------------------------ |
|
111 |
|
|
112 |
# restart apache before continuing |
|
113 |
|
|
114 |
/etc/init.d/apache2 restart |
|
115 |
|
|
116 |
|
|
117 |
4) Install pure-ftpd and quota |
|
118 |
|
|
119 |
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool |
|
120 |
|
|
121 |
# Edit the file /etc/default/pure-ftpd-common to change the start mode from "inetd" to "standalone" |
|
122 |
and set VIRTUALCHROOT=true |
|
123 |
|
|
124 |
vi /etc/default/pure-ftpd-common |
|
125 |
|
|
126 |
# Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp. |
|
127 |
# To do this, comment line starting like "ftp stream tcp" by adding "#"-sign in front of the line. |
|
128 |
|
|
129 |
vi /etc/inetd.conf |
|
130 |
|
|
131 |
# Then execute: |
|
132 |
|
|
133 |
/etc/init.d/openbsd-inetd restart |
|
134 |
|
|
135 |
# Some additional settings for pureftpd |
|
136 |
|
|
137 |
echo 'yes' > /etc/pure-ftpd/conf/DontResolve |
|
138 |
|
|
139 |
# Enable TLS in pureftpd |
|
140 |
echo 1 > /etc/pure-ftpd/conf/TLS |
|
141 |
mkdir -p /etc/ssl/private/ |
|
142 |
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem |
|
143 |
chmod 600 /etc/ssl/private/pure-ftpd.pem |
|
144 |
|
|
145 |
|
|
146 |
# Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /): |
|
147 |
|
|
148 |
vi /etc/fstab |
|
149 |
|
|
150 |
---------------------------------------------------------------------------------------------- |
|
151 |
# /etc/fstab: static file system information. |
|
152 |
# |
|
153 |
# <file system> <mount point> <type> <options> <dump> <pass> |
|
154 |
proc /proc proc defaults 0 0 |
|
155 |
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1 |
|
156 |
/dev/sda5 none swap sw 0 0 |
|
157 |
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 |
|
158 |
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 |
|
159 |
---------------------------------------------------------------------------------------------- |
|
160 |
|
|
161 |
# To enable quota, run these commands: |
|
162 |
|
|
163 |
touch /quota.user /quota.group |
|
164 |
chmod 600 /quota.* |
|
165 |
mount -o remount / |
|
166 |
quotacheck -avugm |
|
167 |
quotaon -avug |
|
168 |
|
|
169 |
|
|
170 |
5) Install mydns |
|
171 |
|
|
172 |
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev |
|
173 |
|
|
174 |
cd /tmp |
|
175 |
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz |
|
176 |
tar xvfz mydns-1.2.8.25.tar.gz |
|
177 |
cd mydns-1.2.8 |
|
178 |
./configure |
|
179 |
make |
|
180 |
make install |
|
181 |
|
|
182 |
# Now create the start / stop script for mydns: |
|
183 |
|
|
184 |
vi /etc/init.d/mydns |
|
185 |
|
|
186 |
# and enter the following lines (between the ----- lines): |
|
187 |
|
|
188 |
------------------------------------------------------ |
|
189 |
#! /bin/sh |
|
190 |
# |
|
191 |
# mydns Start the MyDNS server |
|
192 |
# |
|
193 |
# Author: Philipp Kern <phil@philkern.de>. |
|
194 |
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg |
|
195 |
# <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>. |
|
196 |
# |
|
197 |
|
|
198 |
set -e |
|
199 |
|
|
200 |
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
201 |
DAEMON=/usr/local/sbin/mydns |
|
202 |
NAME=mydns |
|
203 |
DESC="DNS server" |
|
204 |
|
|
205 |
SCRIPTNAME=/etc/init.d/$NAME |
|
206 |
|
|
207 |
# Gracefully exit if the package has been removed. |
|
208 |
test -x $DAEMON || exit 0 |
|
209 |
|
|
210 |
case "$1" in |
|
211 |
start) |
|
212 |
echo -n "Starting $DESC: $NAME" |
|
213 |
start-stop-daemon --start --quiet \ |
|
214 |
--exec $DAEMON -- -b |
|
215 |
echo "." |
|
216 |
;; |
|
217 |
stop) |
|
218 |
echo -n "Stopping $DESC: $NAME" |
|
219 |
start-stop-daemon --stop --oknodo --quiet \ |
|
220 |
--exec $DAEMON |
|
221 |
echo "." |
|
222 |
;; |
|
223 |
reload|force-reload) |
|
224 |
echo -n "Reloading $DESC configuration..." |
|
225 |
start-stop-daemon --stop --signal HUP --quiet \ |
|
226 |
--exec $DAEMON |
|
227 |
echo "done." |
|
228 |
;; |
|
229 |
restart) |
|
230 |
echo -n "Restarting $DESC: $NAME" |
|
231 |
start-stop-daemon --stop --quiet --oknodo \ |
|
232 |
--exec $DAEMON |
|
233 |
sleep 1 |
|
234 |
start-stop-daemon --start --quiet \ |
|
235 |
--exec $DAEMON -- -b |
|
236 |
echo "." |
|
237 |
;; |
|
238 |
*) |
|
239 |
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 |
|
240 |
exit 1 |
|
