General questions regarding ISPConfig setup

[FXT]

I am planning on setting up a server as securely as possible, given that I have to use Ubuntu 6.06 Server LTS and Joomla! on a site.

This server will be running in a VMWare virtual machine. It will later on be required to host more sites, mostly small experimental/static stuff for me and a close friend.

My plan is to use ISPConfig and create a reseller, who will have both me and my friend as clients.
If I understand correctly, the reseller will create the sites via the ISPConfig interface, and we as clients will then fill them with content via FTP. Easy administration, and no way to screw with the other sites that way. I have heard that this would be overkill, but i would like the expandability, and learning to do this is a good idea IMO.
Does this setup (reseller->clients) make sense?

Can this be done behind a router doing NAT, with only relevant ports being forwarded?
I have several *.dyndns.org domains pointing to my public IP, and would like them all hosted on this VM with its fixed local IP.
Is it possible to send mail from these domains, like user@asdf.dyndns.org?
Should I even bother with mail, given that this is a private connection?

I have been using the relevant "Perfect Setup" and it has been a great help combined with the info on these forums (thank you!).

One part I am not sure about in that Perfect Setup is the fact that normal FTP is used. I have enabled TLS for ProFTPd on one version of the server VM (approaching twelve different ones now!), and it works like a charm on the LAN. The NAT router is screwing things up, though, and I am not learned enough to find a way around that.Also I'm not willing to put the VM into this cheap router's DMZ.
Is there a way to do this, and more importantly, will it work with ISPConfig?
Is there a way of using SCP to work with ISPCOnfig?

I have been asking questions in another thread, which has made me reconsider some of my earlier plans, and hope that more than one thread is no problem.
I'm afraid it's many questions once again, I hope someone can answer them.

[xrat]

Hi FXT,
Sorry, I can't help much. But let me say that I think your setup is fine. It is overkill, yes, but if you want to be able to further expand your hostings it's a good idea to start small. And ISPconfig is just fine for small and big.
Be warned that many of your questions are not related to ISPconfig, though. You might get more replies in special forums for NAT, networking, or such.
This being said, I am no expert, but I guess that ISPconfig and your hosts should do fine behind a firewall with NAT. FTP, IIRC, needs special proxies/support on your firewall. Personally, I guess, if you want your clients to use FTP I would not have it firewalled. Tried often, and it was always a pain in the ass. Another option might be to disable FTP and go for SSH/SFTP which works just fine behind firewalls. And if you care for security, I'd definitely disable FTP anyway.
HTH, -- xrat

[falko]

Quote:

Originally Posted by FXT

My plan is to use ISPConfig and create a reseller, who will have both me and my friend as clients.
If I understand correctly, the reseller will create the sites via the ISPConfig interface, and we as clients will then fill them with content via FTP. Easy administration, and no way to screw with the other sites that way. I have heard that this would be overkill, but i would like the expandability, and learning to do this is a good idea IMO.
Does this setup (reseller->clients) make sense?

Yes.

Quote:

Originally Posted by FXT

Can this be done behind a router doing NAT, with only relevant ports being forwarded?

Yes. Make sure you use your local IP for the Apache vhosts, not your router's public one.

Quote:

Originally Posted by FXT

I have several *.dyndns.org domains pointing to my public IP, and would like them all hosted on this VM with its fixed local IP.
Is it possible to send mail from these domains, like user@asdf.dyndns.org?
Should I even bother with mail, given that this is a private connection?

Almost all dynamic IP addresses are blacklisted nowadays; if you still want to send email, you should relay them through another mailserver: http://www.howtoforge.com/postfix_re...her_mailserver

Quote:

Originally Posted by FXT

One part I am not sure about in that Perfect Setup is the fact that normal FTP is used. I have enabled TLS for ProFTPd on one version of the server VM (approaching twelve different ones now!), and it works like a charm on the LAN. The NAT router is screwing things up, though, and I am not learned enough to find a way around that.Also I'm not willing to put the VM into this cheap router's DMZ.
Is there a way to do this, and more importantly, will it work with ISPConfig?

Make sure that your router forwards the ports 20 and 21 to your ISPConfig box.

Quote:

Originally Posted by FXT

Is there a way of using SCP to work with ISPCOnfig?

Yes, but your users must then have Shell access which is a security risk.

[xrat]

Quote:

Originally Posted by falko

Yes, but your users must then have Shell access which is a security risk.

To clarify, I agree with Falko. It's just that I already seem to be working in too many environments where people need Shell access anyway. And then, of course, SSH is less of an evil than plain FTP.

Depending on how you define "Shell" access you might be happy with other solutions like Falko's Chrooted SSH Howto http://www.howtoforge.com/chrooted_ssh_howto_debian

HTH.

[FXT]

Falko, xrat, thank you for your answers, they have helped me make up my mind.
Now, I've run into the ClamAV compilation problem...

I tried to downgrade by running

Code:

apt-get install gcc-3.4

The ISPConfig ./setup still won't run through:

Code:

checking for ANSI C header files... (cached) yes
checking for a supported version of gcc... ok (4.0.3)
checking for gcc bug PR27603... ok, bug not present
checking for gcc bug PR28045... configure: error: your compiler has gcc PR28045 bug, use a different compiler, see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045
ERROR: Could not configure ClamAV
cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
mv: cannot stat `binaries/aps.tar.gz': No such file or directory
mv: cannot stat `binaries/spamassassin.tar.gz': No such file or directory
mv: cannot stat `binaries/uudeview.tar.gz': No such file or directory
mv: cannot stat `binaries/clamav.tar.gz': No such file or directory
mv: cannot stat `binaries/cronolog': No such file or directory
mv: cannot stat `binaries/cronosplit': No such file or directory
mv: cannot stat `binaries/ispconfig_tcpserver': No such file or directory
mv: cannot stat `binaries/zip': No such file or directory
mv: cannot stat `binaries/unzip': No such file or directory
tar: spamassassin.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `spamassassin': No such file or directory
tar: uudeview.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `uudeview': No such file or directory
tar: clamav.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `clamav': No such file or directory
tar: aps.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
./setup2: line 873: ispconfig_tmp/php/bin/php: No such file or directory
ERROR: The PHP binary coming with ISPConfig does not work properly on your system! The installation routine stops here!

The output above tells me, that a version higher than 3.4 was detected, how is that possible after the downgrade? Am I doing something wrong?

Code:

gcc -dumpversion

tells me I'm running 4.0.3, after repeatedly running the above downgrade with apt.

I am doing an install, not an upgrade, but would the second part (editing the config file) of the solution in Till's thread here work in my case? If ClamAV is not going on a performance-critical system, it shouldn't matter? I'm trying not to break anything here, and I'm a little frustrated ATM.

[FXT]

OK, I did it!
I have a running VM with Perfect Setup for Ubuntu 6.06 LTS, but FTP with TLS support and MySQL listening on localhost only; ISPConfig 2.2.19 running with Till's ClamAV fix (downgrading gcc/g++ never worked).

Thank GOD for snapshots, I would have gone mad otherwise.

[xrat]

Congratulations

[damaltor]

hi everybody,

i have a problem that is a bit like the one above:
a local pc running as server (debian 4.0) with apache, mysql, php5, few other things, working perfectly). my ip address is hold constant with dyndns.

now, if i make a new client and a new web with ispconfig, what is the adress i have to enter in firefox? if i make an URL like "www.example.com", this should be linked into my system. but my only "outer" ip is in dyndns. so, if i make a nice URL, how can i make it public or better, how can i make it accessible from outside?

i hope you understand my problem, my english usually is very good but i dont think that i described this very well...

thanks for every answer!

damaltor

[till]

Quote:

now, if i make a new client and a new web with ispconfig, what is the adress i have to enter in firefox? if i make an URL like "www.example.com", this should be linked into my system. but my only "outer" ip is in dyndns. so, if i make a nice URL, how can i make it public or better, how can i make it accessible from outside?

You will have to configure it at your yndns service to point to the same IP then your first domain.

[damaltor]

found that out, too. thanks though