The Perfect Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3) - Page 7

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Sun, 2012-04-29 17:30. ::

22 Install ISPConfig 3

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary.

root@server1:/tmp/ispconfig3_install/install# php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Debian or compatible, unknown version.

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:
 <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Generating a 2048 bit RSA private key
...........+++
.....................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (e.g. server FQDN or YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]:
 <-- ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus
.......++
.........................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (e.g. server FQDN or YOUR name) []: <-- ENTER
Email Address []: <-- ENTER

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
 <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service mysql restart

Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the stop(8) and then start(8) utilities,
e.g. stop mysql ; start mysql. The restart(8) utility is also available.
mysql stop/waiting
mysql start/running, process 2543
 * Stopping Postfix Mail Transport Agent postfix
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
   ...done.
 * Starting Postfix Mail Transport Agent postfix
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
   ...done.
Stopping amavisd: (not running).
The amavisd daemon is already running, PID: [1126]
Starting amavisd: (failed).
 * Stopping ClamAV daemon clamd
   ...done.
 * Starting ClamAV daemon clamd
   ...done.
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service dovecot restart

Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the stop(8) and then start(8) utilities,
e.g. stop dovecot ; start dovecot. The restart(8) utility is also available.
dovecot stop/waiting
dovecot start/running, process 3668
 * Restarting Mailman master qrunner mailmanctl
 * Waiting...
   ...done.
   ...done.
 * Restarting web server apache2
 ... waiting .   ...done.
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -E -H -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -b -D -A -u 1000 -B
Installation completed.
root@server1:/tmp/ispconfig3_install/install#

The installer automatically configures all underlying services, so no manual configuration is needed.

You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.

Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):

The system is now ready to be used.

 

 

23 Additional Notes

23.1 OpenVZ

If the Ubuntu server that you've just set up in this tutorial is an OpenVZ container (virtual machine), you should do this on the host system (I'm assuming that the ID of the OpenVZ container is 101 - replace it with the correct VPSID on your system):

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
  vzctl set $VPSID --capability ${CAP}:on --save
done

 

24 Links

 

About The Author

Falko Timme is the owner of Boost Your Site mit Timme Hosting - ultra-schnelles nginx-WebhostingTimme Hosting (ultra-fast nginx web hosting). He is the lead maintainer of HowtoForge (since 2005) and one of the core developers of ISPConfig (since 2000). He has also contributed to the O'Reilly book "Linux System Administration".


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by aaazyyy (not registered) on Thu, 2013-09-05 17:30.

This tutorial was not at all awesome, but way way beyond awesome.

Thanks a ton.

Submitted by Salvatore La Rocca (not registered) on Thu, 2013-09-05 09:59.
La guida è perfetta e fantastica. Grazie
Submitted by Chuck (not registered) on Tue, 2013-07-30 20:05.

Thank you very much for a "very! step-by-step" web server setup.  I think I have been resistant to ubuntu simply because of the name.  Lord only know, SuSE and OpenSuSE were bad enough -- Slackware?  Debian?  --- but "oo boon too"?  That was just too much!

 Or so I thought!  After all, there are so many distros to choose from.  I've used SuSE for years to host a mail service using Exim and have had no problems with SuSE 8.0 and Exim 4 has been a joy!  I never liked the GUIs, so the text interface was just right for me.  With most of the new distros, you have to "intervene" to get to text.  So, I've been using OpenSuSE 11.4 with Ctrl-Alt F2 for a good while.  But, 11.4 is no longer "supported" as it seems.

 So, here I am with a project!  I need to set up a website for my daughter and son-in-law and I'd like to host it here under my thumb, as it were.  Where to begin; where to begin?

I began reading your "The Perfect Server" (ignoring the word "Ubuntu" because I could pick my own distro, couldn't I!).  It didn't take but a paragraph of two for me to realize that Ubuntu was just what I needed to use.  I got the 32 and 64-bit versions because I wasn't sure what piece of crap I was going to use for my server.  In the end, I decided to use an old Dell Optiplex GX-270 Small Form Factor with a lowly Celeron processor and only 1 GB of RAM.  Just the on-board VGA, but wait . . . .  I'll be using text!  OK!  Let's get going.

Installation was a breeze and once I got the SSH host installed, I switched to my big machine and used PuTTY 0.62 and the rest was a breeze.

 I'm sure everybody in the world already know this, but you never can tell.  If one highlights text in a GUI like Windows and toggles to his SSH client page, a click of the right mouse button will paste the Windows "scratchpad" at the cursor in the ssh "window" and all that's left is to touch "Enter."

So, your long instructions like adding the following lines to the squirrelmail conf file:

    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname:/var/spool/squirrelmail
    php_flag register_globals off

were accomplished by highlighting those lines, opening the file with the editor (I like "joe" best), positioning the cursor just below the line "  <IfModule mod_php5.c>" and giving a single click of the right button.  

No more misspelled commands!  During installs, I toggled to a solitaire window where I could see the left edge of the PuTTY screen and when I saw the # prompt reappear, I'd go to the next step.

