The Perfect Server - CentOS 5.4 x86_64 [ISPConfig 3] - Page 3

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.0.100           server1.example.com server1
::1             localhost6.localdomain6 localhost6

 

5 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this section.)

Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which contains the settings for eth0. We can use this as a sample for our new virtual network interface eth0:0:

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0. Therefore we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and modify it as follows (we can leave out the HWADDR line as it is the same physical network card):

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes

Afterwards we have to restart the network:

/etc/init.d/network restart

You might also want to adjust /etc/hosts after you have added new IP addresses, although this is not necessary.

Now run

ifconfig

You should now see your new IP address in the output:

[root@server1 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:FD:78:BE
          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fefd:78be/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:130 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:12592 (12.2 KiB)  TX bytes:31876 (31.1 KiB)
          Base address:0x1070 Memory:ec820000-ec840000

eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:FD:78:BE
          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Base address:0x1070 Memory:ec820000-ec840000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

[root@server1 ~]#

 

6 Disable The Firewall And SELinux

(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basic system installation (in the Setup Agent).)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on).

Run

system-config-securitylevel

Set both Security Level and SELinux to Disabled and hit OK:

Afterwards we must reboot the system:

reboot

 

7 Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools'

yum groupinstall 'Development Libraries'

 

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

vi /etc/fstab

/dev/VolGroup00/LogVol00 /                       ext3    defaults,usrquota,grpquota        1 1
LABEL=/boot             /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0

Then run

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

to enable quota.

 

9 Install Apache, MySQL, phpMyAdmin

First we enable the RPMforge repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 5.4 repositories:

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

cd /tmp
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://dag.wieers.com/rpm/packages/rpmforge-release/)

Afterwards we can install the needed packages with one single command (including the packages we need to build Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpmyadmin rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel

Share this page:

20 Comment(s)

Add comment

Comments

From: Anonymous at: 2009-12-17 17:10:17

If you are following this tutorial to the tee like you should, be advised a newer kernel update is available and will be upgraded and will affect the compiling of courier etc, you will not see a problem until after a subsequent reboot. I would either recommend disabling kernel updates before doing the yum update in step 7 Install Some Software or rebooting after the yum update in step 7 Install Some Software and then disabling kernel updates. Took me quite a while to figure out this problem as I am a newbie to Linux. I hope this helps out other people.

From: AJ at: 2010-02-09 14:21:37

After the group install of Development Tools, you should probably add the following perl install to be sure. I followed these instructions, but skipped adding SMTP/POP. Take a look at your httpd error log and you'll see problems. My httpd (apache) server would lock up intermittently.  Adding the statement below and rebooting fixed it:


 yum install perl-TimeDate

From: Marcelo Gondim at: 2010-03-31 22:33:48

Amavisd setup, we need to change this so the spamassassin to work properly by ispconfig 3: Change this: ### Uncomment this if you want to use amavis with sendmail milter interface. ### See README.milter for details. # #MILTER_SOCKET="local:/var/amavis/amavis-milter.sock" #MILTER_SOCKET="10024@127.0.0.1" ### These are other defaults. #AMAVIS_ACCOUNT="amavis" #CONFIG_FILE="/etc/amavisd.conf" #MILTER_FLAGS="" For: ### Uncomment this if you want to use amavis with sendmail milter interface. ### See README.milter for details. # #MILTER_SOCKET="local:/var/amavis/amavis-milter.sock" #MILTER_SOCKET="10024@127.0.0.1" ### These are other defaults. #AMAVIS_ACCOUNT="amavis" #CONFIG_FILE="/etc/amavisd.conf" CONFIG_FILE="/etc/amavisd/amavisd.conf" #MILTER_FLAGS="" The CONFIG_FILE is very important to work. Thanks for your howto, it helped me a lot with ISPConfig 3

From: iszabi at: 2010-03-15 14:40:11

Hi Falko Timme!


 Note to the 13th point:


under CentOs 5.4 screened :


"No package getmail available." when I wanted to install getmail:


 yum install getmail



From: Anonymous at: 2009-12-17 16:56:29

http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz check your input or your internet connection, works for me.

From: SCM at: 2009-12-15 10:26:29

http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz is a dead link, can not find any other links. what a waste of 2 days worth of installing for ISPConfig :/

From: Anonymous at: 2010-02-02 23:29:20

This tutorial is seriously jacked up. I've spent over 8 hours, and half of this does not work. Find another route to take for ISPConfig!

From: Anonymous at: 2010-02-24 17:31:36

I've come across this tutorial a number of times because it looks like a great potential solution and finally took some time to walk through it on a test server.


Although the functionality looks great I'm rather concerned with the general lack of security and long term stability concern these instructions seem to have. True lots of people like to turn off SELINUX and GPG checks and you'll probably be fine, but more importantly the major reliance on disparate third party (and largely unaccountable) repositories and patches could make long term security and stability a serious issue.  To start, the instructions are already giving paths to out of date software packages, but what happens when a serious security update is released?  I could easily see running yum updates from official and third party repos, plus manual rpmbuilds could get things out of sync alone, but what happens when a patch or repo provider stops supplying updates?  Do you realize this before or after you've tried to apply updates?  And what services have you lost in the meantime without a clear path for resolution?


True a more experienced admin can pick and choose or modify aspects of the instructions to better suit their security and stability needs, but a lot of less experienced admins could be opening themselves up to the ticking time bomb of non-updatable system likely running production data for potentially paying customers.


As always with other people's "prefect build" instructions, be very cautious of what you are running and educate yourself on the finer details of how it all works.  Remember it's going to fall on you to fix things when they break, so make sure you have a good path to CYA. ;)

From: at: 2010-03-04 18:58:03

This line:


                mysqladmin -h server1.example.com -u root password yourrootsqlpassword


should probably look like this:


                mysqladmin -h server1.example.com -u root -p password yourrootsqlpassword

From: JcOaCrO at: 2010-03-24 13:30:07

Great tutorial and all worked from first!!! For everyone having troubles just read carefully and check your typo :) Big THANKS to the auhor

From: at: 2010-04-22 15:11:28

when I issue commands ./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes make make install make[4]: Leaving directory `/tmp/suphp-0.7.1/src' make[3]: Nothing to be done for `install-data-am'. i don't see file suphp.conf file in /etc/httpd/conf.d/suphp.conf I have i386 system. I'm stuck at this step Please advise

From: at: 2010-05-05 14:31:19


Please,

The link for download this "broken" http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm.


Can where get the file mydns-mysql-1.1.0-1.i386.rpm
There is some other option?


From: ksc133 at: 2010-05-13 09:25:14

hi folks,


 is it possible to


Install Amavisd-new, SpamAssassin And ClamAV


on ISPconfig2 centos 5.4 x64?


 thanks a lot


From: wepabong at: 2009-11-21 06:32:38

amavis fails and show errors when i try to start, cheking the error, i founded i need install two additional packages:


so easy like this:


yum install perl-Mail-SPF.noarch  perl-Mail-SPF-Query.noarch


 great job :)

From: ZadY at: 2010-02-20 15:24:06

Great job!

From: volker at: 2010-04-06 17:01:09

hi,


 


thanks for this tut: Great work! what is the squirrelmails username and passwd? admin /admin too, like in the ispconfig app?


cheers volker

From: Bill48105 at: 2010-04-29 03:03:23

If mail sticks in deferred queue & amavisd won't stay running then be sure to run sa-update!


maillog shows something like:
status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)


I found this out by running:
/usr/sbin/amavisd foreground
Which told me:
Suicide () TROUBLE in pre_loop_hook: config: no rules were found!  Do you need to run 'sa-update'?


After running sa-update then restarting mail started getting delivered.

Took me forever to figure that out since the maillog made no mention of amavid or sa-update (spamassassin) so hope it helps someone avoid the frustration of a step this how-to missed.
Bill

From: latvian at: 2010-10-08 09:11:05

In page 37/69 there is the step of building the rpm for courier-imap. I am gettin gthe following problem while trying to run the rpmbuild:


 RPM build errors:


Bad exist status from /var/tmp/rpm.tmp.14636 (%prep)


 What is the soultion for this problem?


Thanks in advance

From: at: 2011-03-07 01:36:01

very great tutorial!

 Easy to follow and rather simple to update and configure for i386.

Forum replies have been fast and accurate!

 Thank you for your time and support

 

 

From: Riverman at: 2012-05-13 20:54:11

Thanks for your info! This helped me...

But old messages has not been routed to mail yet...