Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
vms:webdev:ispconfig [2014/06/06 12:39] admin [Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils] |
vms:webdev:ispconfig [2014/06/06 17:44] (current) admin [Install ISPConfig 3] |
||
|---|---|---|---|
| Line 263: | Line 263: | ||
| For more info regarding nginx configuration for mailman see point 13 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | For more info regarding nginx configuration for mailman see point 13 of [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p4|this page in the perfect server guide]]. | ||
| + | |||
| + | ==== PureFTPd And Quota ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool | ||
| + | </code> | ||
| + | |||
| + | Edit **/etc/default/pure-ftpd-common** to make sure that the start mode is set to standalone and set VIRTUALCHROOT=true | ||
| + | |||
| + | <code> | ||
| + | > nano /etc/default/pure-ftpd-common | ||
| + | |||
| + | ... | ||
| + | STANDALONE_OR_INETD=standalone | ||
| + | ... | ||
| + | VIRTUALCHROOT=true | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | To allow FTP and TLS sessions: | ||
| + | <code> | ||
| + | > echo 1 > /etc/pure-ftpd/conf/TLS | ||
| + | </code> | ||
| + | |||
| + | In order to use TLS, we must create an SSL certificate. Lets create it in **/etc/ssl/private/**, creating the directory first: | ||
| + | <code> | ||
| + | > mkdir -p /etc/ssl/private/ | ||
| + | </code> | ||
| + | |||
| + | Then, we generate the SSL certificate as follows: | ||
| + | <code> | ||
| + | > openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | ||
| + | </code> | ||
| + | |||
| + | Fill all requested information... | ||
| + | |||
| + | Change the permissions of the SSL certificate, and restart PureFTPd: | ||
| + | <code> | ||
| + | > chmod 600 /etc/ssl/private/pure-ftpd.pem | ||
| + | > service pure-ftpd-mysql restart | ||
| + | </code> | ||
| + | |||
| + | Edit **/etc/fstab**, adding ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /: | ||
| + | <code> | ||
| + | > nano /etc/fstab | ||
| + | |||
| + | UUID=1d269e64-420e-47e1-84fc-c8f0b14c1345 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1 | ||
| + | </code> | ||
| + | |||
| + | To enable quota, run these commands: | ||
| + | <code> | ||
| + | > mount -o remount / | ||
| + | > quotacheck -avugm | ||
| + | > quotaon -avug | ||
| + | </code> | ||
| + | |||
| + | ==== BIND DNS Server ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install bind9 dnsutils | ||
| + | </code> | ||
| + | |||
| + | ==== Vlogger, Webalizer, And AWstats ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl | ||
| + | > nano /etc/cron.d/awstats | ||
| + | |||
| + | # Comment out everything in that file ! | ||
| + | </code> | ||
| + | |||
| + | ==== Jailkit ==== | ||
| + | ---- | ||
| + | Jailkit is needed only if you want to chroot SSH users. It must be installed before ISPConfig - it cannot be installed afterwards! | ||
| + | |||
| + | <code> | ||
| + | > apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold | ||
| + | > cd /tmp | ||
| + | > wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz | ||
| + | > tar xvfz jailkit-2.15.tar.gz | ||
| + | > cd jailkit-2.15 | ||
| + | > ./debian/rules binary | ||
| + | > cd .. | ||
| + | > dpkg -i jailkit_2.15-1_*.deb | ||
| + | > rm -rf jailkit-2.15* | ||
| + | </code> | ||
| + | |||
| + | ==== fail2ban ==== | ||
| + | ---- | ||
| + | <code> | ||
| + | > apt-get install fail2ban | ||
| + | </code> | ||
| + | |||
| + | To have fail2ban monitor PureFTPd and Dovecot, create (or edit) the file **/etc/fail2ban/jail.local**: | ||
| + | <code> | ||
| + | > nano /etc/fail2ban/jail.local | ||
| + | |||
| + | [pureftpd] | ||
| + | enabled = true | ||
| + | port = ftp | ||
| + | filter = pureftpd | ||
| + | logpath = /var/log/syslog | ||
| + | maxretry = 3 | ||
| + | |||
| + | [dovecot-pop3imap] | ||
| + | enabled = true | ||
| + | filter = dovecot-pop3imap | ||
| + | action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | ||
| + | logpath = /var/log/mail.log | ||
| + | maxretry = 5 | ||
| + | |||
| + | [sasl] | ||
| + | enabled = true | ||
| + | port = smtp | ||
| + | filter = sasl | ||
| + | logpath = /var/log/mail.log | ||
| + | maxretry = 3 | ||
| + | </code> | ||
| + | |||
| + | Create two more files: | ||
| + | <code> | ||
| + | > nano /etc/fail2ban/filter.d/pureftpd.conf | ||
| + | |||
| + | [Definition] | ||
| + | failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | ||
| + | ignoreregex = | ||
| + | |||
| + | > nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf | ||
| + | |||
| + | [Definition] | ||
| + | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | ||
| + | ignoreregex = | ||
| + | </code> | ||
| + | |||
| + | Finally, restart fail2ban: | ||
| + | <code> | ||
| + | > /etc/init.d/fail2ban restart | ||
| + | </code> | ||
| + | |||
| + | ==== SquirrelMail ==== | ||
| + | ---- | ||
| + | This has not been done here, for reference, see [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p5|this page of The Perfect Server - Debian Wheezy site]]... | ||
| + | |||
| + | ---- | ||
| + | ===== Install ISPConfig 3 ===== | ||
| + | ---- | ||
| + | Although Apache should not be present in this configuration, make sure it's not running in case it was installed without you knowing about it, then remove its startup link: | ||
| + | <code> | ||
| + | > service apache2 stop | ||
| + | > update-rc.d -f apache2 remove | ||
| + | </code> | ||
| + | |||
| + | Make sure nginx is running: | ||
| + | <code> | ||
| + | > service nginx restart | ||
| + | </code> | ||
| + | |||
| + | === Install ISPConfig 3 from the latest released version === | ||
| + | |||
| + | <code> | ||
| + | > cd /tmp | ||
| + | > wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz | ||
| + | > tar xfz ISPConfig-3-stable.tar.gz | ||
| + | > cd ispconfig3_install/install/ | ||
| + | </code> | ||
| + | |||
| + | We need php5-cli to be able to execute php from the command line, then launch the ISPConfig install script: | ||
| + | <code> | ||
| + | > apt-get install php5-cli | ||
| + | > php -q install.php | ||
| + | </code> | ||
| + | |||
| + | Follow the instructions and... You'll soon have access to the ISPConfig interface. | ||
| + | |||
| + | ---- | ||
| + | ===== Create an xva Appliance ===== | ||
| + | ---- | ||
| + | |||
| + | You might want to save the ISPConfig configured VM for later use, refer to [[http://wiki.strategicz.com/vhyper/doku.php?id=hypervisor:basestack:domu#create_template_and_appliance|this explanation]] to see how to do this. | ||