When I used a Windows machine to resolve the url "192.168.40.100" and saw the message "It Works!" --- well, I'm taking a short break to say "Thanks!" before I work on content and then get my DNS info pointing to my server.  Wow!

I did not have one single moment of angst.  Your instructions were very clear and the format of your post made it plain what I was to type as a command.  Where you indicated "vi /etc/network/interfaces" I would type "joe " and then paste "/etc/network/interfaces" and touch Enter.  (Of course, I did have to get "joe" but that was easy.)

Great HowTo!  Thanks again.

Chuck

 

Submitted by foxpro (registered user) on Sat, 2013-05-11 03:08.
After installation whenever i tried to access ispconfig with ip:8080 it shows error and tell me to access by https wich is normal as i followed that tutorial and did what they said there . But after restarting when i try to access ispconfig with https://ip:8080 it just loading and loading , nothing was and is showing . When i try to http://ip:8080 , it shows Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://server1.domain.com:8080/ But my domain is not yet managed as it takes time(is that?) . I have registered nameserver from my registerer ns1 and ns2 by that ip and changed the nameserver . But as it is yet not live , how can i access ispconfig with that ip as i did before , before restart ?
Submitted by techatyou (not registered) on Mon, 2013-06-17 21:07.
Try just your http or https what ever one your using then ip without port number and just /ispconfig

[Like This] 

example.com/ispconfig

Submitted by Anonymous (not registered) on Tue, 2013-04-30 22:39.
Absolutely amazing :) 
Submitted by Anonymous (not registered) on Wed, 2013-03-06 21:17.
This is wonderfull
Submitted by davils (not registered) on Fri, 2013-03-01 02:40.
This is a great article followed it and am up and running minus one hickup i cant access squirremail using https at all

 SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

I can https into ispconfig no problem tho? any help would be really helpful 

 

Submitted by Ascer (not registered) on Fri, 2013-02-22 16:56.
The best tutorial ever. Lo mejorcito de internet, muchas gracias, yo ya tengo mi servidor con ispconfig 3. Muchas gracias otra vez
Submitted by Lynton (not registered) on Mon, 2012-12-03 20:39.
I cant get my mail to work using SSL at all(sending or receiving)

 I keep getting a generic error saying: 

  postfix/smtps/smtpd[2179]: warning: TLS library problem: 2179:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:628:


I have tried to check all the log files etc but I cant find anything that gives more info on it.

I had to uncomment the lines in my /etc/postfix/master.cf  for:

submission inet n       -       -       -       -       smtpd

smtps     inet  n       -       -       -       -       smtpd

just to get it to start sending mail without SSL. I have followed the howto step by step a few times now, re-installed the server twice and also removed and re-installed all packages related to the install, im going a bit insane trying to fix it!!

Can anyone give me some direction on what I should be looking for? 

Submitted by ewrson (not registered) on Mon, 2012-11-19 09:34.
Great job, big thx :D
Submitted by onejay (not registered) on Wed, 2012-10-03 04:23.
i found this article looking for a guide to install ispconfig, and i find myself scouring through 5 of 6 pages looking for what parts of this guide are important to ispconfig, instead of following a 1 or 2 page guide. much of the first 5 pages are not necessary for ispconfig, but without figuring out what is and what isnt, i get install errors. my suggestion would be tier'd style, walking through the install of the primary topic, and inserting optional addons as side notes. if i'm thinking this, others must be as well, and it would really help out us noobs. 
Submitted by Fil (not registered) on Sat, 2012-09-29 15:00.
Hello,thanks for this excellent tutorial.

I follow all the steps of this tutorial. I create a dns zone and a site. But when i go to the new site in my browser, i always arrive on the squirrelmail login page. I don't know why???

Thank you in advance for your answer.

Sorry for my bad english 

 

 

Submitted by Squirrel (not registered) on Sat, 2013-12-07 05:32.
Hi,

I've the exact same problem. I followed all steps of this tutorial and everything went fine. All features will works just fine. My problem is that if I go to www.domain.com, it always points to squirrelmail login page, www.domain.com/src/login.php.

My idea is to use this perfect server as webhost, email server, ftp server and mysql server. I want use my registrant DNS server as a nameservers. I can change all DNS records via my domain registrant.

Here is my setup:

1. Installed the perfect server, ubuntu 12.04.3 LTS (public IP is accessible via internet)
2. Registered domain.com
3. My server FQN is linux.domain.com (hostname)
4. Changed necessary DNS records (A, CNAME, MX) to point to my perfect server

If I access to my perfect server...
http://<private ip>
http://<public ip>
http://linux.domain.com or http://www.domain.com or http://domain.com

It always points to squirrelmail login page, www.domain.com/src/login.php

I want to host my domain.com on my perfect server. The perfect server hostname is the same linux.domain.com, whether this matter ??? Should I book and reserve "unique" domainperfserver.com and use that domain as servername and not the same domain.com I want to host (website).


Submitted by nonsoike (registered user) on Sat, 2014-01-04 11:34.
In /etc/squirrelmail/apache.com, comment-out the following:

<VirtualHost 1.2.3.4:80>
  DocumentRoot /usr/share/squirrelmail
  ServerName webmail.example.com
</VirtualHost>

Then restart Apache2:
service apache2 restart

Submitted by Anonymous (not registered) on Tue, 2012-07-31 17:52.

