commit | author | age
|
1cb2e1
|
1 |
Installation |
787032
|
2 |
------------- |
1cb2e1
|
3 |
|
ed3c7a
|
4 |
# It is recommended to use a clean (fresh) Debian Squeeze 6.0 install where you just selected "Standard System" at the package selection during |
A |
5 |
# setup (tasksel). Journaled quota which this guide uses works on ext3 and ext4 file systems, so format disks either one if you are going to use |
|
6 |
# quota (recommended). Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as text editor, but |
1cb2e1
|
7 |
# you can use whatever you prefer. You should be root for doing all of this. |
F |
8 |
|
|
9 |
|
|
10 |
# Check we have Fully Qualified Domain Name |
|
11 |
|
|
12 |
/bin/hostname |
|
13 |
|
|
14 |
# it should return something like "ispconfig.example.com" |
|
15 |
# if not, then we assign a hostname (for example ispconfig): |
|
16 |
|
|
17 |
echo ispconfig.example.com > /etc/hostname |
|
18 |
|
|
19 |
vi /etc/hosts |
|
20 |
|
|
21 |
# and add lines similar but appropriate: |
|
22 |
|
|
23 |
127.0.0.1 localhost.localdomain localhost |
|
24 |
192.168.0.100 ispconfig.example.com ispconfig |
|
25 |
|
|
26 |
|
|
27 |
|
|
28 |
# Some optional choices |
|
29 |
|
|
30 |
opt0.1) Optionally install SSH-server to get remote shell |
|
31 |
|
787032
|
32 |
apt-get install openssh-server |
1cb2e1
|
33 |
|
787032
|
34 |
opt0.2) Optionally, if you are not running inside a virtual machine, you can set server clocksync via NTP. Virtual guests get this from the host. |
1cb2e1
|
35 |
|
787032
|
36 |
apt-get -y install ntp ntpdate |
1cb2e1
|
37 |
|
97deaf
|
38 |
opt0.3) Optionally if you want vi editor improvement |
F |
39 |
|
787032
|
40 |
apt-get -y install vim-nox |
1cb2e1
|
41 |
|
F |
42 |
|
|
43 |
# Next is the real deal |
|
44 |
|
|
45 |
1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): |
|
46 |
|
787032
|
47 |
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-pop courier-pop-ssl courier-authlib-mysql courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils sudo |
1cb2e1
|
48 |
|
F |
49 |
# Answer the questions from the package manager as follows. |
|
50 |
|
|
51 |
Create directories for web-based administration ? <-- No |
|
52 |
General type of configuration? <-- Internet site |
|
53 |
Mail name? <-- server1.mydomain.tld |
|
54 |
SSL certificate required <-- Ok |
|
55 |
|
|
56 |
# ...use your own domain name of course ;) |
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
# Edit the file /etc/mysql/my.cnf |
|
61 |
|
|
62 |
vi /etc/mysql/my.cnf |
|
63 |
|
|
64 |
# and change the line: |
|
65 |
|
|
66 |
bind-address = 127.0.0.1 |
|
67 |
|
|
68 |
to: |
|
69 |
|
|
70 |
#bind-address = 127.0.0.1 |
|
71 |
|
|
72 |
# then restart mysql |
|
73 |
|
|
74 |
/etc/init.d/mysql restart |
|
75 |
|
787032
|
76 |
2) Install Amavisd-new, Spamassassin and ClamAV (1 line!): |
1cb2e1
|
77 |
|
787032
|
78 |
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl |
97deaf
|
79 |
#this is necessary? libnet-ldap-perl |
1cb2e1
|
80 |
|
F |
81 |
# During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates... |
|
82 |
|
|
83 |
cd /etc/courier |
|
84 |
rm -f /etc/courier/imapd.pem |
|
85 |
rm -f /etc/courier/pop3d.pem |
|
86 |
|
|
87 |
# ... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary): |
|
88 |
|
|
89 |
vi /etc/courier/imapd.cnf |
|
90 |
|
|
91 |
[...] |
|
92 |
CN=server1.example.com |
|
93 |
[...] |
|
94 |
|
|
95 |
vi /etc/courier/pop3d.cnf |
|
96 |
|
|
97 |
[...] |
|
98 |
CN=server1.example.com |
|
99 |
[...] |
|
100 |
|
|
101 |
# Then recreate the certificates... |
|
102 |
|
|
103 |
mkimapdcert |
