Setting up a chrooted ispconfig 3 installation -------------------------------------------------------------------- # Follow the steps 1 - 8 of the INSTALL_DEBIAN_5.0 Guide, then proceed # with the steps below. # # This guide is experimental as there are a few changes necessary in # ispconfig to get it working. These changes will be part of ISPConfig 3.0.2 # Install packages apt-get install debootstrap libapache2-mod-chroot # Create the chroot environment debootstrap lenny /var/www/ ftp://ftp.fr.debian.org/debian/ # Add mountpoints for the chroot env into the fstab file echo "/proc /var/www/proc proc defaults 0 0">>/etc/fstab echo "devpts /var/www/dev/pts devpts defaults 0 0">>/etc/fstab # mount all the filesystems mount -a # add a default chroot dir for all users of the sshusers group echo "@sshusers - chroot /var/www/">>/etc/security/limits.conf # copy passwd and group files to the chroot env cp -rf /etc/apt /etc/passwd /etc/group /var/www/etc/ # Cleaning unnecessary users and groups # Create symlinks cd /var/www/var/ rm -rf /var/www/var/www ln -s / www # Enter the chroot chroot /var/www # Update files in the chroot environment and install some packages. # You can ignore warnings about locales, we will fix them in the next step. apt-get update apt-get install fakeroot --force-yes -y apt-get install locales # Reconfigure locales. Select e.g the en_US* locales. dpkg-reconfigure locales # run a dist-upgrade fakeroot apt-get dist-upgrade # Install Apache and PHP in the chroot environment apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby /etc/init.d/apache2 stop # Exit the chroot exit # Moving the apache configuration is not necessary, as Apache reads # the config files before it moves into the chroot # rm -rf /var/www/etc/apache2 # mv -f /etc/apache2 /var/www/etc/ # ln -s /var/www/etc/apache2 /etc/apache2 rm -rf /var/www/etc/php5/cgi/ mv -f /etc/php5/cgi/ /var/www/etc/php5/ ln -s /var/www/etc/php5/cgi /etc/php5/ rm -rf /var/www/etc/php5/apache2/ mv -f /etc/php5/apache2/ /var/www/etc/php5/ ln -s /var/www/etc/php5/apache2 /etc/php5/ ln -s /var/www/var/run/apache2.pid /var/run/apache2.pid # enable mod_chroot a2enmod mod_chroot echo "ChrootDir /var/www" > /etc/apache2/conf.d/mod_chroot.conf # Start apache /etc/init.d/apache2 start # Install ISPConfig cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3.0.1.4-beta-2.tar.gz tar xvfz ISPConfig-3.0.1.4-beta-2.tar.gz cd ispconfig3_install/install/ php -q install.php cd /tmp/ rm -rf ispconfig3_install rm -f ISPConfig-3.0.1.4-beta-2.tar.gz # Move the ispconfig interface part to the chroot environment and create a symlink mkdir /var/www/usr/local/ispconfig chown ispconfig:ispconfig /var/www/usr/local/ispconfig chmod 750 /var/www/usr/local/ispconfig mv /usr/local/ispconfig/interface /var/www/usr/local/ispconfig/ ln -s /var/www/usr/local/ispconfig/interface /usr/local/ispconfig/interface chroot /var/www adduser www-data ispconfig # Create a link for the MySQL socket ln /var/run/mysqld/mysqld.sock /var/www/var/run/mysqld/mysqld.sock # As an alternative to making a hardlink to the MySQL socket, # change the my.cnf file in the chroot to use TCP sockets. # This is more secure but a bit slower than using the mysqld.sock file. # Restart Apache /etc/init.d/apache2 restart