commit | author | age
|
3a9418
|
1 |
Installation |
787032
|
2 |
------------- |
3a9418
|
3 |
|
787032
|
4 |
# It is recommended to use a clean (fresh) Debian Lenny install where you just selected "Standard System" at the package selection during |
J |
5 |
# setup (tasksel). Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as text editor, but |
3a9418
|
6 |
# you can use whatever you prefer. You should be root for doing all of this. |
T |
7 |
|
|
8 |
|
|
9 |
# Check we have Fully Qualified Domain Name |
|
10 |
|
|
11 |
/bin/hostname |
|
12 |
|
|
13 |
# it should return something like "ispconfig.example.com" |
|
14 |
# if not, then we assign a hostname (for example ispconfig): |
|
15 |
|
|
16 |
echo ispconfig.example.com > /etc/hostname |
|
17 |
|
|
18 |
vi /etc/hosts |
|
19 |
|
|
20 |
# and add lines similar but appropriate: |
|
21 |
|
|
22 |
127.0.0.1 localhost.localdomain localhost |
|
23 |
192.168.0.100 ispconfig.example.com ispconfig |
|
24 |
|
|
25 |
# Run: |
|
26 |
|
|
27 |
/etc/init.d/hostname.sh |
|
28 |
|
787032
|
29 |
# enable the Debian Volatile repository to get an updated ClamAV version |
1a0b51
|
30 |
|
787032
|
31 |
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list.d/volatile.list |
1a0b51
|
32 |
apt-get update |
T |
33 |
|
3a9418
|
34 |
# Some optional choices |
T |
35 |
|
|
36 |
opt0.1) Optionally install SSH-server to get remote shell |
|
37 |
|
787032
|
38 |
apt-get install openssh-server |
3a9418
|
39 |
|
787032
|
40 |
opt0.2) Optionally, if you are not running inside a virtual machine, you can set server clocksync via NTP. Virtual guests get this from the host. |
3a9418
|
41 |
|
T |
42 |
apt-get -y install ntp ntpdate |
|
43 |
|
|
44 |
opt0.3) Optionally if you want vi editor improvement |
|
45 |
|
|
46 |
apt-get -y install vim-nox |
|
47 |
|
|
48 |
|
|
49 |
# Next is the real deal |
|
50 |
|
|
51 |
1) Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): |
|
52 |
|
fb5ebb
|
53 |
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo |
3a9418
|
54 |
|
T |
55 |
# Answer the questions from the package manager as follows. |
|
56 |
|
|
57 |
Create directories for web-based administration ? <-- No |
|
58 |
General type of configuration? <-- Internet site |
|
59 |
Mail name? <-- server1.mydomain.tld |
|
60 |
SSL certificate required <-- Ok |
|
61 |
|
|
62 |
# ...use your own domain name of course ;) |
|
63 |
|
|
64 |
|
|
65 |
|
|
66 |
# Edit the file /etc/mysql/my.cnf |
|
67 |
|
|
68 |
vi /etc/mysql/my.cnf |
|
69 |
|
|
70 |
# and change the line: |
|
71 |
|
|
72 |
bind-address = 127.0.0.1 |
|
73 |
|
|
74 |
to: |
|
75 |
|
|
76 |
#bind-address = 127.0.0.1 |
|
77 |
|
|
78 |
# then restart mysql |
|
79 |
|
|
80 |
/etc/init.d/mysql restart |
|
81 |
|
787032
|
82 |
2) Install Amavisd-new, Spamassassin and ClamAV (1 line!): |
3a9418
|
83 |
|
T |
84 |
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl |
|
85 |
|
|
86 |
|
787032
|
87 |
3) Install Apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!): |
3a9418
|
88 |
|
22ef48
|
89 |
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby |
3a9418
|
90 |
|
T |
91 |
|
787032
|
92 |
# When phpMyAdmin is asking wether to configure itself automatically, select "Apache2" |
3a9418
|
93 |
|
T |
94 |
# Then run the following to enable the Apache modules suexec, rewrite and ssl: |
|
95 |
|
22ef48
|
96 |
a2enmod suexec rewrite ssl actions include ruby |
3a9418
|
97 |
|
787032
|
98 |
# If you want to use WebDAV then run the following to enable the Apache webdav modules: |
ac933e
|
99 |
|
787032
|
100 |
a2enmod dav_fs dav auth_digest |
ac933e
|
101 |
|
787032
|
102 |
# restart Apache before continuing |
3a9418
|
103 |
|
T |
104 |
/etc/init.d/apache2 restart |
|
105 |
|
|
106 |
|
|
107 |
4) Install pure-ftpd and quota |
|
108 |
|
|
109 |
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool |
|
110 |
|
|
111 |
# Optional: Enable TLS in pureftpd |
|
112 |
echo 1 > /etc/pure-ftpd/conf/TLS |
|
113 |
mkdir -p /etc/ssl/private/ |
|
114 |
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem |
|
115 |
chmod 600 /etc/ssl/private/pure-ftpd.pem |
|
116 |
|
|
117 |
|
|
118 |
# Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /): |
|
119 |
|
|
120 |
vi /etc/fstab |
|
121 |
|
|
122 |
---------------------------------------------------------------------------------------------- |
|
123 |
# /etc/fstab: static file system information. |
|
124 |
# |
|
125 |
# <file system> <mount point> <type> <options> <dump> <pass> |
|
126 |
proc /proc proc defaults 0 0 |
|
127 |
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1 |
|
128 |
/dev/sda5 none swap sw 0 0 |
|
129 |
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 |
|
130 |
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 |
|
131 |
---------------------------------------------------------------------------------------------- |
|
132 |
|
|
133 |
# To enable quota, run these commands: |
|
134 |
|
|
135 |
touch /quota.user /quota.group |
|
136 |
chmod 600 /quota.* |
|
137 |
mount -o remount / |
|
138 |
quotacheck -avugm |
|
139 |
quotaon -avug |
|
140 |
|
|
141 |
|
|
142 |
5) Install BIND DNS Server |
|
143 |
|
|
144 |
apt-get -y install bind9 dnsutils |
|
145 |
|
|
146 |
6) Install vlogger and webalizer |
|
147 |
|
92e7f5
|
148 |
apt-get -y install vlogger webalizer awstats geoip-bin |
fb3a98
|
149 |
|
T |
150 |
mkdir /usr/share/awstats/tools |
|
151 |
cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl |
3a9418
|
152 |
|
T |
153 |
|
787032
|
154 |
7) Install Jailkit (optional, only needed if you want to use chrooting for SSH users) |
3a9418
|
155 |
|
T |
156 |
apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper |
|
157 |
cd /tmp |
b151a2
|
158 |
wget http://olivier.sessink.nl/jailkit/jailkit-2.12.tar.gz |
T |
159 |
tar xvfz jailkit-2.12.tar.gz |
|
160 |
cd jailkit-2.12 |
3a9418
|
161 |
./debian/rules binary |
T |
162 |
cd .. |
b151a2
|
163 |
dpkg -i jailkit_2.12-1_*.deb |
T |
164 |
rm -rf jailkit-2.12* |
3a9418
|
165 |
|
T |
166 |
8) Install fail2ban (optional but recomended, because the monitor tries to show the log) |
|
167 |
More info at: http://www.howtoforge.com/fail2ban_debian_etch |
|
168 |
|
b77113
|
169 |
apt-get -y install fail2ban |
3a9418
|
170 |
|
T |
171 |
9) Install ISPConfig 3 |
|
172 |
|
|
173 |
cd /tmp |
b151a2
|
174 |
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.2.tar.gz |
T |
175 |
tar xvfz ISPConfig-3.0.2.2.tar.gz |
3a9418
|
176 |
cd ispconfig3_install/install/ |
T |
177 |
|
|
178 |
# Now start the installation process by executing: |
|
179 |
|
|
180 |
php -q install.php |
|
181 |
|
6aac1a
|
182 |
# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): |
3a9418
|
183 |
|
T |
184 |
http://192.168.0.100:8080/ |
|
185 |
|
|
186 |
# the default login is: |
|
187 |
|
|
188 |
user: admin |
|
189 |
password: admin |
|
190 |
|
|
191 |
# In case you get a permission denied error from apache, please restart the apache webserver process. |
|
192 |
|
|
193 |
|
|
194 |
|
|
195 |
---------------------------------------------------------------------------------------------------------- |
|
196 |
Optional: |
|
197 |
|
|
198 |
Install a webbased Email Client |
|
199 |
|
|
200 |
apt-get install squirrelmail |
|
201 |
ln -s /usr/share/squirrelmail/ /var/www/webmail |
|
202 |
|
|
203 |
Access squirrelmail: |
|
204 |
|
|
205 |
http://192.168.0.100/webmail |
|
206 |
|
|
207 |
|
|
208 |
To configure squirrelmail, run: |
|
209 |
|
|
210 |
/usr/sbin/squirrelmail-configure |
|
211 |
|
|
212 |
---------------------------------------------------------------------------------------------------------- |
|
213 |
|
|
214 |
Hints: |
|
215 |
|
|
216 |
debian 5.0 under openvz: |
|
217 |
|
|
218 |
VPSID=101 |
|
219 |
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE |
|
220 |
do |
|
221 |
vzctl set $VPSID --capability ${CAP}:on --save |
|
222 |
done |
|
223 |
|
|
224 |
---------------------------------------------------------------------------------------------------------- |
|
225 |
|
|
226 |
|
|
227 |
Optional recommended packages: |
|
228 |
|
|
229 |
denyhosts - a utility to help sys admins thwart ssh crackers |
|
230 |
rsync - fast remote file copy program (for backup) |
|
231 |
|
|
232 |
----------------------------------------------------------------------------------------------------------- |
|
233 |
|
|
234 |
|
|
235 |
Possible errors and their solutions |
|
236 |
------------------------------------ |
|
237 |
|
|
238 |
pureftpd login does not work. Take a look at the syslog, if you find an error message like this: |
|
239 |
Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given |
|
240 |
|
|
241 |
then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands: |
|
242 |
|
|
243 |
echo 'yes' > /etc/pure-ftpd/conf/DontResolve |
|
244 |
/etc/init.d/pure-ftpd-mysql restart |
|
245 |
|
|
246 |
|
|
247 |
|
|
248 |
|
|
249 |
|
|
250 |
|