|
104 |
mkpop3dcert |
|
105 |
|
|
106 |
# ... and restart Courier-IMAP-SSL and Courier-POP3-SSL: |
|
107 |
|
|
108 |
/etc/init.d/courier-imap-ssl restart |
|
109 |
/etc/init.d/courier-pop-ssl restart |
|
110 |
|
|
111 |
|
787032
|
112 |
3) Install Apache, PHP5, PhpMyAdmin, better fastCGI, suexec, Pear and mcrypt (1 line!): |
1cb2e1
|
113 |
|
787032
|
114 |
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby |
1cb2e1
|
115 |
|
71c0c5
|
116 |
#this package is actual missed on official squeeze repository: php5-imagick |
1cb2e1
|
117 |
|
787032
|
118 |
# When phpMyAdmin is asking wether to configure itself automatically, select "Apache2" |
1cb2e1
|
119 |
|
F |
120 |
# Then run the following to enable the Apache modules suexec, rewrite and ssl: |
|
121 |
|
22ef48
|
122 |
a2enmod suexec rewrite ssl actions include ruby |
1cb2e1
|
123 |
|
787032
|
124 |
# If you want to use WebDAV then run the following to enable the Apache webdav modules: |
ac933e
|
125 |
|
787032
|
126 |
a2enmod dav_fs dav auth_digest |
ac933e
|
127 |
|
787032
|
128 |
# restart Apache before continuing |
1cb2e1
|
129 |
|
F |
130 |
/etc/init.d/apache2 restart |
|
131 |
|
|
132 |
|
|
133 |
4) Install pure-ftpd and quota |
|
134 |
|
787032
|
135 |
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool |
1cb2e1
|
136 |
|
787032
|
137 |
# Optional: Some additional settings for pureftpd |
1cb2e1
|
138 |
|
97deaf
|
139 |
echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles |
1cb2e1
|
140 |
|
F |
141 |
# Enable TLS in pureftpd |
|
142 |
echo 1 > /etc/pure-ftpd/conf/TLS |
|
143 |
mkdir -p /etc/ssl/private/ |
|
144 |
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem |
|
145 |
chmod 600 /etc/ssl/private/pure-ftpd.pem |
|
146 |
|
|
147 |
|
ed3c7a
|
148 |
# Edit /etc/fstab. Add "usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0" to the partition where you want to use quota. |
A |
149 |
# Mine looks like this (I want to use quota on the / partition): |
1cb2e1
|
150 |
|
F |
151 |
vi /etc/fstab |
|
152 |
|
|
153 |
---------------------------------------------------------------------------------------------- |
|
154 |
# /etc/fstab: static file system information. |
|
155 |
# |
|
156 |
# <file system> <mount point> <type> <options> <dump> <pass> |
|
157 |
proc /proc proc defaults 0 0 |
ed3c7a
|
158 |
/dev/sda1 / ext3 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1 |
1cb2e1
|
159 |
/dev/sda5 none swap sw 0 0 |
F |
160 |
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 |
|
161 |
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 |
|
162 |
---------------------------------------------------------------------------------------------- |
|
163 |
|
|
164 |
# To enable quota, run these commands: |
|
165 |
|
ed3c7a
|
166 |
touch /aquota.user /aquota.group |
A |
167 |
chmod 600 /aquota.* |
|
168 |
mount -o remount / |
|
169 |
quotacheck -F vfsv0 -afcvdugm |
1cb2e1
|
170 |
quotaon -avug |
F |
171 |
|
|
172 |
|
787032
|
173 |
5) Install MyDNS |
1cb2e1
|
174 |
|
97deaf
|
175 |
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient-dev |
1cb2e1
|
176 |
|
F |
177 |
cd /tmp |
|
178 |
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz |
|
179 |
tar xvfz mydns-1.2.8.27.tar.gz |
|
180 |
cd mydns-1.2.8 |
|
181 |
./configure |
|
182 |
make |
|
183 |
make install |
|
184 |
|
|
185 |
# Now create the start / stop script for mydns: |
|
186 |
|
|
187 |
vi /etc/init.d/mydns |
|
188 |
|
|
189 |
# and enter the following lines (between the ----- lines): |
|
190 |
|
|
191 |
------------------------------------------------------ |
|
