This is an old revision of the document!
ISPConfig 3 (nginx)
This section will drive you through the setup of a working ISPConfig 3 (nginx) VM, it's based on the The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3) tutorial.
We assume that, prior to starting this section, you already have a Debian-Wheezy XVA template available, please refer to this wiki article in case you do not have it yet…
Import and Configure Base VM System
> xe vm-import filename=/root/XVAs/DebianWheezy-7.5.xva
VM renaming and resource allocation
Once imported, we rename the VM and change it's memory allocation
From XOA interface:
- Rename VM: ISPConfig-3-nginx
- Allocate 4GB RAM
Virtual network interface (vif) association
From Dom0 CLI:
Then we re-allocate the vif (virtual network interface) and link it to a specified MAC address given by the provider for the targeted FO IP (mac=02:00:00:84:fb:29).
> xe vm-list > xe network-list > xe vif-list vm-name-label=ISPConfig-3-nginx --minimal <vif-uuid> > xe vif-destroy uuid=<vif-uuid> > xe vif-create vm-uuid=<ispaconfig-vm-uuid> network-uuid=<ntwrk-uuid> device=0 mac="02:00:00:84:fb:29"
Change the host name
> nano /etc/hostname > nano /etc/hosts
ISPConfig Required Packages Installation & Config
Update sources
Make sure that your sources list contains the wheezy-updates repository (this makes sure you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and sometimes old versions stop working).
To keep things clean, we'll add a file in the /etc/apt/sources.list.d directory containing our additional sources references:
> mkdir -p /etc/apt/sources.list.d > nano /etc/apt/sources.list.d/wheezy-updates.list
Change The Default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash (if you don't do this the ISPConfig installation will fail). Therefore we do this:
> dpkg-reconfigure dash SELECT: NO
Synchronize the System Clock
> apt-get install ntp ntpdate
Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils
This is achieved in a single command:
> apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo
You'll have to answer a few questions during installatio:
- General type of mail configuration: Internet Site
- System mail name: server1.example.com
- New password for the MySQL “root” user: yourrootsqlpassword
- Repeat password for the MySQL “root” user: yourrootsqlpassword
Postfix
Next open the TLS/SSL and submission ports in Postfix:
> nano /etc/postfix/master.cf
Uncomment the submission and smtps sections as follows (leave -o milter_macro_daemon_name=ORIGINATING as we don't need it)
... submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING ...
Restart Postfix:
> service postfix restart
MySQL
MySQL should listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1, then restart the service:
> nano /etc/mysql/my.cnf LINE 47: #bind-address = 127.0.0.1 > service mysql restart
Check networking is enabled:
> netstat -tap | grep mysql tcp 0 0 *:mysql *:* LISTEN 27358/mysqld
Install Amavisd-new, SpamAssassin, And Clamav
> apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:
> service spamassassin stop > update-rc.d -f spamassassin remove
Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap
nginx
> apt-get install nginx > service nginx start
php-fpm
> apt-get install php5-fpm
php complementary packages
> apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached
php.ini
> nano /etc/php5/fpm/php.ini ... cgi.fix_pathinfo=0 ... date.timezone="Europe/Brussels" ... > service php-fpm reload
Available timezones can be found in the /usr/share/zoneinfo directories and its subdirectories.
fcgiwrap
To get CGI support in nginx, we install Fcgiwrap.
> apt-get install fcgiwrap
Multiple php versions
In case you'd like to be able to selct various php version for each site, read How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (Debian Wheezy)
Services
phpMyAdmin
> apt-get install phpmyadmin
You'll have to answer 2 questions during the installation process:
- Web server to reconfigure automatically: none (because only apache2 and lighttpd are available as options)
- Configure database for phpmyadmin with dbconfig-common? No
PhpMyAdmin files are located in /usr/share/phpmyadmin/
The ISPConfig apps vhost on port 8081 for nginx comes with a phpMyAdmin configuration, so you can use http://server1.example.com:8081/phpmyadmin or http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin.
For more info regarding nginx configuration for PhpMyAdmin see point 12.2 of this page in the perfect server guide.
Mailman
ISPConfig (3.0.4+) allows to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:
> apt-get install mailman
Select at least one language, say OK when it says the site list is missing.
If you need a different set of languages at a later time, just run dpkg-reconfigure mailman.
> newlist mailman
- Enter the email of the person running the list: admin email address, e.g. listadmin@example.com
- Initial mailman password: admin password for the mailman list
> nano /etc/aliases ADD: ## mailman mailing list mailman: "|/var/lib/mailman/mail/mailman post mailman" mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman" mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman" mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman" mailman-join: "|/var/lib/mailman/mail/mailman join mailman" mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman" mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman" mailman-request: "|/var/lib/mailman/mail/mailman request mailman" mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman" > newaliases
Restart Postfix, then start the Mailman daemon:
> service postfix restart > service mailman start
For more info regarding nginx configuration for mailman see point 13 of this page in the perfect server guide.
PureFTPd And Quota
> apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit /etc/default/pure-ftpd-common to make sure that the start mode is set to standalone and set VIRTUALCHROOT=true
> nano /etc/default/pure-ftpd-common ... STANDALONE_OR_INETD=standalone ... VIRTUALCHROOT=true ...