The Perfect Server - Debian Squeeze (Debian 6.0) With BIND, Dovecot & Nginx [ISPConfig 3] - Page 4

Want to support HowtoForge? Become a subscriber!
 
Submitted by djh-compnet (Contact Author) (Forums) on Thu, 2012-03-22 16:36. ::

10 Install Postfix, Dovecot, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils

You can install Postfix, Dovecot, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo

You will be asked the following questions:

General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look similar to this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      10617/mysqld
root@server1:~#

 

11 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, run:

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

The ISPConfig 3 setup script uses amavisd which loads the SpamAssassin filter library internally, so we you stop SpamAssassin to free up some RAM:

/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove

 

12 Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap

Nginx is available as a package from the Dotdeb repository (the packages on official nginx repo do not work with ISPConfig 3 at the time of writing) so to install it run the following command:

apt-get install nginx

Apache should not be installed by this stage although it is pulled as a depedency for phpMyAdmin later on in the tutorial. Remove Apache with:

apt-get purge apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils

and any other related packages. You can also run:

apt-get autoremove

to make sure any unnecessary packages are purged.

To make PHP5 work in nginx through PHP-FPM (FastCGI Process Manager) as an alternative to the PHP FastCGI implementation with some additional features catering for websites of any size, especially heavier traffic, install it as follows:

apt-get install php5-fpm

PHP-FPM is a daemon process, with the init script /etc/init.d/php5-fpm, that runs a FastCGI server on port 9000.

To add MySQL support to PHP, we can install the php5-mysql package. You might need some additional PHP5 modules as well to support the enhanced features of your web applications. You can search for available PHP5 modules like this:

apt-cache search php5

If you are not bothered about disk space or whether they are necessary to install or not, you can install them all:

apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

or delete those that you know you do not need.

APC is a free and open-source PHP opcode cacher for caching and optimizing PHP intermediate code. It is similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP pages.

APC can be installed as follows:

apt-get install php-apc

Now restart PHP-FPM:

/etc/init.d/php5-fpm restart

Fcgiwrap is a CGI wrapper that should work also for complex CGI scripts and can be used for shared hosting environments because it allows each vhost to use its own cgi-bin directory. For CGI support in nginx you must install Fcgiwrap package as follows:

apt-get install fcgiwrap

After the installation, the fcgiwrap daemon should already be started; its socket is /var/run/fcgiwrap.socket. If it is not running you can use the /etc/init.d/fcgiwrap script to start it.

That's it! Now when you create an nginx vhost, ISPConfig 3 will take care of the correct vhost configuration.

 

13 Install phpMyAdmin And Configure HTTPS For Vhosts

To install phpMyAdmin run the following command:

apt-get install phpmyadmin

You will be prompted with the following questions:

Web server to reconfigure automatically: <-- select none (because only apache2 and lighttpd are available as options)
Configure database for phpmyadmin with dbconfig-common? <-- No

If you selected 'Yes' then you will get an error that can be read about on this link: http://serverfault.com/questions/341116/setting-up-phpmyadmin-got-a-mysql-syntax-error

Because Apache2 is installed as part of a phpMyAdmin dependency, stop it now with:

/etc/init.d/apache2 stop

and remove Apache's system startup links:

insserv -r apache2

Start nginx afterwards:

/etc/init.d/nginx start

You can now find phpMyAdmin in the /usr/share/phpmyadmin/ directory.

After you have installed ISPConfig 3, you can access phpMyAdmin as follows:

The ISPConfig 3 apps vhost on port 8081 for nginx comes with a phpMyAdmin configuration, so you can use http://server1.example.com:8081/phpmyadmin or http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin.

If you want to use a /phpmyadmin or /phpMyAdmin alias that you can use from your web sites, this is a bit more complicated than for Apache 2 because nginx does not have global aliases (aliases that can be defined for all vhosts). Therefore you have to define the aliases for each vhost so that you can access with phpMyAdmin on your specified URI.

To do this, paste the following into the nginx Directives field on the Options tab of each web site in ISPConfig3 (after you installed it later on in the tutorial):

        location /phpmyadmin {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/phpmyadmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }

If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on, to your phpMyAdmin configuration like this:

        location /phpmyadmin {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/phpmyadmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS on; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }

It is pretty dubious whether you would like to transfer data and passwords in cleartext to phpMyAdmin or other applications that you would like to keep secure. So to use both http and https for your vhost you should to add the following section to the http {} section in /etc/nginx/nginx.conf, before any include lines, this determines whether the visitor uses http or https and sets the $fastcgi_https variable. Use this in your phpMyAdmin configuration accordingly:

vi /etc/nginx/nginx.conf

[...]
http {
[...]
        ## Detect when HTTPS is used
        map $scheme $fastcgi_https {
          default off;
          https on;
        }
[...]
}
[...]

Do not forget to reload nginx afterwards:

/etc/init.d/nginx reload

Then go to the nginx Directives field again, and instead of fastcgi_param HTTPS on, you add the line fastcgi_param HTTPS $fastcgi_https, so that you can use phpMyAdmin for both http and https requests:

    location /phpmyadmin {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/phpmyadmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS $fastcgi_https; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }

 

 

14 Install Mailman

Since version 3.0.4, ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature install Mailman as follows:

apt-get install mailman

Before we can start Mailman a first mailing list called mailman must be created:

newlist mailman

root@server1:~# newlist mailman
Enter the email of the person running the list:
 <-- admin email address, e.g. info@example.com
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases or
an equivalent file by adding the following lines:

## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Hit enter to notify mailman owner...
 <-- ENTER

root@server1:~#

Open /etc/aliases afterwards:

vi /etc/aliases

and add the following lines:

[...]
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Run newaliases and restart Postfix:

newaliases
/etc/init.d/postfix restart

Then start the Mailman daemon:

/etc/init.d/mailman start

After you have installed ISPConfig 3, you can access Mailman as follows:

The ISPConfig apps vhost on port 8081 for nginx comes with a Mailman configuration, so you can use http://server1.example.com:8081/cgi-bin/mailman/admin/<listname> or http://server1.example.com:8081/cgi-bin/mailman/listinfo/<listname> to access Mailman.

If you want to use Mailman from your individual web sites, the configuration is a bit more complicated than for Apache because nginx does not have global aliases (defining aliases that subsequently work for all hosts, e.g. domain.tld/definedalias). Therefore you have to define the aliases for each vhost from which you want to access Mailman.

To do this, paste the following into the nginx Directives field after ISPConfig is installed on the Options tab of each the website:

        location /cgi-bin/mailman {
               root /usr/lib/;
               fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
               include /etc/nginx/fastcgi_params;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               fastcgi_param PATH_INFO $fastcgi_path_info;
               fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
               fastcgi_intercept_errors on;
               fastcgi_pass unix:/var/run/fcgiwrap.socket;
        }
        location /images/mailman {
               alias /usr/share/images/mailman;
        }
        location /pipermail {
               alias /var/lib/mailman/archives/public;
               autoindex on;
      }

This defines the alias /cgi-bin/mailman/ for your vhost, which means you can access the Mailman admin interface for a list at http://<vhost>/cgi-bin/mailman/admin/<listname>, and the web page for users of a mailing list can be found at http://<vhost>/cgi-bin/mailman/listinfo/<listname>.

Under http://<vhost>/pipermail you can find the mailing list archives.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Wallis Short (not registered) on Mon, 2013-04-15 14:03.

When I carried out the command

/etc/init.d/nginx start

I received an error

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed

 This means that IPv6 only is enabled. To correct this error edit the file /etc/nginx/sites-enabled/default

vi /etc/nginx/sites-enabled/default

and comment out (or delete) the following line.

listen [::]:80 default ipv6only=on; ## listen for ipv6
 
This should work when you do the restart.

 

Submitted by xciso (registered user) on Thu, 2013-02-21 09:53.

When i do this: insserv -r apache2

I get this error:

insserv: warning: script is corrupt or invalid: /etc/init.d/../rc6.d/S00vzreboot

And when i then try to start nginx with: /etc/init.d/nginx start

I get this error:

Restarting nginx: nginxnginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

Submitted by Giuseppe (not registered) on Mon, 2012-11-12 15:47.

Hi,

after i insert this command "update-rc.d -f spamassassin remove" the Debian 6.0.6 Squeeze give me this error "update-rc.d: using dependency based boot sequencing".

 How to solve this issue?

Submitted by MiLk (not registered) on Sun, 2012-11-11 12:01.

If you install the package "php5" at the same time than "php5-fpm", apache won't be installed with phpmyadmin.

Submitted by Giuseppe (not registered) on Sun, 2012-11-11 05:59.

You don't have writed the location for "fastcgi_param HTTPS on". In which file i have to add this code?

"If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on, to your phpMyAdmin configuration like this"

Submitted by Anonymous (not registered) on Tue, 2012-08-07 17:38.
Couldn't find package php5-fpm ... seems like no longer maintained repo. 
Submitted by Anonymous (not registered) on Fri, 2012-08-10 03:38.
Add: deb http://php53.dotdeb.org squeeze all