Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
vms:webdev:ispconfig [2014/06/06 12:35] admin [Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap] |
vms:webdev:ispconfig [2014/06/06 15:28] admin [fail2ban] |
||
---|---|---|---|
Line 87: | Line 87: | ||
* Repeat password for the MySQL "root" user: yourrootsqlpassword | * Repeat password for the MySQL "root" user: yourrootsqlpassword | ||
- | === Postfix === | + | ==== Postfix ==== |
+ | ---- | ||
Next open the TLS/SSL and submission ports in Postfix: | Next open the TLS/SSL and submission ports in Postfix: | ||
<code> | <code> | ||
Line 117: | Line 118: | ||
</code> | </code> | ||
- | === MySQL === | + | ==== MySQL ==== |
+ | ---- | ||
MySQL should listen on all interfaces, not just localhost, therefore we edit **/etc/mysql/my.cnf** and comment out the line bind-address = 127.0.0.1, then restart the service: | MySQL should listen on all interfaces, not just localhost, therefore we edit **/etc/mysql/my.cnf** and comment out the line bind-address = 127.0.0.1, then restart the service: | ||
<code> | <code> | ||
Line 261: | Line 263: | ||
For more info regarding nginx configuration for mailman see point 13 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | For more info regarding nginx configuration for mailman see point 13 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | ||
+ | |||
+ | ==== PureFTPd And Quota ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool | ||
+ | </code> | ||
+ | |||
+ | Edit **/etc/default/pure-ftpd-common** to make sure that the start mode is set to standalone and set VIRTUALCHROOT=true | ||
+ | |||
+ | <code> | ||
+ | > nano /etc/default/pure-ftpd-common | ||
+ | |||
+ | ... | ||
+ | STANDALONE_OR_INETD=standalone | ||
+ | ... | ||
+ | VIRTUALCHROOT=true | ||
+ | ... | ||
+ | </code> | ||
+ | |||
+ | To allow FTP and TLS sessions: | ||
+ | <code> | ||
+ | > echo 1 > /etc/pure-ftpd/conf/TLS | ||
+ | </code> | ||
+ | |||
+ | In order to use TLS, we must create an SSL certificate. Lets create it in **/etc/ssl/private/**, creating the directory first: | ||
+ | <code> | ||
+ | > mkdir -p /etc/ssl/private/ | ||
+ | </code> | ||
+ | |||
+ | Then, we generate the SSL certificate as follows: | ||
+ | <code> | ||
+ | > openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | ||
+ | </code> | ||
+ | |||
+ | Fill all requested information... | ||
+ | |||
+ | Change the permissions of the SSL certificate, and restart PureFTPd: | ||
+ | <code> | ||
+ | > chmod 600 /etc/ssl/private/pure-ftpd.pem | ||
+ | > service pure-ftpd-mysql restart | ||
+ | </code> | ||
+ | |||
+ | Edit **/etc/fstab**, adding ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /: | ||
+ | <code> | ||
+ | > nano /etc/fstab | ||
+ | |||
+ | UUID=1d269e64-420e-47e1-84fc-c8f0b14c1345 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1 | ||
+ | </code> | ||
+ | |||
+ | To enable quota, run these commands: | ||
+ | <code> | ||
+ | > mount -o remount / | ||
+ | > quotacheck -avugm | ||
+ | > quotaon -avug | ||
+ | </code> | ||
+ | |||
+ | ==== BIND DNS Server ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install bind9 dnsutils | ||
+ | </code> | ||
+ | |||
+ | ==== Vlogger, Webalizer, And AWstats ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl | ||
+ | > nano /etc/cron.d/awstats | ||
+ | |||
+ | # Comment out everything in that file ! | ||
+ | </code> | ||
+ | |||
+ | ==== Jailkit ==== | ||
+ | ---- | ||
+ | Jailkit is needed only if you want to chroot SSH users. It must be installed before ISPConfig - it cannot be installed afterwards! | ||
+ | |||
+ | <code> | ||
+ | > apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold | ||
+ | > cd /tmp | ||
+ | > wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz | ||
+ | > tar xvfz jailkit-2.15.tar.gz | ||
+ | > cd jailkit-2.15 | ||
+ | > ./debian/rules binary | ||
+ | > cd .. | ||
+ | > dpkg -i jailkit_2.15-1_*.deb | ||
+ | > rm -rf jailkit-2.15* | ||
+ | </code> | ||
+ | |||
+ | ==== fail2ban ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install fail2ban | ||
+ | </code> | ||
+ | |||
+ | To have fail2ban monitor PureFTPd and Dovecot, create the file **/etc/fail2ban/jail.local**: | ||
+ | <code> | ||
+ | > nano /etc/fail2ban/jail.local | ||
+ | |||
+ | [pureftpd] | ||
+ | enabled = true | ||
+ | port = ftp | ||
+ | filter = pureftpd | ||
+ | logpath = /var/log/syslog | ||
+ | maxretry = 3 | ||
+ | |||
+ | [dovecot-pop3imap] | ||
+ | enabled = true | ||
+ | filter = dovecot-pop3imap | ||
+ | action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 5 | ||
+ | |||
+ | [sasl] | ||
+ | enabled = true | ||
+ | port = smtp | ||
+ | filter = sasl | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 3 | ||
+ | </code> |