| commit | author | age | ||
| 787032 | 1 | Installation |
| J | 2 | ------------- |
| 7aa134 | 3 | |
| 787032 | 4 | # It is recommended to use a clean (fresh) Debian Lenny install where you just selected "Standard System" at the package selection during |
| J | 5 | # setup (tasksel). Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as text editor, but |
| f38a6d | 6 | # you can use whatever you prefer. You should be root for doing all of this. |
| T | 7 | |
| 8 | ||
| 9 | # Check we have Fully Qualified Domain Name | |
| 10 | ||
| 11 | /bin/hostname | |
| 12 | ||
| 13 | # it should return something like "ispconfig.example.com" | |
| 14 | # if not, then we assign a hostname (for example ispconfig): | |
| 15 | ||
| 16 | echo ispconfig.example.com > /etc/hostname | |
| 17 | ||
| 18 | vi /etc/hosts | |
| 19 | ||
| 20 | # and add lines similar but appropriate: | |
| 21 | ||
| 22 | 127.0.0.1 localhost.localdomain localhost | |
| 23 | 192.168.0.100 ispconfig.example.com ispconfig | |
| 24 | ||
| 1a0b51 | 25 | # Run: |
| T | 26 | |
| 27 | /etc/init.d/hostname.sh | |
| 28 | ||
| 787032 | 29 | # enable the Debian Volatile repository to get an updated ClamAV version |
| 1a0b51 | 30 | |
| 787032 | 31 | echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list.d/volatile.list |
| 1a0b51 | 32 | apt-get update |
| f38a6d | 33 | |
| T | 34 | # Some optional choices |
| 35 | ||
| 36 | opt0.1) Optionally install SSH-server to get remote shell | |
| 37 | ||
| 787032 | 38 | apt-get install openssh-server |
| f38a6d | 39 | |
| 787032 | 40 | opt0.2) Optionally, if you are not running inside a virtual machine, you can set server clocksync via NTP. Virtual guests get this from the host. |
| f38a6d | 41 | |
| 787032 | 42 | apt-get -y install ntp ntpdate |
| f38a6d | 43 | |
| 97deaf | 44 | opt0.3) Optionally if you want vi editor improvement |
| F | 45 | |
| 0ca0b8 | 46 | apt-get -y install vim-nox |
| f38a6d | 47 | |
| T | 48 | |
| 49 | # Next is the real deal | |
| 50 | ||
| 51 | 1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): | |
| 52 | ||
| 0ca0b8 | 53 | apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils |
| f38a6d | 54 | |
| T | 55 | # Answer the questions from the package manager as follows. |
| 56 | ||
| 57 | Create directories for web-based administration ? <-- No | |
| 58 | General type of configuration? <-- Internet site | |
| 59 | Mail name? <-- server1.mydomain.tld | |
| 60 | SSL certificate required <-- Ok | |
| 61 | ||
| 62 | # ...use your own domain name of course ;) | |
| 63 | ||
| 64 | ||
| 65 | ||
| 66 | # Edit the file /etc/mysql/my.cnf | |
| 67 | ||
| 68 | vi /etc/mysql/my.cnf | |
| 69 | ||
| 67b7aa | 70 | # and change the line: |
| f38a6d | 71 | |
| T | 72 | bind-address = 127.0.0.1 |
| 67b7aa | 73 | |
| T | 74 | to: |
| 75 | ||
| 76 | #bind-address = 127.0.0.1 | |
| f38a6d | 77 | |
| T | 78 | # then restart mysql |
| 79 | ||
| 80 | /etc/init.d/mysql restart | |
| 81 | ||
| 787032 | 82 | 2) Install Amavisd-new, Spamassassin and ClamAV (1 line!): |
| f38a6d | 83 | |
| fb5ebb | 84 | apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl sudo |
| f38a6d | 85 | |
| 67b7aa | 86 | # During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates... |
| T | 87 | |
| 88 | cd /etc/courier | |
| 89 | rm -f /etc/courier/imapd.pem | |
| 90 | rm -f /etc/courier/pop3d.pem | |
| 91 | ||
| 92 | # ... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary): | |
| 93 | ||
| 94 | vi /etc/courier/imapd.cnf | |
| 95 | ||
| 96 | [...] | |
| 97 | CN=server1.example.com | |
| 98 | [...] | |
| 99 | ||
| 100 | vi /etc/courier/pop3d.cnf | |
| 101 | ||
| 102 | [...] | |
| 103 | CN=server1.example.com | |
| 104 | [...] | |
| 105 | ||
| 106 | # Then recreate the certificates... | |
| 107 | ||
| 108 | mkimapdcert | |
| 109 | mkpop3dcert | |
| 110 | ||
| 111 | # ... and restart Courier-IMAP-SSL and Courier-POP3-SSL: | |
| 112 | ||
| 113 | /etc/init.d/courier-imap-ssl restart | |
| 114 | /etc/init.d/courier-pop-ssl restart | |
| f38a6d | 115 | |
| T | 116 | |
| 787032 | 117 | 3) Install Apache, PHP5, PhpMyAdmin, better fastCGI, suexec, Pear and mcrypt (1 line!): |
| f38a6d | 118 | |
| 22ef48 | 119 | apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby |
| f38a6d | 120 | |
| T | 121 | |
| 787032 | 122 | # When phpMyAdmin is asking wether to configure itself automatically, select "Apache2" |
| f38a6d | 123 | |
| T | 124 | # Then run the following to enable the Apache modules suexec, rewrite and ssl: |
| 125 | ||
| 22ef48 | 126 | a2enmod suexec rewrite ssl actions include ruby |
| f38a6d | 127 | |
| 787032 | 128 | # If you want to use WebDAV then run the following to enable the Apache webdav modules: |
| ac933e | 129 | |
| 8c70bd | 130 | a2enmod dav_fs dav auth_digest |
| ac933e | 131 | |
| 787032 | 132 | # restart Apache before continuing |
| f38a6d | 133 | |
| T | 134 | /etc/init.d/apache2 restart |
| 135 | ||
| 136 | ||
| 137 | 4) Install pure-ftpd and quota | |
| 138 | ||
| 0ca0b8 | 139 | apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool |
| f38a6d | 140 | |
| 787032 | 141 | # Optional: Enable TLS in pureftpd |
| f38a6d | 142 | echo 1 > /etc/pure-ftpd/conf/TLS |
| T | 143 | mkdir -p /etc/ssl/private/ |
| 144 | openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | |
| 145 | chmod 600 /etc/ssl/private/pure-ftpd.pem | |
| 146 | ||
| 147 | ||
| 148 | # Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /): | |
| 149 | ||
| 150 | vi /etc/fstab | |
| 151 | ||
| 152 | ---------------------------------------------------------------------------------------------- | |
| 153 | # /etc/fstab: static file system information. | |
| 154 | # | |
| 155 | # <file system> <mount point> <type> <options> <dump> <pass> | |
| 156 | proc /proc proc defaults 0 0 | |
| 157 | /dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1 | |
| 158 | /dev/sda5 none swap sw 0 0 | |
| 159 | /dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 | |
| 160 | /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 | |
| 161 | ---------------------------------------------------------------------------------------------- | |
| 162 | ||
| 163 | # To enable quota, run these commands: | |
| 164 | ||
| 165 | touch /quota.user /quota.group | |
| 166 | chmod 600 /quota.* | |
| 167 | mount -o remount / | |
| 168 | quotacheck -avugm | |
| 169 | quotaon -avug | |
| 170 | ||
| 171 | ||
| 787032 | 172 | 5) Install MyDNS |
| f38a6d | 173 | |
| T | 174 | apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev |
| 175 | ||
| 176 | cd /tmp | |
| 97deaf | 177 | wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz |
| F | 178 | tar xvfz mydns-1.2.8.27.tar.gz |
