Comments on The Perfect Server - Debian 8 Jessie (Apache2, BIND, Dovecot, ISPConfig 3)

What about using nginx ? postfixdmin ? Apache and ISPConfig 3 will use about 500+ MB of ram...

A tutorial for Nginx will be released the next days. Using postfixadmin for a web + mail + dns server makes no sense as postfixadmin can neiter manage the webserver nor dns nor does it use less RAM then ISPConfig. The 500 MB RAM is not used by ISPConfig, the RAM is used by the other installed services like postfix, clamav, amavis, apache, pure-ftpd, bind, etc. You will see the exact same RAM usage on any full hosting stack server with apache. The RAM usage with nginx is a bit lower but the Mail system uses still the same amount of RAM.

There's a typo at the end of the sources.list

Thanks! Fixed it.

You're welcome. Love to help.Still, apt-get update from the next section has jumped up on the sources.list

Hello,First of all, thank you very much for all your guides.I have 2 questions regarding this new one:1. Will it suffer any modification or it is a final version that has been really tested on Debian 8 "Jessie"? I mean if it has all the necessary for having almost the same installation as the Wheezy's guide (I know they are some packages that are no longer present in the jessie's repositories).2. On the other hand, and relating to the Roundcube's package which is not present yet in the Debian Jessie's official repository but it is on the Wheezy's one, the guide located at https://www.howtoforge.com/using-roundcube-webmail-with-ispconfig-3-on-debian-wheezy-apache2 will differ very much if I use the original Roundcube's tarball instead?Sorry for my bad english language. It's no my mother tongue.Thanks again!

The guide has been written on Debian Jessie, so there are no modfications to be expected.

Thanks! Will this also work to update from wheezy to jessie?

This is a tutorial for a new installation and not a update procedure. It contains also the info that you might need to reconfigure your server after an update, but it is not explicitely made for that. We will release a tutorial with the update procedure when Debian Jessie is a bit more mature. If you run a production server, then you should not consider an update to a new Linux dist release so soon after the initial release, it is better to wait a few months so that the current bugs in the debian packages got fixed if you dont want to break your server.

Okay, Thanks. Ill wait a few months! Btw, thanks for all the tutorials, I use them a lot!

why is it in this guide:

root@server1:/tmp# hostnameserver1root@server1:/tmp# hostname -fserver1.example.com

in all other (old) guides all hostame should be server1.example.com

 

what changed?

A bug in amavis which required the hostname to be always the full fqdn has finally be fixed.

 

Two things, is there going to an update config using apache2.2 or later, and the fail2ban local jails are limited, we've seen persistent hacking attempts to servers we’ve used the ISP config on, having to use IPset instead, as the ban times aren’t enough

 

The tutorial above is for a fresh installation with apache 2.4. If you have a wheezy install that you updated to jessie, then run a ispconfig update with "reconfigure services" to update the config files for debian jessie, then login to ispconfig, go to tools > resync and resync the websites. This will update the vhost config files for all sites to apache 2.4 config as well.

There is a further issue i've notice, in the  "/etc/postfix/master.cf" you mention removing the # from line in the file  but one of them isn't on the master cf i'm editing -o smtpd_client_restrictions=permit_sasl_authenticated,reject where as it use to be in the wheezy version, do i add this line as well to the file, id so it doesn't say that in the totorial below is the default.

 

#submission inet n       -       -       -       -       smtpd#  -o syslog_name=postfix/submission#  -o smtpd_tls_security_level=encrypt#  -o smtpd_sasl_auth_enable=yes#  -o smtpd_reject_unlisted_recipient=no#  -o smtpd_client_restrictions=$mua_client_restrictions#  -o smtpd_helo_restrictions=$mua_helo_restrictions#  -o smtpd_sender_restrictions=$mua_sender_restrictions#  -o smtpd_recipient_restrictions=#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject#  -o milter_macro_daemon_name=ORIGINATING#smtps     inet  n       -       -       -       -       smtpd#  -o syslog_name=postfix/smtps#  -o smtpd_tls_wrappermode=yes#  -o smtpd_sasl_auth_enable=yes#  -o smtpd_reject_unlisted_recipient=no#  -o smtpd_client_restrictions=$mua_client_restrictions#  -o smtpd_helo_restrictions=$mua_helo_restrictions#  -o smtpd_sender_restrictions=$mua_sender_restrictions#  -o smtpd_recipient_restrictions=#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject#  -o milter_macro_daemon_name=ORIGINATING

Change this section of the master.cf so that it is exactly like the one from this tutorial. This tutorial is for Debian Jessie only, not Wheezy!

I had to add deb http://ftp.de.debian.org/debian jessie main non-free to sources.list to get libapache2-fastcgi.

This repo (just the us version of it) is listed in the tutorial already.

Hello, installing (Apache 2, PHP 5, phpMyAdmin, FCGI, suexec, Pear, And mcrypt), it asks me that question 2 (Web server to reconfigure automatically: <- apache2

Configure database for phpmyadmin with dbconfig-common? <- No) but he does not ask me the rest .. (Enter the password of the administrative user <- yourrootmysqlpassword

Enter the password phpmyadmin application? <- Just press enter) this is serious? I'm french so sorry for my english .. Thanks in advance. :)

Little mistake :

Configure database for phpmyadmin with dbconfig-common? <- no  

Type Yes instead

problem : libapache2-mod-fastcgi do not exists in jessie repo

This paclage exists in jessie repo. I guess you missed to configure the eban repos as described in the tutorial, you have to add contrib and non-free repo.

mkdir /var/lib/squirrelmail/tmp is written twice

Hi,

 

I'm wondering why you have apache2.2-common in these instructions. Is it always included for 2.4?

Do you have apache2.2-common in these instructions so that people can still access their websites including the ISPConfig 3 login, if they use these instuction to perform an upgrade from wheezy, so that they can do the resync operation? If this is the case, can it safely be removed after performing the resync operation?

 

Thanks for this guide.

Kudos for finally using nano instead of vi :)

Also: please drop using ntpdate - since it is obsolete since 2010, and also can create huge problems when installed into VZ.

Kudo for using nano instead of vi?? 

Nano, really?  ROFL

I have used the "The Perfect Server - Debian 7" guide and still running it.

How would it be best to upgrade from Debian 7 to 8? and how would that affect my configuration?

Thank you,

Hi,

At the Step for FTP / Quota installation.

The FSTab file is empty and contains only : # UNCONFIGURED FSTAB FOR BASE SYSTEM

Did I miss something ?

Seems as if you have a openvz / virtuozzo based virtual machine that dont have a filesystem configuration in fstab. You can skip that step in this case and ask your ISP to turn on Filesystem quotas for your VM as thats configured on the host server in the virtual machine config file.

thanks a lot for the fast answer !

Thanks a lot for the fast answer. That's exactly that. Indeed, I m on a virtual machine !

I m sorry, but I have a last question.

I can't access to phpmyadmin at this URL https://server1.example.com:8080/phpmyadmin (not found) - same thing with http.

I tried to create a symbolic link : 

– cd /etc/apache2/conf.d (I created a conf.d folder cause it didn't exist)– ln -s /etc/phpmyadmin/apache.conf phpmyadmin

but it doesn't work... someone would have an idea ?

This happens when "apache" was not selected in the apt installation dialog during phpmyadmin installation. You can rerun this dialog with:

dpkg-reconfigure phpmyadmin

You're the man ! I effectly forgot to click on Apache selection during the installation process (though it was already selected) !

Thanks a lot !

Perfect tutorial!

Special thanks!

Ist noch jemand hierauf gestossen?  Was habe ich übersehen?

 

apt-get install libapache2-mod-fastcgi php5-fpmPaketlisten werden gelesen... FertigAbhängigkeitsbaum wird aufgebaut.Statusinformationen werden eingelesen.... FertigPackage libapache2-mod-fastcgi is not available, but is referred to by another package.This may mean that the package is missing, has been obsoleted, oris only available from another sourceE: Package 'libapache2-mod-fastcgi' has no installation candidate

You have an error in our /etc/apt/sources.list file. Check that contrib and non-free repositorys are activated, then run apt-get update and then the command to install mod-fastcgi again.

Hello, I have a problem with sending and forwarding email with attachment from squirrelmail. When I try to attach a file no matter how small, squirrel says "ERROR:Could not move/copy file. File not attached ". If I try to forward from squirrelmail a mail with attachments, size of all attached files is 0. From outlook and thunderbird I have no problem with attachments. Thanks!

Hello, I love ISPconfig. Thank you for all the guides, everything works perfect after installation, just the attachments in squirellmail are not. I tried everything to fix it (PHP settings, chmod for /var/spool/squirrelmail/attach, without any success), until I found this thread and applied the same solution:

https://www.howtoforge.com/community/threads/squirrelmail-could-not-move-copy-file-file-not-attached-when-trying-to-attach-a-fi.55043/

filter   = pureftpd

--> sollte pure-ftpd heißen!?

The line "filter   = pureftpd" is correct here as thats the name of the file "pureftpd.conf" that we add in the next step. If you prefer to add a - in the name, then dont forget to alter it in all places wher it occurs in the fail2ban config.

How so this means the server is connected by FTP, with the rights to the root directory Root Root?

The root user has never access by FTP. When you want to upload a file as root user, then use SCP/SFTP as thats a SSH protocol. When the server setup is finished, then you can create FTP users for the websites that you host on that server from within ISPConfig.

How and where to change the path to / phpmyadmin

Why do you want to change a path in phpmyadmin? PHPMyAdmin works out of the box when you follow this tutorial, just ensure that you selected to configure PHPMyAdmin for apache in the apt install dialog during installation.

Can I install the set in this assembly ionCube.

Thank you very much, this is a first very perfect manual, that give the actually info step by step on the newest Debian release. I has no one error all the way, it is amazing!!!I have only one question. Can you may be make addition to it, for people, who use other partitions for the data? As example, I have a two 2TB HDDs in RAID1, small part (~30GB) I use for the system, also " / ", and the most volume is mounted at " /server ", can you maybe make a small manual, what folders I need to create on this "data partition", what services I must stopping before copying data, the right commands for copy and hardlink, and then start anything again back? Is it possible?

Hi, please see here for instructions to relocate the website and email data to a different partition:

https://www.howtoforge.com/use_mount_bind_to_move_the_website_and_email_directory_of_a_ispconfig_server_to_a_new_location

'libapache2-mod-fastcgi' has no installation candidate ... ??

 

You missed to enable the Debian contrib repository. Check your /etc/apt/sources.list and compare it with the one from this tutorial.

Thanks as usual for the great tutorials. Any idea when this one will be available via pdf or is the link just broken?

I just teted the download link for the PDF version and it works for me. If you have issues with downloading the PDF version, please contact us https://www.howtoforge.com/community/misc/contact. Please include any error message sthat you might get.

I am trying to set up Debian Jesssie x64 using your instructions. After steps 10 and 11 I get:

 

Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.

 

"service apache2 restart" seems to not work for me. Any ideas?

 

Take a look at the apache error.log

Thank you very much for taking the time to provide this.  It was invaluable for a newbie like me to both Linux and your product. Regards... :)

Errors were encountered while processing: amavisd-newE: Sub-process /usr/bin/dpkg returned an error code (1)

today ?

I solved this by fixing Amavis FQDN settings:

root@server# /etc/init.d/amavis restart

root@server# systemctl status amavis.service

Set manually $myhostname for amavis :

root@server# vi /etc/amavis/conf.d/05-node_id

root@server# /etc/init.d/amavis restart

root@server# apt-get update

root@server# apt-get upgrade

...

Setting up amavisd-new (1:2.10.1-1) ...

Creating/updating amavis user account...

 

 

Please provide some clarity,

In your guide you aske to create "/etc/fail2ban/filter.d/pureftpd.conf", however /etc/fail2ban/filter.d/pure-ftpd.conf already exists with the following...

[INCLUDES]before = common.conf[Definition]_daemon = pure-ftpd# Error message specified in multiple languages__errmsg = (?:????\[.*\]???????|?????\[.*\]??????|\[.*\] kullan?c?s? i?in giri? hatal?|??????????? ?? ??????? ???????????? \[.*\]|Godkjennelse mislyktes for \[.*\]|Beh?righ$failregex = ^%(__prefix_line)s\(.+?@<HOST>\) \[WARNING\] %(__errmsg)s\s*$ignoreregex =So which file will be called correctly, the newly created file as per your guid or the existing one?

Thank you

how to install ioncube loader?

Just follow the instructions from ioncube: http://www.ioncube.com/loaders.php There is nothing specific to the above setup in installing ioncube.

I installed the cd / usr / local / src wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

trying to unzip command tar -xvf ioncube_loaders_lin_x86-64.tar.gz

tar: ioncube_loaders_lin_x86-64.tar.gz: The open ended with error: No such file or directory tar: Error is not recoverable: exiting now

Hi! I have problem with PureFTPd. FileZilla can not connect to server over TLS. Only unsecure connection works.

From FileZilla:

Status:    Connecting to 84.255.242.163:21...Status:    Connection established, waiting for welcome message...Status:    Initializing TLS...Error:    Could not connect to serverStatus:    Waiting to retry...Status:    Connecting to 84.255.242.163:21...Status:    Connection established, waiting for welcome message...Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------Response:    220-You are user number 4 of 50 allowed.Response:    220-Local time is now 14:02. Server port: 21.Response:    220-This is a private system - No anonymous loginResponse:    220-IPv6 connections are also welcome on this server.Response:    220 You will be disconnected after 15 minutes of inactivity.Command:    AUTH TLSResponse:    234 AUTH TLS OK.Status:    Initializing TLS...Error:    Could not connect to server

Thats a problem with the passive port range. Define a passive port range in pure-ftpd and then open the same port range in your firewall. http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-set-the-passiveportrange-in-pure-ftpd-on-denian-and-ubuntu-linux/

Hello, great guide. I was too fast with copy paste and I installed suPHP when I didn't really want it and I think it's causing me some problems. What's the way to reverse that installation?

Run:

a2dismod suphpservice apache2 restart

Hello guys, 

i`m trying to setup one server with pure-ftpd with tls and it seems that i`m getting a error that i cannot find a fix for it . 

 

[INFO] New connection from 

[INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher

[WARNING] Authentication failed for user []

[INFO] Logout.

[INFO] New connection from 127.0.0.1

 

[INFO] Logout.

any help please . 

There are the users root and administrator. Squirrelmail does not accept root. But administrator gives a permission problem. May be solved by running (Terminal):

touch /var/mail/administratorchown administrator:mail /var/mail/administratorchmod o-r /var/mail/administratorchmod g+rw /var/mail/administrator

Something seems to be missing from the instructions. Or else, if I did something wrong, I'd like to know what it is.

You mix up system users and email accounts here. Email users exist nly in the mysql database as this is a virtual user setup. The direcrory /var/mail is not by this setup. If you want to redirect emails of a system user to a mailbox, then add a alias line for it in /etc/aliases and run the newaliases command afterwards.

There are the users root and administrator. My ftp client (Yummy) tells me the sites directories have root as owner. Since I can only login as administrator, I cannot upload local files to var/www, for example. How do set root access for my site?(This problem did not exist with Wheezy, because this distribution allowed root to access the site.)

You mix up ftp users (which are virtual users and you create them in ispconfig) with the system user login for the server maintenance. To upload files into a website, create an FTP user in ispconfig for that website, then enter this ftp username and password in your ftp client. You have then full access to this website by FTP and can upload files into the "web" folder, the owner of the files is correct by default.

I understand what you are saying. Still, I'd like to be able to edit files for server maintenance in TextWrangler instead of vi through Terminal. Wheezy lets me do that as root, Jessie doesn't allow root to login through FTP and administrator is not the owner of the server (root is the owner). How do I adapt this for the ftp client? In other words, how can administrator upload and change files via FTP if root is the owner? 

Just edit the file /etc/sshd/sshd_config and allow ssh logins for the root user and restart the ssh daemon. Then you can login as root with SFTP.

Thanks till. Inside /etc/ssh/sshd_config I changed PermitRootLogin without-password to PermitRootLogin yes and ran service ssh restart. That did it: the root user can now log into my FTP client (sftp) and upload or edit files. But I'd rather be able to login with user administrator (possible) and have administrator edit and upload files (impossible: permission denied). I've been searching for hours but can't find simple instructions on how to do that. So my question is: can it be done (it used to be possible with earlier Debian distros) and if yes, how? 

When Jessie (minimal setup) is booting, this is run on the screen:[FAILED] Failed to start Check And Enable File System Quotas.[   3.604446] quotaon.sh[227]: quotacheck: Quota for users is enabled on mountpoint / so quotacheck might damage the file.See 'systemctl status quota.service' for details.[   3.613648] quotaon.sh[227]: Please turn quotas off or use -f to force checking.

I haven't a clou if this is wrong and what to do if it is. Info is welcome. 

Thats ok and can be ignored. There is a bug in Debian which throws this error while the quota system is working as it tries to check a already working and mounted quota system.

If you get errors regarding php and mysql versions not working together properly try installing php5-mysqlnd instead of php5-mysql

In Part 8:

I don't see any reason why you should open your database too the public with:

We want MariaDB to listen on all interfaces, not just localhost, [...]

as it seems as a good practice to me to keep as many services as possible only accessible from localhost and using an SSH-Tunnel or VPN to access them.

