Comments on The Perfect Server - Ubuntu 15.10 (Wily Werewolf) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3

Thanks,

Like always, your guides are clean and straight.

However, Ther are people like me who still are intersted for "Squirrelmail" rather than "RoundCup".

May I kindly ask you to include "Squirrelmail" general setup and tips for ISPConfig 3 on this version as well so we have option to choose whatever is require.

Many thanks,

RoundCub not working after instalation... :( buttons are not active

RoundCub not working after instalation , buttons do nothing :\

Hi, Thank you for this tuto. Very clear and usefull!!

Why not complete with the mail part (SPF, domain check ...)

Regards

Step 6, "netstat -tap | grep mysql", shows an entry for tcp6; however, there is not entry for 'tcp'. Clean install as a VM on vSphere 5.5u2. Has something changed in 15.10 as regards starting MySQL?

ifconfig:

eno16777984 Link encap:Ethernet  HWaddr 00:50:56:81:7d:dd  

          inet addr:10.0.4.7  Bcast:10.0.5.255  Mask:255.255.254.0

          inet6 addr: fe80::250:56ff:fe81:7ddd/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1697 errors:0 dropped:214 overruns:0 frame:0

          TX packets:549 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1402618 (1.4 MB)  TX bytes:73865 (73.8 KB)

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 *:pop3                  *:*                     LISTEN      672/dovecot     

tcp        0      0 *:imap2                 *:*                     LISTEN      1/init          

tcp        0      0 *:urd                   *:*                     LISTEN      1139/master     

tcp        0      0 *:ssh                   *:*                     LISTEN      712/sshd        

tcp        0      0 *:smtp                  *:*                     LISTEN      1139/master     

tcp        0      0 *:submission            *:*                     LISTEN      1139/master     

tcp        0    200 mail.home.wjkeenan.:ssh 10.0.4.83:62309         ESTABLISHED 1267/sshd: wjk [pri

tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      672/dovecot     

tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      1/init          

tcp6       0      0 [::]:urd                [::]:*                  LISTEN      1139/master     

tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      712/sshd        

tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      1139/master     

tcp6       0      0 [::]:mysql              [::]:*                  LISTEN      935/mysqld      

tcp6       0      0 [::]:submission         [::]:*                  LISTEN      1139/master     

That's ok, it listens on ipv4 and ipv6 when tcp6 is shown in netstat. Just be aware that it is listenin on localhost only at the moment as [::] is localhost.

I need to understand the certificate configuration created by following this article. This meant Indded to do some searching and reading. I came across https://bettercrypto.org, which is a resource I am finding helpful. Specifically, the draft of Applied Crypto Hardening. This guide offers some concrete configuration recommendations for Postfix and Dovecot.

As I work on locking down my perfect server with my own certificate, I'm doing some verification. In my case, I created a new VM from 15.10, and followed the steps in this article (including 8.2, but not 8.3). Depending on where you started, you may see something different.

I should appeciate a reply by someone who knows the best practice for the owner, group, and mod of /var/lib/apache2/fastcgi. Of course, perhaps configtest is being too liberal, and we don't want httpd to have write access.

apachectl configtest

AH00526: Syntax error on line 4 of /etc/apache2/mods-enabled/fastcgi.conf:

FastCgiIpcDir /var/lib/apache2/fastcgi: access for server (uid 1000, gid 1000) failed: write not allowed

Action 'configtest' failed.

The Apache error log may have more information.

cat /etc/apache2/mods-enabled/fastcgi.conf

<IfModule mod_fastcgi.c>

  AddHandler fastcgi-script .fcgi

  #FastCgiWrapper /usr/lib/apache2/suexec

  FastCgiIpcDir /var/lib/apache2/fastcgi

</IfModule>

ll /var/lib/apache2

total 28

drwxr-xr-x  7 root     root     4096 Nov 24 10:26 ./

drwxr-xr-x 62 root     root     4096 Nov 24 10:55 ../

drwxr-xr-x  3 root     root     4096 Nov 24 10:20 conf/

drwxr-xr-x  3 www-data www-data 4096 Nov 24 10:27 fastcgi/

drwxr-xr-x  3 www-data www-data 4096 Nov 30 06:31 fcgid/

drwxr-xr-x  5 root     root     4096 Nov 24 10:23 module/

drwxr-xr-x  3 root     root     4096 Nov 24 10:20 site/

Great detailed article. Shed some lights on a few problems I was having with ubuntu 15.10. The deprecated suphp being the worst of them.

I am interested in this OVA/OVF appliance you mentioned, but could not find any download link for it. Is it still available?

The download is still available, scroll up the page and take a look at the menu on the right side, there is a big red download icon with the download link below.

