This is an old revision of the document!

ISPConfig 3 (nginx)

This section will drive you through the setup of a working ISPConfig 3 (nginx) VM, it's based on the The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3) tutorial.

We assume that, prior to starting this section, you already have a Debian-Wheezy XVA template available, please refer to this wiki article in case you do not have it yet…

Import and Configure Base VM System

> xe vm-import filename=/root/XVAs/DebianWheezy-7.5.xva

VM renaming and resource allocation

Once imported, we rename the VM and change it's memory allocation

From XOA interface:

  • Rename VM: ISPConfig-3-nginx
  • Allocate 4GB RAM

Virtual network interface (vif) association

From Dom0 CLI:
Then we re-allocate the vif (virtual network interface) and link it to a specified MAC address given by the provider for the targeted FO IP (mac=02:00:00:84:fb:29). 

> xe vm-list
> xe network-list
> xe vif-list vm-name-label=ISPConfig-3-nginx --minimal
<vif-uuid>
> xe vif-destroy uuid=<vif-uuid>
> xe vif-create vm-uuid=<ispaconfig-vm-uuid> network-uuid=<ntwrk-uuid> device=0 mac="02:00:00:84:fb:29"

Change the host name

> nano /etc/hostname
> nano /etc/hosts

ISPConfig Required Packages Installation & Config

Update sources

Make sure that your sources list contains the wheezy-updates repository (this makes sure you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and sometimes old versions stop working).

To keep things clean, we'll add a file in the /etc/apt/sources.list.d directory containing our additional sources references: 

> mkdir -p /etc/apt/sources.list.d
> nano /etc/apt/sources.list.d/wheezy-updates.list

Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash (if you don't do this the ISPConfig installation will fail). Therefore we do this: 

> dpkg-reconfigure dash

SELECT: NO

Synchronize the System Clock

> apt-get install ntp ntpdate

Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils

This is achieved in a single command: 

> apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

You'll have to answer a few questions during installatio:

  • General type of mail configuration: Internet Site
  • System mail name: server1.example.com
  • New password for the MySQL “root” user: yourrootsqlpassword
  • Repeat password for the MySQL “root” user: yourrootsqlpassword

Postfix

Next open the TLS/SSL and submission ports in Postfix: 

> nano /etc/postfix/master.cf

Uncomment the submission and smtps sections as follows (leave -o milter_macro_daemon_name=ORIGINATING as we don't need it) 

...
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
...

Restart Postfix: 

> service postfix restart

MySQL

MySQL should listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1, then restart the service: 

> nano /etc/mysql/my.cnf

LINE 47: #bind-address           = 127.0.0.1

> service mysql restart

Check networking is enabled: 

> netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      27358/mysqld

Install Amavisd-new, SpamAssassin, And Clamav

> apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM: 

> service spamassassin stop
> update-rc.d -f spamassassin remove

Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap

nginx

> apt-get install nginx
> service nginx start

php-fpm

> apt-get install php5-fpm

php complementary packages

> apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached

php.ini

> nano /etc/php5/fpm/php.ini

...
cgi.fix_pathinfo=0
...
date.timezone="Europe/Brussels"
...

> service php-fpm reload

Available timezones can be found in the /usr/share/zoneinfo directories and its subdirectories.

fcgiwrap

To get CGI support in nginx, we install Fcgiwrap. 

> apt-get install fcgiwrap

Multiple php versions

In case you'd like to be able to selct various php version for each site, read How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (Debian Wheezy)