Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
vms:webdev:ispconfig [2014/06/06 15:14] admin [PureFTPd And Quota] |
vms:webdev:ispconfig [2014/06/06 17:44] (current) admin [Install ISPConfig 3] |
||
---|---|---|---|
Line 331: | Line 331: | ||
> nano /etc/cron.d/awstats | > nano /etc/cron.d/awstats | ||
- | comment out everything in that file ! | + | # Comment out everything in that file ! |
</code> | </code> | ||
+ | |||
+ | ==== Jailkit ==== | ||
+ | ---- | ||
+ | Jailkit is needed only if you want to chroot SSH users. It must be installed before ISPConfig - it cannot be installed afterwards! | ||
+ | |||
+ | <code> | ||
+ | > apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold | ||
+ | > cd /tmp | ||
+ | > wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz | ||
+ | > tar xvfz jailkit-2.15.tar.gz | ||
+ | > cd jailkit-2.15 | ||
+ | > ./debian/rules binary | ||
+ | > cd .. | ||
+ | > dpkg -i jailkit_2.15-1_*.deb | ||
+ | > rm -rf jailkit-2.15* | ||
+ | </code> | ||
+ | |||
+ | ==== fail2ban ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install fail2ban | ||
+ | </code> | ||
+ | |||
+ | To have fail2ban monitor PureFTPd and Dovecot, create (or edit) the file **/etc/fail2ban/jail.local**: | ||
+ | <code> | ||
+ | > nano /etc/fail2ban/jail.local | ||
+ | |||
+ | [pureftpd] | ||
+ | enabled = true | ||
+ | port = ftp | ||
+ | filter = pureftpd | ||
+ | logpath = /var/log/syslog | ||
+ | maxretry = 3 | ||
+ | |||
+ | [dovecot-pop3imap] | ||
+ | enabled = true | ||
+ | filter = dovecot-pop3imap | ||
+ | action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 5 | ||
+ | |||
+ | [sasl] | ||
+ | enabled = true | ||
+ | port = smtp | ||
+ | filter = sasl | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 3 | ||
+ | </code> | ||
+ | |||
+ | Create two more files: | ||
+ | <code> | ||
+ | > nano /etc/fail2ban/filter.d/pureftpd.conf | ||
+ | |||
+ | [Definition] | ||
+ | failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | ||
+ | ignoreregex = | ||
+ | |||
+ | > nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf | ||
+ | |||
+ | [Definition] | ||
+ | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | ||
+ | ignoreregex = | ||
+ | </code> | ||
+ | |||
+ | Finally, restart fail2ban: | ||
+ | <code> | ||
+ | > /etc/init.d/fail2ban restart | ||
+ | </code> | ||
+ | |||
+ | ==== SquirrelMail ==== | ||
+ | ---- | ||
+ | This has not been done here, for reference, see [[http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p5|this page of The Perfect Server - Debian Wheezy site]]... | ||
+ | |||
+ | ---- | ||
+ | ===== Install ISPConfig 3 ===== | ||
+ | ---- | ||
+ | Although Apache should not be present in this configuration, make sure it's not running in case it was installed without you knowing about it, then remove its startup link: | ||
+ | <code> | ||
+ | > service apache2 stop | ||
+ | > update-rc.d -f apache2 remove | ||
+ | </code> | ||
+ | |||
+ | Make sure nginx is running: | ||
+ | <code> | ||
+ | > service nginx restart | ||
+ | </code> | ||
+ | |||
+ | === Install ISPConfig 3 from the latest released version === | ||
+ | |||
+ | <code> | ||
+ | > cd /tmp | ||
+ | > wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz | ||
+ | > tar xfz ISPConfig-3-stable.tar.gz | ||
+ | > cd ispconfig3_install/install/ | ||
+ | </code> | ||
+ | |||
+ | We need php5-cli to be able to execute php from the command line, then launch the ISPConfig install script: | ||
+ | <code> | ||
+ | > apt-get install php5-cli | ||
+ | > php -q install.php | ||
+ | </code> | ||
+ | |||
+ | Follow the instructions and... You'll soon have access to the ISPConfig interface. | ||
+ | |||
+ | ---- | ||
+ | ===== Create an xva Appliance ===== | ||
+ | ---- | ||
+ | |||
+ | You might want to save the ISPConfig configured VM for later use, refer to [[http://wiki.strategicz.com/vhyper/doku.php?id=hypervisor:basestack:domu#create_template_and_appliance|this explanation]] to see how to do this. |