This is a nice, complete tutorial on getting a web server up and running.  However, I wish you had explained more about what you're doing and why.  So instead of just saying 'do this', say 'do this...here is what it does and why'.  While my server is up and running and will server my home page, I have not been able to get anything else to work.  I can't log into phpMyAdmin using root...from my research it looks like it's because the root user in MySQL is "IDENTIFIED VIA unix_socket", but I've not found a way to make it work...I've tried using socat and netcat to redirect a different port through the MySQL socket with no success.  I created an FTP user following other examples on the web but can't log in from a remote PC.  I'm assuming there's some security mechanism in place, but where?    It looks like MySQL and Pure-Ftp are somehow connected, but how (I say this because of the 'service pure-ftp-mysql restart' command).  Perhaps you can publish a followup turtorial on how to actually use the server and it's many pieces once it's set up and running.

I've considered starting over and creating my web server using Xampp and adding in Pure-FTP.  I've had a Xampp server running for over 3 years and despite all the 'security risk' warnings I've only had one instance when someone disabled my server.  Fortunately I do daily backups and was up and running again rather quickly.

Rich

I guess you haven't followed the guide till the end and therefor did not Install ISPConfig, ISPConfig is the control panel for this setup. Adding a FTP user is plain easy, just login to ISPConfig, click on new FTP user, enter the username and password and then click on save, That's all.

Regarding a follow-up tutorial that explains how the setup is used in detail, this tutorial exists and we refer you twice to that guide above, its is named "The ISPConfig manual" and you can get it here: https://www.howtoforge.com/download-the-ispconfig-3-manual It describes on more than 370 pages in detail incl. screenshots how to use any aspect of the above hosting setup.

Thanks for the reply till.  Yes, I did install ISPConfig.  It looks like I'll have to break down and spend money on the manual...I was hoping to avoid that.

Sorry, but this is silly, amavisd-new will not start at all.  I have this problem on a production server so I decided to try making a contained, new, virtual machine and it still won't start.  Have you any clue why?

The most likely reason for a non-starting amavisd is a wrong hostname. Check that:

hostname -f

returns a fully qualified domain name like server1.example.com. If it returns a non-valid or incomplete hostname, then amavisd will not start.

I just thought i would mention in som cases it is main.inc.php instead of config.inc.php where you put $rcmail_config['default_host'] = 'localhost';

The password for the download esxi password for the ISPconfig site doesn't work. Could you update this?

The password works fine for me. ISPCondfig login is username: admin and password: admin and the other passwords are all "howtoforge", and there is a linux shell user with username "administrator" and password"howtoforge" as well as the root SSH Login is forbidden by default in Debian, so you login as administrator first and then su to root.

Bonjour,

j'ai téléchargé l'image pour vmware et je souhaite changer la taille du disque j'ai cherché plusieurs tutos mais je n'ai pas compris comment faire entre le disque physique et le lvm

merci de votre aide

Hello,

I am using the vmware image and I try to add ZendGuardLoader but i can't get it work.

Could you please help me for that ?

This setup is a standard Ubuntu setup that uses the Ubuntu Default packages for all PHP related things. Ask the Zend support for installation instructions of their software for Ubuntu 15.10.

Hello,

I am trying to install ZendGuarLoader but it's not working. In fact when i try with a terminal session it seems to work correctly because a php - m and v let me see the module as activated.

But when i try with apache it's not working and this is the way i need it to work. I had read a lot of stuff about this extension but i can't get it work with apache.

Thanks in advance for any aswer or suggestion

Ubuntu has several php.ini files, you have t ensure that you install ZendGauard Loader in all of them:

Commandline PHP: /etc/php5/cli/php.iniApache MOD-PHP: /etc/php5/apache2/php.iniApache PHP-FCGI and CGI: /etc/php5/cgi/php.iniApache PHP-FPM: /etc/php5/fpm/php.ini

Then restart php-fpm and apache. In case that you used the custom php.ini field for a website in ispconfig, then run Tools > Resync on the websites after you changed the php.ini's above to apply your changes.

After the installation has been a mistake.

