Tuesday, June 4, 2013

ISPConfig Installation on linux

ISPConfig is an open source hosting control panel for Linux based servers and is licensed under BSD. ISPConfig allows administrators to manage websites, e-mail addresses and DNS records through a web-based interface. It also holds other login levels like reseller, client and emailuser.

With ISPConfig we can manage single/multiple servers from one controlpanel. Handle web, mail, dns, clustering, virtualisation management with openvz, website statistics etc.

Here I will explain how to install ISPConfig on a fresh ubuntu based linux system.

First we need to install the openssh server,For that issue the below command,
apt-get install openssh-server

Configure an ip and a hostname for your server and edit /etc/hosts, in my case

192.168.1.100 station1.tech.com

Now,
vim /etc/hostname
station1.tech.com

/etc/init.d/hostname restart

For ISPConfig to install correctly, remove the symlink /bin/sh which point to /bin/dash.
For that
dpkg-reconfigure dash
Install dash as /bin/sh?    <- No



Now I would recommend you to stop apparmor as it makes problem for ISPConfig installation.
/etc/init.d/apparmor stop
update-rc.d -f apparmor remove

Install Postfix and Courier , These are the mail transfer agents (MTA) that we are using in ISPConfig.
          Saslauthd (sasl authentication server)
         MySQL
          rkhunter (Rootkit Hunter)
          binutils (binary tools)
 
For this issue the below command,
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils maildrop


answer as follows,
Create directories for web-based administration? <- No
General type of mail configuration: <- Internet Site
System mail name: <- station1.tech.com
SSL certificate required <- Ok

Allow mysql to listen on all interfaces, for that edit /etc/mysql/my.cnf and comment out <bind-address>. Now restart mysql

Delete the imap and pop3 ssl certificates and re-create with correct hostname.

rm /etc/courier/imapd.pem /etc/courier/pop3d.pem

Edit /etc/courier/imapd.cnf and /etc/courier/pop3d.cnf and change,

CN=station1.tech.com

Now create the certificates,
mkimapdcert
mkpop3dcert

Now restart imap-ssl and pop3-ssl
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

Install Amavisd-new (content checker for viruses and Spams)
          SpamAssassin (Open-Source Spam Filter)
         ClamAV (open source antivirus for detecting Trojans, viruses, malware and other malicious threats)
 
    For this issue the below command,
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl


Install Apache2 (WebServer)
          PHP5 (For php support)
         phpMyAdmin (For administration of MySQL over the Web)
          FCGI ( For Fastcgi support)
         suExec (For running cgi/ssi programs with a different userid apart from the original userid of webserver user)
         Pear ( Framework for reusable PHP components)
         mcrypt ( php extension that supports block algorithms)

For this issue the below command,
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby

answer as follows,
Web server to reconfigure automatically: <- apache2
Configure database for phpmyadmin with dbconfig-common? <- No

Now enable the Apache modules,
a2enmod suexec rewrite ssl actions dav_fs dav auth_digest

/etc/init.d/apache2 restart

Install PureFTPd And Quota by issuing the following command,

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool


Now change /etc/default/pure-ftpd-common
STANDALONE_OR_INETD=standalone
VIRTUALCHROOT=true

Now restart, /etc/init.d/pure-ftpd-mysql restart

vim /etc/fstab and edit <option> as usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the partition with the mount point /
example:-

UUID=***  /   ext4   errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0  0  1

To enable quota, issue these commands..

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

Install Bind (DNS Server)      
          Vlogger (flexible log rotation and usage tracking in perl)
          Webalizer (web server log file analysis tool)
         AWstats (free powerful tool that generates advanced web, streaming, ftp or mail server statistics, graphically)

For this issue the below command,
apt-get install vlogger webalizer awstats geoip-database


cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl

Our next step is to install Jailkit, It is a set of utilities to limit user accounts to specific files using chroot() or specific commands.
First installl the dependencies,
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper


then download the latest jailkit from the link below,
http://olivier.sessink.nl/jailkit/jailkit-2.16.tar.gz
tar -zxvf jailkit-2.16.tar.gz
cd jailkit-2.1
./debian/rules binary
cd ../
dpkg -i jailkit_2.16*.deb


Install fail2ban (scans log files and bans IPs that show the malicious signs -- too many password failures)
apt-get install fail2ban


Now install squirrelmail for webmail clinet interface
apt-get install squirrelmail

ln -s /usr/share/squirrelmail/ /var/www/webmail   ( created a symlink )

Configure squirrel-mail,
squirrelmail-configure

For pre-defined settings for specific IMAP servers -- press D
then type -- courier ,,  then save it and quit.

Now install the latest ISPConfig 3.0.5

Download from the below link,
http://jaist.dl.sourceforge.net/project/ispconfig/ISPConfig%203/ISPConfig-3.0.5.2/ISPConfig-3.0.5.2.tar.gz

tar -zxvf ISPConfig-3.0.5.2.tar.gz
cd ispconfig3_install/install/
php -q install.php
press ENTER for all.


This installs ISPConfig on your system. If you were given https support then the url is https://station1.tech.com:8080 otherwise http://station1.tech.com:8080
Login as admin with password admin.

Cluster setup procedures..

For a clustered ISPConfig environment with dedicated DNS, Mail and WebServers we need to install a master ISPConfig controlpanel server which also holds the webserver and two or three independent servers on which install only the necessary services after referring the above steps.
Then We need to install the ISPConfig on all dedicated additional servers in expert mode and after installing it we have to remove the ispconfig interface link in the /var/www/ directory.

Edit the hosts files of each server appropriately.

Example for adding dedicated name server - ns1.tech.com (192.168.1.105),

Before that we have to grant root access privilege to mysql server of the master server from all the additional servers, ie

station1.tech.com

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.105' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'ns1.tech.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

And now from ns1.tech.com

php -q install.php

Installation mode <- expert
MySQL master server hostname <- station1.tech.com
MySQL master server root username [root]: <- root
MySQL master server root password []: <- Enter the root password of the master server here
MySQL master server database name [dbispconfig]: <- dbispconfig
Configure DNS Server (y,n) [y]: <-- y
Configure Firewall Server (y,n) [y]: <-y

rm -f /var/www/ispconfig ( Removing Interface )


Now at master ISPConfig controlpanel server,

The servers will be seen at master after each expert installation of clients.

Click on System > Server services > station1.tech.com -- enable Webserver/Fileserver
                                                     > mail.tech.com -- enable Mailserver
                                                > db.tech.com -- enable DB-Server
                                               > ns1.tech.com -- enable DNS-Server   <-- our example show this    
                                               > ns2.tech.com -- enable DNS-Server also Is mirror of ns1


This way we can add all the dedicated servers to the cluster with a central controlpanel interface.

Thank for reading..

Cheers /-

No comments:

Post a Comment