192 |
#! /bin/sh |
|
193 |
# |
|
194 |
# mydns Start the MyDNS server |
|
195 |
# |
|
196 |
# Author: Philipp Kern <phil@philkern.de>. |
|
197 |
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg |
|
198 |
# <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>. |
|
199 |
# |
abec04
|
200 |
### BEGIN INIT INFO |
T |
201 |
# Provides: MyDNS |
|
202 |
# Required-Start: $syslog |
|
203 |
# Should-Start: |
|
204 |
# Required-Stop: |
|
205 |
# Should-Stop: |
|
206 |
# Default-Start: 2 3 4 5 |
|
207 |
# Default-Stop: 0 1 6 |
|
208 |
# Short-Description: MyDNS Server |
|
209 |
# Description: MyDNS DNS Server |
|
210 |
### END INIT INFO |
1cb2e1
|
211 |
|
F |
212 |
set -e |
|
213 |
|
|
214 |
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
215 |
DAEMON=/usr/local/sbin/mydns |
|
216 |
NAME=mydns |
|
217 |
DESC="DNS server" |
|
218 |
|
|
219 |
SCRIPTNAME=/etc/init.d/$NAME |
|
220 |
|
|
221 |
# Gracefully exit if the package has been removed. |
|
222 |
test -x $DAEMON || exit 0 |
|
223 |
|
|
224 |
case "$1" in |
|
225 |
start) |
|
226 |
echo -n "Starting $DESC: $NAME" |
|
227 |
start-stop-daemon --start --quiet \ |
|
228 |
--exec $DAEMON -- -b |
|
229 |
echo "." |
|
230 |
;; |
|
231 |
stop) |
|
232 |
echo -n "Stopping $DESC: $NAME" |
|
233 |
start-stop-daemon --stop --oknodo --quiet \ |
|
234 |
--exec $DAEMON |
|
235 |
echo "." |
|
236 |
;; |
|
237 |
reload|force-reload) |
|
238 |
echo -n "Reloading $DESC configuration..." |
|
239 |
start-stop-daemon --stop --signal HUP --quiet \ |
|
240 |
--exec $DAEMON |
|
241 |
echo "done." |
|
242 |
;; |
|
243 |
restart) |
|
244 |
echo -n "Restarting $DESC: $NAME" |
|
245 |
start-stop-daemon --stop --quiet --oknodo \ |
|
246 |
--exec $DAEMON |
|
247 |
sleep 1 |
|
248 |
start-stop-daemon --start --quiet \ |
|
249 |
--exec $DAEMON -- -b |
|
250 |
echo "." |
|
251 |
;; |
|
252 |
*) |
|
253 |
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 |
|
254 |
exit 1 |
|
255 |
;; |
|
256 |
esac |
|
257 |
|
|
258 |
exit 0 |
|
259 |
--------------------------------------------------------------------------- |
|
260 |
|
|
261 |
# now execute: |
|
262 |
|
|
263 |
chmod +x /etc/init.d/mydns |
|
264 |
update-rc.d mydns defaults |
|
265 |
|
|
266 |
6) Install vlogger and webalizer |
|
267 |
|
fb3a98
|
268 |
apt-get -y install vlogger webalizer awstats |
T |
269 |
|
|
270 |
mkdir /usr/share/awstats/tools |
|
271 |
cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl |
1cb2e1
|
272 |
|
b163eb
|
273 |
|
787032
|
274 |
7) Install Jailkit (optional, only needed if you want to use chrooting for SSH users) |
1cb2e1
|
275 |
|
787032
|
276 |
apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper |
1cb2e1
|
277 |
cd /tmp |
627fba
|
278 |
wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.gz |
A |
279 |
tar xvfz jailkit-2.13.tar.gz |
|
280 |
cd jailkit-2.13 |
|
281 |
./configure |
|
282 |
make |
|
283 |
make install |
1cb2e1
|
284 |
cd .. |
627fba
|
285 |
rm -rf jailkit-2.13* |
1cb2e1
|
286 |
|
F |
287 |
8) Install fail2ban (optional but recomended, because the monitor tries to show the log) |
|
288 |
More info at: http://www.howtoforge.com/fail2ban_debian_etch |
|
289 |
|
787032
|
290 |
apt-get -y install fail2ban |
1cb2e1
|
291 |
|
F |
292 |
9) Install ISPConfig 3 |
|
293 |
|
|
294 |
# There are two possile scenarios, but not both: |
|
295 |
9.1) Install the latest released version |
|
296 |
9.2) Install directly from SVN |
|
297 |
|
|
298 |
9.1) Installation of last version from tar.gz |
|
299 |
|
|
300 |
cd /tmp |
b163eb
|
301 |
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.tar.gz |
