Installation ------------- # It is recommended to use a clean (fresh) Debian Lenny install where you just selected "Standard System" at the package selection during # setup (tasksel). Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as text editor, but # you can use whatever you prefer. You should be root for doing all of this. # Check we have Fully Qualified Domain Name /bin/hostname # it should return something like "ispconfig.example.com" # if not, then we assign a hostname (for example ispconfig): echo ispconfig.example.com > /etc/hostname vi /etc/hosts # and add lines similar but appropriate: 127.0.0.1 localhost.localdomain localhost 192.168.0.100 ispconfig.example.com ispconfig # Run: /etc/init.d/hostname.sh # enable the Debian Volatile repository to get an updated ClamAV version echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list.d/volatile.list apt-get update # Some optional choices opt0.1) Optionally install SSH-server to get remote shell apt-get install openssh-server opt0.2) Optionally, if you are not running inside a virtual machine, you can set server clocksync via NTP. Virtual guests get this from the host. apt-get -y install ntp ntpdate opt0.3) Optionally if you want vi editor improvement apt-get -y install vim-nox # Next is the real deal 1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils # Answer the questions from the package manager as follows. Create directories for web-based administration ? <-- No General type of configuration? <-- Internet site Mail name? <-- server1.mydomain.tld SSL certificate required <-- Ok # ...use your own domain name of course ;) # Edit the file /etc/mysql/my.cnf vi /etc/mysql/my.cnf # and change the line: bind-address = 127.0.0.1 to: #bind-address = 127.0.0.1 # then restart mysql /etc/init.d/mysql restart 2) Install Amavisd-new, Spamassassin and ClamAV (1 line!): apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl sudo # During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates... cd /etc/courier rm -f /etc/courier/imapd.pem rm -f /etc/courier/pop3d.pem # ... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary): vi /etc/courier/imapd.cnf [...] CN=server1.example.com [...] vi /etc/courier/pop3d.cnf [...] CN=server1.example.com [...] # Then recreate the certificates... mkimapdcert mkpop3dcert # ... and restart Courier-IMAP-SSL and Courier-POP3-SSL: /etc/init.d/courier-imap-ssl restart /etc/init.d/courier-pop-ssl restart 3) Install Apache, PHP5, PhpMyAdmin, better fastCGI, suexec, Pear and mcrypt (1 line!): apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby # When phpMyAdmin is asking wether to configure itself automatically, select "Apache2" # Then run the following to enable the Apache modules suexec, rewrite and ssl: a2enmod suexec rewrite ssl actions include ruby # If you want to use WebDAV then run the following to enable the Apache webdav modules: a2enmod dav_fs dav auth_digest # restart Apache before continuing /etc/init.d/apache2 restart 4) Install pure-ftpd and quota apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool # Optional: Enable TLS in pureftpd echo 1 > /etc/pure-ftpd/conf/TLS mkdir -p /etc/ssl/private/ openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem chmod 600 /etc/ssl/private/pure-ftpd.pem # Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /): vi /etc/fstab ---------------------------------------------------------------------------------------------- # /etc/fstab: static file system information. # # proc /proc proc defaults 0 0 /dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1 /dev/sda5 none swap sw 0 0 /dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 ---------------------------------------------------------------------------------------------- # To enable quota, run these commands: touch /quota.user /quota.group chmod 600 /quota.* mount -o remount / quotacheck -avugm quotaon -avug 5) Install MyDNS apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev cd /tmp wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz tar xvfz mydns-1.2.8.27.tar.gz cd mydns-1.2.8 ./configure make make install # Now create the start / stop script for mydns: vi /etc/init.d/mydns # and enter the following lines (between the ----- lines): ------------------------------------------------------ #! /bin/sh # # mydns Start the MyDNS server # # Author: Philipp Kern . # Based upon skeleton 1.9.4 by Miquel van Smoorenburg # and Ian Murdock . # ### BEGIN INIT INFO # Provides: MyDNS # Required-Start: $syslog # Should-Start: # Required-Stop: # Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: MyDNS Server # Description: MyDNS DNS Server ### END INIT INFO set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/local/sbin/mydns NAME=mydns DESC="DNS server" SCRIPTNAME=/etc/init.d/$NAME # Gracefully exit if the package has been removed. test -x $DAEMON || exit 0 case "$1" in start) echo -n "Starting $DESC: $NAME" start-stop-daemon --start --quiet \ --exec $DAEMON -- -b echo "." ;; stop) echo -n "Stopping $DESC: $NAME" start-stop-daemon --stop --oknodo --quiet \ --exec $DAEMON echo "." ;; reload|force-reload) echo -n "Reloading $DESC configuration..." start-stop-daemon --stop --signal HUP --quiet \ --exec $DAEMON echo "done." ;; restart) echo -n "Restarting $DESC: $NAME" start-stop-daemon --stop --quiet --oknodo \ --exec $DAEMON sleep 1 start-stop-daemon --start --quiet \ --exec $DAEMON -- -b echo "." ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 exit 1 ;; esac exit 0 --------------------------------------------------------------------------- # now execute: chmod +x /etc/init.d/mydns update-rc.d mydns defaults 6) Install vlogger and webalizer awstats geoip-bin apt-get -y install vlogger webalizer awstats mkdir /usr/share/awstats/tools cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl 7) Install Jailkit (optional, only needed if you want to use chrooting for SSH users) apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz tar xvfz jailkit-2.11.tar.gz cd jailkit-2.11 ./debian/rules binary cd .. dpkg -i jailkit_2.11-1_*.deb rm -rf jailkit-2.11* 8) Install fail2ban (optional but recomended, because the monitor tries to show the log) More info at: http://www.howtoforge.com/fail2ban_debian_etch apt-get -y install fail2ban 9) Install ISPConfig 3 cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.tar.gz tar xvfz ISPConfig-3.0.2.tar.gz cd ispconfig3_install/install/ # Now start the installation process by executing: php -q install.php # The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): http://192.168.0.100:8080/ # the default login is: user: admin password: admin # In case you get a permission denied error from apache, please restart the apache webserver process. ---------------------------------------------------------------------------------------------------------- Optional: Install a webbased Email Client apt-get install squirrelmail ln -s /usr/share/squirrelmail/ /var/www/webmail Access squirrelmail: http://192.168.0.100/webmail To configure squirrelmail, run: /usr/sbin/squirrelmail-configure ---------------------------------------------------------------------------------------------------------- Hints: debian 5.0 under openvz: VPSID=101 for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE do vzctl set $VPSID --capability ${CAP}:on --save done ---------------------------------------------------------------------------------------------------------- Optional recommended packages: denyhosts - a utility to help sys admins thwart ssh crackers rsync - fast remote file copy program (for backup) ----------------------------------------------------------------------------------------------------------- Possible errors and their solutions ------------------------------------ pureftpd login does not work. Take a look at the syslog, if you find an error message like this: Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands: echo 'yes' > /etc/pure-ftpd/conf/DontResolve /etc/init.d/pure-ftpd-mysql restart