Installation
|
-------------
|
|
# It is recommended to use a clean (fresh) Debian Lenny install where you just selected "Standard System" at the package selection during
|
# setup (tasksel). Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as text editor, but
|
# you can use whatever you prefer. You should be root for doing all of this.
|
|
|
# Check we have Fully Qualified Domain Name
|
|
/bin/hostname
|
|
# it should return something like "ispconfig.example.com"
|
# if not, then we assign a hostname (for example ispconfig):
|
|
echo ispconfig.example.com > /etc/hostname
|
|
vi /etc/hosts
|
|
# and add lines similar but appropriate:
|
|
127.0.0.1 localhost.localdomain localhost
|
192.168.0.100 ispconfig.example.com ispconfig
|
|
# Run:
|
|
/etc/init.d/hostname.sh
|
|
# enable the Debian Volatile repository to get an updated ClamAV version
|
|
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list.d/volatile.list
|
apt-get update
|
|
# Some optional choices
|
|
opt0.1) Optionally install SSH-server to get remote shell
|
|
apt-get install openssh-server
|
|
opt0.2) Optionally, if you are not running inside a virtual machine, you can set server clocksync via NTP. Virtual guests get this from the host.
|
|
apt-get -y install ntp ntpdate
|
|
opt0.3) Optionally if you want vi editor improvement
|
|
apt-get -y install vim-nox
|
|
|
# Next is the real deal
|
|
1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!):
|
|
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils
|
|
# Answer the questions from the package manager as follows.
|
|
Create directories for web-based administration ? <-- No
|
General type of configuration? <-- Internet site
|
Mail name? <-- server1.mydomain.tld
|
SSL certificate required <-- Ok
|
|
# ...use your own domain name of course ;)
|
|
|
|
# Edit the file /etc/mysql/my.cnf
|
|
vi /etc/mysql/my.cnf
|
|
# and change the line:
|
|
bind-address = 127.0.0.1
|
|
to:
|
|
#bind-address = 127.0.0.1
|
|
# then restart mysql
|
|
/etc/init.d/mysql restart
|
|
2) Install Amavisd-new, Spamassassin and ClamAV (1 line!):
|
|
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl sudo
|
|
# During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates...
|
|
cd /etc/courier
|
rm -f /etc/courier/imapd.pem
|
rm -f /etc/courier/pop3d.pem
|
|
# ... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):
|
|
vi /etc/courier/imapd.cnf
|
|
[...]
|
CN=server1.example.com
|
[...]
|
|
vi /etc/courier/pop3d.cnf
|
|
[...]
|
CN=server1.example.com
|
[...]
|
|
# Then recreate the certificates...
|
|
mkimapdcert
|
mkpop3dcert
|
|
# ... and restart Courier-IMAP-SSL and Courier-POP3-SSL:
|
|
/etc/init.d/courier-imap-ssl restart
|
/etc/init.d/courier-pop-ssl restart
|
|
|
3) Install Apache, PHP5, PhpMyAdmin, better fastCGI, suexec, Pear and mcrypt (1 line!):
|
|
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby
|
|
|
# When phpMyAdmin is asking wether to configure itself automatically, select "Apache2"
|
|
# Then run the following to enable the Apache modules suexec, rewrite and ssl:
|
|
a2enmod suexec rewrite ssl actions include ruby
|
|
# If you want to use WebDAV then run the following to enable the Apache webdav modules:
|
|
a2enmod dav_fs dav auth_digest
|
|
# restart Apache before continuing
|
|
/etc/init.d/apache2 restart
|
|
|
4) Install pure-ftpd and quota
|
|
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
|
|
# Optional: Enable TLS in pureftpd
|
echo 1 > /etc/pure-ftpd/conf/TLS
|
mkdir -p /etc/ssl/private/
|
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
|
chmod 600 /etc/ssl/private/pure-ftpd.pem
|
|
|
# Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):
|
|
vi /etc/fstab
|
|
----------------------------------------------------------------------------------------------
|
# /etc/fstab: static file system information.
|
#
|
# <file system> <mount point> <type> <options> <dump> <pass>
|
proc /proc proc defaults 0 0
|
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1
|
/dev/sda5 none swap sw 0 0
|
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
|
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
|
----------------------------------------------------------------------------------------------
