Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
vms:webdev:ispconfig [2014/06/06 12:26] admin [Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap] |
vms:webdev:ispconfig [2014/06/06 16:23] admin [Install ISPConfig 3] |
||
|---|---|---|---|
| Line 87: | Line 87: | ||
| * Repeat password for the MySQL "root" user: yourrootsqlpassword | * Repeat password for the MySQL "root" user: yourrootsqlpassword | ||
| - | === Postfix === | + | ==== Postfix ==== |
| + | ---- | ||
| Next open the TLS/SSL and submission ports in Postfix: | Next open the TLS/SSL and submission ports in Postfix: | ||
| <code> | <code> | ||
| Line 117: | Line 118: | ||
| </code> | </code> | ||
| - | === MySQL === | + | ==== MySQL ==== |
| + | ---- | ||
| MySQL should listen on all interfaces, not just localhost, therefore we edit **/etc/mysql/my.cnf** and comment out the line bind-address = 127.0.0.1, then restart the service: | MySQL should listen on all interfaces, not just localhost, therefore we edit **/etc/mysql/my.cnf** and comment out the line bind-address = 127.0.0.1, then restart the service: | ||
| <code> | <code> | ||
| Line 150: | Line 152: | ||
| ---- | ---- | ||
| - | === nginx === | + | ==== nginx ==== |
| + | ---- | ||
| <code> | <code> | ||
| > apt-get install nginx | > apt-get install nginx | ||
| Line 156: | Line 159: | ||
| </code> | </code> | ||
| - | === php-fpm === | + | ==== php-fpm ==== |
| + | ---- | ||
| <code> | <code> | ||
| > apt-get install php5-fpm | > apt-get install php5-fpm | ||
| </code> | </code> | ||
| - | === php complementary packages === | + | ==== php complementary packages ==== |
| + | ---- | ||
| <code> | <code> | ||
| > apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached | > apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached | ||
| </code> | </code> | ||
| - | === php.ini === | + | ==== php.ini ==== |
| + | ---- | ||
| <code> | <code> | ||
| > nano /etc/php5/fpm/php.ini | > nano /etc/php5/fpm/php.ini | ||
| Line 181: | Line 187: | ||
| Available timezones can be found in the **/usr/share/zoneinfo** directories and its subdirectories. | Available timezones can be found in the **/usr/share/zoneinfo** directories and its subdirectories. | ||
| - | === fcgiwrap === | + | ==== fcgiwrap ==== |
| + | ---- | ||
| To get CGI support in nginx, we install Fcgiwrap. | To get CGI support in nginx, we install Fcgiwrap. | ||
| Line 188: | Line 195: | ||
| </code> | </code> | ||
| - | === Multiple php versions === | + | ==== Multiple php versions ==== |
| + | ---- | ||
| In case you'd like to be able to selct various php version for each site, read [[http://www.howtoforge.com/how-to-use-multiple-php-versions-php-fpm-and-fastcgi-with-ispconfig-3-debian-wheezy|How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (Debian Wheezy)]] | In case you'd like to be able to selct various php version for each site, read [[http://www.howtoforge.com/how-to-use-multiple-php-versions-php-fpm-and-fastcgi-with-ispconfig-3-debian-wheezy|How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (Debian Wheezy)]] | ||
| ---- | ---- | ||
| - | ==== Services ==== | + | ===== Services ===== |
| ---- | ---- | ||
| - | === phpMyAdmin === | + | ==== phpMyAdmin ==== |
| + | ---- | ||
| <code> | <code> | ||
| > apt-get install phpmyadmin | > apt-get install phpmyadmin | ||
| Line 211: | Line 220: | ||
| For more info regarding nginx configuration for PhpMyAdmin see point 12.2 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | For more info regarding nginx configuration for PhpMyAdmin see point 12.2 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | ||
| - | === Mailman === | + | ==== Mailman ==== |
| + | ---- | ||
| ISPConfig (3.0.4+) allows to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows: | ISPConfig (3.0.4+) allows to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows: | ||
| <code> | <code> | ||
| Line 253: | Line 263: | ||
| For more info regarding nginx configuration for mailman see point 13 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | For more info regarding nginx configuration for mailman see point 13 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | ||
| + | |||
| + | ==== PureFTPd And Quota ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool | ||
| + | </code> | ||
| + | |||
| + | Edit **/etc/default/pure-ftpd-common** to make sure that the start mode is set to standalone and set VIRTUALCHROOT=true | ||
| + | |||
| + | <code> | ||
| + | > nano /etc/default/pure-ftpd-common | ||
| + | |||
| + | ... | ||
| + | STANDALONE_OR_INETD=standalone | ||
| + | ... | ||
| + | VIRTUALCHROOT=true | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | To allow FTP and TLS sessions: | ||
| + | <code> | ||
| + | > echo 1 > /etc/pure-ftpd/conf/TLS | ||
| + | </code> | ||
| + | |||
| + | In order to use TLS, we must create an SSL certificate. Lets create it in **/etc/ssl/private/**, creating the directory first: | ||