Maybe I just don't see the reason, so an explanation would be cool.

Kudos for using MariaDB! It should be considered to use the repo from MariaDB (instructions here:  https://downloads.mariadb.org/mariadb/repositories/#mirror=hs-esslingen&distro=Debian&version=10.0&distro_release=jessie--jessie )

to stay up-to-date with the database-releases.

Same for HHVM, which is completely missing here (but has a huge impact on performance) but is mentioned in some ISPconfig-Forum-Posts and seems to be in latest released code of ISPconfig?

It would be nice to explain how to use official certificates for Mail/SFTP to replace the self-signed ones.

Anyway, thank you for this great tutorial and the work you did!!!

If a database is accessible from outside or not is controlled by the database settings in ISPConfig. The database server itself has to listen on the external interface, otherwise the settings on a per database basis in ISPConfig will not work. There are plenty of external MySQL database modeling and backup tools available that run on your desktop, so it makes sense to have an option that allows a user to access his database from an external IP and this option is only available when the database server itself is bound to the external IP too.

Regarding HHVM: HHVM will be supported in the next release (3.1), it is not supported in the current release (3.0.5.4p8). It makes no sense to install HHVM in a tutorial for the current ISPConfig release when it does not support HHVM yet as it will just use memory without being useful.

 

Regarding SSL certs: https://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl

Should ensure the aptitude program is installed around step 5, or ispconfig's System > Do OS-Update won't work.

"apt-get install dialog" if debconf can't find a dialog program...

debconf: No usable dialog-like program is installed, so the dialog based frontend cannot be used.

"apt-get install libwww-perl" is required for rkhunter.

Hello

Thank you very much for the useful tutorial.  I followed the steps (blindly) and setup my mail server for our school and it is working now.

There is one problem:

I can send emails.  But can't receive emails.

I try to send email from my personal gmail to one of the emails on this new mailserver a/c then I received the following error message.

Delivery to the following recipient failed permanently:      [email protected] Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain hwa.edu.sg by mail.hwa.edu.sg. [58.185.168.42]. The error that the other server returned was: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table.

 

Kindly help on this.

 

Thank you.

Please make a post that contains the error messages from the mail.log file in the howtoforge forum.

Hello,

The problem solved.  (Silly mistake: typo error in the email address).

Thank you.

Hello very good tuto but the admin/admin log on squirremail doesn't work...

admin:admin is the login for ISPConfig and not Squirrelmail. The squirrelmail login are the login details (email address and password) of an email account that you created in ISPConfig.

Hi,

 

I set this up workign, and then decided to remove the email server, since I'm on a vps with only a limited amount of RAM and clamAV and email was using too much resources. I kept iptables and fail2ban, of course, and removed the files created for pop3 and imap, and I removed all postfix and dovecot packages. I would liek to know your recommendations:

1) Can I also safely remove getmail4?

 

2) I am getting many mails which are being defferred in the logs and queue like this:

server1 sm-mta[8458]: t8BMK1sL005375: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=04:57:07, xdelay=00:00:00, mailer=esmtp, pri=2820466, relay=domain.com., dsn=4.0.0, stat=Deferred: Connection refused by domain.com.

 

What can I do about this - how to not have mails in the queue? I guess some native mail functions like sendmail are necessary,so I own't touch that.

In the system log I get:

server1 CRON[1890]: (getmail) CMD (/usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null)

 

so getmail4 is running - can I safely remove it, or is it necessary?

 

Thanks for helping with this - it might be a common problem - how to remove the email server and keep the rest for vps's with 1 gig or less. Thank you.

Ed

Hello,

My email server is working fine.  I have one problem.  When I configure one of or staff email on apple email client, it works fine for a while after that suddently stop receiving emails. I think this is due to the secure certificate problem.  Kindly advise whether I can purchase and install the SSL Certificate and how.

Thank you. 

Perfect!!! Worked first time!

I have problems on point 12.2

 Package libapache2-mod-fastcgi is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'libapache2-mod-fastcgi' has no installation candidate

Please check the /etc/apt/sources.list file of your server and ensure that it is like the one in step 5 of the tutorial, then run apt-get update and install the package.

I have followed the guide exactly.  Now my email server working fine.  Thank you.

For some reason, I want to change my host name of the server.  Please guide me what are the places should I need to change.

 

Does anybody know how to enable POSTFIX notifications when email's domain (IP) received by the server is on the RBL list? I am wondering how to be notified by the email, when the email that was sent to my server was rejected because sender is on the spam list.

At the moment the only thing is to grep through log files, or wait for logwatch once per day.

Hi,

Thanks for the tuto.

 

I've got a big problem... when i try apt-get install amavisd-new, i've got this :

 

Creating/updating amavis user account... Job for amavis.service failed. See 'systemctl status amavis.service' and 'journalctl -xn' for details. invoke-rc.d: initscript amavis, action "start" failed. dpkg: error processing package amavisd-new (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing:E: Sub-process /usr/bin/dpkg returned an error code (1)

If the following is not done, you cannot delete e-mail received in squirrelmail. Perhaps there is a more elegant solution, but this works. 10-mail.conf must be modified to set mail_privileged_group = mail

echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone

Thank you for the tutorial, but where is the tutorial with nginx instead of apache? I can't find it.@

From: till at: 2015-04-28 11:23:26.

I have a issue at the step "8 Install Postfix, Dovecot, MySQL [...])My sources are correct and MariaDB is installed, but this not happens:"You will be asked the following questions:General type of mail configuration: <-- Internet SiteSystem mail name: <-- server1.example.com etc."I think this questions should only prompt when I install MySQL instead of MariaDB, but I'm not 100% sure?Plase answer. Thank you.

