12 Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils

We can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com

Next open the TLS/SSL and submission ports in Postfix:

vi /etc/postfix/master.cf

Uncomment the submission and smtps sections (leave -o milter_macro_daemon_name=ORIGINATING as we don't need it):

[...]
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
[...]

Restart Postfix afterwards:

/etc/init.d/postfix restart

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      21298/mysqld
root@server1:~#

13 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove

14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi php5-curl libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python libapache2-mod-perl2

You will see the following question:

Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include (plus dav, dav_fs, and auth_digest if you want to use WebDAV):

a2enmod suexec rewrite ssl actions include

a2enmod dav_fs dav auth_digest

Next open /etc/apache2/mods-available/suphp.conf...

vi /etc/apache2/mods-available/suphp.conf

... and comment out the <FilesMatch "\.ph(p3?|tml)$"> section and add the line AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml - otherwise all PHP files will be run by SuPHP:

<IfModule mod_suphp.c>
    #<FilesMatch "\.ph(p3?|tml)$">
    #    SetHandler application/x-httpd-suphp
    #</FilesMatch>
        AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
        suPHP_AddHandler application/x-httpd-suphp
    <Directory />
        suPHP_Engine on
    </Directory>
    # By default, disable suPHP for debian packaged web applications as files
    # are owned by root and cannot be executed by suPHP because of min_uid.
    <Directory /usr/share>
        suPHP_Engine off
    </Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
#       suPHP_ConfigPath /etc/php5/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
#       suPHP_RemoveHandler <mime-type>
</IfModule>

Restart Apache afterwards:

/etc/init.d/apache2 restart

If you want to host Ruby files with the extension .rb on your web sites created through ISPConfig, you must comment out the line application/x-ruby rb in /etc/mime.types:

vi /etc/mime.types

[...]
#application/x-ruby                             rb
[...]

(This is needed only for .rb files; Ruby files with the extension .rbx work out of the box.)

Restart Apache afterwards:

/etc/init.d/apache2 restart

14.1 Xcache

Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page.

Xcache can be installed as follows:

apt-get install php5-xcache

Now restart Apache:

/etc/init.d/apache2 restart

14.2 PHP-FPM

Starting with the upcoming ISPConfig 3.0.5, there will be an additional PHP mode that you can select for usage with Apache: PHP-FPM. If you plan to use this PHP mode, it makes sense to configure your system for it now so that later on when you upgrade to ISPConfig 3.0.5, your system is prepared (the latest ISPConfig version at the time of this writing is ISPConfig 3.0.4.6).

To use PHP-FPM with Apache, we need the mod_fastcgi Apache module (please don't mix this up with mod_fcgid - they are very similar, but you cannot use PHP-FPM with mod_fcgid). We can install PHP-FPM and mod_fastcgi as follows:

apt-get install libapache2-mod-fastcgi php5-fpm

Make sure you enable the module and restart Apache:

a2enmod actions fastcgi alias
/etc/init.d/apache2 restart

14.3 Additional PHP Versions

Starting with the upcoming ISPConfig 3.0.5, it will be possible to have multiple PHP versions on one server (selectable through ISPConfig) which can be run through FastCGI and PHP-FPM. The PHP version coming with Ubuntu 12.10 is 5.4.6, so I will show now how to build PHP 5.3.18 so that it can be used on the same server while Ubuntu's default PHP is installed. I will install PHP 5.3.18 in the /opt/php-5.3.18 directory.

Download and extract PHP 5.3.18:

mkdir /opt/php-5.3.18
mkdir /usr/local/src/php5-build
cd /usr/local/src/php5-build
wget http://de.php.net/get/php-5.3.18.tar.bz2/from/this/mirror -O php-5.3.18.tar.bz2
tar jxf php-5.3.18.tar.bz2

cd php-5.3.18/

Install the prerequisites for building PHP5:

apt-get build-dep php5

apt-get install libfcgi-dev libfcgi0ldbl libjpeg62-dbg libmcrypt-dev libssl-dev

Configure an build PHP 5.3.18 as follows (you can adjust the ./configure command to your needs, take a look at

./configure --help

to see all available options; if you use a different ./configure command, it is possible that additional libraries are required, or the build process will fail) - PHP-FPM and FastCGI are mutually exclusive in PHP 5.3, that's why I show two ways of building PHP 5.3, one for PHP-FPM, one for FastCGI, however you can compile PHP twice with both configuration options to get both:

14.3.1 PHP-FPM

./configure \
--prefix=/opt/php-5.3.18 \
--with-pdo-pgsql \
--with-zlib-dir \
--with-freetype-dir \
--enable-fpm \
--enable-mbstring \
--with-libxml-dir=/usr \
--enable-soap \
--enable-calendar \
--with-curl --with-mcrypt \
--with-zlib \
--with-gd \
--with-pgsql \
--disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-zlib \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-pcntl \
--enable-mbregex \
--with-mhash \
--enable-zip \
--with-pcre-regex \
--with-mysql \
--with-pdo-mysql \
--with-mysqli \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--enable-gd-native-ttf \
--with-openssl \
--with-fpm-user=www-data \
--with-fpm-group=www-data \
--with-libdir=/lib/x86_64-linux-gnu

make
make install

Copy php.ini and php-fpm.conf (if you've compiled PHP with FPM) to the correct locations:

cp /usr/local/src/php5-build/php-5.3.18/php.ini-production /opt/php-5.3.18/lib/php.ini

cp /opt/php-5.3.18/etc/php-fpm.conf.default /opt/php-5.3.18/etc/php-fpm.conf

Open /opt/php-5.3.18/etc/php-fpm.conf and adjust the following settings - in the listen line you must use an unused port (e.g. 8999; port 9000 might be in use by Ubuntu's default PHP-FPM already), and you must add the line include=/opt/php-5.3.18/etc/pool.d/*.conf at the end:

vi /opt/php-5.3.18/etc/php-fpm.conf

[...]
pid = run/php-fpm.pid
[...]
user = www-data
group = www-data
[...]
listen = 127.0.0.1:8999
[...]
include=/opt/php-5.3.18/etc/pool.d/*.conf

