Comments on The Perfect Server - Debian 8.6 (nginx, BIND, Dovecot, ISPConfig 3.1)

Hi Till,

Thank you  very much for yet again an excellent tutorial or should i say a perfect one!

While verifying  the provided services I get a "config.inc.php was not found" when trying to use the webmail (roundcube page).

My install went like this

1-   I imported the ova image downloaded from here

2-   I change the locales and keyboard mapping and adjusted the time zone and ntp

3-   I changed some of the users passwords

4-   I changed the server hostname to ns1.something.com

5-   I verified the installation and now reporting this.

I think I have a problem with the host name not being changed for the services like mail and probably others

I can clearly see that when I look at the logs.

Is there a procedure explaining what needs to be done when customizing an ova image

Any help would be much appreciated

Best Regards

F.

 

There is no guide for custimizing the images yet, but I should write one :) The hostname needs to be changed in these places:

 

/etc/hosts

/etc/hostname

/etc/mailname

 

Then check /etc/postfix/main.cf, if it occurs anywhere in that file, then change it there too.

 

Then reboot the server. Finally you should change the hostname in ISPConfig under System > Server config.

 

Regarding roundcube file, I'll check that. It worked yesterday at the time I build the image but it might be that I missed or altered something after I checked roundcube.

Hi Till, I make a new instalation on debian jessie 8.6 isp3.1 according this tutorial (I use apache instead). But I have problem with import mailboxes from csv template (I download mailbox_import_advanced simple script last yaer and used it with old version 3.0.xxx many times gracefully) - just notting happens when I click button "Import". Work arround on this I try to import settings from other ISP3.0.5.4p9 with Import ISPConfig mail with remote user, but not success! On Interface just receive error "Could not connect to host" 

The mailbox import script is for ISPConfig 3.0. ISPConfig 3.1 has a different UI so that extensions from ispconfig 3.0 need to be modified as the function to submit a html form that was used in ispconfig 3.0 has been replaced.

Hi Till,

Thank you for the reply

Yes a guide to customizing those images would be invaluable (Time is Money) ;)

I did all 4 file modifications for hostname and also in ISPConfig.

the roundcube worked at one point. but then I completed my customization by changing the rest of the passwords and now

I'm back with same result in Roundcube "config.inc.php was not found."

Looking at step 18 in your tutorial I now guess that the problem is with the roundcube mysql password !

I'm looking into this!

Any suggestions ?

Wir müssen das Eisen jetzt schmieden, solange es heiß ist

F.

 

The config.inc.php file exists in the vmware image, so you might have deleted it while doing the customizations. To change the password of the roundcube mysql user, edit this file:

/etc/roundcube/debian-db.php

The password is in the line "$dbpass=". Then edit the password of the MySQL user with the name "roundcube" in phpmyadmin by using the phpmyadmin user editor.

Hi, what about bulk import emails into ispconfig 3.1.  p1

 How to make http://192.168.1.100:8081/webmail accest to custom link like http://clientdomain.com/mail

I get error when try login to webmail.

https://10.10.10.195:8081/webmail 

ERR_SSL_PROTOCOL_ERROR

 

The webmail URL is http://10.10.10.195:8081/webmail as shown in the tutorial and not https://10.10.10.195:8081/webmail.

Thank you but still get 

404 Not Found

nginx/1.6.2

Reinstall its ok now. 

Hi,

why: apt-get install python-certbot-apache -t jessie-backports

and not: apt-get install python-certbot-nginx -t jessie-backports ?

Hi,

do you know why I get this warning and what is it ?

Email Address []:NC postconf: warning: unmatched request: "maildrop.unix" Configuring Mailman Configuring Dovecot...

Thanks

Could not install hhvm. apt-get didnt find the package. So i found this site that explained how to compile it from source. https://docs.hhvm.com/hhvm/installation/building-from-source#debian-8-jessie

But in the end, i got this error:

CMake Error at CMakeLists.txt:41 (MESSAGE):

  HHVM requires a 64bit OS

-- Configuring incomplete, errors occurred!

is hhvm required for ISPconfig?

HHVM requires a 64Bit OS and you seem to have a 32Bit os. ISPConfig will work without HHVM, you just can not use the HHVM PHP-Mode then.

Thanks a lot for your amazing tutorials.

I successfully followed the full installation, included additionnal php 7.1.

UNfortunately, since I realised it got nginx from debian repo which was 1.6 version, while current stable version is 1.10, I updated nginx with command lines below.

Now nginx is working, I can ie display a phpinfo page, but ispconfig admin page is not accessible anymore on 8080 port.

I tried to play with its vhost setup without success.

