Differences

This shows you the differences between two versions of the page.

--- vms:webdev:ispconfig [2014/06/06 11:03]
admin [Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap]
+++ vms:webdev:ispconfig [2014/06/06 17:44] (current)
admin [Install ISPConfig 3]
@@ Line 87: / Line 87: @@
   * Repeat password for the MySQL "root" user: yourrootsqlpassword
-=== Postfix ===
+==== Postfix ====
+----
 Next open the TLS/SSL and submission ports in Postfix:
 <code>
@@ Line 117: / Line 118: @@
 </code>
-=== MySQL ===
+==== MySQL ====
+----
 MySQL should listen on all interfaces, not just localhost, therefore we edit **/etc/mysql/my.cnf** and comment out the line bind-address = 127.0.0.1, then restart the service:
 <code>
@@ Line 147: / Line 149: @@
 ----
-==== Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap ====
+===== Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap =====
 ----
-=== nginx ===
+==== nginx ====
+----
 <code>
 > apt-get install nginx
@@ Line 156: / Line 159: @@
 </code>
-=== php-fpm ===
+==== php-fpm ====
+----
 <code>
 > apt-get install php5-fpm
 </code>
-=== php complementary packages ===
+==== php complementary packages ====
+----
 <code>
 > apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached
 </code>
-=== php.ini ===
+==== php.ini ====
+----
 <code>
 > nano /etc/php5/fpm/php.ini
@@ Line 181: / Line 187: @@
 Available timezones can be found in the **/usr/share/zoneinfo** directories and its subdirectories.
-=== fcgiwrap ===
+==== fcgiwrap ====
+----
 To get CGI support in nginx, we install Fcgiwrap.
@@ Line 188: / Line 195: @@
 </code>
-=== Multiple php versions ===
+==== Multiple php versions ====
+----
 In case you'd like to be able to selct various php version for each site, read [[http://www.howtoforge.com/how-to-use-multiple-php-versions-php-fpm-and-fastcgi-with-ispconfig-3-debian-wheezy|How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (Debian Wheezy)]]
 ----
-==== Services ====
+===== Services =====
 ----
-===  phpMyAdmin ===
+====  phpMyAdmin ====
+----
 <code>
 > apt-get install phpmyadmin
@@ Line 209: / Line 218: @@
 The ISPConfig apps vhost on port 8081 for nginx comes with a phpMyAdmin configuration, so you can use http://server1.example.com:8081/phpmyadmin or http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin.
-For more info regarding nginx configuration regarding PhpMyAdmin see point 12.2 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]].
+For more info regarding nginx configuration for PhpMyAdmin see point 12.2 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]].
+==== Mailman ====
+----
+ISPConfig (3.0.4+) allows to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:
+<code>
+> apt-get install mailman
+</code>
+Select at least one language, say OK when it says the site list is missing.\\
+If you need a different set of languages at a later time, just run dpkg-reconfigure mailman.
+<code>
+> newlist mailman
+</code>
+  * Enter the email of the person running the list: admin email address, e.g. listadmin@example.com
+  * Initial mailman password: admin password for the mailman list
+<code>
+> nano /etc/aliases
+ADD:
+## mailman mailing list
+mailman:              "|/var/lib/mailman/mail/mailman post mailman"
+mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
+mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
+mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
+mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
+mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
+mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
+mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
+mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
+mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"
+> newaliases
+</code>
+Restart Postfix, then start the Mailman daemon:
+<code>
+> service postfix restart
+> service mailman start
+</code>
+For more info regarding nginx configuration for mailman see point 13 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]].
+==== PureFTPd And Quota ====
+----
+<code>
+> apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
+</code>
+Edit **/etc/default/pure-ftpd-common** to make sure that the start mode is set to standalone and set VIRTUALCHROOT=true
+<code>
+> nano /etc/default/pure-ftpd-common
+...
+STANDALONE_OR_INETD=standalone
+...
+VIRTUALCHROOT=true
+...
