The Perfect Server - Ubuntu 10.04 [ISPConfig 3] - Page 4

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2010-05-06 15:58. ::

12 Install Postfix, Courier, Saslauthd, MySQL, rkhunter, binutils

We can install Postfix, Courier, Saslauthd, MySQL, rkhunter, and binutils with a single command:

aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils maildrop

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      9732/mysqld
root@server1:~#

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /etc/courier/pop3d.cnf

[...]
CN=server1.example.com
[...]

Then recreate the certificates...

mkimapdcert
mkpop3dcert

... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

 

13 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

aptitude install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

 

14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:

aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby

You will see the following question:

Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include (plus dav, dav_fs, and auth_digest if you want to use WebDAV):

a2enmod suexec rewrite ssl actions include

a2enmod dav_fs dav auth_digest

Restart Apache afterwards:

/etc/init.d/apache2 restart

 

15 Install PureFTPd And Quota

PureFTPd and quota can be installed with the following command:

aptitude install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

Then restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    nodev,noexec,nosuid 0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0       1
# /boot was on /dev/sda1 during installation
UUID=9eef7b6b-5688-456c-8fe2-05ae739e3635 /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

16 Install BIND DNS Server

BIND can be installed as follows:

aptitude install bind9 dnsutils

 

17 Install Vlogger, Webalizer, And AWstats

Vlogger, webalizer, and AWstats can be installed as follows:

aptitude install vlogger webalizer awstats geoip-database

cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl

 

18 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

aptitude install build-essential autoconf automake1.9 libtool flex bison debhelper

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./debian/rules binary
cd ..
dpkg -i jailkit_2.11-1_*.deb
rm -rf jailkit-2.11*

 

19 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the fail2ban log:

aptitude install fail2ban


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Morten Holmstrup (not registered) on Mon, 2013-03-18 23:48.

For all of those who like me have spent hours getting pure-ftpd to play nice with ispconfig 3 and ubuntu 10.04 64bit on a virtuozzo virtual server, there is a solution: https://launchpad.net/~otto-kesselgulasch/+archive/virtuozzo

The link that people are most often sent to did not help me (and I tried several times), but adding this repository and apt-installing as usual did the trick. Just fyi.

Submitted by BostonSports4Life (not registered) on Mon, 2012-02-13 03:02.

STEP 17 - For some reason when we ran the command to copy awstats***.pl we got error saying "cant create regular file" or something to the effect (sorry I didn't write it down). However after a few attempts and spell check errors, it turns out that we had to manually create the directory.  For whatever reason it wouldnt create the directory automatically. I dont know if we missed something in the setup or if its an inherent issue with Ubuntu (10.04). I thought I'd mention it for any other users that run into the same issue or if its something that need to be appended to the How-to.

That being said, other than that problem and a couple small issues we had to work out, We would like to thank you for the walk-through. This is our 3rd attempt at configuring the server. We've ran a windows box for a long time now and decided to change to Linux after upgrading the machine. You've clearly put a bit of time into this and it looks like a bit of doin. Thanks again man I'm sure everyone thats read this post appreciates the good work. 

Mike @ R&M Computers, Oakville CT

 

Submitted by Cory (not registered) on Mon, 2012-03-05 22:47.

I had this same issue, I simply went into the awstats directory and did a "mkdir tools" then re-entered the command and it worked flawlessly!

 

Submitted by Lucas (not registered) on Wed, 2011-04-06 15:47.

If you have a vServer the installation of pureftpd might fail.

You have to compile it by your self without capabilites.

To do so, you have first to install "dpkg-dev":

apt-get install dpkg-dev

 Afterwards use one of the following howtos:

Submitted by Anonymous (not registered) on Fri, 2011-04-08 13:47.

@Moderator:

Please remove the last whitespace of the link to "German: howtoforge.de"... Otherwise you get an 404 error.

Submitted by pee (not registered) on Sun, 2011-01-23 14:14.

hi,

 when i want to restart mysql with the classical command "/etc/init.d/mysql restart" i get the message:

 Rather than invoking init scripts through /etc/init.d, use the service(8)

utility, e.g. service mysql restart


Since the script you are attempting to invoke has been converted to an

Upstart job, you may also use the restart(8) utility, e.g. restart mysql

mysql start/running, process 10038

is "/etc/init.d/mysql restart" been replaced at ubuntu 10.04?
 
 
Submitted by weboculus (not registered) on Sun, 2010-10-31 17:57.

 no Mails get in the Mailbox.

 Error:

Oct 31 14:41:37 woadmin amavis[30370]: (30370-03) (!!)run_av (ClamAV-clamscan) FAILED - unexpected exit 50, output="LibClamAV Warning: ***********************************************************\nLibClamAV Warning: *** This version of the ClamAV engine is outdated. ***\nLibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***\nLibClamAV Warning: ***********************************************************\nLibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)\nLibClamAV Error: Problem parsing database at line 737\nLibClamAV Error: Can't load /var/lib/amavis/tmp/clamav-22bf400b558ed2f94ee0b43aa854aaf2/daily.ndb: Malformed database\nLibClamAV Error: Can't load /var/lib/clamav//daily.cvd: Malformed database\nERROR: Malformed database"

 insert into /etc/apt-sources.list the following lines:

# ClamAV
deb ftp://ftp2.de.debian.org/debian-volatile stable/volatile main
deb ftp://ftp2.de.debian.org/debian-volatile stable-proposed-updates/volatile main

 then:

apt-get update
apt-get dist-upgrade

Submitted by GoremanX (registered user) on Tue, 2010-10-26 01:17.

The command:

 cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl

 cannot work because the /usr/share/awstats/tools/ directory does not exist

Submitted by Kevin west (not registered) on Wed, 2010-10-13 13:04.

Issue when running script below

 cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl

you get

cp: cannot stat `/usr/share/doc/awstats/examples/awstats_buildstaticpages.sh': No such file or directory
You have to :

sudo mkdir /usr/share/awstats/tools

to resolve this issue then re enter

  cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl

 

Submitted by danhansen@denmark (registered user) on Mon, 2013-04-01 21:50.

Hi Kevin,

Thanks! Great help :)

Dan

Submitted by Leow (registered user) on Thu, 2011-03-17 14:38.

Hello Kevin,

Thanks for this comment.

Submitted by Anonymous (not registered) on Fri, 2010-06-25 23:54.
Why would you want to make MySQL listen to all addresses? For security reasons, I would use the default value (listening on localhost).
Submitted by jktrigg (registered user) on Thu, 2010-06-10 20:10.
Is there a reason you're still using Courier IMAP and Cyrus SASL?  Dovecot is a much cleaner solution.
Submitted by Radim H. (not registered) on Fri, 2010-05-14 11:39.

I tried installation yesterday according this manual.

I installed system on EXT4 and there are so serious issues.

1. EXT4 seems to have weird lack of performance, but this is my subjective view

2. Quota is not wokring on current  2.6.32-22 kernel

I have installed sytem on WMware ESXi 4.0 with vmware-tools installed, but i don't think this may affect filesystem...

 

Good thing is  that Bind plugin is working correctly. There was no problem as decribed with instalaltion on Debian

http://bugtracker.ispconfig.org/index.php?do=details&task_id=474&only_watched=1&type[0]=&sev[0]=&due[0]=&cat[0]=&status[0]=open&percent[0]=&reported[0]=

Regards

radim_h

Submitted by Anonymous (not registered) on Mon, 2010-07-05 23:37.
With current updates 2010-06-07 quota is working fine with EXT4
Submitted by Anonymous (not registered) on Fri, 2010-08-20 01:27.

is there a reazon why i can´t errase or modify the index page in /var/www  ?  that is the directory where i should upload my webpages isn´t it?  thank you!