Your help would be very helpful, I'm stuck :(. Thanks a lot

$ sudo sh -c "echo 'deb http://nginx.org/packages/debian/ `lsb_release -cs` nginx' >> /etc/apt/sources.list" $ sudo sh -c "echo 'deb-src http://nginx.org/packages/debian/ `lsb_release -cs` nginx' >> /etc/apt/sources.list" $ curl https://nginx.org/keys/nginx_signing.key | apt-key add -$ dpkg -i --force-overwrite /var/cache/apt/archives/nginx_1.10.2-1~jessie_amd64.deb

In addition to last comment, this is actual ispconfig sites-available vhost :

server {        listen 8080;        listen [::]:8080 ipv6only=on;                ssl on;                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;        ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;        ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES$        ssl_prefer_server_ciphers on;                # redirect to https if accessed with http                error_page 497 https://$host:8080$request_uri;        server_name MYSERVER_NAME;        root   /usr/local/ispconfig/interface/web/;        client_max_body_size 20M;        location / {               index.php index.html;#               try_files $uri $uri/ =404;        }        # serve static files directly        location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {               access_log        off;        }       location ~ \.php$ {#               include /etc/nginx/snippets/fastcgi-php.conf;#               fastcgi_pass unix:/var/run/php5-fpm.sock;                try_files $uri =404;               include /etc/nginx/fastcgi_params;                fastcgi_pass unix:/var/lib/php5-fpm/ispconfig.sock;                fastcgi_index index.php;                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;                fastcgi_param PATH_INFO $fastcgi_script_name;                fastcgi_buffer_size 128k;                fastcgi_buffers 256 4k;                fastcgi_busy_buffers_size 256k;                fastcgi_temp_file_write_size 256k;                fastcgi_read_timeout 1200;                fastcgi_temp_file_write_size 256k;                fastcgi_read_timeout 1200;                fastcgi_param HTTP_PROXY "";        }        location ~ /\. {               deny  all;        }

 

Hope you can help ! Sincerely

Hi Till, very last comment I promise ;-)

I could access ispconfig UI after restoring original ispconfig.vhost and editing as following :

#include /etc/nginx/conf.d/*.conf;include /etc/nginx/sites-enabled/*.vhost;

I don't know if it will be enough for future administration of sites from ispconfig, or if I'll encounter more and more troubles... ?

Any comment about that configuration would be really appreciated. Thank you again for all your tutorials.

Kind regards.

Hi... Thank you for the tutorial,

I use your tutorial to install my existing Bind9 server, but after complte i found that named is conflicted.. just realized that there is Bind config in this tutorial. Please enlighten me ho to solve this named/bind conflict, thank you so much

hi, I have two problems:

what's log & pass by default for roundcube?

and for isp3 I can't log in. I put admin/admin and this don't work, can you help me? thx

You login with the amil account details to roundcube. Create an email account in ispconfig and then use the email address plus password for the login to roundcube.

Install RoundCube with this command does not work with the debian 8. it uable to locate package roundcube, core, mysql, plugin

The packages exist in Debian 8. Compare your /etc/apt/sources.list file with the one of this tutorial.

Hi, quick question, at the part when you say "check the network is running with: netstat -tap | grep mysql" I am getting results in ipv6 instead of ipv4. Like this:

tcp6   0 0   [::]:mysql    [::]:*     LISTEN       27062/mysqld

how can I ensure i get an ipv4 result instead? 

Isn't it a little typo with certbot installation? Since this is an nginx server, the package for letsencypt certificate should be python-certbot-nginx (not python-certbot-apache).

Hi, Roundcube not working. Gives a blank screen. 

Hi Till,   I have these mail error logs : - dovecot: imap-login: Fatal: Can't load private ssl_key: Key is for a different cert than ssl_cert - dovecot: master: Error: service(imap-login): command startup failed, throttling for 60 secs   I did no customization to default config, I'm wondering how to solve it ? This is the beginning of dovecot.conf : listen = *,[::]protocols = imap pop3auth_mechanisms = plain logindisable_plaintext_auth = nolog_timestamp = "%Y-%m-%d %H:%M:%S "mail_privileged_group = vmailssl_cert = </etc/postfix/smtpd.certssl_key = </etc/postfix/smtpd.keyssl_protocols = !SSLv2 !SSLv3 Any help to put my on the right track would be really appreciated. Thank you. Best regards

perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C").

I got this error, and resolved it with the following command. 

% env LANG=C perl -e exit %

Installed ISPConfig with this tutorial. But getting error 403 on websites.