241 |
;; |
|
242 |
esac |
|
243 |
|
|
244 |
exit 0 |
|
245 |
--------------------------------------------------------------------------- |
|
246 |
|
|
247 |
# now execute: |
|
248 |
|
|
249 |
chmod +x /etc/init.d/mydns |
|
250 |
update-rc.d mydns defaults |
|
251 |
|
|
252 |
6) Install vlogger and webalizer |
|
253 |
|
|
254 |
apt-get install vlogger webalizer |
|
255 |
|
|
256 |
Change the following line in /etc/webalizer.conf from |
|
257 |
|
|
258 |
#Incremental no |
|
259 |
|
|
260 |
to |
|
261 |
|
|
262 |
Incremental yes |
|
263 |
|
|
264 |
7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users) |
|
265 |
|
|
266 |
apt-get install build-essential autoconf automake1.9 libtool flex bison |
|
267 |
cd /tmp |
|
268 |
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz |
|
269 |
tar xvfz jailkit-2.5.tar.gz |
|
270 |
cd jailkit-2.5 |
|
271 |
./configure |
|
272 |
make |
|
273 |
make install |
|
274 |
cd .. |
|
275 |
rm -rf jailkit-2.5* |
|
276 |
|
|
277 |
8) Install fail2ban (optional but recomended, because the monitor tries to show the log) |
|
278 |
More info at: http://www.howtoforge.com/fail2ban_debian_etch |
|
279 |
|
|
280 |
apt-get install fail2ban |
|
281 |
|
|
282 |
9) Install ISPConfig 3 |
|
283 |
|
|
284 |
# There are two possile scenarios, but not both: |
|
285 |
9.1) Install the latest released version |
|
286 |
9.2) Install directly from SVN |
|
287 |
|
|
288 |
9.1) Installation of last version from tar.gz |
|
289 |
|
|
290 |
cd /tmp |
|
291 |
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.9-rc2.tar.gz |
|
292 |
tar xvfz ISPConfig-3.0.0.9-rc2.tar.gz |
|
293 |
cd ispconfig3_install/install/ |
|
294 |
|
|
295 |
9.2) Installation from SVN |
|
296 |
|
|
297 |
apt-get install subversion |
|
298 |
cd /tmp |
|
299 |
svn export svn://svn.ispconfig.org/ispconfig3/trunk/ |
|
300 |
cd trunk/install |
|
301 |
|
|
302 |
|
|
303 |
9.1+9.2) Now proceed with the ISPConfig installation. |
|
304 |
|
|
305 |
# Now start the installation process by executing: |
|
306 |
|
|
307 |
php -q install.php |
|
308 |
|
|
309 |
# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): |
|
310 |
|
|
311 |
http://192.168.0.100:8080/ |
|
312 |
|
|
313 |
# the default login is: |
|
314 |
|
|
315 |
user: admin |
|
316 |
password: admin |
|
317 |
|
|
318 |
# In case you get a permission denied error from apache, please restart the apache webserver process. |
|
319 |
|
|
320 |
|
|
321 |
|
|
322 |
---------------------------------------------------------------------------------------------------------- |
|
323 |
Optional: |
|
324 |
|
|
325 |
Install a webbased Email Client |
|
326 |
|
|
327 |
apt-get install squirrelmail |
|
328 |
ln -s /usr/share/squirrelmail/ /var/www/webmail |
|
329 |
|
|
330 |
Access squirrelmail: |
|
331 |
|
|
332 |
http://192.168.0.100/webmail |
|
333 |
|
|
334 |
|
|
335 |
To configure squirrelmail, run: |
|
336 |
|
|
337 |
/usr/sbin/squirrelmail-configure |
|
338 |
|
|
339 |
---------------------------------------------------------------------------------------------------------- |
|
340 |
|
|
341 |
Hints: |
|
342 |
|
|
343 |
debian 5.0 under openvz: |
|
344 |
|
|
345 |
VPSID=101 |
|
346 |
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE |
|
347 |
do |
|
348 |
vzctl set $VPSID --capability ${CAP}:on --save |
|
349 |
done |
|
350 |
|
|
351 |
---------------------------------------------------------------------------------------------------------- |
|
352 |
|
|
353 |
|
|
354 |
Optional recommended packages: |
|
355 |
|
|
356 |
denyhosts - a utility to help sys admins thwart ssh crackers |
|
357 |
rsync - fast remote file copy program (for backup) |
|
358 |
|
|
359 |
----------------------------------------------------------------------------------------------------------- |
|
360 |
|
|
361 |
Possible errors and their solutions |
|
362 |
------------------------------------ |
|
363 |
|
|
364 |
pureftpd login does not work. Take a look at the syslog, if you find an error message like this: |
|
365 |
Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given |
|
366 |
|
|
367 |
then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands: |
|
368 |
|
|
369 |
echo 'yes' > /etc/pure-ftpd/conf/DontResolve |
|
370 |
/etc/init.d/pure-ftpd-mysql restart |
|
371 |
|
|
372 |
|
|
373 |
|
|
374 |
|
|
375 |
|
|
376 |
|