Skip to content
Snippets Groups Projects
Commit f38a6d5f authored by tbrehm's avatar tbrehm
Browse files

Updated debian installation instructions.

parent e08bdcf5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/INSTALL_DEBIAN_5.0.txt
+ 376
358
View file @ f38a6d5f
Installation
-----------
# It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during
# setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse
# you can use whatever you prefer. You should be root for doing all of this.
# Check we have Fully Qualified Domain Name
/bin/hostname
# it should return something like "ispconfig.example.com"
# if not, then we assign a hostname (for example ispconfig):
echo ispconfig.example.com > /etc/hostname
vi /etc/hosts
# and add lines similar but appropriate:
127.0.0.1 localhost.localdomain localhost
192.168.0.100 ispconfig.example.com ispconfig
# Some optional choices
opt0.1) Optionally install SSH-server to get remote shell
apt-get install ssh openssh-server
opt0.2) Optionally if you are not running in virtual machine you can set server clocksync via NTP. Virtual quests get this from the host.
apt-get install ntp ntpdate
# Next is the real deal
1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!):
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils
# Answer the questions from the package manager as follows.
Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Mail name? <-- server1.mydomain.tld
SSL certificate required <-- Ok
# ...use your own domain name of course ;)
# Edit the file /etc/mysql/my.cnf
vi /etc/mysql/my.cnf
# and comment out the line
bind-address = 127.0.0.1
# then restart mysql
/etc/init.d/mysql restart
2) Install Amavisd-new, Spamassassin and Clamav (1 line!):
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
3) Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!):
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby
# When phpMyAdmin is asking weather to configure itself automatically, select "Apache2"
# Then run the following to enable the Apache modules suexec, rewrite and ssl:
a2enmod suexec rewrite ssl actions include
# Secure phpMyAdmin by deleting setuppassword-file
# and removing/commenting Setup Authorization from apache.conf
rm /etc/phpmyadmin/htpasswd.setup
vi /etc/phpmyadmin/apache.conf
# delete/comment following lines (between the ----- lines):
------------------------------------------------------
# Authorize for setup
<Files setup.php>
# For Apache 1.3 and 2.0
<IfModule mod_auth.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
# For Apache 2.2
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</Files>
------------------------------------------------------
# restart apache before continuing
/etc/init.d/apache2 restart
4) Install pure-ftpd and quota
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
# Edit the file /etc/default/pure-ftpd-common to change the start mode from "inetd" to "standalone"
and set VIRTUALCHROOT=true
vi /etc/default/pure-ftpd-common
# Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp.
# To do this, comment line starting like "ftp stream tcp" by adding "#"-sign in front of the line.
vi /etc/inetd.conf
# Then execute:
/etc/init.d/openbsd-inetd restart
# Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):
vi /etc/fstab
----------------------------------------------------------------------------------------------
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1
/dev/sda5 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
----------------------------------------------------------------------------------------------
# To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
5) Install mydns
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz
tar xvfz mydns-1.2.8.25.tar.gz
cd mydns-1.2.8
./configure
make
make install
# Now create the start / stop script for mydns:
vi /etc/init.d/mydns
# and enter the following lines (between the ----- lines):
------------------------------------------------------
#! /bin/sh
#
# mydns Start the MyDNS server
#
# Author: Philipp Kern <phil@philkern.de>.
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg
# <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --stop --oknodo --quiet \
--exec $DAEMON
echo "."
;;
reload|force-reload)
echo -n "Reloading $DESC configuration..."
start-stop-daemon --stop --signal HUP --quiet \
--exec $DAEMON
echo "done."
;;
restart)
echo -n "Restarting $DESC: $NAME"
start-stop-daemon --stop --quiet --oknodo \
--exec $DAEMON
sleep 1
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0
---------------------------------------------------------------------------
# now execute:
chmod +x /etc/init.d/mydns
update-rc.d mydns defaults
6) Install vlogger and webalizer
apt-get install vlogger webalizer
7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users)
apt-get install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*
8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
More info at: http://www.howtoforge.com/fail2ban_debian_etch
apt-get install fail2ban
9) Install ISPConfig 3
# There are two possile scenarios, but not both:
9.1) Install the latest released version
9.2) Install directly from SVN
9.1) Installation of last version from tar.gz
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.9-rc2.tar.gz
tar xvfz ISPConfig-3.0.0.9-rc2.tar.gz
cd ispconfig3_install/install/
9.2) Installation from SVN
apt-get install subversion
cd /tmp
svn export svn://svn.ispconfig.org/ispconfig3/trunk/
cd trunk/install
9.1+9.2) Now proceed with the ISPConfig installation.
# Now start the installation process by executing:
php -q install.php
# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
http://192.168.0.100:8080/
# the default login is:
user: admin
password: admin
# In case you get a permission denied error from apache, please restart the apache webserver process.
----------------------------------------------------------------------------------------------------------
Optional:
Install a webbased Email Client
apt-get install squirrelmail
ln -s /usr/share/squirrelmail/ /var/www/webmail
Access squirrelmail:
http://192.168.0.100/webmail
To configure squirrelmail, run:
/usr/sbin/squirrelmail-configure
----------------------------------------------------------------------------------------------------------
Hints:
debian 5.0 under openvz:
VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID --capability ${CAP}:on --save
done
----------------------------------------------------------------------------------------------------------
Optional recommended packages:
denyhosts - a utility to help sys admins thwart ssh crackers
rsync - fast remote file copy program (for backup)
-----------------------------------------------------------------------------------------------------------
Possible errors and their solutions
------------------------------------
pureftpd login does not work. Take a look at the syslog, if you find an error message like this:
Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given
then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands:
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
/etc/init.d/pure-ftpd-mysql restart
Installation
-----------
# It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during
# setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse
# you can use whatever you prefer. You should be root for doing all of this.
# Check we have Fully Qualified Domain Name
/bin/hostname
# it should return something like "ispconfig.example.com"
# if not, then we assign a hostname (for example ispconfig):
echo ispconfig.example.com > /etc/hostname
vi /etc/hosts
# and add lines similar but appropriate:
127.0.0.1 localhost.localdomain localhost
192.168.0.100 ispconfig.example.com ispconfig
# Some optional choices
opt0.1) Optionally install SSH-server to get remote shell
apt-get install ssh openssh-server
opt0.2) Optionally if you are not running in virtual machine you can set server clocksync via NTP. Virtual quests get this from the host.
apt-get install ntp ntpdate
# Next is the real deal
1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!):
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils
# Answer the questions from the package manager as follows.
Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Mail name? <-- server1.mydomain.tld
SSL certificate required <-- Ok
# ...use your own domain name of course ;)
# Edit the file /etc/mysql/my.cnf
vi /etc/mysql/my.cnf
# and comment out the line
bind-address = 127.0.0.1
# then restart mysql
/etc/init.d/mysql restart
2) Install Amavisd-new, Spamassassin and Clamav (1 line!):
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
3) Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!):
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby
# When phpMyAdmin is asking weather to configure itself automatically, select "Apache2"
# Then run the following to enable the Apache modules suexec, rewrite and ssl:
a2enmod suexec rewrite ssl actions include
# Secure phpMyAdmin by deleting setuppassword-file
# and removing/commenting Setup Authorization from apache.conf
rm /etc/phpmyadmin/htpasswd.setup
vi /etc/phpmyadmin/apache.conf
# delete/comment following lines (between the ----- lines):
------------------------------------------------------
# Authorize for setup
<Files setup.php>
# For Apache 1.3 and 2.0
<IfModule mod_auth.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
# For Apache 2.2
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</Files>
------------------------------------------------------
# restart apache before continuing
/etc/init.d/apache2 restart
4) Install pure-ftpd and quota
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
# Edit the file /etc/default/pure-ftpd-common to change the start mode from "inetd" to "standalone"
and set VIRTUALCHROOT=true
vi /etc/default/pure-ftpd-common
# Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp.
# To do this, comment line starting like "ftp stream tcp" by adding "#"-sign in front of the line.
vi /etc/inetd.conf
# Then execute:
/etc/init.d/openbsd-inetd restart
# Some additional settings for pureftpd
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
# Enable TLS in pureftpd
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
# Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):
vi /etc/fstab
----------------------------------------------------------------------------------------------
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1
/dev/sda5 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
----------------------------------------------------------------------------------------------
# To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
5) Install mydns
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz
tar xvfz mydns-1.2.8.25.tar.gz
cd mydns-1.2.8
./configure
make
make install
# Now create the start / stop script for mydns:
vi /etc/init.d/mydns
# and enter the following lines (between the ----- lines):
------------------------------------------------------
#! /bin/sh
#
# mydns Start the MyDNS server
#
# Author: Philipp Kern <phil@philkern.de>.
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg
# <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --stop --oknodo --quiet \
--exec $DAEMON
echo "."
;;
reload|force-reload)
echo -n "Reloading $DESC configuration..."
start-stop-daemon --stop --signal HUP --quiet \
--exec $DAEMON
echo "done."
;;
restart)
echo -n "Restarting $DESC: $NAME"
start-stop-daemon --stop --quiet --oknodo \
--exec $DAEMON
sleep 1
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0
---------------------------------------------------------------------------
# now execute:
chmod +x /etc/init.d/mydns
update-rc.d mydns defaults
6) Install vlogger and webalizer
apt-get install vlogger webalizer
Change the following line in /etc/webalizer.conf from
#Incremental no
to
Incremental yes
7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users)
apt-get install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*
8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
More info at: http://www.howtoforge.com/fail2ban_debian_etch
apt-get install fail2ban
9) Install ISPConfig 3
# There are two possile scenarios, but not both:
9.1) Install the latest released version
9.2) Install directly from SVN
9.1) Installation of last version from tar.gz
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.9-rc2.tar.gz
tar xvfz ISPConfig-3.0.0.9-rc2.tar.gz
cd ispconfig3_install/install/
9.2) Installation from SVN
apt-get install subversion
cd /tmp
svn export svn://svn.ispconfig.org/ispconfig3/trunk/
cd trunk/install
9.1+9.2) Now proceed with the ISPConfig installation.
# Now start the installation process by executing:
php -q install.php
# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
http://192.168.0.100:8080/
# the default login is:
user: admin
password: admin
# In case you get a permission denied error from apache, please restart the apache webserver process.
----------------------------------------------------------------------------------------------------------
Optional:
Install a webbased Email Client
apt-get install squirrelmail
ln -s /usr/share/squirrelmail/ /var/www/webmail
Access squirrelmail:
http://192.168.0.100/webmail
To configure squirrelmail, run:
/usr/sbin/squirrelmail-configure
----------------------------------------------------------------------------------------------------------
Hints:
debian 5.0 under openvz:
VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID --capability ${CAP}:on --save
done
----------------------------------------------------------------------------------------------------------
Optional recommended packages:
denyhosts - a utility to help sys admins thwart ssh crackers
rsync - fast remote file copy program (for backup)
-----------------------------------------------------------------------------------------------------------
Possible errors and their solutions
------------------------------------
pureftpd login does not work. Take a look at the syslog, if you find an error message like this:
Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given
then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands:
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
/etc/init.d/pure-ftpd-mysql restart
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment