HowTo install ISPConfig on a STRATO-Server with Debian 3.1

Discussion in 'Tips/Tricks/Mods' started by TobiasTM, Apr 18, 2006.

  1. TobiasTM

    TobiasTM New Member HowtoForge Supporter ISPConfig Developer

    Based and abuttet to the HowTo - The Perfect Setup Debian Sarge (3.1) - of Falko Timme I wrote this HowTo for STRATO-Server, because Strato has some specifics in it´s Debian Sarge (3.1) - Image. :eek:

    Let me say first: This is one way of many possible, but I try this more than one time and it works.
    Anyway I must say to you, too -> If you use this HowTo you do it on your own risk ! You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image !
    If you have question mail me or send me a PM.

    If you want to have it in german language please mail me, too.
    >>Wer diese Anleitung auf deutsch haben möchte, muss mir nur eine eMail oder PN schreiben.<<

    You will need:
    • a Strato - Dedicatet Server
    • WinSCP3 and Putty or similar software on your computer at home

    We use (based on the HowTo by Falko Timme) for the Server:
    • Apache 2 as web-server
    • Postfix as mailserver
    • Courier-POP3 and Courier-IMAP for eMail, too
    • BIND as DNS-server
    • proftpd as FTP-server
    • Webalizer for statistics

    STEP 1
    Install a new Debian-Image 3.1 with the Strato-Konfigurationsmenü
    • ->Serverkonfiguration
    • ->Neuinstallation
    • mark the Box and
    • choose Debian GNU/Linux 3.1 für Profis
    • click on weiter
    • fill in the code you will see
    Don´t forget: You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image !
    • click on weiter
    • wait until you get the eMail from Strato that the reinstallation is finished.

    STEP 2
    Update the Debian Sarge Image
    • login your server as root by Putty
    • copy here the code and paste it in Putty
    • follow the instructions
    Code:
    apt-get update
    If you´re asked that you want to stop now, ´cause a new kernell will be installed answer with no.
    But don´t forget to reboot your server after this upgrade.
    Code:
    apt-get dist-upgrade
    Code:
    apt-get upgrade
    (If someone said, that this is to much update and -grade, let me first answer:
    I try it many times and it works everytime a little bit other - and rather one time often than one time too little.)


    STEP 3
    Add some more nameservers
    • open and edit the file /etc/resolv.conf
    • add some more nameservers (only if you want)
    Code:
    nameserver 81.169.163.104
    nameserver 81.169.163.106
    search serverkompetenz.net
    nameserver [I]ip.number.from.another[/I]
    STEP 4
    Setting the hostname
    Instead of server1.example.com put in your real serverdomain (h12345.serverkompetenz.net)
    Code:
    echo [I]server1.example.com[/I] > /etc/hostname
    /bin/hostname -F /etc/hostname
    STEP 5
    Install needed and missing software and remove unneeded software
    Code:
    apt-get install make gcc wget flex bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx fileutils
    Answer the questions with the default answers.
    Code:
    update-rc.d -f exim remove
    update-inetd --remove daytime
    update-inetd --remove telnet
    update-inetd --remove time
    update-inetd --remove finger
    update-inetd --remove talk
    update-inetd --remove ntalk
    update-inetd --remove ftp
    update-inetd --remove discard
    /etc/init.d/inetd reload
    STEP 6
    Install and configure quota
    Code:
    apt-get install quota quotatool
    Answer the question with no.
    • open and edit the file /etc/fstab
    Code:
    # /etc/fstab: static file system information.
    #
    # file system     mount point    type     options                  dump pass
    /dev/sda1         /boot          ext2     nosuid,nodev             0    2
    /dev/sda2         none           swap     sw                       0    0
    /dev/sda3         /              ext3     defaults,errors=remount-ro,usrquota,grpquota 0       1
    proc              /proc          proc     defaults                 0    0
    
    • run the following steps:
    Code:
    touch /quota.user /quota.group
    chmod 600 /quota.*
    mount -o remount /
    quotacheck -avugm
    quotaon -avug
    STEP 7
    Install and configure bind9 the DNS-Server
    Code:
    apt-get install bind9
    /etc/init.d/bind9 stop
    • open and edit the file /etc/default/bind9
    Code:
    OPTIONS="-u bind -t /var/lib/named"
    • run the following steps:
    Code:
    mkdir -p /var/lib/named/etc
    mkdir /var/lib/named/dev
    mkdir -p /var/lib/named/var/cache/bind
    mkdir -p /var/lib/named/var/run/bind/run
    mv /etc/bind /var/lib/named/etc
    ln -s /var/lib/named/etc/bind /etc/bind
    mknod /var/lib/named/dev/null c 1 3
    mknod /var/lib/named/dev/random c 1 8
    chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
    chown -R bind:bind /var/lib/named/var/*
    chown -R bind:bind /var/lib/named/etc/bind
    • open and edit the file /etc/init.d/sysklogd.
      But only the line SYSLOGD=""
    Code:
    SYSLOGD="-a /var/lib/named/dev/log"
    • run the following steps:
    Code:
    /etc/init.d/sysklogd restart
    /etc/init.d/bind9 start
    • open and check the file /var/log/syslog for any errors in the last few lines.

    STEP 8
    Install and configure MySQL
    Code:
    apt-get install mysql-server mysql-client libmysqlclient12-dev
    mysqladmin -u root password [I]replacethiswithyourrootmysqlpassword[/I]
    netstat -tap
    Now you should see something like:
    tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld


    STEP 9
    Install and configure Postfix the mail-server with POP3/IMAP
    • run the following steps:
    Code:
    apt-get install postfix postfix-tls procmail libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl
    Answer the questions in following steps:
    • yes
    • pop3 and pop3s
    • no
    • imap2/imaps
    • no
    • Internet Site
    • NONE
    • h12345.serverkompetenz.net
    • h12345.serverkompetenz.net, localhost.serverkompetenz.net, localhost
    • no
    • 127.0.0.0/8
    • 0
    • +
    • yes
    Run the following steps:
    Code:
    postconf -e 'smtpd_sasl_local_domain ='
    postconf -e 'smtpd_sasl_auth_enable = yes'
    postconf -e 'smtpd_sasl_security_options = noanonymous'
    postconf -e 'broken_sasl_auth_clients = yes'
    postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
    postconf -e 'inet_interfaces = all'
    echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
    echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
    For secure email-transport run the following steps:
    Code:
    mkdir /etc/postfix/ssl
    cd /etc/postfix/ssl/
    openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
    chmod 600 smtpd.key
    openssl req -new -key smtpd.key -out smtpd.csr
    openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
    openssl rsa -in smtpd.key -out smtpd.key.unencrypted
    mv -f smtpd.key.unencrypted smtpd.key
    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
    answer all the questions
    Code:
    postconf -e 'smtpd_tls_auth_only = no'
    postconf -e 'smtp_use_tls = yes'
    postconf -e 'smtpd_use_tls = yes'
    postconf -e 'smtp_tls_note_starttls_offer = yes'
    postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
    postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
    postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
    postconf -e 'smtpd_tls_loglevel = 1'
    postconf -e 'smtpd_tls_received_header = yes'
    postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    postconf -e 'tls_random_source = dev:/dev/urandom'
    
    /etc/init.d/postfix restart
    
    mkdir -p /var/spool/postfix/var/run/saslauthd
    • open and edit the file /etc/default/saslauthd that it looks like this:
    Code:
    # This needs to be uncommented before saslauthd will be run automatically
    [COLOR="Red"]START=yes
    
    PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"[/COLOR]
    
    # You must specify the authentication mechanisms you wish to use.
    # This defaults to "pam" for PAM support, but may also include
    # "shadow" or "sasldb", like this:
    # MECHANISMS="pam shadow"
    
    MECHANISMS="pam"
    
    • open file /etc/init.d/saslauthd and edit the PIDFILE-Entry that it looks like this:
    Code:
    PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
    Run the following step:
    Code:
    /etc/init.d/saslauthd start
    Create the new file /etc/c-client.cf with following content:
    Code:
    I accept the risk
    set disable-plaintext 0
    Run the following few steps:
    Code:
    /etc/init.d/inetd restart
    telnet localhost 25
    quit
    If you can see the lines
    250-STARTTLS
    250-AUTH LOGIN PLAIN

    everything is fine.


    STEP 10
    Install and configure Courier for Maildir-support
    Run the following step:
    Code:
    apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl
    Answer the questions in following steps:
    • no
    • Maildir (ok)
    • OK
    Run the following steps:
    Code:
    postconf -e 'home_mailbox = Maildir/'
    postconf -e 'mailbox_command ='
    /etc/init.d/postfix restart
    Don´t forget to enable the Maildir-Support in ISPConfig-Menu !
     
    Last edited: Oct 13, 2006
  2. TobiasTM

    TobiasTM New Member HowtoForge Supporter ISPConfig Developer

    STEP 11
    Install and configure Apache - the server

    Run the following steps:
    Code:
    apt-get install apache2 apache2-doc
    apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick
    Answer all questions with yes

    • open and edit the file /etc/apache2/apache2.conf.
      But only the line DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
    Code:
    DirectoryIndex index.html index.htm index.shtml index.cgi index.php 
    • open the file /etc/mime.types.
    • comment out the following lines (with #):
    Code:
    #application/x-httpd-php                        phtml pht php
    #application/x-httpd-php-source                 phps
    #application/x-httpd-php3                       php3
    #application/x-httpd-php3-preprocessed          php3p
    #application/x-httpd-php4                       php4
    • open the file /etc/apache2/mods-enabled/php4.conf.
    • comment out the following lines (with #):
    Code:
    <IfModule mod_php4.c>
    #  AddType application/x-httpd-php .php .phtml .php3
    #  AddType application/x-httpd-php-source .phps
    </IfModule>
    • open the file /etc/apache2/ports.conf.
    • add the line Listen 443:
    Code:
    Listen 80
    [COLOR="Red"]Listen 443[/COLOR]
    • run the following steps:
    Code:
    a2enmod ssl
    a2enmod rewrite
    a2enmod suexec
    a2enmod include
    /etc/init.d/apache2 restart
    STEP 12
    Install and configure ProFTPd - the ftp-server

    • run the following step:
    Code:
    apt-get install proftpd
    Answer the question with initd.
    • open the file /etc/proftpd.conf.
    • add the following lines:
    Code:
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."
    • run the following step:
    Code:
    /etc/init.d/proftpd restart
    STEP 13
    Install and Webalizer - the Logfile-analyzer

    • run the following step:
    Code:
    apt-get install webalizer
    Answer the questions in following steps:
    • /var/www/webalizer
    • Usage Statistics for
    • /var/log/apache/access.log.1

    STEP 14
    Install some Perl-modules
    • run the following step:
    Code:
    perl -MCPAN -e shell
    Answer the question with no !
    • go ahead by running the following steps:
    Code:
    install HTML::Parser
    install DB_File
    install Net::DNS
    q
    apt-get install libdigest-sha1-perl libnet-dns-perl libpoe-component-client-dns-perl razor libio-socket-inet6-perl libdb-file-lock-perl libarchive-tar-perl
    If there comes a question with test answer with no.
    The other questions with yes.

    Here is the rest you waited for: ;)

    STEP 15
    Install and configure ISPConfig
    • run the following steps:
    Code:
    cd /root
    wget [I]typeinhereyourfavoritemirror[/I]
    tar xvfz ISPConfig-[I]2.2.7[/I].tar.gz
    cd install_ispconfig
    ./setup
    Answer the questions like that:
    • pleasemakeyourownchoise
    • y
    • y
    • 1
    • y
    • y

    And know you have to wait...and pray :p

    The next few questions you have to answer like this:
    (these questions are for the SSL-Server-certificates)
    • R
    • typeinhereyourcountrycode-like-DE or US or UK...
    • typeinhereyourstate
    • typeinhereyourcity
    • typeinhereyourorganizationname
    • typeinhereyourorganizationunitname
    • typeinhereyourname
    • typeinhereyouremailadress
    • 3650 (this mean your certificate validity is 10 years)
    • 3
    • typeinhereyourcountrycode-like-DE or US or UK...
    • typeinhereyourstate
    • typeinhereyourcity
    • typeinhereyourorganizationname
    • typeinhereyourorganizationunitname
    • typeinhereyourinternetadress
    • typeinhereyouremailadress
    • 3650 (this mean your certificate validity is 10 years)
    • 3
    • n (! in step 7 of the setup)
    • n (! in step 8 of the setup)

    And know you have to wait...and pray again, ´cause it can take a little while :D

    Now there comes some questions needed by Spamassassin:
    • typeinhereatext

    Last there are some questions about the configuration.
    Answer it like the following:
    • localhost
    • root
    • typeinhereyourmysqlpassword
    • db_ispconfig (it´s the default)
    • typeinhereyourserverIP like 85.123.456.789
    • h123456
      [*]serverkompetenz.net
      [*]1 (it´s more secure with SSL)


    That´s it - if you don´t see any ERROR-Message -> CONGRATIOLATIONS
     
    Last edited: Oct 13, 2006
  3. FryShadow

    FryShadow New Member

    we will waiting for your tutorial.. thanks anyway
     
  4. TobiasTM

    TobiasTM New Member HowtoForge Supporter ISPConfig Developer

    So - that´s it... :D

    The tutorial for the HowToForge I will edit in next time ;)
    Have a lot of fun with ISPconfig !

    If you find an error in my HowTo, please mail me or send me a private message.
     
    Last edited: Jul 14, 2006
  5. TobiasTM

    TobiasTM New Member HowtoForge Supporter ISPConfig Developer

    The HowTo is finished !

    You can see it here.

    I will keep it up-to-date.
     
  6. TobiasTM

    TobiasTM New Member HowtoForge Supporter ISPConfig Developer

    I´ve updated the HowTo and the complete Thread in here.

    Have a lot of Fun with it ;)
     
  7. eLKane

    eLKane New Member

    Step 8:
    i type "netstat -tap"

    Code:
    Aktive Internetverbindungen (Server und stehende Verbindungen)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 h1095988.serverk:domain *:*                     LISTEN     11445/named
    tcp        0      0 localhost:domain        *:*                     LISTEN     11445/named
    tcp        0      0 localhost:953           *:*                     LISTEN     11445/named
    tcp        0      0 localhost:smtp          *:*                     LISTEN     601/exim4
    tcp6       0      0 *:ssh                   *:*                     LISTEN     9061/sshd
    tcp6       0      0 localhost:953           *:*                     LISTEN     11445/named
    tcp6       0      0 h1095988.serverkomp:ssh p54AFBC7C.dip0.t-:65038 VERBUNDEN  8211/0
    tcp6       0    908 h1095988.serverkomp:ssh p54AFBC7C.dip0.t-:65039 VERBUNDEN  8213/1
    There is nothing like "tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld"

    Server: Strato PowerServer Debian 3.1

    [ EDIT:
    Edit /etc/my.cnf
    comment out skip-networking
    bind-address = 127.0.0.1
     
    Last edited: Nov 27, 2006
  8. eLKane

    eLKane New Member

    I can't see this lines =)
     
    Last edited: Nov 27, 2006
  9. TobiasTM

    TobiasTM New Member HowtoForge Supporter ISPConfig Developer

    Do you follow the steps here in the forum or in the HowTo ?
    Because the HowTo is more up to date.

    PS: If you want I can send you the german HowTo by email.
     
  10. hendry

    hendry New Member

    Is this setup checked with the latest software at Strato? Because when following it I cannot set the quota and I have a problem starting Proftpd. I'm now setting up the server once more to see if I did something wrong
     
  11. hendry

    hendry New Member

    Same here, I looked in the my.cnf and there is no skip-networking in it. Bind address is already in it
     
  12. TobiasTM

    TobiasTM New Member HowtoForge Supporter ISPConfig Developer

    Hi,

    this setup is made with the current version of the debian 3-image that you can install from the Strato-"Kundenmenü" (www.config.strato.de)

    Please besure, to use the How-To in the "How-To-Area", ´cause this is a little bit more update. ;) http://www.howtoforge.com/perfect_setup_debian_sarge_strato

    I hope this will help you.

    Greets - Tobi
     
  13. d3v1ous

    d3v1ous New Member

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)

    Yeah it's work greatest.
     

Share This Page