Job for amavis.service failed because the control process exited with error code. See "systemctl status amavis.service" and "journalctl -xe" for details.

systemctl status amavis.serviceâ amavis.service - LSB: Starts amavisd-new mailfilter   Loaded: loaded (/etc/init.d/amavis)   Active: failed (Result: exit-code) since mié 2016-01-06 23:19:29 CET; 24s ago     Docs: man:systemd-sysv-generator(8)  Process: 1909 ExecStart=/etc/init.d/amavis start (code=exited, status=1/FAILURE)

ene 06 23:19:29 factorypc amavis[1909]: Starting amavisd:   The value of variable $myhostname is "factorypc", but should have beenene 06 23:19:29 factorypc amavis[1909]: a fully qualified domain name; perhaps uname(3) did not provide such.ene 06 23:19:29 factorypc amavis[1909]: You must explicitly assign a FQDN of this host to variable $myhostnameene 06 23:19:29 factorypc amavis[1909]: in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host'sene 06 23:19:29 factorypc amavis[1909]: network name!ene 06 23:19:29 factorypc amavis[1909]: (failed).ene 06 23:19:29 factorypc systemd[1]: amavis.service: Control process exited, code=exited status=1ene 06 23:19:29 factorypc systemd[1]: Failed to start LSB: Starts amavisd-new mailfilter.ene 06 23:19:29 factorypc systemd[1]: amavis.service: Unit entered failed state.ene 06 23:19:29 factorypc systemd[1]: amavis.service: Failed with result 'exit-code'.

I followed your tutorial step by step.

The reason for your error is that you have used a wrong hostname for your server. The tutorial instructs you to set a fully qualified domain nam as hostname (e.g. server1.example.com) but you set "factorypc" as hostname which is not a fully qualified domain name and therefor amavis could not start. Set a correct hostname in /etc/hostname, /etc/mailname and /etc/hosts and then restart the server to fix this issue.

THANK YOU!! 

I have your own domain, installing ispconfig would it?

and change the default host to localhost:

$rcmail_conf must be $config

Adn i can't send email from Roundcube. When i click on the Send button, nothing happens.

Please post in the forum here at howtoforge to get help with your configuration issue.

Hey, thanks a lot for the great guide. its easy to follow and (almost) everything works...the command to create the ssl key for ftp isnt working... and when its all done everythings runs nice except for the ftp, ISPconfig says that the service is offline. Though i can login to (only) SFTP but i need to login with the user created in ubuntu server itself.

Probably ive done something wrong somewhere... please help... i cant wait to put this to good use...

also, you say there is a download for the VM but i cant fiend the link?...

The command to create a ssl cert should be ok, I just tested it. Please delete the ssl cert and rerun the openssl command to create a new cert. OpenSSL can be a bit picky, when you enter details that openssl dont understands, then it may fail silently.

> also, you say there is a download for the VM but i cant fiend the link?...

See right menu, "vmware image download"

Great tutorial! However I cannot get the SMTP to work on my server at all. I am renting a dedicated server and I just cannot get it to work. 

Community support for ISPConfig is available in the forum here at howtoforge. Please post there to get help with your smtp problem.

Have tried using mariadb. I fee the old msql is still better as it is more compatible with various applications.

Hello, I don't see any virtual machine disk image mentioned at 18.2.

See menu on the right side at the top of the article.

Hi,

roundcube isn't working correctly. I can't send and recieve mails.

Maybe it is because I insert an wrong server mail name through the installation: 6. xyz.de instead of mail.xyz.de 

How can I change this again.

Best regards,

Alex

Thank you for an almost a flawless installation manual but in Step 16, in the final '<Enter>' I got the following error:

Installing ISPConfig crontab

no crontab for root

no crontab for getmail

Restarting services ...

Job for amavis.service failed because the control process exited with error code. See "systemctl status amavis.service" and "journalctl -xe" for details.

Installation completed.

The most likely reason for a failed amavis start is a wrong hostname, take a look into the /var/log/mail.log file. If you need help, please post in the forum.

This looks as though it could work.  It is really hard to say because after installing 15.10 and rebooting, the screen is full of continous loops that complain about the AMD-Vi.  Passing "iommu=pt" used to work on the 15.04 kernel but this is clearly not the case on the 15.10 kernel.  Something has changed and it certainly has not been for the better.

Because I still learn Ubuntu, Apache, PHP and so, I've installed several or much more servers like that :). Servers work and there are no special problems but one - I can't log in to phpmyadmin as root. Actually, once or twice I can do it, but I have no idea why. But most of all - I can't do it. What is the problem?

Hi There;

I loved the tutorial and the VM that you can download and just run with - thank you for this. I've run into a problem with the vm, I am hoping you folks can help me - the mysql DB stopped running yesterday for no reason - it's been up and running since deployment with no issues. When I manually restart it, I get an error that it failed to start. In phpmyadmin I get a message that the configuration for the contrluser failed - in the log files, I get what appears to be file permission issues on the mysql dr. however, I've confirmed that the mysql user and group are owners of all files -

Looking forward to suggestions!

Please make a post in the forum here at howtoforge where you post the exact error messages that you get in the syslog.

Very good tutorial. Just some screen disarrangements,

Thansk.