| f38a6d | 179 | cd mydns-1.2.8 |
| T | 180 | ./configure |
| 181 | make | |
| 182 | make install | |
| 183 | ||
| 184 | # Now create the start / stop script for mydns: | |
| 185 | ||
| 186 | vi /etc/init.d/mydns | |
| 187 | ||
| 188 | # and enter the following lines (between the ----- lines): | |
| 189 | ||
| 190 | ------------------------------------------------------ | |
| 191 | #! /bin/sh | |
| 192 | # | |
| 193 | # mydns Start the MyDNS server | |
| 194 | # | |
| 195 | # Author: Philipp Kern <phil@philkern.de>. | |
| 196 | # Based upon skeleton 1.9.4 by Miquel van Smoorenburg | |
| 197 | # <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>. | |
| 198 | # | |
| abec04 | 199 | ### BEGIN INIT INFO |
| T | 200 | # Provides: MyDNS |
| 201 | # Required-Start: $syslog | |
| 202 | # Should-Start: | |
| 203 | # Required-Stop: | |
| 204 | # Should-Stop: | |
| 205 | # Default-Start: 2 3 4 5 | |
| 206 | # Default-Stop: 0 1 6 | |
| 207 | # Short-Description: MyDNS Server | |
| 208 | # Description: MyDNS DNS Server | |
| 209 | ### END INIT INFO | |
| f38a6d | 210 | |
| T | 211 | set -e |
| 212 | ||
| 213 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
| 214 | DAEMON=/usr/local/sbin/mydns | |
| 215 | NAME=mydns | |
| 216 | DESC="DNS server" | |
| 217 | ||
| 218 | SCRIPTNAME=/etc/init.d/$NAME | |
| 219 | ||
| 220 | # Gracefully exit if the package has been removed. | |
| 221 | test -x $DAEMON || exit 0 | |
| 222 | ||
| 223 | case "$1" in | |
| 224 | start) | |
| 225 | echo -n "Starting $DESC: $NAME" | |
| 226 | start-stop-daemon --start --quiet \ | |
| 227 | --exec $DAEMON -- -b | |
| 228 | echo "." | |
| 229 | ;; | |
| 230 | stop) | |
| 231 | echo -n "Stopping $DESC: $NAME" | |
| 232 | start-stop-daemon --stop --oknodo --quiet \ | |
| 233 | --exec $DAEMON | |
| 234 | echo "." | |
| 235 | ;; | |
| 236 | reload|force-reload) | |
| 237 | echo -n "Reloading $DESC configuration..." | |
| 238 | start-stop-daemon --stop --signal HUP --quiet \ | |
| 239 | --exec $DAEMON | |
| 240 | echo "done." | |
| 241 | ;; | |
| 242 | restart) | |
| 243 | echo -n "Restarting $DESC: $NAME" | |
| 244 | start-stop-daemon --stop --quiet --oknodo \ | |
| 245 | --exec $DAEMON | |
| 246 | sleep 1 | |
| 247 | start-stop-daemon --start --quiet \ | |
| 248 | --exec $DAEMON -- -b | |
| 249 | echo "." | |
| 250 | ;; | |
| 251 | *) | |
| 252 | echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 | |
| 253 | exit 1 | |
| 254 | ;; | |
| 255 | esac | |
| 256 | ||
| 257 | exit 0 | |
| 258 | --------------------------------------------------------------------------- | |
| 259 | ||
| 260 | # now execute: | |
| 261 | ||
| 262 | chmod +x /etc/init.d/mydns | |
| 263 | update-rc.d mydns defaults | |
| 264 | ||
| 92e7f5 | 265 | 6) Install vlogger and webalizer awstats geoip-bin |
| f38a6d | 266 | |
| 04620b | 267 | apt-get -y install vlogger webalizer awstats |
| T | 268 | |
| 269 | mkdir /usr/share/awstats/tools | |
| 270 | cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl | |
| 271 | ||
| f38a6d | 272 | |
| T | 273 | |
| 787032 | 274 | 7) Install Jailkit (optional, only needed if you want to use chrooting for SSH users) |
| f38a6d | 275 | |
| 787032 | 276 | apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper |
| f38a6d | 277 | cd /tmp |