Hi thanks for this tut its great

how ever i am not able to receive emails i can send them and they arrive sharpish

but i cannot receive.

can anyone shed some light on this and a possible solution

many thanks

Submitted by Yuriy_Y (not registered) on Sun, 2013-03-31 19:37.

 After installation, you must change /etc/postfix/main.cf

mydestination =

 mynetworks = 0.0.0.0/8 [::1]/128

 

Restart postfix, enjoy. 

Submitted by Jason (not registered) on Wed, 2012-08-15 18:08.

Did you get this corrected? I have the same issue. No errors in mail.log. It logs in but no mail. I see that there is mail in the Email -> Mailbox quota.

Thanks

Submitted by Anonymous (not registered) on Sat, 2012-07-28 09:55.
Probs a stupid question but what ports do i need to forward to get everything working
Submitted by Chris de Kock (not registered) on Tue, 2012-06-26 13:33.
Dear Mr. Timme, 

Excellent job! I enjoyed every bit of this tutorial!

Keep up the good work! 

 

Submitted by Anonymous (not registered) on Sun, 2012-06-24 00:06.

can you explain this? does it go in a file? how do you execute it? I keep getting:

 

-bash: vzctl: command not found

VPSID=279
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID --capability ${CAP}:on --save
done

Submitted by Tim M. Muldoon (not registered) on Sat, 2012-06-16 01:06.

You must live in Unimatrix Zero, because this is perfect.

 I got all the way to here in step 22 before I messed up and entered info instead of just hitting 'enter'.

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
 <-- ENTER
An optional company name []: <-- ENTER

 Thanks for a great tutorial.

Submitted by Scott Carter (not registered) on Fri, 2012-05-04 19:23.

So I followed the tutorial to the T, but I'm having a heck of a time getting the email tab to display.  For example, if I were at the home tab and clicked over to email the email tab, it still says "Welcome Admin" and lists the available modules, but the side bar shows email accounts, mailing lists, etc.  I tried clicking on each of the links in the side bar, but none of them do anything.

All the other tabs display just fine.

Submitted by Scott Carter (not registered) on Mon, 2012-05-07 16:37.
I figured out my issue.  I setup an additional alias for squirrelmail as /mail, which conflicts with the ISPconfig file structure.  Once I removed this alias, everything was happy.  Excellent tutorial!!
Submitted by Stelios_g (not registered) on Sat, 2012-05-26 11:03.
Thank you i had the same isue and the fault was the alias at the webmail...
Submitted by Warren Child (not registered) on Thu, 2012-07-12 03:23.

How do I remove the alias say I might have put it in? I am kind of a noob and have been reading tutorial after tutorial trying to fix my email, and I followed the directions to a T and have read the 300 page user manual for ISPConfig.

 Any Insight would be much Appreciated!

Submitted by daddyfish (registered user) on Thu, 2012-05-03 17:34.

Good tutorial.

The most important aspect of the project is SECURITY.  A companion article on how to secure this configuration is essential.  Hope someone will do it.

Submitted by Bruno (not registered) on Tue, 2012-05-01 14:03.
Thanks for the HowTo! 
I have a small problem with the email. I usually can send emails, but I not receive any one. In Outlook, the following error appears: <bcarvalho@mydomain.com.br>: Host or domain name not found. name service
     mail.189.xx.xx.xx error for name = type = A: Host not found

Any idea of the problem? Thanks in advance.

Sry for bad english.
Submitted by schickel (registered user) on Mon, 2012-04-30 12:33.

Hi Falko!

Finally you have a tutorial with Ubuntu AND Dovecot with ISP3.

I've upgraded my Ubuntu 11.10 with courier to 12.04 and would change to dovecot.

I know, that dovecot has another folder-structure as courier, but what steps a requered to change from courier to dovecot in Ubuntu 12.04?

 I think so:

1. apt-get install dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve

2. make changes for fail2ban:

/etc/fail2ban/filter.d/dovecot-pop3imap.conf

3.  Change Mailserver from Courier to Dovecot in ISP3-GUI

4. Update ISP3 with .sh scripts to restore configs

5. Restart services

I'm right? ;)

Submitted by till (registered user) on Wed, 2012-05-02 09:23.
The last step is:

6) Modify the maildir folder structure for each Mailbox by creating a new folder "Maildir" and moving the contents to that folder. Example:

cd /var/vmail/domain.tld/user/
mkdir Maildir
mv * Maildir/

You will get a error that Maildir can not be moved into Maildir, thats ok and can be ignored.

Submitted by Eduardo B (not registered) on Mon, 2012-04-30 09:31.

Great job Falko!

 I've tested the steps on HP Cloud server. The quota option is not supported by kernel probably because of the virtualized environment. However, everything seems to be working. Thanks for this another "Perfect Howto".

Submitted by sysadm (registered user) on Tue, 2012-07-17 16:53.
you need to install extra linux image package and use modprobe to enable quota modules on kernel.