Perfect Server Automated ISPConfig 3 Installation on Debian 10 - 11 and Ubuntu 20.04

This tutorial will take you through installing your own ISPConfig 3 single server setup using the ISPConfig auto-installer. This installer follows the old Perfect Server guides but is more modular and easy to follow. If you want to set up a multiserver setup with dedicated servers for each service instead, see the Perfect Multiserver guide.

This guide works for both Debian 10, Debian 11 and Ubuntu 20.04. We will use the hostname server1.example.com. Replace it where necessary.

1. Log in to the server

Log in as root or run

su -

to become the root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.

2. Configure the hostname and hosts

The hostname of your server should be a subdomain like "server1.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname server1.example.com, the file shall look like this (some lines may be different, it can differ per hosting provider):

nano /etc/hosts
127.0.0.1 localhost.localdomain   localhost
# This line should be changed to the correct servername:
127.0.1.1 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

server1

Finally, reboot the server to apply the change:

systemctl reboot

Log in again and check if the hostname is correct now with these commands:

hostname
hostname -f

The output shall be like this:

[email protected]:~$ hostname
server1
[email protected]:~$ hostname -f
server1.example.com

You will also have to set up a DNS record with your DNS provider that points to your server. There should be a A (and/or AAAA) record for the subdomain that points to your public IP.

3. Update the system

To update the system packages, run the command:

apt update && apt upgrade

4. Run the autoinstaller

We can now run the auto-installer. The basic setup contains the following software packages (plus their dependencies of course): Apache2, PHP (versions 5.6 - 8.0), MariaDB, Postfix, Dovecot, Rspamd, BIND, Jailkit, Roundcube, PHPMyAdmin, Mailman, Webalizer, AWStats and GoAccess. You can easily choose not to use certain functions or install extra services by passing arguments to the installer. You can view all arguments with:

wget -O - https://get.ispconfig.org | sh -s -- --help

You can now run the script with arguments. For example, if you want a normal install with a port range for Passive FTP + unattended-upgrades, run:

wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades

After some time, you will see:

WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:

Answer "yes" and hit enter. The installer will now start.

When the installer is finished it will show you the ISPConfig admin and MySQL root password like this:

[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC
[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs

Make sure you write this information down, as you will need them later.

5. Setting up the firewall

The last thing to do is to set up our firewall.

Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".

For a normal setup, it would look like this:

TCP:

20,21,22,25,80,443,40110:40210,110,143,465,587,993,995,53,8080,8081

UDP:

53

The necessary ports for every service are:

Web: 20, 21, 22, 80, 443 and 40110:40210 (All TCP, no UDP)

Mail: 25, 110, 143, 465, 587, 993, and 995 (All TCP, no UDP)

DNS: 53 (TCP and UDP)

Panel: 8080 and 8081 (All TCP, no UDP)

Your server is now set up and ready for use. You can log in at https://server1.example.com:8080

6. Advanced Options

The auto-installer has various command-line options to fine-tune the setup. You can e.g. choose between Apache and Nginx webserver and which services shall be installed on the system. The command-line arguments are:

Usage: ispc3-ai.sh [] [...]

This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on www.howtoforge.com.

Possible arguments are:
    --help          Show this help page
    --debug         Enable verbose logging (logs each command with the exit code)
    --channel       Choose the channel to use for ISPConfig. --channel=<stable|dev>
                    "stable" is the latest ISPConfig release available on www.ispconfig.org
                    "dev" is the latest stable-branch from the ISPConfig git repository: https://git.ispconfig.org/ispconfig/ispconfig3/tree/stable-3.1
                    -> The dev channel might contain bugs and less-tested features and should only be used in production by very experienced users.
    --lang          Use language for ISPConfig installation. Specify with --lang=en|de (only en (English) and de (German) supported currently).
    --interactive   Don't install ISPConfig in non-interactive mode. This is needed if you want to use expert mode, e. g. to install a slave server that shall be integrated into an existing
                    multiserver setup.
    --use-nginx     Use nginx webserver instead of apache2
    --use-amavis    Use amavis instead of rspamd for mail filtering
    --use-unbound   Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set.
    --use-php       Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4 and 8.0 available).
                    --use-php=system disables the sury repository and just installs the system's default PHP version.
                    ommiting the argument (use all versions)
    --use-ftp-ports This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210.
                    If not provided the passive port range will not be configured.
    --use-certbot   Use Certbot instead of acme.sh for issuing Let's Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot.
    --no-web        Do not use ISPConfig on this server to manage webserver setting and don't install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies
                    --no-roundcube as well as --no-pma
    --no-mail       Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for
                    ISPConfig mail. It implies --no-mailman.
    --no-dns        Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only.
    --no-local-dns  Do not install local DNS caching / resolving via bind.
    --no-firewall   Do not install ufw and tell ISPConfig to not manage firewall settings on this server.
    --no-roundcube  Do not install roundcube webmail.
    --roundcube     Install Roundcube even when --no-mail is used. Manual configuration of Roundcube config is needed.
    --no-pma        Do not install PHPMyAdmin on this server.
    --no-mailman    Do not install Mailman mailing list manager.
    --no-quota      Disable file system quota
    --no-ntp        Disable NTP setup
    --unattended-upgrades
                    Install UnattendedUpgrades. You can add extra arguments for automatic cleanup and automatic reboots when necessary with --unattended-upgrades=autoclean,reboot (or only
                    one of them).
    --i-know-what-i-am-doing
                    Prevent the autoinstaller to ask for confirmation before continuing to reconfigure the server.

For example, to install a 'Perfect Server' like setup with Nginx instead of Apache, use this command:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades

Or to install an Nginx web server without Email and DNS services:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --no-mail --use-ftp-ports=40110-40210 --unattended-upgrades

7. Finalizing

Your setup is now done!

You can support ISPConfig by purchasing our manual: https://www.ispconfig.org/documentation/

The followings links are some useful tutorials/pointers for further setup:

If you have any questions, ask them on the forum.

Share this page:

Suggested articles

30 Comment(s)

Add comment

Comments

By: Patfoo at: 2021-04-16 12:49:49

Thank you

By: Iosif at: 2021-04-16 20:19:38

Hello, great guide! Is there a way to install nginx instead of apache?

Thanks

By: Thom at: 2021-04-18 16:21:38

Simply pass the argument --use-nginx to the installer, as described in chapter 5.

By: Pedro at: 2021-04-27 13:59:53

Yeah, only after you followed all the steps and finished installing everything, and then, apache.Dude, that stuff should be in the begining so people won't finish the install only to be greeted by apache when they want nginx. Also, how do I reconfigure is to use nginx instead of apache after finishing the install?

By: till at: 2021-04-27 14:22:45

> Yeah, only after you followed all the steps and finished installing everything, and then, apache

The tutorial describes that it installs Apache and not Nginx, I'll cite from chapter 3 "Apache2, PHP (versions 5.6 - 8.0), MariaDB, Postfix ....." and how to get advanced installation options is described before the section with the command to start the installation. Seems as if you skipped reading the text.

> Also, how do I reconfigure is to use nginx instead of apache after finishing the install?

Format the server and start again.

By: Taleman at: 2021-04-17 07:36:26

I think the guide does not sufficiently state the pre-condition of operating system install. There should be chapter 0, for minimal OS install. If this autoinstall is started on Debian or Ubuntu that has already been configured or used, ISPConfig install probably fails.

So for Debian, install minimal Debian 10 using How to Install a Debian 10 (Buster) Minimal Server .

For Ubuntu, install minimal Ubuntu 20.04 using How to Install Ubuntu 20.04 LTS (Focal Fossa) Server

By: Thom at: 2021-04-18 16:25:44

The autoinstaller warns you: "WARNING! This script will reconfigure your complete server! It should be run on a freshly installed server and all current configuration that you have done will most likely be lost! Type 'yes' if you really want to continue:"

 

Other than the things done in the start of this guide, any basic Debian installation should be sufficient.

By: mrbronz at: 2021-04-18 20:29:04

There seems to be a little error in configuring hostname.

You have 127.0.1.1 server1.example.com server1 it should be 127.0.0.1 server1.example.com server1

By: till at: 2021-04-19 07:47:22

The article is correct. 127.0.1.1 is an IP that can be used and is often used today for the hostname. 127.0.0.1 is reserved for localhost and should not be used for the hostname.

By: nhybgtvfr at: 2021-04-19 09:09:19

nice, i look forward to giving this a try. 

i'd generally be adding servers to a multi-server system, so using the --interactive option, in this case, are options like --no-web or --no-dns still relevant? or is everything installed / not installed via subsequent questions and answers? 

for ftp, for servers on eg aws, or digitalocean, the EIP / floating IP is not visible in any way directly from the vps, i see we can set the passive ports using the --use-ftp-ports option, is there any similar option for setting the ForcePassiveIP or does that still need to be done manually after install? 

does the auto-install of roundcube also install and configure the ispconfig3 roundcube plugins?

By: Thom at: 2021-04-19 21:56:10

> are options like --no-web or --no-dns still relevant

Yes, they are relevant with --interactive as --interactive is only for the ISPConfig part, not which packages will/won't be installed.

 

>  is there any similar option for setting the ForcePassiveIP or does that still need to be done manually after install? 

Has to be done manually.

 

> does the auto-install of roundcube also install and configure the ispconfig3 roundcube plugins?

No, as this software is not maintained by us (the ISPConfig developers) but a third-party.

By: HenrysCat at: 2021-04-19 10:42:40

A fresh minimal install of Debian 10.9 it stops at, [INFO] Installing roundcube. [INFO] Installing packages roundcube/buster-backports, roundcube-core/buster-backports, roundcube-mysql/buster-backports, roundcube-plugins/buster-backports [ERROR] Exception occured: ISPConfigOSException -> Installing packages failed. (/ispconfig.ai.php:15)

By: till at: 2021-04-19 11:16:12

If you have any questions, ask them on the forum.

By: Steve Jones at: 2021-04-19 12:13:09

Is there a PPA version available so we don't need to manually check for updates every few weeks? Pulling down source code for patching isn't very efficient.

By: till at: 2021-04-19 12:22:36

A PPA makes not much sense as the auto-installer is just a script that is run once to install and configure your server, it is never run again and it would even damage the system if you would permanently install it to run it again. All packages that it installs are Debian/Ubuntu packages anyway which get updated with apt. So all you do to keep your system updated is to run:

 

sudo apt-get update && apt-get upgrade

 

regularly after you have installed it by using the auto-installer.

By: Thom at: 2021-04-19 21:57:16

Or use --unattended-upgrades to have your updates automatically updated.

 

When any config needs tweaking because of updated ISPConfig behaviour, this will be noted in the release notes or even done automatically.

By: curiousadmin at: 2021-04-27 01:35:17

If you are not using IPv6 and having trouble starting dovecot after installation look here:

https://www.howtoforge.com/community/threads/fix-automated-ispconfig-3-installation-warn-dovecot-seems-not-to-be-running.86874/

By: curiousadmin at: 2021-04-27 02:49:44

If you hare having issues with connecting to the FTP check this thread:

https://www.howtoforge.com/community/threads/fix-automated-ispconfig-3-installation-ftp-wont-work.86876/

By: sageman at: 2021-05-02 16:23:34

AWESOME & Thank you!

By: jabo59 at: 2021-05-17 21:12:38

When I start from a fresh Ubuntu 20.04 install, the script shows the following error:

[INFO] Activating sury php repository.

sh: add-apt-repository: command not found

[ERROR] Exception occured: ISPConfigOSException -> Command add-apt-repository -y ppa:ondrej/php failed. (/ispconfig.ai.php:15)

With the follwoing command

apt install software-properties-common

the problem was solved (or not?).

By: jj at: 2021-06-08 15:13:09

This solved it...

 

sudo apt-get install software-properties-common

 

By: Fredol at: 2021-06-16 10:29:56

Hello

Is it possible to use MySQL instead of MariaDB?

Thanks

By: Parse at: 2021-07-05 22:51:59

If I were to install this using the option  --use-php=7.4,8.0  What would be the default php version on the server? 7.4? And if so what would be the version of libapache2-mod-php that would be installed?

By: mvit at: 2021-07-09 12:55:59

Thanks for the great work! Is there a solution, if my installation ends with the Error:

INFO Enabling TLS for pureftpd

openssl req... (Could not paste the error in the comments)

If i run the commant manually it returns no error and no result. Files were generated.

By: mvit at: 2021-07-09 13:02:34

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 ... /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem ...

By: esezako at: 2021-07-27 06:09:22

Hello, After using the install on debian 10, everything is correct, except that the ispconfig ssl is not generated with letsencrypt. I have tried with 'ispconfig_update.sh --force' and when regenerating the certificate it gives me this error:

Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for server.mydomain.com Using certificate path /root/.acme.sh/server.mydomain.com Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/server.mydomain.com[Tue Jul 27 05:56:04 UTC 2021] server.mydomain.com: Verify error: Fetching http://server.mydomain.com/.well-known/acme-challenge/8XBWecuTZch3w7tqGdQiw9BdG-s5SAB1ihEhhTZ07DU: Connection refused[Tue Jul 27 05:56:04 UTC 2021] Please add '--debug' or '--log' to check more details.[Tue Jul 27 05:56:04 UTC 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt Could not issue letsencrypt certificate, falling back to self-signed.

 

Any idea?

The FQDN is set correctly.

Thanks in advance.

By: Hendrik at: 2021-08-10 22:01:38

My install on a fresh Debian 10 ended with:

[ERROR] Exeption occured: ISPConfig0Excetion -> Command cd /tmp ; (wget -O jailkit-2.20.tar.gz "http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz ......

What to do?

By: Hendrik at: 2021-08-10 22:17:52

It seems the filename is changed to: jailkit-2.20.tar.gz.1

Therefore the error is raised. The wget mentions 'moved'.

By: NC at: 2021-08-31 06:39:46

works like a charm. Kudos to the entire team.

By: Mathew at: 2021-09-20 14:36:48

Hi,

I install ISP3.2 on Debian 11. Nginx and multiple php. I have a big problem with error: 2021/09/20 16:17:18 [error] 880026#880026: *12392 upstream timed out (110: Connection timed out) while reading response header from upstream, client: X.X.X.X, server: X.X.X.X, request: "GET /admin4894ayt3m/index.php?controller=IqitElementorEditor&token=bffe8d9cdb5ade1ea48d7b8afaa39d77&ajax=1&testme=1&number=22 HTTP/1.1", upstream: "fastcgi://unix:/var/lib/php7.4-fpm/web2.sock", host: "X.X.X.X"

What is the correct road to increase this timeout? And which timeout parameter? I added to nginx.conf main configuration: proxy_read_timeout 600; and to vhost configuration I added:

fastcgi_read_timeout 600;request_terminate_timeout = 180

 

and nothing change.

This is the first time I use an ISP with nginx, never had any problems on apache.

 

Regards