| + | <code> | ||
| + | > mkdir -p /etc/ssl/private/ | ||
| + | </code> | ||
| + | |||
| + | Then, we generate the SSL certificate as follows: | ||
| + | <code> | ||
| + | > openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | ||
| + | </code> | ||
| + | |||
| + | Fill all requested information... | ||
| + | |||
| + | Change the permissions of the SSL certificate, and restart PureFTPd: | ||
| + | <code> | ||
| + | > chmod 600 /etc/ssl/private/pure-ftpd.pem | ||
| + | > service pure-ftpd-mysql restart | ||
| + | </code> | ||
| + | |||
| + | Edit **/etc/fstab**, adding ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /: | ||
| + | <code> | ||
| + | > nano /etc/fstab | ||
| + | |||
| + | UUID=1d269e64-420e-47e1-84fc-c8f0b14c1345 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1 | ||
| + | </code> | ||
| + | |||
| + | To enable quota, run these commands: | ||
| + | <code> | ||
| + | > mount -o remount / | ||
| + | > quotacheck -avugm | ||
| + | > quotaon -avug | ||
| + | </code> | ||
| + | |||
| + | ==== BIND DNS Server ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install bind9 dnsutils | ||
| + | </code> | ||
| + | |||
| + | ==== Vlogger, Webalizer, And AWstats ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl | ||
| + | > nano /etc/cron.d/awstats | ||
| + | |||
| + | # Comment out everything in that file ! | ||
| + | </code> | ||
| + | |||
| + | ==== Jailkit ==== | ||
| + | ---- | ||
| + | Jailkit is needed only if you want to chroot SSH users. It must be installed before ISPConfig - it cannot be installed afterwards! | ||
| + | |||
| + | <code> | ||
| + | > apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold | ||
| + | > cd /tmp | ||
| + | > wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz | ||
| + | > tar xvfz jailkit-2.15.tar.gz | ||
| + | > cd jailkit-2.15 | ||
| + | > ./debian/rules binary | ||
| + | > cd .. | ||
| + | > dpkg -i jailkit_2.15-1_*.deb | ||
| + | > rm -rf jailkit-2.15* | ||
| + | </code> | ||
| + | |||
| + | ==== fail2ban ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install fail2ban | ||
| + | </code> | ||
| + | |||
| + | To have fail2ban monitor PureFTPd and Dovecot, create (or edit) the file **/etc/fail2ban/jail.local**: | ||
| + | <code> | ||
| + | > nano /etc/fail2ban/jail.local | ||
| + | |||
| + | [pureftpd] | ||
| + | enabled = true | ||
| + | port = ftp | ||
| + | filter = pureftpd | ||
| + | logpath = /var/log/syslog | ||
| + | maxretry = 3 | ||
| + | |||
| + | [dovecot-pop3imap] | ||
| + | enabled = true | ||
| + | filter = dovecot-pop3imap | ||
| + | action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | ||
| + | logpath = /var/log/mail.log | ||
| + | maxretry = 5 | ||
| + | |||
| + | [sasl] | ||
| + | enabled = true | ||
| + | port = smtp | ||
| + | filter = sasl | ||
| + | logpath = /var/log/mail.log | ||
| + | maxretry = 3 | ||
| + | </code> | ||
| + | |||
| + | Create two more files: | ||
| + | <code> | ||
| + | > nano /etc/fail2ban/filter.d/pureftpd.conf | ||
| + | |||
| + | [Definition] | ||
| + | failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | ||
| + | ignoreregex = | ||
| + | |||
| + | > nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf | ||
| + | |||
| + | [Definition] | ||
| + | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | ||
| + | ignoreregex = | ||
| + | </code> | ||
| + | |||
| + | Finally, restart fail2ban: | ||
| + | <code> | ||
| + | > /etc/init.d/fail2ban restart | ||
| + | </code> | ||
| + | |||
| + | ==== SquirrelMail ==== | ||
| + | ---- | ||
| + | This has not been done here, for reference, see [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p5|this page of The Perfect Server - Debian Wheezy site]]... | ||
| + | |||
| + | ---- | ||
| + | ===== Install ISPConfig 3 ===== | ||
| + | ---- | ||
| + | Although Apache should not be present in this configuration, make sure it's not running in case it was installed without you knowing about it, then remove its startup link: | ||
| + | <code> | ||
| + | > service apache2 stop | ||
| + | > update-rc.d -f apache2 remove | ||
| + | </code> | ||
| + | |||
| + | Make sure nginx is running: | ||
| + | <code> | ||
| + | > service nginx restart | ||
| + | </code> | ||
| + | |||
| + | === Install ISPConfig 3 from the latest released version === | ||
| + | |||
| + | <code> | ||
| + | > cd /tmp | ||
| + | > wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz | ||
| + | > tar xfz ISPConfig-3-stable.tar.gz | ||
| + | > cd ispconfig3_install/install/ | ||
| + | </code> | ||
| + | |||
| + | We need php5-cli to be able to execute php from the command line, then launch the ISPConfig install script: | ||
| + | <code> | ||
| + | > apt-get install php5-cli | ||
| + | > php -q install.php | ||
| + | </code> | ||
| + | |||
| + | Follow the instructions and... You'll soon have access to the ISPConfig interface. | ||
