The Perfect Server - CentOS 5.3 x86_64 [ISPConfig 3] - Page 5

14 Set MySQL Passwords And Configure phpMyAdmin

Start MySQL:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Then set passwords for the MySQL root account:

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory "/usr/share/phpmyadmin"> stanza):

vi /etc/httpd/conf.d/phpmyadmin.conf

#
#  Web application to manage MySQL
#

#<Directory "/usr/share/phpmyadmin">
#  Order Deny,Allow
#  Deny from all
#  Allow from 127.0.0.1
#</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

vi /usr/share/phpmyadmin/config.inc.php

[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

 

15 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql

Then we start freshclam, amavisd, and clamd...

chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd start

... and create some necessary directories:

mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db

 

16 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

mod_fcgid is not available in the official CentOS repositories, but there's a package for CentOS 5.x in the centos.karan.org testing repository. We enable the repository as follows:

cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo

Next we open /etc/yum.repos.d/kbsingh-CentOS-Extras.repo...

vi /etc/yum.repos.d/kbsingh-CentOS-Extras.repo

... and set gpgcheck to 0 and enabled to 1 in the [kbs-CentOS-Testing] section:

[...]
[kbs-CentOS-Testing]
name=CentOS.Karan.Org-EL$releasever - Testing
gpgcheck=0
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/

Afterwards we can install Apache2with mod_php5, mod_fcgid, and PHP5:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]
;error_reporting  =  E_ALL
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp
wget http://suphp.org/download/suphp-0.7.1.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

 

17 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

 

18 Install MyDNS

There's no MyDNS rpm package for the x86_64 architecture, and building MyDNS from the sources on CentOS 5.3 x86_64 fails because of some incompatibilities with the mysql-devel package. Therefore we install the MyDNS rpm package for i386 which works on x86_64 as well:

wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh mydns-mysql-1.1.0-1.i386.rpm

When the system boots, MyDNS must be started after MySQL. The MySQL startup link has the priority 64 on CentOS, so the MyDNS startup link must have a priority between 65 and 99. Therefore we open the MyDNS init script...

vi /etc/init.d/mydns

... and change

[...]
# chkconfig: 345 52 50
[...]

to

[...]
# chkconfig: 345 65 50
[...]

Then we create the startup links:

chkconfig --levels 235 mydns on

We don't start MyDNS now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.

 

19 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

 

20 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
rm -rf jailkit-2.5*

 

21 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

 

22 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter

Share this page:

18 Comment(s)

Add comment

Comments

From: Morris Hong at: 2009-08-25 02:09:22

I am struggling to install mailman after this installation.

Would you recommend any documment for me ?

Thanks in advance !!!

From: Rafael at: 2009-09-30 21:24:48
From: mazarin at: 2009-10-08 20:46:58

My first time ever with linux, took me a whole day to do number 9. As I understand it there are to faults to the above instructions. 1. The "yum priorities" are not installed, that solved my problems. 2. The proper rpmforge-link is not at all found on the urls above. This is what I did: 

yum install yum-priorities

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

cd /tmp

wget http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm 

 Then the long install command. Why have a GUI when installing the perfect-server...

I guess you get what you pay for...

From: Anonymous at: 2009-07-16 13:10:59

the command: yum install getmail doesnt install getmail. Here is the command result:

[root@xxxxx]# yum install getmail
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.nsc.liu.se
 * updates: mirror.nsc.liu.se
 * addons: mirror.nsc.liu.se
 * extras: mirror.nsc.liu.se
Setting up Install Process
Parsing package install arguments
No package getmail available.
Nothing to do

 

I manualy isntalled Getmail from their website, version 3.x - should we install version 3.x or 4.x ???

Some changes needed to the article...

From: Intelec at: 2009-08-03 20:38:48

I found on the installation intructions of another Control Panel, the www.ispcp.net that there is a repository with the precompiled Courier. You can use these commands to install:

 # wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-0.62.2-1.el5.mf.i386.rpm
# wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-userdb-0.62.2-1.el5.mf.i386.rpm
# wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-imap-4.4.1-1.el5.mf.i386.rpm
# sudo rpm -i courier-authlib-*.rpm
# sudo rpm -i courier-authlib-userdb-*.rpm
# sudo rpm -i courier-imap-*.rpm
# sudo groupadd courier -g 3000
# sudo useradd -u 3000 -c 'Courier Mail Server' -d /dev/null -g courier -s /bin/false courier

From: Anonymous at: 2009-11-03 10:06:04

I strongly disagree with what you are trying to pass here as THE perfect setup.

This configuration might work for some time, but is highly UNMAINTAINABLE!

Half of the core packages here are compiled from source, patched or otherwise modified, this is a security nightmare!
Don't tell me that If you install this mess, you will keep on tracking the security issues in all the custom compiled subsystems to keep them up-to-date.

BAD, BAD advise!

From: rct2dotcom at: 2009-09-02 10:41:29

The URL for the source rpms is no longer available.

At the official postfix website, the postfix.spec file is a different format that the one described, thus these postfix build instructions do not work.

Further, the same version of postfix at the official site will not build because it does not recognise the version of 'redHat'. It is for redHat 4 or below.

[The above comments are also true for the HOWTO for CentOs 5.2]

From: Jose at: 2009-07-04 19:32:41

Hi

 You explain here the instllation of MyDNS 1.1.0 ( http://mydns.bboy.net) but the newest version is 1.2.8.27 http://mydns.pl/

 Is good the last one or is better to use 1.1.0 from mydns.bboy.net

 Thank you

From: Anonymous at: 2009-10-21 19:53:19

If you are doing this on your local machine it is imperative that you add -p to the second command:

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword -p

as you will be actually connecting from the localhost for which you already set the password above.

From: Anonymous at: 2009-09-10 08:05:08

check your /etc/hosts

From: Simon Barrett at: 2009-09-04 23:56:24

This happened for me and I was searching high and low for answers.

 I eventually found out via the "/var/log/httpd/error_log" output (open it in vi) that access was denied to the following file:

 /usr/sbin/vlogger/access.log

 I browsed to that directory but found that the "vlogger" directory did not exist.

I put in the following command: "mkdir /usr/sbin/vlogger" 

I then retried  starting apache with the "/etc/init.d/httpd start" command and it worked.

 I can now browse to the server via HTTP from my client computers again.

 Hope this was helpful

From: at: 2009-09-06 07:35:05

I have jammed in this step:

  • mysqladmin -u root password yourrootsqlpassword
  • mysqladmin -h server1.example.com -u root password yourrootsqlpassword

 

The first command has successed, but second one has failed as following message:

  • mysqladmin: connect to server at 'ispconfig.raytracy.com' failed
  • error: 'Host 'ispconfig.raytracy.com' is not allowed to connect to this MySQL server'

 

Of course, I have replaced the 'server1.example.com' with the server name which has been designated in /etc/hosts setup. And my 'rootsqlpassword' also same as the first command.

 Is there anything I missed? and how can I fix it? May I ignore this error and go forward?

From: Anonymous at: 2009-07-30 01:48:44

Hello all..just a remark..followed directions to the letter..as far as i can tell..up to suphp everything was fine..then make and make install errors

followed a thread from another forum to get the suphp install to work ok...

then the squirrelmail pretest  failed..I was assuming perhaps ispconfig needed to be in for some additional config items...

then a nice errorless ispconfig install....unfortunatlely  there are issues with ispconfig as well...

I will see if i can debug the items and return to post: )

From: matthewm at: 2009-08-26 21:08:43

yum install mod_suphp

solved suphp prob there are still some errors I am trying to solve though

From: Andywe at: 2009-08-10 13:56:20

The suPHP installation fails and kicks out with error when you go to make it. Please regress and adjust the step for the proper way to build it.

Thanks!

From: uKrease at: 2009-09-12 19:02:55

I wish all tutorials were this precise and to the point.

 Thank you for providing this material, I had my server installed and running in a very short space of time.

 Brilliant !

From: Paul at: 2009-09-02 20:49:34

Superb article. Thanks very much for the lengths you have gone to in order to put this together

From: geld verdienen at: 2010-11-02 14:59:02

Great tutorial, now im still waiting to see if this is better then directadmin.