Create the pool directory for PHP-FPM:

mkdir /opt/php-5.3.18/etc/pool.d

Next create an init script for PHP-FPM:

vi /etc/init.d/php-5.3.18-fpm

#! /bin/sh
### BEGIN INIT INFO
# Provides:          php-5.3.18-fpm
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts php-5.3.18-fpm
# Description:       starts the PHP FastCGI Process Manager daemon
### END INIT INFO
php_fpm_BIN=/opt/php-5.3.18/sbin/php-fpm
php_fpm_CONF=/opt/php-5.3.18/etc/php-fpm.conf
php_fpm_PID=/opt/php-5.3.18/var/run/php-fpm.pid
php_opts="--fpm-config $php_fpm_CONF"

wait_for_pid () {
        try=0
        while test $try -lt 35 ; do
                case "$1" in
                        'created')
                        if [ -f "$2" ] ; then
                                try=''
                                break
                        fi
                        ;;
                        'removed')
                        if [ ! -f "$2" ] ; then
                                try=''
                                break
                        fi
                        ;;
                esac
                echo -n .
                try=`expr $try + 1`
                sleep 1
        done
}
case "$1" in
        start)
                echo -n "Starting php-fpm "
                $php_fpm_BIN $php_opts
                if [ "$?" != 0 ] ; then
                        echo " failed"
                        exit 1
                fi
                wait_for_pid created $php_fpm_PID
                if [ -n "$try" ] ; then
                        echo " failed"
                        exit 1
                else
                        echo " done"
                fi
        ;;
        stop)
                echo -n "Gracefully shutting down php-fpm "
                if [ ! -r $php_fpm_PID ] ; then
                        echo "warning, no pid file found - php-fpm is not running ?"
                        exit 1
                fi
                kill -QUIT `cat $php_fpm_PID`
                wait_for_pid removed $php_fpm_PID
                if [ -n "$try" ] ; then
                        echo " failed. Use force-exit"
                        exit 1
                else
                        echo " done"
                       echo " done"
                fi
        ;;
        force-quit)
                echo -n "Terminating php-fpm "
                if [ ! -r $php_fpm_PID ] ; then
                        echo "warning, no pid file found - php-fpm is not running ?"
                        exit 1
                fi
                kill -TERM `cat $php_fpm_PID`
                wait_for_pid removed $php_fpm_PID
                if [ -n "$try" ] ; then
                        echo " failed"
                        exit 1
                else
                        echo " done"
                fi
        ;;
        restart)
                $0 stop
                $0 start
        ;;
        reload)
                echo -n "Reload service php-fpm "
                if [ ! -r $php_fpm_PID ] ; then
                        echo "warning, no pid file found - php-fpm is not running ?"
                        exit 1
                fi
                kill -USR2 `cat $php_fpm_PID`
                echo " done"
        ;;
        *)
                echo "Usage: $0 {start|stop|force-quit|restart|reload}"
                exit 1
        ;;
esac

Make the init script executable and create the system startup links:

chmod 755 /etc/init.d/php-5.3.18-fpm
insserv php-5.3.18-fpm

Finally start PHP-FPM:

/etc/init.d/php-5.3.18-fpm start

14.3.2 PHP With FastCGI

./configure \
--prefix=/opt/php-5.3.18 \
--with-pdo-pgsql \
--with-zlib-dir \
--with-freetype-dir \
--enable-cgi \
--enable-mbstring \
--with-libxml-dir=/usr \
--enable-soap \
--enable-calendar \
--with-curl --with-mcrypt \
--with-zlib \
--with-gd \
--with-pgsql \
--disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-zlib \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-pcntl \
--enable-mbregex \
--with-mhash \
--enable-zip \
--with-pcre-regex \
--with-mysql \
--with-pdo-mysql \
--with-mysqli \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--enable-gd-native-ttf \
--with-openssl \
--with-libdir=/lib/x86_64-linux-gnu

make
make install

Copy php.ini to the correct location:

cp /usr/local/src/php5-build/php-5.3.18/php.ini-production /opt/php-5.3.18/lib/php.ini

14.3.3 ISPConfig Configuration

In ISPConfig 3.0.5, you can configure the new PHP version under System > Additional PHP Versions. On the Name tab, you just fill in a name for the PHP version (e.g. PHP 5.3.18) - this PHP version will be listed under this name in the website settings in ISPConfig:

If you want to use this PHP version with FastCGI, go to the FastCGI Settings tab (thePHP-FPM Settings tab can be left empty) and fill out the fields as follows:

If you want to use this PHP version with PHP-FPM, go to the PHP-FPM Settings tab (the FastCGI Settings tab can be left empty) and fill out the fields as follows: