ubuntu 18.04 perfect server (apache) with mods.

Discussion in 'Installation/Configuration' started by nhybgtvfr, Dec 13, 2019.

  1. nhybgtvfr

    nhybgtvfr Active Member

    I've just been going through a new 18.04 clean install, and decided I wanted the latest versions of everything.
    so this is it.
    ubuntu 18.04 apache (using mpm_event) , using the ondrej repo's for php and apache2 (2.4.41), php7.4 as the default php, and using MariaDB 10.4.11, jailkit 2.21 and roundcube 1.4.1 with responsive interface and using rspamd, not installing amavis.

    it's all installed and working, I've not seen any issues with it. although it's still been less than 24 hours. so if anyone wants to update all those parts, or even just one, eg MariaDB, here's how.
    you'll still need to mostly follow the perfect server tutorials, I used this one: https://www.howtoforge.com/tutorial...pureftpd-bind-postfix-doveot-and-ispconfig/2/
    i'm only including stuff here where it diverges from the tutorial.
    i'm assuming mariadb 10.4 and roundcube 1.4.1 will be the default versions in ubuntu 20.04, so it could give you a bit of an head start testing those.

    Code:
    from clean ubuntu install, before starting perfect server tutorial:
    
    add-apt-repository ppa:ondrej/php
    add-apt-repository ppa:ondrej/apache2
    apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
    add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://ftp.igh.cnrs.fr/pub/mariadb/repo/10.4/ubuntu bionic main'
    
    
    follow tutorial up to configuring file /etc/mysql/mariadb.conf.d/50-server.cnf
    
    comment out mysql bind address, file changed to /etc/mysq/my.cnf
    
    run mysql_secure_installation - asks another question first, about swiching to unix socket authentication - answered no - continues with same questions as tutorial
    
    update mysql.user set plugin = 'mysql_native_password'   -- warning that it's not updatable, but appears to be set correctly.
    
    change passwords in debian.cnf --- file is empty.   left for now, will see if it causes any problems
    
    service mysql restart
    
    
    apt-get install redis-server lsb-release
    CODENAME=`lsb_release -c -s`
    wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
    echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
    echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
    apt-get update
    apt-get install rspamd
    echo 'servers = "127.0.0.1:6379";' > /etc/rspamd/local.d/redis.conf
    echo "nrows = 2500;" > /etc/rspamd/local.d/history_redis.conf
    echo "compress = true;" >> /etc/rspamd/local.d/history_redis.conf
    echo "subject_privacy = false;" >> /etc/rspamd/local.d/history_redis.conf
    systemctl restart rspamd
    
    continue with tutorial, but leave out amavisd-new (and the amavisd-new patch) from step 7. install amavisd-new, spamassin and clamav:
    
    apt-get install  spamassassin clamav clamav-daemon unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey
    service spamassassin  stop
    update-rc.d -f spamassassin remove
    freshclam
    service  clamav-daemon  start
    
    i didn't install Metronome XMPP Server, but if you do, it should be unchanged from the tutorial
    
    
    step 8. install apache, php etc:
    changed 1st step from:
    apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap phpmyadmin php7.2-cli php7.2-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt  imagemagick libruby libapache2-mod-python php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl memcached php-memcache php-imagick php-gettext php7.2-zip php7.2-mbstring php-soap php7.2-soap
    
    to
    
    apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php7.4 php7.4 php7.4-common php7.4-gd php7.4-mysql php7.4-imap phpmyadmin php7.4-cli php7.4-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt  imagemagick libruby libapache2-mod-python php7.4-curl php7.4-intl php7.4-pspell php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl memcached php-memcache php-imagick php-gettext php7.4-zip php7.4-mbstring php-soap php7.4-soap
    
    apt-get  install php7.4-tidy php-yaml (needed by one of our sites, you can ignore this)
    
    continue with tutorial...
    
    8.1 php opcode cache
    
    
    changed 1st part to apt-get install php7.4-opcache  php-apcu
    
    continue  with tutorial
    
    8.2 php-fpm
    
    changed 1st part to apt-get  install php7.4-fpm
    
    i want to use the mpm_event worker and php7.4-fpm by default so i  also did:
    
    a2dismod mpm_prefork php7.4
    a2enconf php7.4-fpm
    systemctl reload apache2
    a2enmod mpm_event
    systemctl restart apache2
    
    
    continue  with tutorial
    
      changed jailkit-2.19 to jailkit-2.21  adjust version numbers in tutorial commands, no other changes from tutorial.                                                                                               
    ** note here, i did have an issue with running ./debian/rules/primary where command dh_testdir was not found.
    i fixed this with apt-get install dh-make and re-running ./debian/rules/primary. i notice now that on the first step of installing jailkit, i accidentally missed out debhelper from the  apt-get install list. i'm  putting this issue down to that, but including what worked for me here just in case that wasn't the cause.
    
    continue with tutorial upto  and including installing roundcube (installs rouncube 1.3.6)
    install roundcube as per the tutorial to ensure all files/links are located in the expected places.
    
    i want roundcube 1.4.1, with the responsive interface, so now it's time to download that and upgrade the old version:
    
    cd ~
    wget https://github.com/roundcube/roundcubemail/releases/download/1.4.1/roundcubemail-1.4.1-complete.tar.gz
    tar -xvf roundcubemail-1.4.1-complete.tar.gz
    cd roundcubemail-1.4.1
    mkdir /usr/share/roundcube/config
    ./bin/installto.sh /usr/share/roundcube
    cd /usr/share/roundcube
    chown -R root:root  *
                                                                                                                                                                                                                       checking with a browser  http://ip/roundcube/installer that all requirements are met threw up a few issues.                                                                                                       
    firstly to  make sure that that url is  reachable
    cd /var/lib/roundcube
    ln -s /usr/share/roundcube/installer installer
    
    according to the installer page, the 3rd party libs net_IDNA2 and Net_LDAP3 are required, so:
    apt-get install php-net-idna2
    apt-get install php-net-ldap3
    
    *I only used the installer to check all the pre-requisites exist, not to install/configure it, you don't need to continue with the roundcube installer. 
    
    to enable the elastic skin:
    cd /var/lib/roundcube/skins
    ln -s /usr/share/roundcube/skins/elastic elastic
    
    edit /etc/roundcube/config.inc.php
    change line  80 to: $config['skin'] = 'elastic';
    
    
    install ispconfig as per tutorial,  install the ispconfig3 plugins for roundcube, as per instructions here: https://github.com/w2c/ispconfig3_roundcube/wiki/Installation
    
    cd /var/lib/roundcube/plugins
    ln -s /usr/share/roundcube/plugins/ispconfig3_account ispconfig3_account
    ln -s /usr/share/roundcube/plugins/ispconfig3_autoreply ispconfig3_autoreply
    ln -s /usr/share/roundcube/plugins/ispconfig3_autoselect ispconfig3_autoselect
    ln -s /usr/share/roundcube/plugins/ispconfig3_fetchmail ispconfig3_fetchmail
    ln -s /usr/share/roundcube/plugins/ispconfig3_filter ispconfig3_filter
    ln -s /usr/share/roundcube/plugins/ispconfig3_forward ispconfig3_forward
    ln -s /usr/share/roundcube/plugins/ispconfig3_pass ispconfig3_pass
    ln -s /usr/share/roundcube/plugins/ispconfig3_spam ispconfig3_spam
    ln -s /usr/share/roundcube/plugins/ispconfig3_wblist ispconfig3_wblist
    
    
    finish... 
     
  2. Casbot

    Casbot Member

    Im like you and like running the latest code for some things and so I upgraded my 1.36 Roundcube to the 1.4.1 per your instructions and everything worked fine. But is the Preview Pane removable or is that just part of 1.4.1? I've looked at all the settings and do not see one that turns off the Preview Pane and just lists the emails on the right.

    Thanks.
     
  3. nhybgtvfr

    nhybgtvfr Active Member

    if you enable the classic theme or the larry theme, you can still select a display option under layout (itself under mailbox view) that removes the preview pane. doesn't appear to be any such option under the elastic theme though.

    guess they assume it'll mostly be used on phones, and they don't want that opening each email in a completely now window.
     
  4. Casbot

    Casbot Member

    Yeah the elastic theme was what I was referring to. Guess I'll just have to learn to like the preview pane as I like having a contacts folder out there.
     
  5. Steini86

    Steini86 Active Member

  6. nhybgtvfr

    nhybgtvfr Active Member

    you could try the melanie2 roundcube theme. used it on 1.3.6 - 1.3.8, not tried it with 1.4.1 but considering larry and classic still work, i'm assuming it'll still be ok. it's more work to install, but it does let you set mailbox view to list (no preview)

    https://plugins.roundcube.net/packages/melanie2/mobile
     
    ahrasis likes this.
  7. ahrasis

    ahrasis Well-Known Member

    This is tricky. No issues using latest MariaDB 10.4.11?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    To make the question more specific, were you able to add databases and database users in ISPConfig sites module successfully? As far as I know, MariaDB 10.4 does not work with ISPConfig yet as it's not completely downwards compatible with older MariaDB versions, same with MySQL 8 btw.

    Note, it is likely that you will break your system by installing bleeding edge versions! For production systems, don't install newer software versions than the ones that are supported by ISPConfig and supported are the versions that ship with a supported operating system version.
     
  9. ahrasis

    ahrasis Well-Known Member

    That was what I experienced too. If you did overcome this @nhybgtvfr, do share your solutions.
     
  10. nhybgtvfr

    nhybgtvfr Active Member

    I've only done all this as a test instance, not for production. so far i've had no problems creating websites, databases, database users etc in ispconfig.
    although this is only for a single server, not a multi-server setup, which may complicate things more.

    the only issues I've noticed so far is when adding wordpress to a newly created site, it wouldn't connect to the database.
    I had to change the db host in wp-config.php from localhost to 127.0.0.1, then it connected ok.
    I don't know if that's related to answering no for switching to unix socket authentication when running MySQL_secure_installation.
    after this the wordpress install continues, but says there's a critical error. the logs indicate problems with date.timezone, which is set to 'Europe/London' in the php ini files.

    i'm hoping i'll have more time to look into those issues today.
     
    till likes this.
  11. nhybgtvfr

    nhybgtvfr Active Member

    ok, I've run through everything again, and I believe I may have messed up the php-fpm settings in ispconfig the first time around, before creating the client website.
    although wordpress was installing, I was just getting a blank screen for phpinfo.php on the client website, and I believe that same problem was the cause of the date.timezone errors.
    I've done it all again, still using php7.4 as the default (in fact, only) php, but using the standard ubuntu repo version of MariaDB, and wordpress can connect to the db with both localhost and 127.0.0.1, and there's no date.timezone errors, and phpinfo.php is ok.

    i'll do another clean install and try it all with MariaDB 10.4.11 again, setting all the ispconfig settings identical to this working version and see if I can avoid those errors this time. I won't have time to do that today, will hopefully get through it all tomorrow if I can avoid anymore pointless meetings with the PHB. :eek:


    I know @till doesn't like the bleeding edge versions on production servers, but sometimes it's the only option. eg the ubuntu repo versions of apache and phpMyAdmin will simply not pass PCI compliance testing.
     
    Steini86 likes this.
  12. ahrasis

    ahrasis Well-Known Member

    Not really true but for a server, stability is what most needed for all users. So if the bleeding edge versions like ondrej sury compiled php, then may be that can be promoted. Otherwise, we use the OS default stable version from its repo.
     
  13. nhybgtvfr

    nhybgtvfr Active Member

    ok. I've managed to go through everything again, using MariaDB 10.4.11, and everything seems to be working fine. no errors that I've noticed so far. just need to remember after installing ispconfig and before creating any accounts/websites, go through all the ispconfig settings and change all the php path settings from 7.2 to 7.4
    I've added a client account and assigned the client a domain ( I use domain limits ) then logged in as a user and created website, dns, database and database user. all without problems. I've installed and configured wordpress on the client site. again all working without creating any errors or warnings. wordpress connects to the database ok using both localhost and 127.0.0.1 in wp-config.php

    only errors/warnings I've seen so far are in phpMyAdmin, that's using the repo default 4.6.6. one of those is the ' count(): Parameter must be an array or an object that implements Countable' I know this is a bug, and there's a fix, just not applied to it, others are warning about deprecated php stuff. will try updating phpMyAdmin to 4.9.2 (I know 4.9.1 also fails PCI compliance testing), may even try 5.0.0-rc1, just for a look. definitely wouldn't put that anywhere near production...
     
    ahrasis likes this.
  14. ironjohn

    ironjohn New Member HowtoForge Supporter

    Your instructions helped me finish a Roundcube 1.4.1 upgrade. It "felt" like a permissions issue, but being kinda new to linux I didn't know what to do off hand. "chown -R root:root *" did the trick.
     
  15. Alan de Almeida

    Alan de Almeida New Member


    It helped me to update the roundcube. Thanks!
     
  16. Tuumke

    Tuumke Active Member

    Can we just use the latest version of jailkit?
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page