Perfect Server Automated ISPConfig 3 Installation on Debian 10, Debian 11, Ubuntu 20.04 and Ubuntu 22.04

This tutorial will take you through installing your own ISPConfig 3 single server setup using the ISPConfig auto-installer. This installer follows the old Perfect Server guides but is more modular and easy to follow. If you want to set up a multiserver setup with dedicated servers for each service instead, see the Perfect Multiserver guide.

This guide works for both Debian 10, Debian 11, Ubuntu 20.04, and Ubuntu 22.04, it currently supports only the x86_64 (also known as AMD64) CPU architecture while ARM is not supported. We will use the hostname server1.example.com. Replace it where necessary. The guide requires a freshly installed and empty base OS, do not try to use it on a system where you configured other services already.

Prerequisites

Operating System: Debian 10, Debian 11, Ubuntu 20.04, or Ubuntu 22.04.
Intel or AMD 64-Bit CPU Architecture (x86_64, also known as AMD64). ARM CPUs are not supported at the moment.
The System must have internet access to download and install software with apt.
Start from a clean- and empty base OS installation.

1. Log in to the server

su -

on Debian to become the root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.

On Ubuntu, use the command:

sudo -s

to become root user.

2. Configure the hostname and hosts

The hostname of your server should be a subdomain like "server1.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname server1.example.com, the file shall look like this (some lines may be different, it can differ per hosting provider):

nano /etc/hosts

127.0.0.1 localhost.localdomain   localhost
# This line should be changed to the correct servername:
127.0.1.1 server1.example.com server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

server1

Finally, reboot the server to apply the change:

systemctl reboot

hostname
hostname -f

The output shall be like this:

[email protected]:~$ hostname
server1
[email protected]:~$ hostname -f
server1.example.com

You will also have to set up a DNS record with your DNS provider that points to your server. There should be a A (and/or AAAA) record for the subdomain that points to your public IP.

3. Update the system

To update the system packages, run the command:

apt update && apt upgrade

4. Run the autoinstaller

We can now run the auto-installer. The basic setup contains the following software packages (plus their dependencies of course): Apache2, PHP (versions 5.6 - 8.0), MariaDB, Postfix, Dovecot, Rspamd, BIND, Jailkit, Roundcube, PHPMyAdmin, Mailman, Webalizer, AWStats and GoAccess. You can easily choose not to use certain functions or install extra services by passing arguments to the installer. See chapter 6 for available command-line options.

Install ISPConfig with Apache web server

You can now run the script with arguments. For example, if you want a normal install with Apache web server and a port range for Passive FTP + unattended-upgrades, run:

wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades

The next steps are described in the chapter "Running the auto installer".

Install ISPConfig with Nginx web server

You can now run the script with arguments. For example, if you want a normal install with Nginx web server and a port range for Passive FTP + unattended-upgrades, run:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades

Running the auto-installer

After some time, you will see:

WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:

Answer "yes" and hit enter. The installer will now start.

When the installer is finished, it will show you the ISPConfig admin and MySQL root password like this:

[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC
[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs

Make sure you write this information down, as you will need them later.

5. Setting up the firewall

The last thing to do is to set up our firewall.

For a normal setup, it would look like this:

TCP:

20,21,22,25,80,443,40110:40210,110,143,465,587,993,995,53,8080,8081

UDP:

The necessary ports for every service are:

Web: 20, 21, 22, 80, 443 and 40110:40210 (All TCP, no UDP)

Mail: 25, 110, 143, 465, 587, 993, and 995 (All TCP, no UDP)

DNS: 53 (TCP and UDP)

Panel: 8080 and 8081 (All TCP, no UDP)

Your server is now set up and ready for use. You can log in at https://server1.example.com:8080

6. Advanced Options

The auto-installer has various command-line options to fine-tune the setup.

You can view all arguments with:

wget -O - https://get.ispconfig.org | sh -s -- --help

You can e.g. choose between Apache and Nginx webserver and which services shall be installed on the system. The command-line arguments are:

Usage: ispc3-ai.sh [] [...]

This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on www.howtoforge.com.

Possible arguments are:
--help Show this help page
--debug Enable verbose logging (logs each command with the exit code)
--channel Choose the channel to use for ISPConfig. --channel=<stable|dev>
"stable" is the latest ISPConfig release available on www.ispconfig.org
"dev" is the latest stable-branch from the ISPConfig git repository: https://git.ispconfig.org/ispconfig/ispconfig3/tree/stable-3.1
-> The dev channel might contain bugs and less-tested features and should only be used in production by very experienced users.
--lang Use language for ISPConfig installation. Specify with --lang=en|de (only en (English) and de (German) supported currently).
--interactive Don't install ISPConfig in non-interactive mode. This is needed if you want to use expert mode, e. g. to install a slave server that shall be integrated into an existing
multiserver setup.
--use-nginx Use nginx webserver instead of apache2
--use-amavis Use amavis instead of rspamd for mail filtering
--use-unbound Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set.
--use-php Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4 and 8.0 available).
--use-php=system disables the sury repository and just installs the system's default PHP version.
ommiting the argument (use all versions)
--use-ftp-ports This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210.
If not provided the passive port range will not be configured.
--use-certbot Use Certbot instead of acme.sh for issuing Let's Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot.
--no-web Do not use ISPConfig on this server to manage webserver setting and don't install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies
--no-roundcube as well as --no-pma
--no-mail Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for
ISPConfig mail. It implies --no-mailman.
--no-dns Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only.
--no-local-dns Do not install local DNS caching / resolving via bind.
--no-firewall Do not install ufw and tell ISPConfig to not manage firewall settings on this server.
--no-roundcube Do not install roundcube webmail.
--roundcube Install Roundcube even when --no-mail is used. Manual configuration of Roundcube config is needed.
--no-pma Do not install PHPMyAdmin on this server.
--no-mailman Do not install Mailman mailing list manager.
--no-quota Disable file system quota
--no-ntp Disable NTP setup
--unattended-upgrades
Install UnattendedUpgrades. You can add extra arguments for automatic cleanup and automatic reboots when necessary with --unattended-upgrades=autoclean,reboot (or only
one of them).
--i-know-what-i-am-doing
Prevent the autoinstaller to ask for confirmation before continuing to reconfigure the server.

For example, to install a 'Perfect Server' like setup with Nginx instead of Apache, use this command:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades

Or to install an Nginx web server without Email and DNS services:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --no-mail --use-ftp-ports=40110-40210 --unattended-upgrades

7. Finalizing

Your setup is now done!

You can support ISPConfig by purchasing our manual: https://www.ispconfig.org/documentation/

The followings links are some useful tutorials/pointers for further setup:

Setting up mail (rDNS, SPF, DKIM): https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/
Tweaking Roundcube: https://www.howtoforge.com/community/threads/tweaking-the-roundcube-settings.86387/
Setting up autoconfig (automatic configuration for your email clients): https://schaal-it.com/ispconfig-automail/
Improve the security of PHPMyAdmin and the rspamd interface: https://www.howtoforge.com/community/threads/improving-the-security-of-phpmyadmin-and-rspamd-ui.86544/
Code repository and issue tracker of the ISPConfig Autoinstaller: https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller

If you have any questions, ask them on the forum.

8 Download as a virtual machine

This setup is available as a virtual machine download in ova/ovf format (compatible with VMWare and Virtualbox) for howtoforge subscribers. The Virtual machine is based on Debian 11 and uses Apache as web server.

Login details for the VM

The root password is: howtoforge
The password of the ISPConfig "admin" user is: howtoforge
There is another shell user with the name "administrator" and password: howtoforge
The MySQL root password is: 4VLc2vw5mZzqHNd4xURT

Please change all passwords on the first login.

The IP address of the VM is 192.168.0.100

view as pdf | print

Share this page:

123 Comment(s)

Add comment

Comments

By: Patfoo at: 2021-04-16 12:49:49

Thank you

By: Iosif at: 2021-04-16 20:19:38

Hello, great guide! Is there a way to install nginx instead of apache?

Thanks

By: Thom at: 2021-04-18 16:21:38

Simply pass the argument --use-nginx to the installer, as described in chapter 5.

By: Pedro at: 2021-04-27 13:59:53

Yeah, only after you followed all the steps and finished installing everything, and then, apache.Dude, that stuff should be in the begining so people won't finish the install only to be greeted by apache when they want nginx. Also, how do I reconfigure is to use nginx instead of apache after finishing the install?

By: till at: 2021-04-27 14:22:45

> Yeah, only after you followed all the steps and finished installing everything, and then, apache

The tutorial describes that it installs Apache and not Nginx, I'll cite from chapter 3 "Apache2, PHP (versions 5.6 - 8.0), MariaDB, Postfix ....." and how to get advanced installation options is described before the section with the command to start the installation. Seems as if you skipped reading the text.

> Also, how do I reconfigure is to use nginx instead of apache after finishing the install?

Format the server and start again.

By: Taleman at: 2021-04-17 07:36:26

I think the guide does not sufficiently state the pre-condition of operating system install. There should be chapter 0, for minimal OS install. If this autoinstall is started on Debian or Ubuntu that has already been configured or used, ISPConfig install probably fails.

So for Debian, install minimal Debian 10 using How to Install a Debian 10 (Buster) Minimal Server .

For Ubuntu, install minimal Ubuntu 20.04 using How to Install Ubuntu 20.04 LTS (Focal Fossa) Server

By: Thom at: 2021-04-18 16:25:44

The autoinstaller warns you: "WARNING! This script will reconfigure your complete server! It should be run on a freshly installed server and all current configuration that you have done will most likely be lost! Type 'yes' if you really want to continue:"

Other than the things done in the start of this guide, any basic Debian installation should be sufficient.

By: mrbronz at: 2021-04-18 20:29:04

There seems to be a little error in configuring hostname.

You have 127.0.1.1 server1.example.com server1 it should be 127.0.0.1 server1.example.com server1

By: till at: 2021-04-19 07:47:22

The article is correct. 127.0.1.1 is an IP that can be used and is often used today for the hostname. 127.0.0.1 is reserved for localhost and should not be used for the hostname.

By: nhybgtvfr at: 2021-04-19 09:09:19

nice, i look forward to giving this a try.

i'd generally be adding servers to a multi-server system, so using the --interactive option, in this case, are options like --no-web or --no-dns still relevant? or is everything installed / not installed via subsequent questions and answers?

for ftp, for servers on eg aws, or digitalocean, the EIP / floating IP is not visible in any way directly from the vps, i see we can set the passive ports using the --use-ftp-ports option, is there any similar option for setting the ForcePassiveIP or does that still need to be done manually after install?

does the auto-install of roundcube also install and configure the ispconfig3 roundcube plugins?

By: Thom at: 2021-04-19 21:56:10

> are options like --no-web or --no-dns still relevant

Yes, they are relevant with --interactive as --interactive is only for the ISPConfig part, not which packages will/won't be installed.

> is there any similar option for setting the ForcePassiveIP or does that still need to be done manually after install?

Has to be done manually.

> does the auto-install of roundcube also install and configure the ispconfig3 roundcube plugins?

No, as this software is not maintained by us (the ISPConfig developers) but a third-party.

By: HenrysCat at: 2021-04-19 10:42:40

A fresh minimal install of Debian 10.9 it stops at, [INFO] Installing roundcube. [INFO] Installing packages roundcube/buster-backports, roundcube-core/buster-backports, roundcube-mysql/buster-backports, roundcube-plugins/buster-backports [ERROR] Exception occured: ISPConfigOSException -> Installing packages failed. (/ispconfig.ai.php:15)

By: till at: 2021-04-19 11:16:12

If you have any questions, ask them on the forum.

By: Steve Jones at: 2021-04-19 12:13:09

Is there a PPA version available so we don't need to manually check for updates every few weeks? Pulling down source code for patching isn't very efficient.

By: till at: 2021-04-19 12:22:36

A PPA makes not much sense as the auto-installer is just a script that is run once to install and configure your server, it is never run again and it would even damage the system if you would permanently install it to run it again. All packages that it installs are Debian/Ubuntu packages anyway which get updated with apt. So all you do to keep your system updated is to run:

sudo apt-get update && apt-get upgrade

regularly after you have installed it by using the auto-installer.

By: Thom at: 2021-04-19 21:57:16

Or use --unattended-upgrades to have your updates automatically updated.

When any config needs tweaking because of updated ISPConfig behaviour, this will be noted in the release notes or even done automatically.

By: curiousadmin at: 2021-04-27 01:35:17

If you are not using IPv6 and having trouble starting dovecot after installation look here:

https://www.howtoforge.com/community/threads/fix-automated-ispconfig-3-installation-warn-dovecot-seems-not-to-be-running.86874/

By: curiousadmin at: 2021-04-27 02:49:44

If you hare having issues with connecting to the FTP check this thread:

https://www.howtoforge.com/community/threads/fix-automated-ispconfig-3-installation-ftp-wont-work.86876/

By: sageman at: 2021-05-02 16:23:34

AWESOME & Thank you!

By: jabo59 at: 2021-05-17 21:12:38

When I start from a fresh Ubuntu 20.04 install, the script shows the following error:

[INFO] Activating sury php repository.

sh: add-apt-repository: command not found

[ERROR] Exception occured: ISPConfigOSException -> Command add-apt-repository -y ppa:ondrej/php failed. (/ispconfig.ai.php:15)

With the follwoing command

apt install software-properties-common

the problem was solved (or not?).

By: jj at: 2021-06-08 15:13:09

This solved it...

sudo apt-get install software-properties-common

By: Fredol at: 2021-06-16 10:29:56

Hello

Is it possible to use MySQL instead of MariaDB?

Thanks

By: Parse at: 2021-07-05 22:51:59

If I were to install this using the option --use-php=7.4,8.0 What would be the default php version on the server? 7.4? And if so what would be the version of libapache2-mod-php that would be installed?

By: mvit at: 2021-07-09 12:55:59

Thanks for the great work! Is there a solution, if my installation ends with the Error:

INFO Enabling TLS for pureftpd

openssl req... (Could not paste the error in the comments)

If i run the commant manually it returns no error and no result. Files were generated.

By: mvit at: 2021-07-09 13:02:34

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 ... /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem ...

By: esezako at: 2021-07-27 06:09:22

Hello, After using the install on debian 10, everything is correct, except that the ispconfig ssl is not generated with letsencrypt. I have tried with 'ispconfig_update.sh --force' and when regenerating the certificate it gives me this error:

Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for server.mydomain.com Using certificate path /root/.acme.sh/server.mydomain.com Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/server.mydomain.com[Tue Jul 27 05:56:04 UTC 2021] server.mydomain.com: Verify error: Fetching http://server.mydomain.com/.well-known/acme-challenge/8XBWecuTZch3w7tqGdQiw9BdG-s5SAB1ihEhhTZ07DU: Connection refused[Tue Jul 27 05:56:04 UTC 2021] Please add '--debug' or '--log' to check more details.[Tue Jul 27 05:56:04 UTC 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt Could not issue letsencrypt certificate, falling back to self-signed.

Any idea?

The FQDN is set correctly.

Thanks in advance.

By: Hendrik at: 2021-08-10 22:01:38

My install on a fresh Debian 10 ended with:

[ERROR] Exeption occured: ISPConfig0Excetion -> Command cd /tmp ; (wget -O jailkit-2.20.tar.gz "http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz ......

What to do?

By: beatty_t at: 2022-01-25 22:02:55

I'm having the exact same issue.

Fresh install on a Linode using Debian 11. Setup hosts file and hostname as per instructions. Have CloudFlare setup to point my domain to the ip of the linode and have subdomain (server1) pointing to @ via CNAME record entry. I can get to the ispconfig login, but noticed that the cert. was self signed... I added a website (using another domain that I own) and had and ssl cert created within the ispconfig tools (worked fine), but the domain tied to the ispconfig setup (like edezako said) won't generate a cert.

Any suggestions?

By: till at: 2022-01-26 09:21:17

First, create it as A-Record, not cname. Then take care to disable Cloudflare proxy for this record as Let's Encrypt won't issue a cert otherwise. If this does not help, please post in the forum. there you find also a let#s encrypt error FAQ with step-by-step instructions to debug the let's encrypt certificate issue process.

By: Hendrik at: 2021-08-10 22:17:52

It seems the filename is changed to: jailkit-2.20.tar.gz.1

Therefore the error is raised. The wget mentions 'moved'.

By: NC at: 2021-08-31 06:39:46

works like a charm. Kudos to the entire team.

By: Mathew at: 2021-09-20 14:36:48

Hi,

I install ISP3.2 on Debian 11. Nginx and multiple php. I have a big problem with error: 2021/09/20 16:17:18 [error] 880026#880026: *12392 upstream timed out (110: Connection timed out) while reading response header from upstream, client: X.X.X.X, server: X.X.X.X, request: "GET /admin4894ayt3m/index.php?controller=IqitElementorEditor&token=bffe8d9cdb5ade1ea48d7b8afaa39d77&ajax=1&testme=1&number=22 HTTP/1.1", upstream: "fastcgi://unix:/var/lib/php7.4-fpm/web2.sock", host: "X.X.X.X"

What is the correct road to increase this timeout? And which timeout parameter? I added to nginx.conf main configuration: proxy_read_timeout 600; and to vhost configuration I added:

fastcgi_read_timeout 600;request_terminate_timeout = 180

and nothing change.

This is the first time I use an ISP with nginx, never had any problems on apache.

Regards

By: ThomasBatchelor at: 2021-11-10 14:11:47

This installer is fantastic, but is there a way to install MySQL instead of MariaDB? I was hoping there was a flag for it but it seems not.

By: Radu Ghidiceanu at: 2021-11-18 20:15:51

I'm exhausted trying to make mailman working again and again. Never succeed. Once I thought I was wrong with some settings and that's why I can't see mailman interface.

Today I installed ubuntu 20.04 + ispconfig with auto-installer and --use-nginx. All services on the same server to avoid collateral disfunctionalities. All perfect. Great auto-installer! Congrats!

But where is mailman interface !?!?

host/cgi-bin/mailman ?

host:8080/cgi-bin/mailman ?

host:8081/cgi-bin/mailman ?

new_domain/cgi-bin/mailman ?

I see aliases related to mailman just on /etc/nginx/sites-enabled/000-apps.vhost

Other way looks like working. I received a mail swearing that my first list is on: http://host.tld/cgi-bin/mailman/listinfo/prima but ... I didn't find the interface, as usual :(

By: Form at: 2021-12-16 17:39:50

Mailman3 is not ready to use with ispconfig3 and mailman2 is not supported anymore by debian, maybe the same with ubuntu

By: Aloa at: 2021-11-19 19:53:10

hi, I tried on Ubunto20 with nginx.If I want to follow - https://www.howtoforge.com/how-to-install-nginx-with-google-pagespeed-on-ubuntu-20-04/and install pagespeed I get error on: apt-get build-dep nginx Reading package lists... Done E: You must put some 'deb-src' URIs in your sources.list Any ideas? the souces.list is rewritten from ispconfig autoinstallerA.

By: mark-rubber at: 2021-12-08 21:46:34

the script have 2 problem:

1.apt-get install gnupg=2.2.12-1+deb10u1 gpgv=2.2.12-1+deb10u1

2. unrar is callled rar

By: till at: 2021-12-09 06:35:23

The name of the package in Debian and Ubuntu which contains the unrar command is named unrar, see Debian and Ubuntu package repositories. There are no issues with GnuPG in the auto-installer. Just follow the guide and don't alter any packages manually to get a fully working setup.

By: mark780 at: 2021-12-09 09:59:55

class.ISPConfigDebianOS.inc.php in this file is set package rar not unrar

By: till at: 2021-12-09 11:41:30

Works fine here, installed it yesterday on Debian. My guess is that you are using an Arch which does not provide the package. The installer is forX86_64 systems, other architectures that lack some packages may fail.

By: Gwyneth Llewelyn at: 2022-03-12 17:43:05

Indeed, it seems that RAR/UNRAR might not be packaged for the ARM versions (yet).

@mark780, you can always install it from source (assuming you have a working C compiler setup!), or simply not use it for compressing backups (I believe that rar/unrar is only used by ISPConfig3 for compressing/decompressing backups, but it is just one of the possible options; there are a few more).

By: Pongrácz István at: 2021-12-09 22:14:43

Hi,

Using autoinstall on Proxmox lxc debian 11 container needs some tweaks (this is a draft list as I just tried it):

* non-free should be added to the sources, otherwise rar installation will fail like this: deb http://ftp.debian.org/debian bullseye main contrib non-free

* goaccess.list will contain the same line multiple times when one needs to restart the autoinstall script (as I did, due to the previous issue), probably append used instead of overwrite (probably >> vs >) like this: deb https://deb.goaccess.io/ bullseye main deb https://deb.goaccess.io/ bullseye main

* quota will not work out of box (--no-quota should be used)

Cheers,

István

By: Jiku at: 2021-12-12 14:10:08

Installed. Can't get into phpmyadmin. How to log into phpmyadmin? What is the password and user?

By: skrb_x at: 2021-12-18 10:22:57

The root password for phpmyadmin is the same one for mysql root. phpmyadmin never had an admin password in the whole history, it always use the mysql one or afeter you add some DB users you can use those credentials as well

By: Jiku at: 2021-12-22 15:27:00

Thank you.

By: Ralph at: 2021-12-20 14:46:52

Why cant I insert here the original error message

Sorry but system does not let me to insert error message

By: Henk at: 2022-01-18 03:27:48

Perfect auto script with Debian 11.2.0 64bits.

I had my DNS IPv4 and IPv6 already set.Just mention that one should go to the advanced network settings to set IPv6 to the pulic version before installing IPSconfig.

And this seems to work also when through a reverse proxy. In that proxy one has to get a LE certificate before. The proxy works for IPv4. IPv6 goes straight through the router.

Now I'm gone set our development sites.

And after that the OnlyOffice and STUN/TURN service on this machine for Nextcloud support.

This has worked before, so why not with this fresh install on Debian 11?

By: Gwyneth Llewelyn at: 2022-01-23 18:47:10

Oh wow... I wish this existed back then when I've first installed ISPConfig! Great job, guys, you truly rock! ????

By: beatty_t at: 2022-01-25 21:52:05

As someone had already commented, I wish I had found this months ago!

Greate work!

I added a reply to another comment about the ssl cert for the ispconfig domain not working (only self-signed). Hoping that can get explained/sorted.

By: tommsen at: 2022-01-26 19:24:04

had some problems with ubuntu 20.04 with wget not properly working with ip-v4. After solving that it hangs on adding sury php repo. Switching to debian 11 did the job. Everything worked right away. Awesome job!

By: belette at: 2022-01-27 15:52:29

hello,

i have installed ispconfig with --interactive (and nginx) when i check ssl and let'sencrypt checkbox vhost haven't ssl conf

By: till at: 2022-01-27 16:52:43

This happens when the hostname of the system is not configured in DNS or when Let's encrypt can't reach your server. Please use the ISPConfig support forum if you need further support: https://www.howtoforge.com/community/forums/installation-configuration.27/

By: ego at: 2022-02-03 11:59:21

Hello. Just 1 question. Where can I access to ISPConfig UI? Everything is conf on the server, but I dont know how to access UI in my server

By: till at: 2022-02-03 12:12:59

From the above tutorial: "Your server is now set up and ready for use. You can log in at https://server1.example.com:8080"

By: rafi at: 2022-02-08 16:25:35

I'm new here. I installed it for the GoDaddy VPS server. but now I can't send or configure mail using outlook, what is the incoming mail and outgoing mail server? how to configure that? can anyone help me???

By: mo at: 2022-02-09 05:29:30

Installed with no problems on Debian 11.2 net install .

Thank you.

By: midihipi at: 2022-03-04 05:02:00

This is awesome. I love ispconfig. It gets better and better all the time. Tim is very good at what he does here.

By: abintipl at: 2022-03-04 17:04:48

Great Work!I have successfully installed my VPS with Nginx I have couple of questionsQ1: When I run command nginx -t out put

[email protected]:~# nginx -t

nginx: [warn] conflicting server name "server.example.com" on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name "server.example.com" on [::]:80, ignored

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successfulQ2 : Since the Installation is using Nginx Why I am seeing the following paths

/var/www/clients/client1/web1/webin addition to /var/www/htmlTo my understanding Nginx websites path is /var/www/htmlPlease adviseThanks

By: till at: 2022-03-05 04:34:28

Please post your support questions in the ISPConfig support forum here at howtoforge.

By: curiousadmin at: 2022-03-05 13:26:19

I wonder if the step 5. Setting up the firewall is still necessary - I just finished my automated install and it arrived pre-setup with this:

Open TCP ports: 21,22,25,53,80,110,143,443,465,587,993,995,3306,4190,8080,8081,40110:40210

Open UDP ports: 53

Update the guide if needed - thanks!

By: curiousadmin at: 2022-03-05 13:45:31

btw somebody asked in the discussion here: https://www.howtoforge.com/tutorial/perfect-server-ubuntu-20.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/ regarding the xmpp and I noticed that in the client - clients - limits, the section on xmpp limits is still there, I suppose it should be removed since it's not actually supported anymore...

By: Augusto at: 2022-03-08 02:24:57

I installed the default with no options , now what is the link to access roundcube or webmail ?

Regards

Augusto

By: Gwyneth Llewelyn at: 2022-03-12 17:46:11

Usually, you can get it at http://your.server.name:8081/webmail (if you have selected the option to install apps on a separate vhost) or http://your.server.name:8080/webmail if otherwise.

By: ledufakademy at: 2022-03-13 15:07:13

Work perfectly wih Debian 11 (mono server setup).

Thanks Till (and contributors),

By: Wotan6891 at: 2022-03-18 15:55:57

Hello, I have a problem. when I install the whole automatic package with wget, it happens that I get many Y's that fall vertically to the bottom, and intermittently the y's continuously.when I want to close the terminal in Debian, it gives me the message that if you close the terminal "you will kill the current execution".Ok, but the problem is that my computer has already been running for about 10 hours. and it's not over yet. Thanks and regards

By: 30uke at: 2022-03-29 22:11:22

Just a suggestion about Dovecot.

The Dovecot for Debian Bullseye (11) version is 2.3.13 [2021-01-04] and for Buster (10) the version is 2.3.4 [2018-11-23].

I have had issues with version <2.5 on Debian Buster (10).

I did upgrade Dovecot by using the Dovecot community repos: https://repo.dovecot.org/

I did upgrade (thus test) Dovecot on Debian 10 and 11. There's also a community repo for Ubuntu (but I didn't test the Ubuntu repo as I don't have a server running Ubuntu).

I did have to run the apt update [..] apt --fix-broken install [..] apt update commands and the ispconfig_update.sh --force command but that was an easy and convenient route to upgrade Dovecot to version 2.3.18 [2022-02-03] on Debian 10 and 11.

The changelog for Dovecot is located at: https://dovecot.org/doc/NEWS

I need to use Dovecot 2.3.5 or beter (2.3.4 is the default for Buster) to prevent crashes. The community repos are very helpful to run the latest version of Dovecot on Debian 10 and 11.

I am hoping this might be a good suggestion for the auto install.

By: Guillaume at: 2022-04-03 03:28:55

Amazing! Saves my @$$ so many times! ;-P

By: Nicram at: 2022-05-26 20:14:46

Hello.

Thank You for the script but it looks there is error when default database name is changed while installing. Then at one point there is error:

ERROR 1146 (42S02) at line 1: Table 'dbispconfig.server_php' doesn't exist[ERROR] Exception occured: ....

When installing what i did was:MySQL database to create [dbispconfig]: somedifferentname

By: Rod at: 2022-05-27 06:00:39

Linux Ubuntu 20.04 LTS , did the install with Nginx but letsencrypt does not seem to be working. I enable letsencrypt for a website and in the control panel, it says there are two processing working and when they are done letsencrypt is disabled when I go back into the website and check. Any ideas?

By: till at: 2022-05-27 06:08:30

Please post support questions in the ISPConfig support forum and not in the comments section. there is a FAQ on that topic:

https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/

If you need further help, post in the forum.

By: hotmifi at: 2022-05-27 10:49:18

Works great with my Debian 11, thanks a lot. My question: What are the steps to disable antivirus completely (for low memory situations?

By: Frank at: 2022-06-01 09:02:15

What seems to be missing on this page, but is written on https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/

dpkg-reconfigure dash

By: till at: 2022-06-01 09:27:26

The auto-installer reconfigures dash on its own, so this step is not missing nor required. But the auto-installer will work nonetheless if you ran the command upfront, so there is no issue that you changed it manually.

By: 30uke at: 2022-06-12 09:06:25

I just did install ISPConfig in a container (CT::Proxmox). I did notice that the quota option throws up an error. I don't need to set quotas - so I did add the argument "--no-quota" to the command:

wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades --no-quota

This works fine. Currently installing GLPI for IT Service Management.

By: Steven at: 2022-07-21 09:54:26

Hello, great Guide, installed like a charm on a Linode Debian 11 'Nanode 1 GB RAM'All work except /webmail and /phpmyadmin alias out of the :8080. It's normal or need some major configuration?I suppose the files /etc/apache2/conf-enabled/phpmyadmin.conf and /etc/apache2/conf-enabled/roundcube.conf were globals and not referred only to :8080 vhost domain.

By: cybergraphik at: 2022-08-20 20:08:41

perfect !!!!! and easy

By: Filipe at: 2022-08-21 15:05:31

I had a issue only with debian 11, getting a error with the dpkg-reconfigure not found, fresh clean install.

I done this command before: export PATH=$PATH:/usr/sbin

and it fix, now is working fine

By: Paul Nieuwpoort at: 2022-09-01 18:32:28

is there a way to upgrade the version Roundcube.

After install this version the Roundcube version is 1.4.13 and the latest version is now 1.6.

My mail server is running fine and I'm afraid to brake it by running manual scripts.

Is there an upgrade script ala ISPConfig, something like roundcube_update.sh :-)

please let me know.

Thanks, Paul.

By: Spilaxe at: 2022-09-07 21:07:41

Hello !!Can you help me please ?I would like to install ISPConfig3, but the installation crashes (I don't know if it works) from this line.I don't know if it's super long, I've been waiting for more than an hour, if it has paused, or if it's buggy... I tried typing the install command again but I'm still stuck here[INFO] Installing ISPConfig3 I'm on a Debian 10 KVM VPS virtualized by ProxmoxThank you for any help I receive

By: till at: 2022-09-07 21:53:59

The install script works fine, just installed a server with it successfully last week and another one today. If you need help, post in the ISPConfig support forum:

https://forum.howtoforge.com/forums/installation-configuration.27/

By: lubos at: 2022-09-08 20:33:13

When I use the --use-php=7.4,8.0 option during installation on the slave server, and I use the autoinstall script. The script creates multiphp settings only in the local mysql dbispconfig, but not on the master. That way I can't use the master ispconfig web interface to select the correct PHP version.

I have to add the settings to the master manually.

By: nanoarmando at: 2022-09-17 16:13:17

there is a way to no install jailkit or disable it ?

By: Bastiaan at: 2022-09-25 17:26:09

LetsEncrypt not working (acme.sh)

I noticed that Lets Encrypt was not working after the installation. After some debugging I found that the issue is a missing registation that is required for using acme!

Run acme.sh --register-account -m [email protected] after the installation to get Lets Encrypt working ;)

By: till at: 2022-09-25 17:30:00

There is no registration required, just tested, autoinstall works still fine. You probably manually ran the acme.sh command when it was not run at install time due to other reasons like non-propagated DNS, and it then required that you register. This just means you manually ran it with the wrong command flags. ISPConfig uses acme.sh with let's encrypt CA, which does not require registration. While you ran it with zeroSSL CA, which is used by acme.sh if you don't set the correct CA upfront.

What ISPconfig is using is this " acme.sh --set-default-ca --server letsencrypt" so acme.sh run by ISPConfig at install time and also later for the websites does not require any registration.

By: goaccess EXPKEYSIG at: 2022-10-10 22:25:22

If you're getting:

The following signatures were invalid: EXPKEYSIG 97BD1A0133449C3D Gerardo Orellana <[email protected]>

Make sure you do:

wget -O - https://deb.goaccess.io/gnugpg.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/goaccess.gpg add -

For details see: https://forum.howtoforge.com/threads/goaccess-expkeysig.88991/

By: jon at: 2022-10-16 15:36:37

Flawless, Thank you

By: Martin Berard at: 2022-10-28 15:18:29

Thank you, where can I find more info on --unattended-upgrades option. is this an new entry in chrony updateing isp-config, distro, packages??

By: till at: 2022-10-28 15:59:45

This is about Linux distribution updates and not ISPConfig updates, unattended upgrades is a option that is provided by Debian and Ubuntu and the installer enables that.

By: Martin Berard at: 2022-11-01 20:27:54

Thank you!!

By: emil at: 2022-10-28 18:29:30

Ubuntu 22 server, after step:

nano /etc/hostnamesystemctl rebooti can't login anymore. Any advice?

By: till at: 2022-10-28 19:15:23

The current version of the auto-installer is for Debian 10 - 11, and Ubuntu 20.04 as stated in the tutorial, so it is not for Ubuntu 22.04 and is expected to fail when you run it on Ubuntu 22.04.

A new version of the auto-installer will be released soon which supports Ubuntu 22.04. You can try out that new version here: https://forum.howtoforge.com/threads/installing-ispconfig-3-2-9-development-version-on-ubuntu-22-04.89623/

By: emil at: 2022-10-29 12:17:52

Ubuntu 22 server, after following step:

nano /etc/hostnamesystemctl rebooti can't login anymore. Any advice?

By: WhitcombeRD at: 2022-11-02 15:05:59

One comment, on my Debian 11 Linode image (basic, standard install) it all works *except* fail2ban doesn't actually ban.It requires iptables which if you install with the "no firewall" option dont get added.

So it goes through the motions but never actually blocks.Simply solution, if you're using a higher tier firewall and install without, just apt-get install iptables.

By: Isai at: 2022-11-18 18:12:01

Errors from this script on Debian 11 in the installation option with NGINX.

ISPConfig cannot create user for database. The user is created in the IspConfig panel, but not for MariaDB. So in PHPMyAdmin error 1045 is shown and unable to login. (mysqli_real_connect(): (HY000/1045):) Another error is with phpmyadmi's /temp dir which is not writable.

By: till at: 2022-11-18 18:18:42

Works fine here, just tested it. So not an issue with the auto-installer on Debian 11. Most likely you changed the MySQL root password after you installed ISPConfig and missed setting the new password in ISPConfig /usr/local/ispconfig/server/lib/mysql_clientdb.conf file. If you need further help, please use the support forum: https://forum.howtoforge.com/#ispconfig-3.23

By: Kevin Ridsdale at: 2022-12-14 15:48:44

Brilliant work guys. Thanks very much

Kev

By: BMS at: 2022-12-15 19:28:26

I can't get memcache working i.c.w. php 7.4.

memcache works

LISTEN 0 1024 127.0.0.1:11211 0.0.0.0:* users:(("memcached",pid=28398,fd=26))

but I think the memcache and the memcached.ini files are missing in the /etc/php/7.4/mods-available.

Can someone help point me in the right direction?

By: Bogdan at: 2022-12-17 12:12:52

Latest Rouncube TLS = 1.5.3

By: bob at: 2022-12-20 13:40:26

Install worked fine, but my server domain "xy.domain.com" where ISP is installed shows in "SSL" and "Let's Encrypt SSL" checked, but on the site it does not work... In the browser is says no certificate and also, the RoundCube "account" plugin shows a "SOAP ERROR" How can I fix that?

By: till at: 2022-12-20 15:30:26

Please post in the support forum if you need help with your installation: https://forum.howtoforge.com/#ispconfig-3.23

Regarding Let's encrypt, this means your domain could not be reached by Let's Encrypt server; see FAQ on how to find the exact reason: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/

By: showe1966 at: 2023-01-05 18:09:39

I just used this install script proceedure on a "Vanilla" installation of Ubuntu 22.04.1 LTS with GNU/Linux 5.15.0-56-generic x86_64 and it worked without any issues. This has saved me a whole bunch of time and effort. Thanks so much !!!

By: dokuro at: 2023-01-10 21:54:59

we have a problem with the update , i want upload my file large much 1mo i have this message

Open_basedir restriction in effect. File(X) is not within the allowed path(s): Y

By: Marco at: 2023-01-27 22:52:01

Hello, I'm an ispconfig regular donor, I like the script, but I think it might have a few more flags:

1. How about adding an --ssh-port option? I use to customize it!

2. How about a --no-ftp flag? It might seem strange but I only use sftp over ssh port and don't install ftp at all on my ISPconfig servers.

3, How about a --ispconfig-admin-port flag in order to customize the admin port?

4. Less important, but still useful, would be to deploy the firewall configuration with an --fw-allow-ports=22,80,443,etcetera and enable the firewall straight away.

I hope my suggestions are welcomed, I had a script for installing ispconfig automatically till ubuntu 20 and it will be totally unuseful if u had all 4 suggestions!

By: Mike at: 2023-02-01 21:09:56

My auto-install was done on an Ubuntu 22.04LTS. ISPConfig Interface was having trouble getting an SSL cert using acme.sh. I used the --use-certbot option and this resolved the issue.

By: Radek Hemelik at: 2023-02-05 22:13:36

Hi, is anywhere URL link to download Virtual machine, what is meening at final of this article (step 8)? I cannot finding that. Thank You.

By: till at: 2023-02-06 07:31:42

It is in the page menu on the right side, below the big red download icon.

By: Cesar Vasquez M at: 2023-02-06 19:10:55

Hello everyone, I installed perfectly with this excellent tutorial, with the apache service, everything works perfectly. The only problem that I don't understand is for the mail certificates (thunderbird - android) it seems to use the self-signed. Do I have to move it manually or do you have to go directly with the installation? thank you so much. regards Cesar

By: Nils at: 2023-04-08 09:49:56

Hello, I have a problem with this installation. I'm on a fresh new install of Debian 11. on a OVH VPS (1 vCore - 2 Go - 40 Go SSD NVMe - 250 Mbit/s).

The install is blocked on this line : [INFO] Installing ISPConfig3.

What's the problem ?

Hope someone could help...

Thanks

By: Leandro Ramos at: 2023-04-12 12:56:16

Hi :) Why the installer needs to enable contrib and nonfree repos on Debian? Thank you.

By: till at: 2023-04-12 13:23:44

Because it installs software that is in the contrib and nonfree repos.

By: lishengxian1 at: 2023-04-24 10:38:59

[INFO] Activating sury php repository Can't continue for 5 hours

thank you

By: Jaume at: 2023-05-02 10:30:09

Hi, I have ispconfig working on ubuntu 22.04 and generating ssl's perfectly. But the problem is about ssl for mail services. Trying to configure for example thunderbird as a client, it shows an ssl error. If I look into the certificate is because the ssl is with the server name, but not with the new subdomain. I tried to define an alias domain website (that works with correct ssl if i look throgh a web browser) but same error. Please, any ideas? What can I do? Regards

By: till at: 2023-05-02 10:47:39

You must use the server hostname as mail server name in Thunderbird and not any other subdomain you created on the server or as a website as the SSL cert for the mail system, the ISPConfig GUI, and also FTP is for the system hostname only. See ISPConfig email tutorial https://www.howtoforge.com/ispconfig-email-account/ , which explains how to configure a mail client and set up an email domain and mailbox.

By: Jürgen Depicker at: 2023-05-04 13:12:16

Hello, thanks for the great guide.

Maybe I missed something, but I had a small issue with quotas after automated install on a server where /var was mounted on a separate partition. I had to:

* edit /etc/fstab and add the quota-related mount options, as added to the root partition by the script, to the mount options for the /var mount

* init 1 #stops all ispconfig services

* quotacheck -vugm /var

* quotaon -vug /var

* reboot

I did this after running the (very nice) migration script (my old server was running Ubuntu 18.04).

The configured quota (hard and soft limit) weren't immediately visible for me when checking ISPConfig's home page: "unlimited" was shown as value.

* I changed the Harddisk quota for some sites

* a job is in queue per website changed - after a minute or two all are done

* ISPConfig's home page still shows the Website Harddisk Quota soft/hard limit as "unlimited"

* after some more time (I don't know exactly how much - it may be 15 minutes) the quota limits and progress bars were visible again for those sites, as on my old server.

By: tanaka141 at: 2023-05-19 11:08:31

Really a good script !!

This is the second site i install, it is fine !

By: SteveBaumgartner at: 2023-05-20 02:19:25

I just installed this and I dont get a log for letsencrypt, the panel says it can't read the log and /var/log/letsencrypt doesn't exist. I even tried to make the folder and it doesn't work. It's failing everytime and i can't see why.

By: till at: 2023-05-20 05:37:39

That's fine, and it's not a failure that /var/log/letsencrypt does not exist. Current versions of ISPConfig use acme.sh and not certbot as Let's encrypt client, acme.sh is under /root/.acme.sh/ and does not create folders like /etc/letsencrypt/ or a log /var/log/letsencrypt. If you need help with issuing a LE cert, then have a look here https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ and post in the forum https://forum.howtoforge.com/forums/installation-configuration.27/

By: Platamun47 at: 2023-05-20 13:53:56

Hello,

I installed all according this guide and I have a problem with change php-fpm version on nginx server.

When I change any php version in nginix config file allwais is default version 7.4

Debian 11 is os.

location @php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/lib/php7.4-fpm/web1.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; }

Please any help..Thankx a lot. BR.

By: till at: 2023-05-20 18:47:06

The vhost config file of a site does not contain any info about the PHP version of a website, so you can not see there which PHP version is used in that file at all. The only way to reliably see the PHP version of a website is to put a php file with phpinfo() function inside into that site. The number 7.4, which you probably think is the PHP version, is not related to the PHP version used on this site and the vhost file does not get changed when changing PHP version, only the PHP version that listens on the socket /var/lib/php7.4-fpm/web1.sock changes, but this can not be seen in the vhost file, so do not look into that file if you like to know if PHP change works or not, only use phpinfo() output. Please post in the support forum if you need further help: https://forum.howtoforge.com/forums/installation-configuration.27/

By: Platamun47 at: 2023-05-21 19:06:49

Hello till,

Thank you a lot for your message.

I solved this issue! I set PHP-FPM socket directory to all addition PHP versions:

For PHP 8.0:

PHP-FPM socket directory: /var/lib/php8.0-fpm

Everything works perfectly!

Thanks and have a nice day.

BR.

By: till at: 2023-05-21 19:16:39

This was not needed, and it has no influence on which PHP version is used in that website at all. As I mentioned above, the number 7.4 in the path /var/lib/php7.4-fpm/ is not the PHP version. It's just the name of the central PHP socket directory path which is used by all PHP versions of the OS (incl. PHP 8.0, 8.1, and also 5.6) if you do not specify a different directory. But you may change its name, of course, but it does not matter for the PHP version used in that site.

By: SteveBaumgartner at: 2023-06-02 01:43:13

FYI... This doesnt fully work on 22.04. I tried getting lets encrypt working and it would never create the cert and the logs were empty. It was not working from the GUI but would from ssh to make the certs. It also would break the websites when applied manually. Apache wouldnt even restart. 5 different VM deployments i got the same results.

It did however work flawless on 20.04.06. Just figured i would let you guys know it needs some more testing on 22.04.06. Maybe some updated version is breaking things.

By: till at: 2023-06-02 06:04:21

The installation with the auto-installer worked fine on Ubuntu 22.04 when I tested it today after your post, and it also worked fine when I installed it yesterday on a different server. What you describe indicates an issue with your base system, network access from outside, or hostname setup. It's not an issue with this guide or the auto-installer. Also, never try to create LE certs manually on the shell as you did. This must break the server and must make Apache fail, so this outcome is to be expected when using certbot or acme.sh manually on the shell instead of letting ISPConfig create the certs. If you need help with your setup, please post in the forum: https://forum.howtoforge.com/#ispconfig-3.23

There is also a Let's encrypt FAQ to help here: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/

Log in or Sign up

Perfect Server Automated ISPConfig 3 Installation on Debian 10, Debian 11, Ubuntu 20.04 and Ubuntu 22.04

On this page

Prerequisites

1. Log in to the server

2. Configure the hostname and hosts

3. Update the system

4. Run the autoinstaller

Install ISPConfig with Apache web server

Install ISPConfig with Nginx web server

Running the auto-installer

5. Setting up the firewall

6. Advanced Options

7. Finalizing

8 Download as a virtual machine

123 Comment(s)

Comments