Perfect Server Automated ISPConfig 3 Installation on Debian 11 and Debian 12, Ubuntu 22.04 and Ubuntu 24.04
This tutorial will help install your ISPConfig 3 single server setup using the ISPConfig auto-installer. This installer follows the old Perfect Server guides but is more modular and easy to follow. If you want to set up a multiserver setup with dedicated servers for each service instead, see the Perfect Multiserver guide.
This guide works for Debian 11 and 12, Ubuntu 22.04, and Ubuntu 24.04. It currently supports the x86_64 (also known as AMD64) and ARM (ARM64) CPU architectures. We will use the hostname server1.example.com. Replace it where necessary. The guide requires a freshly installed and empty base OS; do not try to use it on a system where you have already configured other services.
Prerequisites
- Operating System: Debian 11 and Debian 12, Ubuntu 22.04, or Ubuntu 24.04.
- Intel or AMD 64-Bit CPU architecture (x86_64, also known as AMD64) or ARM (ARM64) CPU architecture.
- The System must have internet access to download and install software with apt.
- Start from a clean- and empty base OS installation. The system must be fully accessible from the internet; do not block access with a firewall, especially not port 80 for LE cert issuing and port 8080 for ISPConfig access, plus ports for all services you use on that system. The server must also have internet access to download and install software during installation and resolve domain names via DNS.
1. Log in to the server
Log in as root or run
su --login
on Debian to become the root user on your server before you proceed. IMPORTANT: You must use 'su --login' or 'su -' and not just 'su'. Otherwise, Debian will set your PATH variable wrongly.
On Ubuntu, use the command:
sudo -s
to become root user.
2. Configure the hostname and hosts
The hostname of your server should be a subdomain like "server1.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname, as this will cause problems later with your setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname server1.example.com, the file shall look like this (some lines may be different; it can differ per hosting provider):
nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
# This line should be changed to the correct servername:
127.0.1.1 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
Then edit the /etc/hostname file:
nano /etc/hostname
It shall contain only the subdomain part, in our case:
server1
Finally, reboot the server to apply the change:
systemctl reboot
Log in again and check if the hostname is correct now with these commands:
hostname
hostname -f
The output shall be like this:
root@server1:~$ hostname
server1
root@server1:~$ hostname -f
server1.example.com
You will also have to set up a DNS record with your DNS provider that points to your server. There should be an A (and/or AAAA) record for the subdomain that points to your public IP.
3. Update the system
To update the system packages, run the command:
apt update && apt upgrade
4. Run the autoinstaller
We can now run the auto-installer. The basic setup contains the following software packages (plus their dependencies, of course): Apache2, PHP (versions 5.6 - 8.3), MariaDB, Postfix, Dovecot, Rspamd, BIND, Jailkit, Roundcube, PHPMyAdmin, Mailman, Webalizer, AWStats and GoAccess. You can easily choose not to use certain functions or install extra services by passing arguments to the installer. See Chapter 6 for available command-line options.
Install ISPConfig with Apache web server
You can now run the script with arguments. For example, if you want a normal install with Apache web server and a port range for Passive FTP + unattended-upgrades, run:
wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210
--unattended-upgrades
The following steps are described in the chapter "Running the auto installer".
Install ISPConfig with Nginx web server
You can now run the script with arguments. For example, if you want a normal install with Nginx web server and a port range for Passive FTP + unattended-upgrades, run:
wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210
--unattended-upgrades
Running the auto-installer
After some time, you will see:
WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:
Answer "yes" and hit enter. The installer will now start.
When the installer is finished, it will show you the ISPConfig admin and MySQL root password like this:
[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC
[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs
Ensure you write this information down, as you will need it later.
5. Setting up the firewall
The last thing to do is to set up our firewall.
Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".
For a normal setup, it would look like this:
TCP:
20,21,22,25,80,443,40110:40210,110,143,465,587,993,995,53,8080,8081
UDP:
53
The necessary ports for every service are:
Web: 20, 21, 22, 80, 443 and 40110:40210 (All TCP, no UDP)
Mail: 25, 110, 143, 465, 587, 993, and 995 (All TCP, no UDP)
DNS: 53 (TCP and UDP)
Panel: 8080 and 8081 (All TCP, no UDP)
Your server is now set up and ready for use. You can log in at https://server1.example.com:8080
6. Advanced Options
The auto-installer has various command-line options to fine-tune the setup.
You can view all arguments with:
wget -O - https://get.ispconfig.org | sh -s -- --help
You can e.g. choose between Apache and Nginx webserver and which services shall be installed on the system. The command-line arguments are:
Usage: ispc3-ai.sh [] [...] This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on www.howtoforge.com. Possible arguments are: --help Show this help page. --debug Enable verbose logging (logs each command with the exit code). --channel Choose the channel to use for ISPConfig: --channel=<stable|dev> "stable" is the latest ISPConfig release available on www.ispconfig.org "dev" is the latest dev-branch from the ISPConfig git repository: https://git.ispconfig.org/ispconfig/ispconfig3/tree/develop The dev channel might contain bugs and less-tested features and should only be used in production by very experienced users. --lang Use language for ISPConfig installation. Specify with --lang=en|de (only en (English) and de (German) supported currently). --interactive Don't install ISPConfig in non-interactive mode. This is needed if you want to use expert mode, e.g. to install a slave server that shall be integrated into an existing multiserver setup. --use-nginx Use nginx webserver instead of apache2. --use-amavis Use amavis instead of rspamd for mail filtering. --use-unbound Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set. --use-php Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4, 8.0, 8.1, 8.2 and 8.3 available). --use-php=system disables the sury repository and just installs the system's default PHP version. --use-php while omitting the argument, uses all versions. --use-ftp-ports This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e.g. --use-ftp-ports=40110-40210. If not provided the passive port range will not be configured. --use-certbot Use Certbot instead of acme.sh for issuing Let's Encrypt certificates. Not advised unless you are migrating from an old server that uses Certbot. --no-web Do not use ISPConfig on this server to manage webserver setting and don't install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies --no-roundcube as well as --no-pma. --no-mail Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for ISPConfig mail. It implies --no-mailman. --no-dns Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only. --no-local-dns Do not install local DNS caching / resolving via bind. --no-firewall Do not install ufw and tell ISPConfig to not manage firewall settings on this server. --no-roundcube Do not install roundcube webmail. --roundcube Install Roundcube even when --no-mail is used. Manual configuration of Roundcube config is needed. --no-pma Do not install PHPMyAdmin on this server. --no-mailman Do not install Mailman mailing list manager. --no-quota Disable file system quota. --no-ntp Disable NTP setup. --no-jailkit Do not install jailkit. --no-ftp Do not install pure-ftpd server. --monit Install Monit and set it up to monitor installed services. Supported services: Apache2, NGINX, MariaDB, pure-ftpd-mysql, php-fpm, ssh, named, Postfix, Dovecot, rspamd. --monit-alert-email Set up alerts for Monit to be sent to given e-mail address. e.g. [email protected]. --ssh-port Configure the SSH server to listen on a non-default port. Port number must be between 1 and 65535 and can not be in use by other services. e.g. --ssh-port=64. --ssh-permit-root Configure the SSH server whether or not to allow root login: --ssh-permit-root=<yes|without-password|no>, e.g. --ssh-permit-root=without-password. --ssh-password-authentication Configure the SSH server whether or not to allow password authentication: --ssh-password-authentication=<yes|no>, e.g. -ssh-password-authentication=no. --ssh-harden Configure the SSH server to have a stronger security config. --unattended-upgrades Install UnattendedUpgrades. You can add extra arguments for automatic cleanup and automatic reboots when necessary: --unattended-upgrades=autoclean,reboot (or only one of them). --i-know-what-i-am-doing Prevent the autoinstaller to ask for confirmation before continuing to reconfigure the server.
For example, to install a 'Perfect Server' like setup with Nginx instead of Apache, use this command:
wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210
--unattended-upgrades
Or to install an Nginx web server without Email and DNS services:
wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --no-mail --use-ftp-ports=40110-40210
--unattended-upgrades
7. Finalizing
Your setup is now done!
You can support ISPConfig by purchasing our manual: https://www.ispconfig.org/documentation/
The following links are some valuable tutorials/pointers for further setup:
- Setting up mail (rDNS, SPF, DKIM): https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/
- Tweaking Roundcube: https://www.howtoforge.com/community/threads/tweaking-the-roundcube-settings.86387/
- Setting up autoconfig (automatic configuration for your email clients): https://schaal-it.com/ispconfig-automail/
- Improve the security of PHPMyAdmin and the Rspamd interface: https://www.howtoforge.com/community/threads/improving-the-security-of-phpmyadmin-and-rspamd-ui.86544/
- Code repository and issue tracker of the ISPConfig Autoinstaller: https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller
If you have any questions, ask them on the forum.
8. Debugging in case of an error
If something goes wrong during installation, you can debug the process by adding the --debug command-line flag to the install command. This will write a log file
/tmp/ispconfig-ai/var/log/ispconfig.log
Also, the --interactive command-line option can help reveal the reason for an installation error.
9. Download as a virtual machine
This setup is available as a virtual machine download in ova/ovf format (compatible with VMWare and Virtualbox) for howtoforge subscribers. The Virtual machine is based on Debian 12 and uses Apache as web server.
Login details for the VM
- The root password is: howtoforge
- The password of the ISPConfig "admin" user is: howtoforge
- There is another shell user with the name "administrator" and password: howtoforge
- The MySQL root password is: 7s8EtDL1QhorSaeHhnRh
Please change all passwords on the first login.
- The IP address of the VM is 192.168.0.100