|
|
# To enable quota, run these commands:
|
|
touch /quota.user /quota.group
|
chmod 600 /quota.*
|
mount -o remount /
|
quotacheck -avugm
|
quotaon -avug
|
|
|
5) Install MyDNS
|
|
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
|
|
cd /tmp
|
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz
|
tar xvfz mydns-1.2.8.27.tar.gz
|
cd mydns-1.2.8
|
./configure
|
make
|
make install
|
|
# Now create the start / stop script for mydns:
|
|
vi /etc/init.d/mydns
|
|
# and enter the following lines (between the ----- lines):
|
|
------------------------------------------------------
|
#! /bin/sh
|
#
|
# mydns Start the MyDNS server
|
#
|
# Author: Philipp Kern <phil@philkern.de>.
|
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg
|
# <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
|
#
|
### BEGIN INIT INFO
|
# Provides: MyDNS
|
# Required-Start: $syslog
|
# Should-Start:
|
# Required-Stop:
|
# Should-Stop:
|
# Default-Start: 2 3 4 5
|
# Default-Stop: 0 1 6
|
# Short-Description: MyDNS Server
|
# Description: MyDNS DNS Server
|
### END INIT INFO
|
|
set -e
|
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
DAEMON=/usr/local/sbin/mydns
|
NAME=mydns
|
DESC="DNS server"
|
|
SCRIPTNAME=/etc/init.d/$NAME
|
|
# Gracefully exit if the package has been removed.
|
test -x $DAEMON || exit 0
|
|
case "$1" in
|
start)
|
echo -n "Starting $DESC: $NAME"
|
start-stop-daemon --start --quiet \
|
--exec $DAEMON -- -b
|
echo "."
|
;;
|
stop)
|
echo -n "Stopping $DESC: $NAME"
|
start-stop-daemon --stop --oknodo --quiet \
|
--exec $DAEMON
|
echo "."
|
;;
|
reload|force-reload)
|
echo -n "Reloading $DESC configuration..."
|
start-stop-daemon --stop --signal HUP --quiet \
|
--exec $DAEMON
|
echo "done."
|
;;
|
restart)
|
echo -n "Restarting $DESC: $NAME"
|
start-stop-daemon --stop --quiet --oknodo \
|
--exec $DAEMON
|
sleep 1
|
start-stop-daemon --start --quiet \
|
--exec $DAEMON -- -b
|
echo "."
|
;;
|
*)
|
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
|
exit 1
|
;;
|
esac
|
|
exit 0
|
---------------------------------------------------------------------------
|
|
# now execute:
|
|
chmod +x /etc/init.d/mydns
|
update-rc.d mydns defaults
|
|
6) Install vlogger and webalizer awstats geoip-bin
|
|
apt-get -y install vlogger webalizer awstats
|
|
mkdir /usr/share/awstats/tools
|
cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl
|
|
|
|
7) Install Jailkit (optional, only needed if you want to use chrooting for SSH users)
|
|
apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper
|
cd /tmp
|
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
|
tar xvfz jailkit-2.11.tar.gz
|
cd jailkit-2.11
|
./debian/rules binary
|
cd ..
|
dpkg -i jailkit_2.11-1_*.deb
|
rm -rf jailkit-2.11*
|
|
8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
|
More info at: http://www.howtoforge.com/fail2ban_debian_etch
|
|
apt-get -y install fail2ban
|
|
9) Install ISPConfig 3
|
|
cd /tmp
|
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.tar.gz
|
tar xvfz ISPConfig-3.0.2.tar.gz
|
cd ispconfig3_install/install/
|
|
# Now start the installation process by executing:
|
|
php -q install.php
|
|
# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
|
|
http://192.168.0.100:8080/
|
|
# the default login is:
|
|
user: admin
|
password: admin
|
|
# In case you get a permission denied error from apache, please restart the apache webserver process.
|
|
|
|
----------------------------------------------------------------------------------------------------------
|
Optional:
|
|
Install a webbased Email Client
|
|
apt-get install squirrelmail
|
ln -s /usr/share/squirrelmail/ /var/www/webmail
|
|
Access squirrelmail:
|
|
http://192.168.0.100/webmail
|
|
|
To configure squirrelmail, run:
|
|
/usr/sbin/squirrelmail-configure
|
|
----------------------------------------------------------------------------------------------------------
|
|
Hints:
|
|
debian 5.0 under openvz:
|
|
VPSID=101
|
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
|
do
|
vzctl set $VPSID --capability ${CAP}:on --save
|
done
|
|
----------------------------------------------------------------------------------------------------------
|
|
|
Optional recommended packages:
|
|
denyhosts - a utility to help sys admins thwart ssh crackers
|
rsync - fast remote file copy program (for backup)
|
|
-----------------------------------------------------------------------------------------------------------
|
|
|
Possible errors and their solutions
|
------------------------------------
|
|
pureftpd login does not work. Take a look at the syslog, if you find an error message like this:
|
Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given
|
|
then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands:
|
|
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
|
/etc/init.d/pure-ftpd-mysql restart
|
