Skip to content
INSTALL_DEBIAN_6.0_courier_mydns.txt 11.8 KiB
Newer Older
Fantu's avatar
Fantu committed
Installation
-------------
Fantu's avatar
Fantu committed

# It is recommended to use a clean (fresh) Debian Squeeze 6.0 install where you just selected "Standard System" at the package selection during
# setup (tasksel). Journaled quota which this guide uses works on ext3 and ext4 file systems, so format disks either one if you are going to use
# quota (recommended). Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as text editor, but
Fantu's avatar
Fantu committed
# you can use whatever you prefer. You should be root for doing all of this.


# Check we have Fully Qualified Domain Name

/bin/hostname

# it should return something like "ispconfig.example.com"
# if not, then we assign a hostname (for example ispconfig):

echo ispconfig.example.com > /etc/hostname

vi /etc/hosts

# and add lines similar but appropriate:

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   ispconfig.example.com   ispconfig



# Some optional choices

opt0.1) Optionally install SSH-server to get remote shell

apt-get install openssh-server
Fantu's avatar
Fantu committed

opt0.2) Optionally, if you are not running inside a virtual machine, you can set server clocksync via NTP. Virtual guests get this from the host.
Fantu's avatar
Fantu committed

apt-get -y install ntp ntpdate
Fantu's avatar
Fantu committed

Fantu's avatar
Fantu committed
opt0.3) Optionally if you want vi editor improvement

apt-get -y install vim-nox
Fantu's avatar
Fantu committed


# Next is the real deal

1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!):

apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-pop courier-pop-ssl courier-authlib-mysql courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils sudo
Fantu's avatar
Fantu committed

# Answer the questions from the package manager as follows.

Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Mail name? <-- server1.mydomain.tld
 SSL certificate required <-- Ok

# ...use your own domain name of course ;)



# Edit the file /etc/mysql/my.cnf

vi /etc/mysql/my.cnf

# and change the line:

bind-address          = 127.0.0.1

to:

#bind-address          = 127.0.0.1

# then restart mysql

/etc/init.d/mysql restart

2) Install Amavisd-new, Spamassassin and ClamAV (1 line!):
Fantu's avatar
Fantu committed

apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
Fantu's avatar
Fantu committed
#this is necessary? libnet-ldap-perl
Fantu's avatar
Fantu committed

# During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

# ... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /etc/courier/pop3d.cnf

[...]
CN=server1.example.com
[...]

# Then recreate the certificates...

mkimapdcert
mkpop3dcert

# ... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart 


3) Install Apache, PHP5, PhpMyAdmin, better fastCGI, suexec, Pear and mcrypt (1 line!):
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby
fantu's avatar
fantu committed
#this package is actual missed on official squeeze repository: php5-imagick
# When phpMyAdmin is asking wether to configure itself automatically, select "Apache2"
Fantu's avatar
Fantu committed

# Then run the following to enable the Apache modules suexec, rewrite and ssl:

a2enmod suexec rewrite ssl actions include ruby
# If you want to use WebDAV then run the following to enable the Apache webdav modules:
a2enmod dav_fs dav auth_digest
# restart Apache before continuing
Fantu's avatar
Fantu committed

/etc/init.d/apache2 restart
 

4) Install pure-ftpd and quota

apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
# Optional: Some additional settings for pureftpd
Fantu's avatar
Fantu committed
echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles
Fantu's avatar
Fantu committed

# Enable TLS in pureftpd
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem  -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem 


# Edit /etc/fstab. Add "usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0" to the partition where you want to use quota.
# Mine looks like this (I want to use quota on the / partition):
Fantu's avatar
Fantu committed

vi /etc/fstab

----------------------------------------------------------------------------------------------
# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0	0       1
Fantu's avatar
Fantu committed
/dev/sda5       none            swap    sw              0       0
/dev/hda        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0
----------------------------------------------------------------------------------------------

# To enable quota, run these commands:

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -F vfsv0 -afcvdugm
Fantu's avatar
Fantu committed
quotaon -avug


5) Install MyDNS
Fantu's avatar
Fantu committed
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient-dev
Fantu's avatar
Fantu committed

cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz
tar xvfz mydns-1.2.8.27.tar.gz
cd mydns-1.2.8
./configure
make
make install