Will this install php5.5 and apahce 2.4 ?

It will install the current apache and PHP version from Debian 8. You can find the exact version numbers of all packages that Debian provides in the Debian package database: https://packages.debian.org/stable/

Debian 8 doesnt have libapache2-mod-fastcgi neither fastcgi apache2 mod ?

This package exists in Debian 8. You missed to enable the contrib repository in your /etc/apt/sources.list file, see chapter 5 of this tutorial how the sources.list has to be.

Wonderful tutorial. Many thanks!

is already for nginx a tutorial available ?

I've got a problem with the FTP connection.

Short:In the intranet I can connect but if I try to connect from a remote position it tells me error 530 and "Critical Error:..."

 

Could somebody help me?

I've got a strange problem. :-( When I change "localhost.localdomain   localhost" to "test.mydomain.org    test" is that still the same after a reboot. So it looks like this: "127.0.0.1    localhost.localdomain   localhost" instead of "192.96.200.7    test.mydomain.org    test". Is that normal?

:~# nano /etc/fstab

# / was on /dev/sda2 during installation

 

UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxx /               ext4    errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv 0       1

:~# mount -o remount /

mount: / not mounted or bad option .... In some cases useful info is found in syslog - try ... dmesg | tail or so.

 

 

The description indicates that MySQL will be installed but it installs MariaDB instead.  Was this intentional?

Can I substitute MySQL in step 8?

I quote from thr tutorial "When you prefer MySQL over MariaDB, replace the packages "mariadb-client mariadb-server" in the above command with "mysql-client mysql-server"."

Hi,

great tutorial, thanks a lot.

Only find a problem, when I tried to access to ispconfig page, shows default apache index.

Any idea?

Thanks!

Ensure that oyu really use port 8080 and not port 80 or 443 to access ISPConfig.

Hello,

Thanks for your excellent tutorial.

I have a question - as in this configuration set up port imap. I want to secure 993. Me works only 143. Thanks a lot.

Yes, IMAP and IMAPS are both configured automatically by the ISPConfig installer.

The only stumbling block I encountered was installing the fastcgi module as I'm running on an arm processor and there are no packages available in the repositories.

I was able to wget a deb package and manually install it.

 

Otherwise, it's a big thumbs up :-)

Very good work, perfectly functional. Congrats and thank you!

Super Anleitung, alle die ein Problem mit den Umlauten bei der mariadb haben (Daten in db UTF-8, Charset in HTML UTF-8) dann wird der der charset im connect bei mysql nicht auf utf8 stehen.

Einfach in der /etc/mysql/conf.d/mariadb.cnf den defaultzugriff ändern, denn der steht auf Latin1. Oder die php Anwendungen so anpassen, dass bei jedem mysql connect  utf8 gesendet wird!

# MariaDB-specific config file.

# Read by /etc/mysql/my.cnf

 

[client]

# Default is Latin1, if you need UTF-8 set this (also in server section)

default-character-set = utf8

 

[mysqld]

#

# * Character sets

#

# Default is Latin1, if you need UTF-8 set all this (also in client section)

#

character-set-server  = utf8

collation-server      = utf8_general_ci

character_set_server   = utf8

collation_server       = utf8_general_ci

init-connect='SET NAMES utf8'

 

[mysql]

default-character-set=utf8

 

 

 After editing /etc/clamav/clamd.conf

Clamav must be restarded. Maybe you should add it.

service clamav-daemon restart

Very nice tutorial.

Few Questions

1. I am able to sent emails but not receiving emails, what can be issue?

2. PHP script not able to send email using script, what can be done here?

Thanks

I move a site from debian 7 to debian 8 with ispconfig 3 for both.

I change order of LogFormat parameters %o in /etc/apache2/apache2.conf and I have no change with apache 2.4 after restarting apache.

Do you know why ?

 

I modify this command (i added %O in front of the text)

LogFormat "%O %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""     combined

in /etc/apache2/apache2.conf and i don't see any change in the access.log of my vhost

Do you have any idea ?

It works for the other_vhosts_access.log !

Thanks

You modified the config for the global apache access.log, not the one for the websites. The website access.log configuration is in the apache ispconfig.conf file.

I have an access.log for each vhost but any change i do in the LogFormat in apache2.conf doesn't change the format of this access.log. Where should I put the CustomLog associated with the vhost access.log ? I use Ispconfig.

The website access.log configuration is in the apache ispconfig.conf file and not in apache2.conf file.

I did it complete but get the following exeption while installing ISPConfig asself:

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [my.domain.com]: my.domain.com

No PHP MySQL functions available. Please ensure that the PHP MySQL module is loaded.root@vagrant:/tmp/ispconfig3_install/install#

But there should be mysql module loaded.

The MySQL extension is not there. Install the php5-mysql module again:

 

apt-get install --reinstall php5-mysql

Step 13 uses the "vi" command insted of "nano".

vi /etc/aliases

On a Linode VPS, you need to add a simlink to /dev/root in order for quotas to work.

ln -s /dev/xvda /dev/root

how to install additional php-5.4.43 (PHP-FPM & FastCGI)?

My domain names are parked at godaddy pointing to the server, all mail records on godaddy are pointed to the server.

my squirrelmail works great locally, but It cannot send mail to remote mailbox ie [email protected] //

I emptied all pertinent log files and tried to send an email from SM on another machine w/ attachment.

 mail from outlook.com sent to Squirrelmail boxes complain recipient not found

outbound mail from Squirrelmail never arrives at outlook,yahoo,gmail.etc

No errors reside in the logs mail log, mail warn log or mail error log, systemlog and all mailman logs remain blank.

The mails appear in the queue complaining of connection time out.

I assume something is not set up correctly outside of the mail server

Provider Server4you

After installation: 550 5.1.1 <>: Recipient address rejected: gmx.de

changed in the MySQL main.cf in /etc/postfix

comment out:

#default_transport = error#relay_transport = error

After thats postfix runs well again.

