| commit | author | age | ||
| 94927b | 1 | Installation |
| 787032 | 2 | ------------- |
| 94927b | 3 | |
| 787032 | 4 | # It is recommended to use a clean (fresh) Debian Squeeze 6.0 install where you just selected "Standard System" at the package selection during |
| ed3c7a | 5 | # setup (tasksel). Journaled quota which this guide uses works on ext3 and ext4 file systems, so format disks either one if you are going to use |
| A | 6 | # quota (recommended). Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as text editor, but |
| 94927b | 7 | # you can use whatever you prefer. You should be root for doing all of this. |
| T | 8 | |
| 9 | ||
| 10 | # Check we have Fully Qualified Domain Name | |
| 11 | ||
| 12 | /bin/hostname | |
| 13 | ||
| 14 | # it should return something like "ispconfig.example.com" | |
| 15 | # if not, then we assign a hostname (for example ispconfig): | |
| 16 | ||
| 17 | echo ispconfig.example.com > /etc/hostname | |
| 18 | ||
| 19 | vi /etc/hosts | |
| 20 | ||
| 21 | # and add lines similar but appropriate: | |
| 22 | ||
| 23 | 127.0.0.1 localhost.localdomain localhost | |
| 24 | 192.168.0.100 ispconfig.example.com ispconfig | |
| 25 | ||
| 26 | # Run: | |
| 27 | ||
| 28 | /etc/init.d/hostname.sh | |
| 29 | ||
| 787032 | 30 | # enable the Debian Volatile repository to get an updated ClamAV version |
| J | 31 | # The Volatile repository for Debian Squeeze was not available yet at the time this howto was written. |
| 32 | # echo "deb http://volatile.debian.org/debian-volatile squeeze/volatile main contrib non-free" >> /etc/apt/sources.list.d/volatile.list | |
| 94927b | 33 | # apt-get update |
| T | 34 | |
| 35 | # Some optional choices | |
| 36 | ||
| 37 | opt0.1) Optionally install SSH-server to get remote shell | |
| 38 | ||
| 787032 | 39 | apt-get install openssh-server |
| 94927b | 40 | |
| 787032 | 41 | opt0.2) Optionally, if you are not running inside a virtual machine, you can set server clocksync via NTP. Virtual guests get this from the host. |
| 94927b | 42 | |
| T | 43 | apt-get -y install ntp ntpdate |
| 44 | ||
| 45 | opt0.3) Optionally if you want vi editor improvement | |
| 46 | ||
| 47 | apt-get -y install vim-nox | |
| 48 | ||
| 49 | ||
| 50 | # Next is the real deal | |
| 51 | ||
| 52 | 1) Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): | |
| 53 | ||
| fb5ebb | 54 | apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo |
| 94927b | 55 | |
| T | 56 | # Answer the questions from the package manager as follows. |
| 57 | ||
| 58 | General type of configuration? <-- Internet site | |
| 59 | Mail name? <-- server1.mydomain.tld | |
| 60 | ||
| 61 | # ...use your own domain name of course ;) | |
| 62 | ||
| 63 | ||
| 64 | ||
| 65 | # Edit the file /etc/mysql/my.cnf | |
| 66 | ||
| 67 | vi /etc/mysql/my.cnf | |
| 68 | ||
| 69 | # and change the line: | |
| 70 | ||
| 71 | bind-address = 127.0.0.1 | |
| 72 | ||
| 73 | to: | |
| 74 | ||
| 75 | #bind-address = 127.0.0.1 | |
| 76 | ||
| 77 | # then restart mysql | |
| 78 | ||
| 79 | /etc/init.d/mysql restart | |
| 80 | ||
| 787032 | 81 | 2) Install Amavisd-new, Spamassassin and ClamAV (1 line!): |
| 94927b | 82 | |
| T | 83 | apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl |
| 84 | ||
| 85 | ||
| 787032 | 86 | 3) Install Apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!): |
| 94927b | 87 | |
| 22ef48 | 88 | apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby |
| 94927b | 89 | |
| T | 90 | |
| 787032 | 91 | # When phpMyAdmin is asking wether to configure itself automatically, select "Apache2" |
| 94927b | 92 | |
| T | 93 | # Then run the following to enable the Apache modules suexec, rewrite and ssl: |
| 94 | ||
| 22ef48 | 95 | a2enmod suexec rewrite ssl actions include ruby |
| 94927b | 96 | |
| 787032 | 97 | # restart Apache before continuing |
| 94927b | 98 | |
| T | 99 | /etc/init.d/apache2 restart |
| 100 | ||
| 101 | ||
| 102 | 4) Install pure-ftpd and quota | |
| 103 | ||
| 104 | apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool | |
| 105 | ||
| 106 | # Optional: Enable TLS in pureftpd | |
| 107 | echo 1 > /etc/pure-ftpd/conf/TLS | |
| 108 | mkdir -p /etc/ssl/private/ | |
| 109 | openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | |
| 110 | chmod 600 /etc/ssl/private/pure-ftpd.pem | |
| 111 | ||
| 112 | ||
| ed3c7a | 113 | # Edit /etc/fstab. Add "usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0" to the partition where you want to use quota. |
| A | 114 | # Mine looks like this (I want to use quota on the / partition): |
| 94927b | 115 | |
| T | 116 | vi /etc/fstab |
| 117 | ||
| 118 | ---------------------------------------------------------------------------------------------- | |
| 119 | # /etc/fstab: static file system information. | |
| 120 | # | |
| 121 | # <file system> <mount point> <type> <options> <dump> <pass> | |
| 122 | proc /proc proc defaults 0 0 | |
| ed3c7a | 123 | /dev/sda1 / ext3 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1 |
| 94927b | 124 | /dev/sda5 none swap sw 0 0 |
| T | 125 | /dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 |
| 126 | /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 | |
| 127 | ---------------------------------------------------------------------------------------------- | |
| 128 | ||
| 129 | # To enable quota, run these commands: | |
| 130 | ||
| 131 | touch /aquota.user /aquota.group | |
| 132 | chmod 600 /aquota.* | |
| 133 | mount -o remount / | |
| ed3c7a | 134 | quotacheck -F vfsv0 -afcvdugm |
| 94927b | 135 | quotaon -avug |
| T | 136 | |
| 137 | ||
| 138 | 5) Install BIND DNS Server | |
| 139 | ||
| 140 | apt-get -y install bind9 dnsutils | |
| 141 | ||
| 142 | 6) Install vlogger and webalizer | |
| 143 | ||
| fb3a98 | 144 | apt-get -y install vlogger webalizer awstats |
| T | 145 | |
| 146 | mkdir /usr/share/awstats/tools | |
| 147 | cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl | |
| 94927b | 148 | |
| T | 149 | |
| 787032 | 150 | 7) Install Jailkit (optional, only needed if you want to use chrooting for SSH users) |
| 94927b | 151 | |
| T | 152 | apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper |
| 153 | cd /tmp | |
| 627fba | 154 | wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.gz |
| A | 155 | tar xvfz jailkit-2.13.tar.gz |
| 156 | cd jailkit-2.13 | |
| 157 | ./configure | |
| 158 | make | |
| 159 | make install | |
| 94927b | 160 | cd .. |
| 627fba | 161 | rm -rf jailkit-2.13* |
| 94927b | 162 | |
| T | 163 | 8) Install fail2ban (optional but recomended, because the monitor tries to show the log) |
| 164 | More info at: http://www.howtoforge.com/fail2ban_debian_etch | |
| 165 | ||
| 166 | apt-get -y install fail2ban | |
| 167 | ||
| 168 | 9) Install ISPConfig 3 | |
| 169 | ||
| 170 | cd /tmp | |
| 171 | wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.2.tar.gz | |
| 172 | tar xvfz ISPConfig-3.0.2.2.tar.gz | |
| 173 | cd ispconfig3_install/install/ | |
| 174 | ||
| 175 | # Now start the installation process by executing: | |
| 176 | ||
| 177 | php -q install.php | |
| 178 | ||
| 6aac1a | 179 | # The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): |
| 94927b | 180 | |
| T | 181 | http://192.168.0.100:8080/ |
| 182 | ||
| 183 | # the default login is: | |
