Installation
-----------

# It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during
# setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse
# you can use whatever you prefer. You should be root for doing all of this.


# Check we have Fully Qualified Domain Name

/bin/hostname

# it should return something like "ispconfig.example.com"
# if not, then we assign a hostname (for example ispconfig):

echo ispconfig.example.com > /etc/hostname

vi /etc/hosts

# and add lines similar but appropriate:

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   ispconfig.example.com   ispconfig



# Some optional choices

opt0.1) Optionally install SSH-server to get remote shell

apt-get install ssh openssh-server

opt0.2) Optionally if you are not running in virtual machine you can set server clocksync via NTP. Virtual quests get this from the host.

apt-get install ntp ntpdate



# Next is the real deal

1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!):

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils

# Answer the questions from the package manager as follows.

Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Mail name? <-- server1.mydomain.tld
 SSL certificate required <-- Ok

# ...use your own domain name of course ;)



# Edit the file /etc/mysql/my.cnf

vi /etc/mysql/my.cnf

# and comment out the line

bind-address          = 127.0.0.1

# then restart mysql

/etc/init.d/mysql restart

# Set the mysql database password:
# Again use your own domain name...

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h ispconfig.local -u root password yourrootsqlpassword



2) Install Amavisd-new, Spamassassin and Clamav (1 line!):

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl



3) Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!):

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt


# When phpMyAdmin is asking weather to configure itself automatically, select "Apache2"

# Then run the following to enable the Apache modules suexec, rewrite and ssl:

a2enmod suexec rewrite ssl actions include

# Secure phpMyAdmin by deleting setuppassword-file
# and removing/commenting Setup Authorization from apache.conf

rm /etc/phpmyadmin/htpasswd.setup

vi /etc/phpmyadmin/apache.conf

# delete/comment following lines (between the ----- lines):
------------------------------------------------------
        # Authorize for setup
       <Files setup.php>
           # For Apache 1.3 and 2.0
           <IfModule mod_auth.c>
               AuthType Basic
               AuthName "phpMyAdmin Setup"
               AuthUserFile /etc/phpmyadmin/htpasswd.setup
           </IfModule>
           # For Apache 2.2
           <IfModule mod_authn_file.c>
               AuthType Basic
               AuthName "phpMyAdmin Setup"
               AuthUserFile /etc/phpmyadmin/htpasswd.setup
           </IfModule>
           Require valid-user
       </Files>
------------------------------------------------------


opt3.1) Optionally install some image manipulation capabilities to make advanced web designers happy

apt-get install php5-imagick imagemagick

# restart apache before continuing

/etc/init.d/apache2 restart
 

4) Install pure-ftpd and quota

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

# Edit the file /etc/default/pure-ftpd-common to change the start mode from "inetd" to "standalone".

vi /etc/default/pure-ftpd-common

# Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp.
# To do this, comment line starting like "ftp   stream  tcp" by adding "#"-sign in front of the line.

vi /etc/inetd.conf

# Then execute:

/etc/init.d/openbsd-inetd restart



5) Install mydns

apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev

cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.15.tar.gz
tar xvfz mydns-1.2.8.15.tar.gz
cd mydns-1.2.8
./configure
make
make install

# Now create the start / stop script for mydns:

vi /etc/init.d/mydns

# and enter the following lines (between the ----- lines):

------------------------------------------------------
#! /bin/sh
#
# mydns         Start the MyDNS server
#
# Author:       Philipp Kern <phil@philkern.de>.
#               Based upon skeleton 1.9.4 by Miquel van Smoorenburg
#               <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
#

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"

SCRIPTNAME=/etc/init.d/$NAME

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        start-stop-daemon --stop --oknodo --quiet \
                --exec $DAEMON
        echo "."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration..."
        start-stop-daemon --stop --signal HUP --quiet \
                --exec $DAEMON
        echo "done."
        ;;
  restart)
        echo -n "Restarting $DESC: $NAME"
        start-stop-daemon --stop --quiet --oknodo \
                --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0
---------------------------------------------------------------------------

# now execute:

chmod +x /etc/init.d/mydns
update-rc.d mydns defaults

6) Install vlogger and webalizer

apt-get install vlogger webalizer

7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users)

apt-get install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
rm -rf jailkit-2.5*

8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
More info at: http://www.howtoforge.com/fail2ban_debian_etch

apt-get install fail2ban

9) Install ISPConfig 3

# There are two possile scenarios, but not both:
9.1) Install the latest released version 
9.2) Install directly from SVN

9.1) Installation of last version from tar.gz

  cd /tmp
  wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz
  tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz
  cd ispconfig3_install/install/

9.2) Installation from SVN

  apt-get install subversion
  cd /tmp
  svn export svn://svn.ispconfig.org/ispconfig3/trunk/
  cd trunk/install


9.1+9.2) Now proceed with the ISPConfig installation.

# Now start the installation process by executing:

php -q install.php

# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):

http://192.168.0.100:8080/

# the default login is:

user: admin
password: admin

# In case you get a permission denied error from apache, please restart the apache webserver process.



----------------------------------------------------------------------------------------------------------
Optional:

Install a webbased Email Client

apt-get install squirrelmail
ln -s /usr/share/squirrelmail/ /var/www/webmail

Access squirrelmail:

http://192.168.0.100/webmail


To configure squirrelmail, run:

/usr/sbin/squirrelmail-configure

----------------------------------------------------------------------------------------------------------

Hints:

debian 4.0 under openvz:

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
  vzctl set $VPSID --capability ${CAP}:on --save
done

----------------------------------------------------------------------------------------------------------


Optional recommended packages:

denyhosts - a utility to help sys admins thwart ssh crackers
rsync - fast remote file copy program (for backup)