Comments on The Perfect Server - Ubuntu 14.04 (nginx, BIND, MySQL, PHP, Postfix, Dovecot and ISPConfig 3)

The Perfect Server - Ubuntu 14.04 (nginx, BIND, MySQL, PHP, Postfix, Dovecot and ISPConfig 3) This tutorial shows how to prepare an Ubuntu 14.04 (Trusty Tahr) server (with nginx, BIND, Dovecot) for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers nginx (instead of Apache), BIND (instead of MyDNS), and Dovecot (instead of Courier).

27 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Pete Williams

I found another solution to the 502 error when attempting to access ISPConfig when using nginx.  I used the instructions here:

http://stackoverflow.com/questions/23443398/nginx-error-connect-to-php5-fpm-sock-failed-13-permission-denied

The issue is related to PHP update to mitigate security risk per this page:
  1. Open /etc/php5/fpm/pool.d/www.conf
  2. Remove comment prefix # from all permission lines, like:

    listen.owner = www-data

    listen.group = www-data

    listen.mode = 0660
  3. Restart fpm - sudo service php5-fpm restart

 

By: Killozap

You will get a error-message at first when trying to start the admin-page of ispconfig, don't try to use the changes in one comment here, only restart your server and it works!

 When you do the mentioned changes here, it wors, and after the next restart, it will not function anymore.

By:

I have created an ansible script does steps 8 and further in this howto on a clean ubuntu machine. Steps 1-7 are about providing the clean ubuntu machine.

See: https://github.com/wiebew/ispconfig_install

By: Mario

I followed the guide installing on a Microsoft Azure server without getting any problem.I get a strange error : i cannot list directories when i connect by FTP, i get a timeout of 20 seconds.I've tested connecting in Google Chrome and the problem is still there.How to fix?

By: lolo888

For cgi-bin/mailman > error 403 > http://forum.nginx.org/read.php?2,227508,227548#msg-227548

put "include /etc/nginx/fastcgi_params;"

after

fastcgi_intercept_errors on;

enjoy!

By: Andre

Hi,

I have a lots of errors (Ubuntu 14.04.2, 3.0.5.4p5).

FTP.

I need to do this for pure-ftpd:

echo 'yes' > Daemonizeecho 'yes' > VerboseLogecho ,21 > Bindecho 50100 50200 > PassivePortRangeecho 1000 > MaxClientsPerIPecho 1000 > MaxClientsNumberecho yes > NoAnonymous

 

This allows me to sent magento files to the server. Still there were couple (300+) failed transfers.

Database.

I can create user, but he is not appeared when I creating database and moreover I can create database even I have not defined a user. Magento fail to install :(

Nginx.

Only this config allows me to run (not to complete install) of magento:

  location / {    index index.html index.php; ## Allow a static html file to be shown first    try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler    expires 30d; ## Assume all files are cachable  }    ## These locations would be hidden by .htaccess normally  location /app/                { deny all; }  location /includes/           { deny all; }  location /lib/                { deny all; }  location /media/downloadable/ { deny all; }  location /pkginfo/            { deny all; }  location /report/config.xml   { deny all; }  location /var/                { deny all; }

  ## http://vvv.tobiassjosten.net/nginx/generate-htpasswd-for-nginx/  location /var/export/ { ## Allow admins only to view export folder    auth_basic           "Restricted"; ## Message shown in login window    auth_basic_user_file /home/lumz/public_html/.htpasswd; ## See /etc/nginx/htpassword    autoindex            on;  }   ## Disable .htaccess and other hidden files  location ~ /\. {    deny all;    access_log off;    log_not_found off;  }  location @handler { ## Magento uses a common front handler    rewrite / /index.php;  }    location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler    rewrite ^(.*.php)/ $1 last;  }

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini location ~ .php$ {    if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss    expires        off; ## Do not cache dynamic content

    fastcgi_pass   unix:/var/run/php5-fpm.sock;    fastcgi_param GATEWAY_INTERFACE CGI/1.1;    fastcgi_param SERVER_SOFTWARE nginx;    fastcgi_param DOCUMENT_ROOT /home/lumz/public_html;   fastcgi_param QUERY_STRING $query_string;   fastcgi_param REQUEST_METHOD $request_method;   fastcgi_param CONTENT_TYPE $content_type;   fastcgi_param CONTENT_LENGTH $content_length;   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;   fastcgi_param SCRIPT_NAME $fastcgi_script_name;   fastcgi_param REQUEST_URI $request_uri;   fastcgi_param DOCUMENT_URI $document_uri;   fastcgi_param SERVER_PROTOCOL $server_protocol;   fastcgi_param REMOTE_ADDR $remote_addr;   fastcgi_param REMOTE_PORT $remote_port;   fastcgi_param SERVER_ADDR $server_addr;   fastcgi_param SERVER_PORT $server_port;   fastcgi_param SERVER_NAME $server_name;   fastcgi_param HTTPS $https;    fastcgi_param  MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores    fastcgi_param  MAGE_RUN_TYPE store;    include        /etc/nginx/fastcgi_params; ## See /etc/nginx/fastcgi_params }

 

Database user solution? Anyone?