| 184 | ||
| 185 | user: admin | |
| 186 | password: admin | |
| 187 | ||
| 188 | # In case you get a permission denied error from apache, please restart the apache webserver process. | |
| 189 | ||
| 190 | ||
| 191 | ||
| 192 | ---------------------------------------------------------------------------------------------------------- | |
| 193 | Optional: | |
| 194 | ||
| 195 | Install a webbased Email Client | |
| 196 | ||
| 197 | apt-get install squirrelmail | |
| 198 | ln -s /usr/share/squirrelmail/ /var/www/webmail | |
| 199 | ||
| 200 | Access squirrelmail: | |
| 201 | ||
| 202 | http://192.168.0.100/webmail | |
| 203 | ||
| 204 | ||
| 205 | To configure squirrelmail, run: | |
| 206 | ||
| 207 | /usr/sbin/squirrelmail-configure | |
| 208 | ||
| 209 | ---------------------------------------------------------------------------------------------------------- | |
| 210 | ||
| 211 | Hints: | |
| 212 | ||
| 213 | debian 5.0 under openvz: | |
| 214 | ||
| 215 | VPSID=101 | |
| 216 | for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE | |
| 217 | do | |
| 218 | vzctl set $VPSID --capability ${CAP}:on --save | |
| 219 | done | |
| 220 | ||
| 221 | ---------------------------------------------------------------------------------------------------------- | |
| 222 | ||
| 223 | ||
| 224 | Optional recommended packages: | |
| 225 | ||
| 226 | denyhosts - a utility to help sys admins thwart ssh crackers | |
| 227 | rsync - fast remote file copy program (for backup) | |
| 228 | ||
| 229 | ----------------------------------------------------------------------------------------------------------- | |
| 230 | ||
| 787032 | 231 | Ispc log files rotation, for now manual add but to add in ispc installer: |
| 94927b | 232 | |
| T | 233 | /etc/logrotate.d/logispc3 |
| 234 | ||
| 235 | /var/log/ispconfig/ispconfig.log { | |
| 236 | weekly | |
| 237 | missingok | |
| 238 | rotate 4 | |
| 239 | compress | |
| 240 | delaycompress | |
| 241 | } | |
| 242 | /var/log/ispconfig/cron.log { | |
| 243 | weekly | |
| 244 | missingok | |
| 245 | rotate 4 | |
| 246 | compress | |
| 247 | delaycompress | |
| 248 | } | |
| 249 | ||
| 250 | ||
| 251 | ----------------------------------------------------------------------------------------------------------- | |
| 252 | ||
| 253 | Possible errors and their solutions | |
| 254 | ------------------------------------ | |
| 255 | ||
| 256 | pureftpd login does not work. Take a look at the syslog, if you find an error message like this: | |
| 257 | Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given | |
| 258 | ||
| 259 | then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands: | |
| 260 | ||
| 261 | echo 'yes' > /etc/pure-ftpd/conf/DontResolve | |
| 262 | /etc/init.d/pure-ftpd-mysql restart | |
| 263 | ||
| 264 | ||
| 59a468 | 265 | ----------------------------------------------------------------------------------------------------------- |
| F | 266 | Fail2ban also working with ipv6: |
| 267 | # Download here and install the package: http://homes.dcc.ufba.br/~rogeriobastos/files/fail2ban/ | |
| 268 | # Set banaction = route in jail.conf | |
| 269 | # Create or modify route.conf in /etc/fail2ban/action.d | |
| 270 | [Definition] | |
| 271 | actionban = ip route add unreachable <ip> | |
| 272 | actionunban = ip route del unreachable <ip> | |
| 273 | action6ban = ip route add unreachable <ip> | |
| 274 | action6unban = ip route del unreachable <ip> | |
| 275 | ----------------------------------------------------------------------------------------------------------- | |
| 94927b | 276 | |
| T | 277 | |
| 278 | ||
| 279 | ||