Hi, i have a issue with debian 8

root@titania:~# quotacheck -avugm

quotacheck: Cannot stat() mounted device /dev/root: No such file or directory

quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

in fstab i don't have "/dev/root" but "/dev/sda2" how fix this error? Thanks!

apt-get install roundcube roundcube-core roundcube-mysql roundcube-plugins

Reading package lists... Done

Building dependency tree

Reading state information... Done

E: Unable to locate package roundcube

E: Unable to locate package roundcube-core

E: Unable to locate package roundcube-mysql

E: Unable to locate package roundcube-plugins

 

Edit manual for correct steps.

echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list

apt-get update

Not work my last post... beacuse backwards force install apache... 

Dear Author,

How can I get back to nginx? I've followed the Tut for Deb7 (Wheezy) a vew moths before and had nginx there. Now I've reset my server and reinstalled everything from scratch. I did all the steps of the tutorial, but still have one problem: When i open the root-web-page theres a big box saying: Apache2 Debian Default Page.

Are there even differences between nginx and apache? I only now, nginx worked fine.Thank you!Thomas

You probably have already nginx. The default page shows always apache, it is a fixed text and does not indicate which web server you use, no matter if apache or nginx is installed.

Followed it to the letter (with one exception, I used the nginx repo to get a newer nginx in my Debian 8..) ISPconfig install gave me two warnings, with probably the same cause:

At this stage I got:

Configuring Apps vhostPHP Warning:  symlink(): No such file or directory in /tmp/ispconfig3_install/install/lib/installer_base.lib.php on line 2101Install ISPConfig Web Interface (y,n) [y]:Looked it up, it's this line at 2101:    symlink($vhost_conf_dir.'/apps.vhost', $vhost_conf_enabled_dir.'/000-apps.vhost');Then, later on, at this point:

PHP Warning:  symlink(): No such file or directory in /tmp/ispconfig3_install/install/lib/installer_base.lib.php on line 2540Configuring DBServerInstalling ISPConfig crontab

Looked it up, this is that line 2540:    symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');

Because, well, ISPconfig webui does not appear at the given URL:port.. Solution?

>  I used the nginx repo to get a newer nginx in my Debian 8..

And that's the reason for your error, you installed an incompatibe nginx package and therefre the installation failed asy our package used different paths then the one from Debian. Uninstall ispconfig, uninstall the nginx package that you installed, then install the Debian Nginx package as described in the tutorial and then install ISPConfig again.

Good Job! 

Everything went fairly smooth considering never used debian before:)

Have error with Roundcube:

-----

CONFIGURATION ERROR config.inc.php was not found.Please read the INSTALL instructions!

-----

Have searched around and seen advice on possible fix but nohting seems to work.

Can access the page <IP>:8081/squirrelmail/ but above error message. How can I fix this?

Many thanks in advance.

 

Susan

Hi,

Ty again for this great tutorial.

Just one question, since we install fail2ban, is this one prtected against ipv6 ssh attacks ?

Ty,

Olivier

soon or later

mariadb config is : nano /etc/mysql/mariadb.conf.d/50-server.cnf

and don't depend on mysql config anymore

nano /etc/mysql/my.cnf

this line does not work with current postfix 

( -o smtpd_client_restrictions=permit_sasl_authenticated,reject )

The line works fine with the latest postfix that ships with Debian 8. Maybe you missed to add a whitspce (or two) in front of the line.

So to get you right:Step 11 - Install LetsEncryptStep 13 - Create a self-signed SSL cert for FTP?!--Why..?

That's correct and intended this way. The letsencrypt installation is for website SSL certs hosted in ISPConfig later. A self-signed SSL cert is used for FTP as it is required for the setup at that point and on many setups, you don't have a domain name that is externally reachable by LE at that setup stage, so these setups would fail without creating the self signed cert. You can later replace the cert with an LE cert of course, see e.g. here: https://www.howtoforge.com/community/threads/securing-your-ispconfig-3-server-control-panel-with-lets-encrypt-free-ssl.75554/

I used the 8.4 apache tutorial to get certbot

 

mkdir /opt/certbotcd /opt/certbotwget https://dl.eff.org/certbot-autochmod a+x ./certbot-auto

 

Now run the certboot-auto command which will download and install the software and it's dependencies.

 

./certbot-auto

 

couldn't do a setup without you, thanks so much...

Question:

After a default setup with no mailboxes established, Firefox complains of insecure login on Roundcube... Chrome doesn't. is the login using TLS?

 

Thank you for this tutorial. It is very precise, informative, and useful. Two great projects Debian and ISPConfig are joined together with your wisdom.

Helo,

I am triying this tutorial but i can not the debian 8.6 version. I could not get the old version jessie 8.6 on debian site. Can somebody help me ?

Thanks

edit /etc/postfix/main.cf

mydestination = localhost.com, , localhost

They already have another recommended way to install letsencrypt ( https://certbot.eff.org/lets-encrypt/debianjessie-apache ).

wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto