Perfect Server Automated ISPConfig 3 Installation on Debian 10, Debian 11, Ubuntu 20.04 and Ubuntu 22.04
This tutorial will take you through installing your own ISPConfig 3 single server setup using the ISPConfig auto-installer. This installer follows the old Perfect Server guides but is more modular and easy to follow. If you want to set up a multiserver setup with dedicated servers for each service instead, see the Perfect Multiserver guide.
This guide works for both Debian 10, Debian 11, Ubuntu 20.04, and Ubuntu 22.04, it currently supports only the x86_64 (also known as AMD64) CPU architecture while ARM is not supported. We will use the hostname server1.example.com. Replace it where necessary. The guide requires a freshly installed and empty base OS, do not try to use it on a system where you configured other services already.
- Operating System: Debian 10, Debian 11, Ubuntu 20.04, or Ubuntu 22.04.
- Intel or AMD 64-Bit CPU Architecture (x86_64, also known as AMD64). ARM CPUs are not supported at the moment.
- The System must have internet access to download and install software with apt.
- Start from a clean- and empty base OS installation.
1. Log in to the server
Log in as root or run
to become the root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.
2. Configure the hostname and hosts
The hostname of your server should be a subdomain like "server1.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname server1.example.com, the file shall look like this (some lines may be different, it can differ per hosting provider):
127.0.0.1 localhost.localdomain localhost
# This line should be changed to the correct servername:
127.0.1.1 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
Then edit the /etc/hostname file:
It shall contain only the subdomain part, in our case:
Finally, reboot the server to apply the change:
Log in again and check if the hostname is correct now with these commands:
The output shall be like this:
[email protected]:~$ hostname
[email protected]:~$ hostname -f
You will also have to set up a DNS record with your DNS provider that points to your server. There should be a A (and/or AAAA) record for the subdomain that points to your public IP.
3. Update the system
To update the system packages, run the command:
apt update && apt upgrade
4. Run the autoinstaller
We can now run the auto-installer. The basic setup contains the following software packages (plus their dependencies of course): Apache2, PHP (versions 5.6 - 8.0), MariaDB, Postfix, Dovecot, Rspamd, BIND, Jailkit, Roundcube, PHPMyAdmin, Mailman, Webalizer, AWStats and GoAccess. You can easily choose not to use certain functions or install extra services by passing arguments to the installer. You can view all arguments with:
wget -O - https://get.ispconfig.org | sh -s -- --help
You can now run the script with arguments. For example, if you want a normal install with a port range for Passive FTP + unattended-upgrades, run:
wget -O - https://get.ispconfig.org | sh -s --
After some time, you will see:
WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:
Answer "yes" and hit enter. The installer will now start.
When the installer is finished it will show you the ISPConfig admin and MySQL root password like this:
[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC
[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs
Make sure you write this information down, as you will need them later.
5. Setting up the firewall
The last thing to do is to set up our firewall.
Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".
For a normal setup, it would look like this:
The necessary ports for every service are:
Web: 20, 21, 22, 80, 443 and 40110:40210 (All TCP, no UDP)
Mail: 25, 110, 143, 465, 587, 993, and 995 (All TCP, no UDP)
DNS: 53 (TCP and UDP)
Panel: 8080 and 8081 (All TCP, no UDP)
Your server is now set up and ready for use. You can log in at https://server1.example.com:8080
6. Advanced Options
The auto-installer has various command-line options to fine-tune the setup. You can e.g. choose between Apache and Nginx webserver and which services shall be installed on the system. The command-line arguments are:
Usage: ispc3-ai.sh [
] [...] This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on www.howtoforge.com. Possible arguments are: --help Show this help page --debug Enable verbose logging (logs each command with the exit code) --channel Choose the channel to use for ISPConfig. --channel=<stable|dev> "stable" is the latest ISPConfig release available on www.ispconfig.org "dev" is the latest stable-branch from the ISPConfig git repository: https://git.ispconfig.org/ispconfig/ispconfig3/tree/stable-3.1 -> The dev channel might contain bugs and less-tested features and should only be used in production by very experienced users. --lang Use language for ISPConfig installation. Specify with --lang=en|de (only en (English) and de (German) supported currently). --interactive Don't install ISPConfig in non-interactive mode. This is needed if you want to use expert mode, e. g. to install a slave server that shall be integrated into an existing multiserver setup. --use-nginx Use nginx webserver instead of apache2 --use-amavis Use amavis instead of rspamd for mail filtering --use-unbound Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set. --use-php Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4 and 8.0 available). --use-php=system disables the sury repository and just installs the system's default PHP version. ommiting the argument (use all versions) --use-ftp-ports This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210. If not provided the passive port range will not be configured. --use-certbot Use Certbot instead of acme.sh for issuing Let's Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot. --no-web Do not use ISPConfig on this server to manage webserver setting and don't install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies --no-roundcube as well as --no-pma --no-mail Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for ISPConfig mail. It implies --no-mailman. --no-dns Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only. --no-local-dns Do not install local DNS caching / resolving via bind. --no-firewall Do not install ufw and tell ISPConfig to not manage firewall settings on this server. --no-roundcube Do not install roundcube webmail. --roundcube Install Roundcube even when --no-mail is used. Manual configuration of Roundcube config is needed. --no-pma Do not install PHPMyAdmin on this server. --no-mailman Do not install Mailman mailing list manager. --no-quota Disable file system quota --no-ntp Disable NTP setup --unattended-upgrades Install UnattendedUpgrades. You can add extra arguments for automatic cleanup and automatic reboots when necessary with --unattended-upgrades=autoclean,reboot (or only one of them). --i-know-what-i-am-doing Prevent the autoinstaller to ask for confirmation before continuing to reconfigure the server.
For example, to install a 'Perfect Server' like setup with Nginx instead of Apache, use this command:
wget -O - https://get.ispconfig.org | sh -s -- --use-nginx
Or to install an Nginx web server without Email and DNS services:
wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --no-mail
Your setup is now done!
You can support ISPConfig by purchasing our manual: https://www.ispconfig.org/documentation/
The followings links are some useful tutorials/pointers for further setup:
- Setting up mail (rDNS, SPF, DKIM): https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/
- Tweaking Roundcube: https://www.howtoforge.com/community/threads/tweaking-the-roundcube-settings.86387/
- Setting up autoconfig (automatic configuration for your email clients): https://schaal-it.com/ispconfig-automail/
- Improve the security of PHPMyAdmin and the rspamd interface: https://www.howtoforge.com/community/threads/improving-the-security-of-phpmyadmin-and-rspamd-ui.86544/
- Code repository and issue tracker of the ISPConfig Autoinstaller: https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller
If you have any questions, ask them on the forum.
8 Download as a virtual machine
This setup is available as a virtual machine download in ova/ovf format (compatible with VMWare and Virtualbox) for howtoforge subscribers. The Virtual machine is based on Debian 11 and uses Apache as web server.
Login details for the VM
- The root password is: howtoforge
- The password of the ISPConfig "admin" user is: howtoforge
- There is another shell user with the name "administrator" and password: howtoforge
- The MySQL root password is: 4VLc2vw5mZzqHNd4xURT
Please change all passwords on the first login.
- The IP address of the VM is 192.168.0.100