+</code>
+To allow FTP and TLS sessions:
+<code>
+> echo 1 > /etc/pure-ftpd/conf/TLS
+</code>
+In order to use TLS, we must create an SSL certificate. Lets create it in **/etc/ssl/private/**, creating the directory first:
+<code>
+> mkdir -p /etc/ssl/private/
+</code>
+Then, we generate the SSL certificate as follows:
+<code>
+> openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
+</code>
+Fill all requested information...
+Change the permissions of the SSL certificate, and restart PureFTPd:
+<code>
+> chmod 600 /etc/ssl/private/pure-ftpd.pem
+> service pure-ftpd-mysql restart
+</code>
+Edit **/etc/fstab**, adding ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /:
+<code>
+> nano /etc/fstab
+UUID=1d269e64-420e-47e1-84fc-c8f0b14c1345 /               ext4    errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0       1
+</code>
+To enable quota, run these commands:
+<code>
+> mount -o remount /
+> quotacheck -avugm
+> quotaon -avug
+</code>
+==== BIND DNS Server ====
+----
+<code>
+> apt-get install bind9 dnsutils
+</code>
+==== Vlogger, Webalizer, And AWstats ====
+----
+<code>
+> apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
+> nano /etc/cron.d/awstats
+# Comment out everything in that file !
+</code>
+==== Jailkit ====
+----
+Jailkit is needed only if you want to chroot SSH users. It must be installed before ISPConfig - it cannot be installed afterwards!
+<code>
+> apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold
+> cd /tmp
+> wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
+> tar xvfz jailkit-2.15.tar.gz
+> cd jailkit-2.15
+> ./debian/rules binary
+> cd ..
+> dpkg -i jailkit_2.15-1_*.deb
+> rm -rf jailkit-2.15*
+</code>
+==== fail2ban ====
+----
+<code>
+> apt-get install fail2ban
+</code>
+To have fail2ban monitor PureFTPd and Dovecot, create (or edit) the file **/etc/fail2ban/jail.local**:
+<code>
+> nano /etc/fail2ban/jail.local
+[pureftpd]
+enabled  = true
+port     = ftp
+filter   = pureftpd
+logpath  = /var/log/syslog
+maxretry = 3
+[dovecot-pop3imap]
+enabled = true
+filter = dovecot-pop3imap
+action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
+logpath = /var/log/mail.log
+maxretry = 5
+[sasl]
+enabled  = true
+port     = smtp
+filter   = sasl
+logpath  = /var/log/mail.log
+maxretry = 3
+</code>
+Create two more files:
+<code>
+> nano /etc/fail2ban/filter.d/pureftpd.conf
+[Definition]
+failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
+ignoreregex =
+> nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf
+[Definition]
+failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
+ignoreregex =
+</code>
+Finally, restart fail2ban:
+<code>
+> /etc/init.d/fail2ban restart
+</code>
+==== SquirrelMail ====
+----
+This has not been done here, for reference, see [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p5|this page of The Perfect Server - Debian Wheezy site]]...
+----
+===== Install ISPConfig 3 =====
+----
+Although Apache should not be present in this configuration, make sure it's not running in case it was installed without you knowing about it, then remove its startup link:
+<code>
+> service apache2 stop
+> update-rc.d -f apache2 remove
+</code>
+Make sure nginx is running:
+<code>
+> service nginx restart
+</code>
+=== Install ISPConfig 3 from the latest released version ===
+<code>
+> cd /tmp
+> wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
+> tar xfz ISPConfig-3-stable.tar.gz
+> cd ispconfig3_install/install/
+</code>
+We need php5-cli to be able to execute php from the command line, then launch the ISPConfig install script:
+<code>
+> apt-get install php5-cli
+> php -q install.php
+</code>
+Follow the instructions and... You'll soon have access to the ISPConfig interface.
+----
+===== Create an xva Appliance =====
+----
+You might want to save the ISPConfig configured VM for later use, refer to [[http://wiki.strategicz.com/vhyper/doku.php?id=hypervisor:basestack:domu#create_template_and_appliance|this explanation]] to see how to do this.