F |
302 |
tar xvfz ISPConfig-3.0.2.tar.gz |
1cb2e1
|
303 |
cd ispconfig3_install/install/ |
F |
304 |
|
|
305 |
9.2) Installation from SVN |
|
306 |
|
|
307 |
apt-get install subversion |
|
308 |
cd /tmp |
|
309 |
svn export svn://svn.ispconfig.org/ispconfig3/trunk/ |
|
310 |
cd trunk/install |
|
311 |
|
|
312 |
|
|
313 |
9.1+9.2) Now proceed with the ISPConfig installation. |
|
314 |
|
|
315 |
# Now start the installation process by executing: |
|
316 |
|
|
317 |
php -q install.php |
|
318 |
|
6aac1a
|
319 |
# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): |
1cb2e1
|
320 |
|
F |
321 |
http://192.168.0.100:8080/ |
|
322 |
|
|
323 |
# the default login is: |
|
324 |
|
|
325 |
user: admin |
|
326 |
password: admin |
|
327 |
|
|
328 |
# In case you get a permission denied error from apache, please restart the apache webserver process. |
|
329 |
|
|
330 |
|
|
331 |
|
|
332 |
---------------------------------------------------------------------------------------------------------- |
|
333 |
Optional: |
|
334 |
|
|
335 |
Install a webbased Email Client |
|
336 |
|
|
337 |
apt-get install squirrelmail |
|
338 |
ln -s /usr/share/squirrelmail/ /var/www/webmail |
|
339 |
|
|
340 |
Access squirrelmail: |
|
341 |
|
|
342 |
http://192.168.0.100/webmail |
|
343 |
|
|
344 |
|
|
345 |
To configure squirrelmail, run: |
|
346 |
|
|
347 |
/usr/sbin/squirrelmail-configure |
|
348 |
|
|
349 |
---------------------------------------------------------------------------------------------------------- |
|
350 |
|
|
351 |
Hints: |
|
352 |
|
|
353 |
debian 5.0 under openvz: |
|
354 |
|
|
355 |
VPSID=101 |
|
356 |
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE |
|
357 |
do |
|
358 |
vzctl set $VPSID --capability ${CAP}:on --save |
|
359 |
done |
|
360 |
|
|
361 |
---------------------------------------------------------------------------------------------------------- |
|
362 |
|
|
363 |
|
|
364 |
Optional recommended packages: |
|
365 |
|
|
366 |
denyhosts - a utility to help sys admins thwart ssh crackers |
|
367 |
rsync - fast remote file copy program (for backup) |
|
368 |
|
|
369 |
----------------------------------------------------------------------------------------------------------- |
|
370 |
|
5c6cfc
|
371 |
|
1cb2e1
|
372 |
Possible errors and their solutions |
F |
373 |
------------------------------------ |
|
374 |
|
|
375 |
pureftpd login does not work. Take a look at the syslog, if you find an error message like this: |
|
376 |
Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given |
|
377 |
|
|
378 |
then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands: |
|
379 |
|
|
380 |
echo 'yes' > /etc/pure-ftpd/conf/DontResolve |
|
381 |
/etc/init.d/pure-ftpd-mysql restart |
|
382 |
|
59a468
|
383 |
----------------------------------------------------------------------------------------------------------- |
F |
384 |
Fail2ban also working with ipv6: |
|
385 |
# Download here and install the package: http://homes.dcc.ufba.br/~rogeriobastos/files/fail2ban/ |
|
386 |
# Set banaction = route in jail.conf |
|
387 |
# Create or modify route.conf in /etc/fail2ban/action.d |
|
388 |
[Definition] |
|
389 |
actionban = ip route add unreachable <ip> |
|
390 |
actionunban = ip route del unreachable <ip> |
|
391 |
action6ban = ip route add unreachable <ip> |
|
392 |
action6unban = ip route del unreachable <ip> |
|
393 |
----------------------------------------------------------------------------------------------------------- |
|
394 |
|
1cb2e1
|
395 |
|
F |
396 |
|
|
397 |
|
|
398 |
|
|
399 |
|