 

hi there and thanks for awesome tutorial which worked 100%!  so im confused on how my server can reached outside of my lan. currently it can only be seen from itself and im unaware what needs to be changed. any advice would be helpful

I can install MySQL 5.5 and PHP 5.6 in Debian 8.2 with ispconfig successfully.   but now I installed MySQL 5.7 by following the https://dev.mysql.com/doc/mysql-apt-repo-quick-guide/en/ and PHP 7.   When I install the ispconfig in the last step without any errors, but I found it only install 5 tables in the db.  Is it working with MySQL 5.5 only, but not working with MySQL 5.7?   aps_instances aps_instances_settings aps_packages aps_settings attempts_login     ############### ## mysql step # wget http://dev.mysql.com/get/mysql-apt-config_0.6.0-1_all.deb # dpkg -i mysql-apt-config_0.6.0-1_all.deb #### select install all MySQL tools and utilities   # apt-get update # apt-get install mysql-server # service mysql status ? mysql.service - MySQL Community Server    Loaded: loaded (/lib/systemd/system/mysql.service; enabled)    Active: active (running) since Fri 2016-02-26 12:50:38 HKT; 8s ago Main PID: 1809 (mysqld_safe)    CGroup: /system.slice/mysql.service            ??1809 /bin/sh /usr/bin/mysqld_safe            ??2064 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --log-error=/var/...   Feb 26 12:50:36 server14a.a.com mysqld_safe[1809]: 2016-02-26T04:50:36.901795Z mysqld_safe Logging to '/var/log/mys...log'.   Feb 26 12:50:36 server14a.a.com mysqld_safe[1809]: 2016-02-26T04:50:36.986701Z mysqld_safe Starting mysqld daemon w...mysql     #### check mysql version # mysql -uroot -p --version mysql  Ver 14.14 Distrib 5.7.11, for Linux (x86_64) using  EditLine wrapper

If you use the /var/log/mail.warn instead of the /var/log/mail.log for the postfix-sasl jail, make sure the /etc/fail2ban/filter.d/postfix-sasl.conf failregex line does not care about case for the word "LOGIN", or you will miss banning a lot of breakin attempts. It is written both "LOGIN" and "Login" in the mail.warn log. Here is the line to use:

failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$

Great job , thx a lot !!!

hello

can you tell me if is this required in 1 server environment?

We want MariaDB to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

or i can leave it on localhost?

hello

can you tell me if uncomment mariadb bind-address = 127.0.0.1 required in 1 server environment? or i can allow only connection from localhost?

If a database is accessible from outside is managed in ispconfig, but this makes it nescessary that you comment out that line so that MariaDB listens on all interfaces. If you do not want to be able to configure remote access to databases in ISPConfig, then you can leave this at localhost.

Is there a way to change the hostname after the server is setup? In step #4  at the beginning of this tutorial... Where server1.example.com is set, I put in a domain name I own in the example.com part of the hostname. I had planned on putting this website on the server but It seems to conflict since the hostname is the same as the domain name. I could just start over from scratch, but would rather not if there's an easier way to do this. Thanks in advance. 

Hi, I installed ISP3 in some servers with Debian 8.1. Everything runs right, but I can't do security scans (with nessus o Qualys Scan) of these IP's because the system blocking http requests (when the scan try much url). I stopped Fail2ban and the problem is persisting. Any idea?Regards.

There is no such software in a default ispconfig install. But maybe you installed an apache module like mod_evasive which is made to block multiple requests?

No, I did basic installation. I installed the ISP3 using this howto.

Hi Till, is it possible to use ISPConfig with Apache mpm event -> apache2-mpm-event ?

What is then the correct installation syntax under Step 10 ?

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-event .... ?

Will the ISPConfig check this and then do not offer mod_php later under website settings?

Are there any other restrictions if using mpm event ?

Thanks for an answer.

This is in response to our issue and another person here.  I noticed that in this tutorial mailutils or mailx wasn't installed.  Coming from UBuntu Tutorial to Debian 8, our PHP Script ( phpmail ) not sending out, esp. in CMS/Drupal or Wordpress.

This didn't work for us:

echo "body of your email" | mail -s "This is a Subject" -a "From: [email protected]" [email protected]

But after installing mailutils (apt-get install mailutils) all started flowing in.

Hope this sheds some light to anyone that has/had this issue.

 

I think rkhunter needs to be "enabled" by editing "/etc/default/rkhunter" and replacing `CRON_DAILY_RUN=""` by `CRON_DAILY_RUN="true"`

Rkhunter should not be enabled there. Rkhunter is run by ispconfig at night, by enabling it there you will cause your system to be scanned twice each day which just increases the load on your system.

I have no mount point "/"

proc /proc proc defaults 0 0 none /dev/pts devpts rw,gid=5,mode=620 0 0 none /run/shm tmpfs defaults 0 0

Then you probably use a virtual machine. In this case, skip the fstab editing and proceed with the next step.

Got the following message when install rkhunter

Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/lwp-request

This is how to solve:

apt-get install libwww-perl rkhunter --check

 

Just for information for everyone who has the same error like me:After installing ispconfig on Debian 8.4 (Jessie) I got the error 500 when I try to open the ispconfig login site and in the apache error log I found the message "mod_fcgid: error reading data from FastCGI server".The problem were wrong rights on the directory /var/www/php-fcgi-scripts. Owner und group of this directory are both root. "Others" have no read and execute rights on this. So if apache tries to open the wrapper script under /var/www/php-fcgi-scripts/ispconfig/ it is not able to open it because of the wrong rights.I solved this problem by adding read and execute rights for "others" on this folder: chmod o+rx /var/www/php-fcgi-scripts/Set this rights only on this directory, not on one of the subdirectories, because of security reasons.Instead of setting the read and execute for others, I think you can also change the group for this directory to one that contains all users who are owner of a website (and therefor are set as suexec user in the apache vhost settings). But I'm new to ispconfig and don't know if ispconfig is maintaining such a group. Does anybody know?

There are no permission changes nescessary on a correctly installed system, and your proposal opens up a security hole. The php-fcgi script and folder has to be owned by user and group ispconfig and only this user and group may read its content as the ispconfig vhost runs as user and group ispconfig with suexec. So please undo your permission change to secure your setup and then check if the suexec module is installed and enabled on your server. Maybe you had a different control panel installed before or your ISP has given you an unclean base image or you missed to run a command from this installation tutorial. If you need further help, please post in the forum.

When you uncomment

bind-address = 127.0.0.1:

Newset mariadb version need to be edited in:  /etc/mysql/mariadb.conf.d/50-server.cnf

 

thanks

 Hi,

When I add 

AllowSupplementaryGroups true

Jun 10 10:03:17 isc clamd[1858]: ERROR: Parse error at line 90: Unknown option AllowSupplementaryGroups

This has changed a few days go with the last ClamAV update, see Debian bug report here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826406 Just remove that line.

Hi,

great Tutorial, i think all works fine except smtp.

I'll get this error: dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>

E-Mail sending via webmail work fine.

any idea?

best Juergen

Problem:

https://MY_IP_ADDRESS:8080/phpmyadmin/ -> "The requested URL /phpMyAdmin/ was not found on this server."

 

Solution:

ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf

a2enconf phpmyadmin

service apache2 reload

Hello,

Suddenly my email server is not sending or receiving any emails.  Kindly help me on this.

When I try to connect from my email clients to the server, it says 'Cannot Connect Using SSL'.  Please help me to resolve the problem. (I am new to Linux and Dovecot and ISPConfig etc.,)

great! It is not clear if I can install php 7.x instead of php 5.6.x (or howto have multiphp running, i.e. 5.6 and 7.x).Ispconfig 3.0.5+ can run with php7?!?

Is there an howto explaining this? Thank you.

https://www.howtoforge.com/tutorial/how-to-install-php-7-on-debian/

I follow this tutorial. But now, What is the best IPTABLES config after install ISPconfig ? for a simple web server (dns / apache / local mysql) with 2/3 websites ?

I open thread here :https://www.howtoforge.com/community/threads/ispconfig-3-what-is-the-best-firewall-iptables-config-after-install-on-debian-8.73773/

Thanks for the tutorial, it was straight forward, it als have some lapses, I was able to use it because I was not new to linux, it can be enhanced by removing all the unwanted cluter.

Nice work

 

Thanks

Where exactly have i to add/run step 21.1. Can any one tell me please?

Thanks

I have fresh install Debian 8.x and I have not login by default password "admin". Where is problem?

ERROR Error Username or Password empty.

Perfect for me ! Everything works as planned ! Thanks for this !

If you get an error while installing PHP-FPM (12.2)

Package libapache2-mod-fastcgi is not available, but is referred to by another package.This may mean that the package is missing, has been obsoleted, oris only available from another sourceE: Package 'libapache2-mod-fastcgi' has no installation candidate

... you have to add the debian jessie non-free repository.

Edit /etc/apt/sources.list and add

deb http://ftp.de.debian.org/debian/ jessie non-freedeb-src http://ftp.de.debian.org/debian/ jessie non-free

After this execute apt-get update.

Yes, as explained in chapter 5 of the tutorial.

Went through this entire guide step by step.

 

FTP gives me an error 530... any idea? I've even deleted and recreated the user in ISPCONFIG

is fail2ban enabled for other users ( ispconfig admin user, etc, ) ??

Fail2ban is enabled for services like ssh, ftp, etc., the user does not matter for it's configuration.

I have got a problem with the email section. When i am logged into the interface and click on email, it doesn't open the email part. I reinstalled my whole server and ISPConfig but it's still not working. Could you help me please?

Most likely you named the alias for the webmail client /mail and not /webmail as shown in the tutorial. Rename it to /webmail and restart apache.

why do i get this error for squirrel mail:

ERROR: Could not complete request. Query: SELECT "INBOX"Reason Given: [SERVERBUG] Internal error occurred.

please help!

That did the trick for me.

Any suggestions on fixing this?  I got a cpu warning and when I checked found horde couldn't show me content: Error is

Could not instantiate PDO. PDOException: SQLSTATE[08004] [1040] Too many connections

/var/log/mail.error:

Feb  4 06:02:24 calypso dovecot: imap([email protected]): Fatal: block_alloc(4194304): Out of memoryFeb  4 06:02:24 calypso dovecot: imap([email protected]): Fatal: master: service(imap): child 1073 returned error 83 (Out of memory (service imap { vsz_limit=256 MB }, you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core dump)

Thank you for any clues.

David

I can't apache2 reload. when i have configed squirrelmail at 19sept.

err info:Active failed(Result:exit-code)

process:65b execstart=/etc/init.d/apache2 start(code=exited,status=1/FAILURE)

Failed to start LSB:Apache2 web server

 

The password length is < 1 or > 256 characters...

 After I ve changed etc/hosts like ip-server1.domain.com-server1 and I've changed /etc/hostname as server1. 

hostname

 server1

hostname -f

 hostname: Name or service not known  

 

What is the problem, where is my fault? I aö newbee, sorry id I said anything wrong

I can't send email,but i can received. im getting connectioned timed out. What is wrong ? 

The most common reason is that your internet access provider or datacenter blocks outgoing connections on port 25.

Hi Sir,

I have got the error message when I check email from Mac Apple Mail client:

Maximum number of connections from user+IP exceeded.

Please advise me anybody hacking my email or this is a normal message.

Thank you.

"Cannot move/copy: File not attached error" when attaching file from webmail. 

 

The Squirrelmail upload directory must be added manually using "squirrelmail-configure" command in order to avoid above. 

steps:

squirrelmail-configure

select option 4 ( General Options )

Then Select 2 ( attachment directory ) and change the default value to "/var/lib/squirrelmail/tmp"

Dont use to the default value or add the default value to your apache config directive. Thanks

 

this was identified by below given error messages in apache2 logs for the vhost.

[Mon Sep 25 10:10:28.811002 2017] [:error] [pid 1936] [client XXX.XXX.XXX.XXX:50101] PHP Warning:  file_exists(): open_basedir restriction in effect. File(/var/spool/squirrelmail/attach/fbRFI5DrHI9UKexQrnwL7Z4KAoHqmHMz) is not within the allowed path(s): (/usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname) in /usr/share/squirrelmail/src/compose.php on line 1470, referer: http://thedomain.biz/webmail/src/compose.php?mailbox=INBOX&startMessage=1

 

After installed the Squirrelmail exactly as instruction above, I got all domain names resolved to the Squirrelmail login page. Even the naked ip address of the server.

What possibly missing here? I think I already followed all command line as it is.

What should I recheck to fix this problem?

 

Thanks in advance!

Hello,

I am using a Debian 8 VPS on a Linode. I am thinking of using an SSL from Go Daddy, as using self-signed certificates often give error messages to people who visit for the first time.

Your instructions set things up to use port 80, which transmits everything in clear text through http. Is there any way to force traffic, including Squirrelmail, to use port 443?

 whats that for a tutoral ? title says we install all and now i dont see apache ... 

Read the tutorial until the end, then you'll find apache. This tutorial has 3 pages, Apache is installed on page two and you are currently on page one

Hi... I have the following problem, when I execute this command:

apt-get install apache2-doc apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached libapache2-mod-passenger

Reading package lists... Done

Building dependency tree       

Reading state information... Done

apache2-utils is already the newest version (2.4.25-3+deb9u5).

apache2-utils set to manually installed.

libexpat1 is already the newest version (2.2.0-2+deb9u1).

libexpat1 set to manually installed.

ssl-cert is already the newest version (1.0.39).

ssl-cert set to manually installed.

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

 

The following packages have unmet dependencies:

 apache2-suexec : Depends: apache2-suexec-pristine (= 2.4.10-10+deb8u12) but 2.4.25-3+deb9u5 is to be installed

 php5-imagick : Depends: libmagickcore-6.q16-2 (>= 8:6.8.8.2) but it is not going to be installed

                Depends: libmagickwand-6.q16-2 (>= 8:6.8.8.2) but it is not going to be installed

E: Unable to correct problems, you have held broken packages.

Thanks

Please compare the /etc/apt/sources.list file of your server with the one shown above in the tutorial.

Hi, this morning we have got a power trip and we on the mail server (Done from The Perfect Server - Debian 8 Jessie (Apache2, BIND, Dovecot, ISPConfig 3)  Now I couldn't send and receive any emails from outside.

I have got the following errors:

dovecot: auth-worker(1204): Error: mysql(localhost): Connect failed to database (dbispconfig): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) - waiting for 1 seconds before retry

Host is not allowed to connect to this MariaDB server

Might be that MySQL is not started or the database is broken. Please post in the forum to get support: https://www.howtoforge.com/community/forums/installation-configuration.27/

Hi Mr Till,

Mysql is running.

Please check the following.

root@hwamail:~# /etc/mysql/status

-bash: /etc/mysql/status: No such file or directory

root@hwamail:~# /etc/init.d/mysql status

? mysql.service - LSB: Start and stop the mysql database server daemon

   Loaded: loaded (/etc/init.d/mysql)

   Active: active (running) since Wed 2018-10-10 13:18:24 SGT; 5h 30min ago

  Process: 622 ExecStart=/etc/init.d/mysql start (code=exited, status=0/SUCCESS)

   CGroup: /system.slice/mysql.service

           ?? 819 /bin/bash /usr/bin/mysqld_safe

           ?? 820 logger -p daemon.err -t /etc/init.d/mysql -i

           ??1085 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --...

 

Oct 10 13:18:16 hwamail /etc/init.d/mysql[820]: 181010 13:18:16 mysqld_safe ....

Oct 10 13:18:23 hwamail mysql[622]: Starting MariaDB database server: mysql.....

Oct 10 13:18:26 hwamail /etc/mysql/debian-start[1226]: /usr/bin/mysql_upgrade...

Hint: Some lines were ellipsized, use -l to show in full.

 

 

Hi

Would it be possible to put the date the tutorial was created and updated? This would mean it would be easier to identify the most recent version.

Each tutorial is for a specific operating system version. To get the right tutorial, check which Debian version you use and then select the tutorial accordingly. E.g. here is the one for Debian 9: https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/

Welcome!

Great tutorial, but isp config only working only on IP...server1 subdomain not working.

The server1 subdomain of your domain must exist in DNS to be able to use it. Add a DNA A-Record for server1 on the DNS server of your domain that points to the IP address of your server.

Hello,

When I try to connect to pureftpd via FTP Client, I have access denied...

Service runs on 21 port, but I can't connect to my server

Then you either use a wrong username (e.g. you missed adding the prefix, the full FTP username for the first client is something like c1username and not just username, see ftp user list for the full name) or a wrong password or you closed port 21 in a firewall. Please post your support questions in the ISPConfig support forum: https://www.howtoforge.com/community/forums/installation-configuration.27/

Whoever still stumbles on thus: If you want to use this howto to compile suphp be aware:The patch has been taken offline. Only thing you need to take care:

edit src/Makfile and OUTCOMMENT "MAYBE_AP = apache" and take in "MAYBE_AP = apache" (of course only when running on apache2...

 

worked like a charm for me! kudos to https://bbs.archlinux.org/viewtopic.php?id=156866