# Now create the start / stop script for mydns:

vi /etc/init.d/mydns

# and enter the following lines (between the ----- lines):

------------------------------------------------------
#! /bin/sh
#
# mydns         Start the MyDNS server
#
# Author:       Philipp Kern <phil@philkern.de>.
#               Based upon skeleton 1.9.4 by Miquel van Smoorenburg
#               <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
#
### BEGIN INIT INFO
# Provides:          MyDNS
# Required-Start:    $syslog
# Should-Start:
# Required-Stop:
# Should-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: MyDNS Server
# Description:       MyDNS DNS Server
### END INIT INFO
Fantu's avatar
Fantu committed

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"

SCRIPTNAME=/etc/init.d/$NAME

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        start-stop-daemon --stop --oknodo --quiet \
                --exec $DAEMON
        echo "."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration..."
        start-stop-daemon --stop --signal HUP --quiet \
                --exec $DAEMON
        echo "done."
        ;;
  restart)
        echo -n "Restarting $DESC: $NAME"
        start-stop-daemon --stop --quiet --oknodo \
                --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0
---------------------------------------------------------------------------

# now execute:

chmod +x /etc/init.d/mydns
update-rc.d mydns defaults

6) Install vlogger and webalizer

apt-get -y install vlogger webalizer awstats

mkdir /usr/share/awstats/tools
cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl
7) Install Jailkit (optional, only needed if you want to use chrooting for SSH users)
apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper
Fantu's avatar
Fantu committed
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.gz
tar xvfz jailkit-2.13.tar.gz
cd jailkit-2.13
./configure
make
make install
Fantu's avatar
Fantu committed
cd ..
rm -rf jailkit-2.13*
Fantu's avatar
Fantu committed

8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
More info at: http://www.howtoforge.com/fail2ban_debian_etch

apt-get -y install fail2ban
Fantu's avatar
Fantu committed

9) Install ISPConfig 3

# There are two possile scenarios, but not both:
9.1) Install the latest released version 
9.2) Install directly from SVN

9.1) Installation of last version from tar.gz

  cd /tmp
  wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.tar.gz
  tar xvfz ISPConfig-3.0.2.tar.gz
Fantu's avatar
Fantu committed
  cd ispconfig3_install/install/

9.2) Installation from SVN

  apt-get install subversion
  cd /tmp
  svn export svn://svn.ispconfig.org/ispconfig3/trunk/
  cd trunk/install


9.1+9.2) Now proceed with the ISPConfig installation.

# Now start the installation process by executing:

php -q install.php

jwarnier's avatar
jwarnier committed
# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
Fantu's avatar
Fantu committed

http://192.168.0.100:8080/

# the default login is:

user: admin
password: admin

# In case you get a permission denied error from apache, please restart the apache webserver process.



----------------------------------------------------------------------------------------------------------
Optional:

Install a webbased Email Client

apt-get install squirrelmail
ln -s /usr/share/squirrelmail/ /var/www/webmail

Access squirrelmail:

http://192.168.0.100/webmail


To configure squirrelmail, run:

/usr/sbin/squirrelmail-configure

----------------------------------------------------------------------------------------------------------

Hints:

debian 5.0 under openvz:

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
  vzctl set $VPSID --capability ${CAP}:on --save
done

----------------------------------------------------------------------------------------------------------


Optional recommended packages:

denyhosts - a utility to help sys admins thwart ssh crackers
rsync - fast remote file copy program (for backup)

-----------------------------------------------------------------------------------------------------------

Fantu's avatar
Fantu committed

Possible errors and their solutions
------------------------------------

pureftpd login does not work. Take a look at the syslog, if you find an error message like this:
Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given

then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands:

echo 'yes' > /etc/pure-ftpd/conf/DontResolve
/etc/init.d/pure-ftpd-mysql restart

-----------------------------------------------------------------------------------------------------------
Fail2ban also working with ipv6:
# Download here and install the package: http://homes.dcc.ufba.br/~rogeriobastos/files/fail2ban/
# Set banaction = route in jail.conf
# Create or modify route.conf in /etc/fail2ban/action.d
[Definition]
actionban = ip route add unreachable <ip>
actionunban = ip route del unreachable <ip>
action6ban = ip route add unreachable <ip>
action6unban = ip route del unreachable <ip>
-----------------------------------------------------------------------------------------------------------