Thank you.

 

 

By: till

I installed the same tutorial today for a customer without any changes and it works fine, no issues at all.

 

The pure-ftpd things that you describe are only required if you block ports with a firewall. 

 

The magento config that you posted is not fully compatible with ispconfig as you try to override the php setup so that all php files run under a wrong owner and you refernce directries like /home/... which are outside of the website.So remove the php config and set the corrcet path to the auth file.

 

Regarding saabase user: a database user gets created when you create the first database for it. Creating a mysql user when there is no database that it can be used for makes no sense and therefor it gets created together with the databse.

By: JamesB

service networking restart does not work in Ubuntu 14.04 and according to official Ubuntu documents the correct method for reseting networking connections in Ubuntu 14.04 is using ifdown <interface> followed by ifup <interface>.

By: alioune9

 je n'arrive pas à acceder à ispconfig

message apache :AH00548 : NameVirtualHost has no effect and will be removed in the next release  /etc/apache2/sites-enbled/000-ispconfig.conf:62

error.log de apache

[Thu Apr 30 10:13:58.191862 2015] [mpm_prefork:notice] [pid 11687] AH00169: caught SIGTERM, shutting down[Thu Apr 30 10:13:59.201576 2015] [ssl:warn] [pid 12291] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)[Thu Apr 30 10:13:59.201635 2015] [ssl:warn] [pid 12291] AH01909: RSA certificate configured for hpserver.dcsi.bf:8080 does NOT include an ID which matches the server name[Thu Apr 30 10:13:59.201760 2015] [suexec:notice] [pid 12291] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)[Thu Apr 30 10:13:59.212497 2015] [auth_digest:notice] [pid 12293] AH01757: generating secret for digest authentication ...[Thu Apr 30 10:13:59.226996 2015] [ssl:warn] [pid 12293] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)[Thu Apr 30 10:13:59.227017 2015] [ssl:warn] [pid 12293] AH01909: RSA certificate configured for hpserver.dcsi.bf:8080 does NOT include an ID which matches the server name[Thu Apr 30 10:13:59.229142 2015] [mpm_prefork:notice] [pid 12293] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f configured -- resuming normal operations[Thu Apr 30 10:13:59.229173 2015] [core:notice] [pid 12293] AH00094: Command line: '/usr/sbin/apache2'

By: Fabienne

Hello, I installed my server with your tutorial and everything works perfectly. Thank you!

I just have one problem with squirrelmail. Whenever I send a mail, create an folder or delete one, I get a 500 error from nginx.

The logs: [error] 4416#0: *193 rewrite or internal redirection cycle while internally redirecting to "/error/404.html"

The folders are created or deleted, the mails get sent, but I always first have this error message, reloading the page makes it disappear.

Could you please help?

Thank you

By: Ken

Would you please provide a step by step guide for how to use the ansible script?

I got the error...

debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try.

Permission denied (publickey,password). 

By: DDArt

Will there be a tutorial on the 15.x Ubuntu or can we use the Ubuntu 15.x Apache Tutorial but just install NGINX instead of Apache and it should work.  Thanks,

 

By: till

There will be a tutorial for 15.04. Using the apache guide will probably not work.

By: Agustin

Perfect John!!!!

Thanks

By: Yugo Pangestu

Thank you very much .. post your very nice and complete. just a pity that there is an error at the end of nginx. and thanks also to John Kounis already helped to resolve problems over the past ..

By: Omar

Thanks John!

By: Val

Setup went well and all works perfectly!...apart from email.

Unable to sent or recieve.  Seems like an SSL issue?

Can anuone help?

Part of mail log below:

=====

Sep 27 10:05:02 valtech1 postfix/smtps/smtpd[3913]: SSL_accept error from localhost[::1]: lost connectionSep 27 10:05:02 valtech1 postfix/smtps/smtpd[3913]: lost connection after CONNECT from localhost[::1]Sep 27 10:05:02 valtech1 postfix/smtps/smtpd[3913]: disconnect from localhost[::1]Sep 27 10:05:02 valtech1 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, se$Sep 27 10:05:02 valtech1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<tGZI4LY$Sep 27 10:05:03 valtech1 postfix/smtps/smtpd[3790]: SSL_accept error from localhost[::1]: Connection timed outSep 27 10:05:03 valtech1 postfix/smtps/smtpd[3790]: lost connection after CONNECT from localhost[::1]Sep 27 10:05:03 valtech1 postfix/smtps/smtpd[3790]: disconnect from localhost[::1]Sep 27 10:07:22 valtech1 postfix/master[2148]: terminating on signal 15Sep 27 10:07:23 valtech1 postfix/master[4095]: daemon started -- version 2.11.0, configuration /etc/postfixSep 27 10:07:35 valtech1 dovecot: anvil: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)Sep 27 10:07:35 valtech1 dovecot: log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)Sep 27 10:07:35 valtech1 dovecot: master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)Sep 27 10:07:35 valtech1 dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled)Sep 27 10:09:58 valtech1 dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<[email protected]>, m$Sep 27 10:10:02 valtech1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<Jjsi8rY$Sep 27 10:10:02 valtech1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<0D8i8rY$Sep 27 10:10:02 valtech1 postfix/smtps/smtpd[4186]: connect from localhost[::1]Sep 27 10:10:02 valtech1 postfix/smtps/smtpd[4186]: SSL_accept error from localhost[::1]: lost connectionSep 27 10:10:02 valtech1 postfix/smtps/smtpd[4186]: lost connection after CONNECT from localhost[::1]Sep 27 10:10:02 valtech1 postfix/smtps/smtpd[4186]: disconnect from localhost[::1]Sep 27 10:10:13 valtech1 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=4212, se$Sep 27 10:10:13 valtech1 dovecot: imap([email protected]): Disconnected: Logged out in=44 out=843Sep 27 10:10:13 valtech1 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=4214, se$Sep 27 10:10:13 valtech1 dovecot: imap([email protected]): Disconnected: Logged out in=261 out=1722Sep 27 10:10:13 valtech1 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=4216, se$Sep 27 10:10:13 valtech1 dovecot: imap([email protected]): Disconnected: Logged out in=117 out=1541Sep 27 10:10:38 valtech1 postfix/smtps/smtpd[4186]: connect from localhost[::1]Sep 27 10:11:38 valtech1 postfix/smtps/smtpd[4186]: SSL_accept error from localhost[::1]: -1Sep 27 10:11:38 valtech1 postfix/smtps/smtpd[4186]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown $Sep 27 10:11:38 valtech1 postfix/smtps/smtpd[4186]: lost connection after CONNECT from localhost[::1]

===========

By: marcnz

I am following through and I have the following errors with fail2ban:

[root@s1 tmp]# service fail2ban restart

 * Restarting authentication failure monitor fail2ban                           ERROR  Found no accessible config files for 'filter.d/pureftpd' under /etc/fail2ban

ERROR  Unable to read the filter

ERROR  Errors in jail 'pureftpd'. Skipping...

                                                                         [fail]

 

I have created a file as instructed /etc/fail2ban/pureftp.conf, although there is already a file called /etc/fail2ban/pure-ftp.conf. 

 

I also have an error at an earlier stage with jailkit saying that there are no socket defined in the configuration and it cannot be installed.

Any idea?

This is what has always put me off ISPConfig3. It is so difficult to prepare following this tutorial. Unfortunately there are no other. I really appreciate the tutorial as I do need it. But it is frustrating to get this type of error when following it to the letter. Using Ubuntu server 10.04.3 release.

By: till

Hi,

this tutorial is for Ubuntu 14.04, when you use Ubuntu 10.04 then your server OS version is wrong for this tutorial and therefore the tutorial must fail. I used this tutorial last week, just copied all commands and it worked out of the box for me. The tutorials are for exactly one OS version, they can't work for another version as each Ubuntu release requires a different setup. Ubuntu 10.04 is outdated, so you should reinstall your server with ubuntu 14.04. If you really want to use the outdated 10.04 Ubuntu version, then use the tutorial for this old version: https://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3

 

Btw: There is also an autoinstaller for ISPConfig available which works for Debian and Ubuntu 14.x and 15.x: https://www.howtoforge.com/tutorial/ispconfig-install-script-debian/

By: marcnz

I got it working. I had to remove the origial /etc/fail2ban/filter.d/pure-ftpd.conf and rename the file pureftp.conf to pureftpd.conf (forgot the d...)

After that the fail2ban service could finally restart.

By: ray de graaf

How do i change this settings to my vps server settings? For example: A VPS IP 142.133.3.142 address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4

By: Martin Stendersø

I got the 502 Bad Gateway error connecting to ISPConfig too, but a reboot of the server solved this! :)

By: eudesafp

Hello my friends!

 

I did this on my server setup already for some time and it works great!

 

But I have a doubt, when I create a ALIAS for an account, I see that when email comes in the box by ALIAS, does not pass through SpamAssassin do not know if also not go through ClamAV, like and whether this is normal, it would be good if passase both.

By: till

Emails go always trough amavis and clamav, just the default settings of amavis get applied when you have not selected a spamfilter policy for the domain.

By: Eudes

"spamfilter policy for the domain."

 

That's the key!

It is not set to go through the spam filter.

I'll do some tests!

 

Thank you for the quick response.

By: Max

Uhm, looks like this got copied verbatim from somewhere else. Why would *anyone* set PATH_INFO to be the script name? The idea behind PATH_INFO is to pass whatever has been passed right after the script name in the form of a path ...

By: Alexander

Rebooting the Ubuntu entire server fixed the 502 Bad Gateway error for me.