| 0ca0b8 | 278 | wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz |
| T | 279 | tar xvfz jailkit-2.11.tar.gz |
| 280 | cd jailkit-2.11 | |
| 55411a | 281 | ./debian/rules binary |
| f38a6d | 282 | cd .. |
| 0ca0b8 | 283 | dpkg -i jailkit_2.11-1_*.deb |
| T | 284 | rm -rf jailkit-2.11* |
| f38a6d | 285 | |
| T | 286 | 8) Install fail2ban (optional but recomended, because the monitor tries to show the log) |
| 287 | More info at: http://www.howtoforge.com/fail2ban_debian_etch | |
| 288 | ||
| 787032 | 289 | apt-get -y install fail2ban |
| f38a6d | 290 | |
| T | 291 | 9) Install ISPConfig 3 |
| 292 | ||
| 0ca0b8 | 293 | cd /tmp |
| T | 294 | wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.tar.gz |
| 295 | tar xvfz ISPConfig-3.0.2.tar.gz | |
| 296 | cd ispconfig3_install/install/ | |
| f38a6d | 297 | |
| T | 298 | # Now start the installation process by executing: |
| 299 | ||
| 300 | php -q install.php | |
| 301 | ||
| 6aac1a | 302 | # The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): |
| f38a6d | 303 | |
| T | 304 | http://192.168.0.100:8080/ |
| 305 | ||
| 306 | # the default login is: | |
| 307 | ||
| 308 | user: admin | |
| 309 | password: admin | |
| 310 | ||
| 311 | # In case you get a permission denied error from apache, please restart the apache webserver process. | |
| 312 | ||
| 313 | ||
| 314 | ||
| 315 | ---------------------------------------------------------------------------------------------------------- | |
| 316 | Optional: | |
| 317 | ||
| 318 | Install a webbased Email Client | |
| 319 | ||
| 320 | apt-get install squirrelmail | |
| 321 | ln -s /usr/share/squirrelmail/ /var/www/webmail | |
| 322 | ||
| 323 | Access squirrelmail: | |
| 324 | ||
| 325 | http://192.168.0.100/webmail | |
| 326 | ||
| 327 | ||
| 328 | To configure squirrelmail, run: | |
| 329 | ||
| 330 | /usr/sbin/squirrelmail-configure | |
| 331 | ||
| 332 | ---------------------------------------------------------------------------------------------------------- | |
| 333 | ||
| 334 | Hints: | |
| 335 | ||
| 336 | debian 5.0 under openvz: | |
| 337 | ||
| 338 | VPSID=101 | |
| 339 | for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE | |
| 340 | do | |
| 341 | vzctl set $VPSID --capability ${CAP}:on --save | |
| 342 | done | |
| 343 | ||
| 344 | ---------------------------------------------------------------------------------------------------------- | |
| 345 | ||
| 346 | ||
| 347 | Optional recommended packages: | |
| 348 | ||
| 349 | denyhosts - a utility to help sys admins thwart ssh crackers | |
| 350 | rsync - fast remote file copy program (for backup) | |
| 351 | ||
| 352 | ----------------------------------------------------------------------------------------------------------- | |
| 353 | ||
| 5c6cfc | 354 | |
| f38a6d | 355 | Possible errors and their solutions |
| T | 356 | ------------------------------------ |
| 357 | ||
| 358 | pureftpd login does not work. Take a look at the syslog, if you find an error message like this: | |
| 359 | Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given | |
| 360 | ||
| 361 | then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands: | |
| 362 | ||
| 363 | echo 'yes' > /etc/pure-ftpd/conf/DontResolve | |
| 364 | /etc/init.d/pure-ftpd-mysql restart | |
| 365 | ||
| 366 | ||
| 367 | ||
| 368 | ||
| 369 | ||
| 370 | ||
